Brindle

Security researchers at ESET have released a report concerning a new type of malware found on the Google Play Store that appears to use a sophisticated means of flying under the radar to avoid detection. The malware in question was dubbed Android/TrojanDropper.Agent.BKY and eight apps were found in the Google Play Store containing the malicious code.

Google has removed all eight apps from the store and researchers point out that the removed apps only had a few hundred downloads a piece, so this wasn’t as large a spread as some of the previous malware invasions we’ve reported on. ESET notes that this malware family’s specific anti-detection features are the most interesting part of the story.

Once the apps were downloaded and installed, they don’t request suspicious permissions and the app even performs as the user would expect. The app instead decrypts and executes several different payloads in a type of Russian nesting doll code execution in an effort to obfuscate the malware’s true purpose. Check out this basic outline of how the malware gets unaware users to install a truly malicious app while bypassing Google’s security checks.

Researchers note that the app that’s downloaded and executed by the second-stage payload is usually disguised as a well-known product like Adobe Flash Player or simply “Android Update.” Once this app gets all the permissions it needs to install the fourth payload, researchers found a banking trojan that attempts to phish usernames and passwords.

 

The history of governments attempting to demonstrate either their own military prowess or the dastardly actions of others -- usually America -- is long and storied. South Korea used footage from war games to show off weapons I guess it must not have, Egypt attempted to pass off game footage as Russian airstrikes against ISIL/ISIS/whatever they're supposed to be called, and North Korea attempted to show off its nuclear capability by pinching some Modern Warfare 3 footage. Even Russia has tried its hand at this, attempting to show that America was arming Ukrainian rebels with Stinger missiles with some stills from the game Battlefield 3. That any of these countries thought they would get away with these fakes is nearly as funny as their having not considered how much international egg they'd have on their faces once they were found out.

But you'd at least have thought these countries would learn their lesson. In the case of Russia, it seems not so much. The Russian Defense Ministry recently accused the American military of, get this, helping ISIS in order to promote American interests in the Middle East. While that claim is, on its face, fairly laughable, so too was the photo evidence Russia provided.

If those images look sort of familiar to you, it's probably because you've played AC-130 Gunship Simulator: Special Ops Squadron. It seems that the photographic evidence offered by the Russian Defense Ministry is just more video game stills.

In a sign of how lazy some propagandists can be, on Tuesday the official Russian-language Twitter account for the country’s defense ministry tweeted a selection of photos, claiming the images were irrefutable evidence that the U.S. was helping ISIS terrorists. However, one of the photos the Ministry of Defense tweeted (and later deleted) appears to be from the video game AC-130 Gunship Simulator: Special Ops Squadron, a clip of which is available on YouTube. The account also posted the photos along with a longer body of text on Facebook. Researchers from verification and citizen-journalism platform Bellingcat debunked the photo after someone else tweeted it, claiming a video was live drone-attack footage over Mosul, Iraq.

Whatever those other photos are from, it's clear they are not from American forces happily supporting ISIS. We've done bad things in this country, but this claim is simply off the reservation.

Russia, for its part, deleted the debunked photo, but maintained the claim that America is now helping ISIS in the Middle East. Maybe we can grab a couple of stills from The Adventures of Rocky and Bullwinkle as evidence that Russians are committing mass genocide of all moose and squirrel.

Permalink | Comments | Email This Story

As websites increasingly struggle to keep the lights on in the age of ad blockers, a growing number of sites have increasingly turned to bitcoin miners like Coinhive. Such miners covertly use visitor CPU cycles to mind cryptocurrency while a user is visiting a website, and actively market themselves as a creative alternative to the traditional advertising model. And while this is certainly a creative revenue generator, these miners are increasingly being foisted upon consumers without informing them or providing an opt out. Given the miners consume user CPU cycles and a modest amount of power -- that's a problem.

The Pirate Bay was forced to disable its bitcoin miner back in September, after users complained it was eating up to 90% of their available CPU cycles. Showtime was similarly caught using a bitcoin miner on two of its domains, and has yet to provide any detail on why it launched the miners or refused to inform visitors they were running. More recently, Trend Micro unveiled that at least two Android apps -- downloaded up to 50,000 times from the Google Play store -- were covertly putting crypto miners inside a hidden browser window:

Recently, we found that apps with malicious cryptocurrency mining capabilities on Google Play. These apps used dynamic JavaScript loading and native code injection to avoid detection. We detect these apps as ANDROIDOS_JSMINER and ANDROIDOS_CPUMINER

[...]

This JavaScript code runs within the app’s webview, but this is not visible to the user because the webview is set to run in invisible mode by default. When the malicious JavaScript code is running, the CPU usage will be exceptionally high.

The explosion in bitcoin miners is both above and below board. There's indication that the bitcoin miners running on Showtime's domains were the result of a website hack. More recently, researchers from security firm Sucuri discovered that at least 500 websites running WordPress had been hacked, and that other publishing platforms including Magento, Joomla, and Drupal were also being consistently abused. Reddit users this week documented how Choice Hotels (owner of Comfort Inn) websites have also been compromised with cryptocurrency miners the company itself seems oblivious to.

Political fact-checking website PolitiFact also recently acknowledged it was hacked by intruders who installed bitcoin miners that quickly gobbled up visitors' CPU cycles without permission:

BREAKING NEWS: #Coinhive found on official @PolitiFact website in latest case of #cryptojacking. pic.twitter.com/czGc5aaug7

— Bad Packets Report (@bad_packets) October 13, 2017

Not too surprisingly, security firms like Malwarebytes have started blocking the miners:

The reason we block Coinhive is because there are site owners who do not ask for their users' permission to start running CPU-gorging applications on their systems. A regular Bitcoin miner could be incredibly simple or a powerhouse, depending on how much computing the user running the miner wants to use. The JavaScript version of a miner allows customization of how much mining to do, per user system, but leaves that up to the site owner, who may want to slow down your computer experience to a crawl.

And while these tools help some with malicious installs and hacks, plenty of websites still appear to think it's a good idea to run the miners without notifying users or providing a functioning opt out. Which means there are plenty of folks busy trying to combat the rise of ad blockers -- by engaging in the exact same behavior that caused the rise of ad blockers in the first place.

Permalink | Comments | Email This Story

Just in time for the travel season to kick in, the TSA is operating at peak efficiency. Streamlining travelers' pre-boarding procedures this year -- just like every year preceding it -- will be the agency's inability to keep dangerous items from making their way onboard.

Two years ago, the TSA's Inspector General discovered it could sneak contraband -- including explosive devices -- past the agency's pizza box recruits 95% of the time. A follow-up audit two years later was just as unimpressive. The IG's "Red Team" audit team called it quits after sneaking 17 of 18 forbidden items past TSA screeners. At 94.4%, it's hard to tell whether this is the TSA's idea of improvement or just the result of a smaller sample size. (The first audit team made 70 smuggling attempts, succeeding 67 times.) Theoretically, given enough attempts, the TSA may have been able to push this number much closer to 100%.

Good news of a sort then: the latest screening sting operation shows exponential improvement by TSA screeners. The problem is multiples of super-low numbers still result in large amounts of failure.

In recent undercover tests of multiple airport security checkpoints by the Department of Homeland Security, inspectors said screeners, their equipment or their procedures failed more than half of the time, according to a source familiar with the classified report.

When ABC News asked the source familiar with the report if the failure rate was 80 percent, the response was, “You are in the ballpark.”

And that ballpark is the Mendoza Line. The TSA can now tell travelers it's capable of batting .200 against would-be terrorists, just as airports begin to see increased amounts of air travel. And that's only at the airport tested. Your travel safety mileage may vary, depending on point of departure.

The report itself remains classified for the time being, presumably at the request of the terminally-embarrassing agency. Hopefully, the Inspector General won't allow this to remain buried for much longer or redacted to uselessness by America's perennial underachiever.

As for the TSA, it says it's definitely going to be buckling down and taking travel safety seriously.

“We take the OIG’s findings very seriously and are implementing measures that will improve screening effectiveness at checkpoints,” said TSA administrator David Pekoske. “We are focused on staying ahead of a dynamic threat to aviation with continued investment in the workforce, enhanced procedures and new technologies,” he added.

It is to LOL. This is a carbon copy of statements made after every egregious security failure by the TSA. The last few years of screening failures show little in the way of improvement. As for "staying ahead of dynamic threats," the TSA certainly can't do that when un-dynamic threats can walk past checkpoints carrying explosive devices. And the TSA isn't actually known for "staying ahead" of anything. Every new dehumanizing procedure and item added to the no-fly list is the result of threats screeners didn't catch before they boarded planes and wreaked havoc.

These are all just words meant to make the agency sound like it truly wishes to serve some higher purpose. But the facts flatly contradict the assertions made by the TSA in the wake of multiple successive failures.

Permalink | Comments | Email This Story

More evidence of high-flying surveillance has been uncovered by public records requests. The Texas Observer reports it has obtained documents showing local National Guard units are in possession of airborne IMSI catchers.

The Texas National Guard last year spent more than $373,000 to install controversial cellphone eavesdropping devices in secretive surveillance aircraft.

Maryland-based Digital Receiver Technology Inc., or DRT, installed two of its DRT 1301C “portable receiver systems” in National Guard aircraft in partnership with the Drug Enforcement Administration, according to a contract between the Texas National Guard and the company. The contract states that the dirt boxes, as they’re often called after the company’s acronym, are for “investigative case analytical support” in counternarcotics operations and were purchased using state drug-asset forfeiture money.

These aren't the first DRT boxes to be exposed via public records requests. Law enforcement agencies in Chicago and Los Angeles are also deploying these surveillance devices -- with minimal oversight and no public discussion prior to deployment. The same goes for the US Marshals Service, which has been flying its DRT boxes for a few years now with zero transparency or public oversight.

The same goes for the National Guard in Texas. There doesn't seem to be any supporting documentation suggesting any public consultation in any form before acquisition and deployment. Not only that, but there's nothing in the documents obtained that clarifies what legal authority permits National Guard use of flying cell tower spoofers.

[T]he Texas National Guard is a military force under the governor’s command, not law enforcement. It’s unclear under what legal authorities the State Guard would be operating to conduct electronic eavesdropping. In 2015, the Justice Department issued guidelines for federal law enforcement agencies requiring that a probable cause warrant be obtained from a judge before using such technology. The Texas National Guard refused to explain to the Observer what steps, if any, it takes to secure a warrant prior to deploying the devices, or where the dirt boxes are being used.

No one knows what guidance the National Guard is operating under, much less what it does with all the cell phone data it hoovers up. It's a black hole and the National Guard refuses to discuss it. While it's undoubtedly true some law enforcement methods need to be kept under wraps, this doesn't mean agencies -- especially those like the National Guard which only play a supporting role in some law enforcement activities -- should deploy mass surveillance tools without some public discussion. Concerns definitely need to be addressed when a military agency gets into the domestic law enforcement business.

Permalink | Comments | Email This Story

This is horrifying: But even with the data we have, we can take a guess at how many outdated devices are in use. In May 2017, Google announced that there are over two billion active Android devices. If we look at the latest stats (the far right edge), we can see that nearly half of these devices are two years out of date. At this point, we should expect that there are more than one billion devices that are two years out of date! Given Android's update model, we should expect approximately 0% of those devices to ever get updated to a modern version of Android. Whenever I bring up just how humongous of an issue this is, and just how dangerously irresponsible it is to let average consumers use this platform, apologists come out of the woodwork with two arguments as to why I'm an Apple shill or anti-Google: Google Play Services and Project Treble. Google Play Services indeed ensures that a number of parts of your entire Android operating system and stack are updated through Google Play. This is a good move, and in fact, Android is ahead of iOS in this respect, where things like Safari and the browser engine are updated through operating system updates instead of through the App Store - and operating systems updates present a far bigger barrier to updating than mere app updates do. However, vast parts of Android are not updated through the Play Store at all, and pose a serious security threat to users of the platform. Google Play Services are anything but a silver bullet for Android's appalling update situation. Project Treble is the second term people throw around whenever we talk about Android's lack of updates, but I don't think people really understand what Project Treble is, and what problems it does and does not solve. As Ron Amadeo explains in his excellent Android 8.0 review: Project Treble introduces a "Vendor Interface" - a standardized interface that sits between the OS and the hardware. As long as the SoC vendor plugs into the Vendor Interface and the OS plugs into the Vendor Interface, an upgrade to a new version of Android should "just work." OEMs and carriers will still need to be involved in customizing the OS and rolling it out to users, but now the parties involved in an update can "parallelize" the work needed to get an update running. SoC code is no longer the "first" step that everyone else needs to wait on. Treble addresses an important technical aspect of the Android update process by ensuring OEMs have to spend less time tailoring each Android update to every specific SoC and every specific smartphone. However, it doesn't mean OEMs can now just push a button and have the next Google Android code drop ready to go for all of their phones; they still have to port their modifications and other parts of Android, test everything, have it approved by carriers, and push them out to devices worldwide. Project Treble addresses part of the technical aspect of Android updates, but not nearly all of it. While Treble is a huge improvement and clearly repays a huge technical debt of the Android platform, it doesn't actually address the real reason why OEMs are so lax at updating their phones: the political reason. Even in the entirely unrealistic, unlikely, and honestly impossible event Treble solves all technical barriers to updating Android phones, OEMs still have to, you know, actually choose to do so. Even the most expensive and brand-defining Android flagships - the Note, Galaxy S, LG V, and so on - are updated at best only six months after the release of a new version of Android, and even then, the rollout usually takes months, with some countries, regions, carriers, or phones not getting the update until much, much later. This isn't because it really is that hard to update Android phones - it's because OEMs don't care. Samsung doesn't care. LG doesn't care. HTC doesn't care. They'd much rather spend time and resources on selling you the next flagship than updating the one you already paid for. Treble will do nothing to address that. But let's assume that not only will Treble address all technical barriers, but also all political barriers. Entirely unlikely and impossible, I know, but for the sake of argument, let's assume that it does. Even then, it will be at best four to five years before we experience these benefits from Treble, because while Treble is a requirement for new devices shipping with Android 8.0 out of the box, it's entirely optional for existing devices being updated to 8.0. With the current pace of Android updates, that means it will be no earlier than four to five years from now before we truly start enjoying the fruits of the Treble team's labour. At that point, it will have been twelve to thirteen years of accumulating unupdateable, insecure Android devices. The cold and harsh truth is that as a platform, Android is a mess. It was quickly cobbled together in a rushed response to the original iPhone, and ever since, Google has been trying to repay the technical debt resulting from that rushed response, sucking time and resources away from advancing the state of the art in mobile operating systems. As an aside, I have the suspicion Google has already set an internal timeline to move away from Android as we know it today, and move towards a new operating system altogether. I have the suspicion that Treble isn't so much about Android updates as it is about further containerising the Android runtime to make it as easy as possible to run Android applications as-is on a new platform that avoids and learns from the mistakes made by Android. Each and every one of you knows I'm an Android user. I prefer Android over the competition because it allows me to use my phone the way I want to better than the competition. Up until recently, I would choose Android on Apple hardware over iOS on Android hardware - to use that macOS-vs-Windows meme - any day of the week. These days - I'm not so sure I would. Your options as an Android user today? A Pixel phone you probably can't buy anyway because it's only available in three countries, and even if you can buy it, it falls apart at the seams. You can buy a Samsung or HTC or whatever and perpetually run outdated, insecure software. Or you can buy something from a smaller OEM, and suffer through shady nonsense. You have to be deeply enveloped in the Android bubble to not see the dire situation this platform is in. Read more on this exclusive OSNews article...

Re:scam is an artificial intelligence system developed to toy with scammers automatically for as long as possible. You just forward a scam email to me@rescam.org and the system will get started wasting a scammer's time. Details while I forward literally every single work email I've ever gotten:

Re:scam can take on multiple personas, imitating real human tendencies with humour and grammatical errors, and can engage with infinite scammers all at once, meaning it can continue any email conversation for as long as possible. Re:scam will now turn the tables on the scammers by wasting their time, and ultimately damage the profits for scammers... The aim is to waste the time of scammers, without wasting a second of yours. When you forward an email, you believe to be a scam to me@rescam.org a check is done to make sure it is a scam attempt, and then a proxy email address is used to engage the scammer. This will flood their inboxes with responses without any way for them to tell who is a chat-bot, and who is a real vulnerable target. Once you've forwarded an email nothing more is required on your part, but the more you send through, the more effective it will be.

Fun. I only wish you got a log of the conversation as it happens. I want to make sure my anti-scam bot is living up to my high standards of scammer-scamming, you know? I'm just saying, one time I scammed a scammer so hard he wired me his life savings AND I'm dating his mom now. Keep going for a video about the service. Thanks to mof and Erica J, who wish scamming scammers was a full-time job you could get paid to do, because that would be fun and rewarding.

I live in Baltimore, MD (more specifically Fells Point) where local Facebook groups (shoutout to Canton Neighbors) see a recurring deluge of “Package got snatched from my stoop” posts. I’ve been a victim several times and as a person who works from home, I can only imagine the irritation of attempting to get deliveries for typical day-jobbers.

That’s why when Amazon announced the Amazon Key, I instantly purchased it. The concept is simple: Amazon grants delivery people 1-time access to your front door through their app (tied to your order) and as soon as the door unlocks, your connected camera begins recording. You can watch the delivery live if you’d like but it also saves the video in the cloud for further review. The delivery person opens the door, sets the package(s) inside, closes the door, locks the door through the app, and your transaction is complete.

I know a lot of people are considering getting Amazon Key but are waiting for reviews, so I thought I’d share my first thoughts after purchasing, installation, and setup.

Before you buy

Before you purchase Amazon Key (it’s $250 on Amazon.com) you’ll want to scope out your layout to make sure setup is possible. You’ll need to decide on a few key things (pun intended):

1. Select the right smart lock
2. Make sure it works with your door hardware
3. Decide where to put the camera
4. Make sure it’s available in your zip code

We’ve already suggested the Best Smartlock for Amazon Key (I got the Yale) and you’ll have to check your zip before you buy, leaving door hardware and camera positioning as remaining decisions.

Amazon offers a free installation option and you should 100% take them up on this option- it worked beautifully for me and offers protection if something doesn’t work quite right.

What comes in the box?

The box arrived a couple days before my installation appointment and simply has two things inside:

• Smart Lock with installation accessories (Amazon Key Edition)
• Cloud Cam with cables and mounting plate (Amazon Key Edition)

I resisted the temptation to tear open the boxes and waited until my appointment.

Who installs the Amazon Key?

In my case, a scruffy guy (only outscruffed by me) with a Dish TV shirt rang my doorbell at 8AM and immediately got to work. Dish TV has a broad network of installers that are sub-contracted for work like this and I (not surprisingly) was the first Amazon Key installation in Baltimore.

In your area you may have a different company contracted to do the work, but installation is free… mostly. I’ll explain one “hidden cost” below…

Installing the Smart Lock

This process took about 30-minutes and we faced a few troubleshooting issues.

I’ve previously installed a Schlage Smart Lock so I know these things can be finicky. The smart lock needs to align almost perfectly when the door is closed or the locking mechanism will jam at the smallest bit of resistance.

In my case, bulky weather stripping on the door prevented the door from easily auto-locking. I got accustomed to pushing the door in when I lock it by hand but obviously, your smart lock needs to work without human interaction. As a temporary solution, I removed the strike plate and will find a better fit (for either the weather stripping or strike plate).

Your lock strike plate may also be a couple centimeters off, the door frame could be warped, or some other issue could require tinkering from a handy person who can think on their feet. If that’s not you, all the more reason to use the free installation.

I just admit- part of the reason I purchased the Yale is because the color matches my door exceptionally well. It’s pretty, ain’t it?!

After the smart lock was physically installed I downloaded the Amazon Key app and got it going. It had me jump through the typical hoops:

• Connect to WiFi
• Generate your door’s master password
• Name your lock/door

And in a couple short minutes I was ready to install the Cloud Cam.

Installing the Cloud Cam

The main issue with the Cloud Cam is that it needs to be plugged into an electrical outlet. The camera itself has a MicroUSB port that connects to a wall adapter. So you basically need to find the wall outlet nearest to your front door that will allow you to get a clear picture of the entire door/entry.

Hidden Cost

The Amazon Cloud Cam isn’t too attractive in the first place, but having an obnoxious white wire running across your wall to get electricity is pretty terrible. In the best case scenario you can hide the wires inside the wall. If you can’t do that yourself, whoever is installing your Amazon Key may be able to offer you this service at an additional charge.

Dish TV charged me $100 to hide the wires and made an appointment to do so the following morning (I’ll update this post with how that went).

Camera orientation

For the time being, I propped my camera above the doorframe on a pull-up bar so it looks down on the front door (as you’ll see from the video).

To get a better look at the back of the camera, I set it on a stool and aimed it at the door- this is NOT how I have it set up but I wanted to show the USB wires and the back speaker grille. This is very convenient for emitting sound through the rest of the house.

Connecting the camera to the app

After you plug in the camera and turn on your phone’s bluetooth, you’ll be guided through some more simple steps. It’ll show you a live feed from the camera so you can make sure the entirety of your entryway is included in the picture (this is of huge importance). If anything goes wrong, you want the to make sure the footage is clear and accurate to support any claim you make.

In-Home Delivery option when buying

As soon as you’ve got your Amazon Key set up you’ll begin seeing “In-Home Delivery” selected as the default option for many products. I wanted to test the service immediately so I found something available for same-day delivery and purchased right away. It was this Professional Chef Knife by Soufull for 20 bucks as one of Amazon’s Lightning Deals of the day.

You’ll then get the typical myriad of messages about purchase, delivery, and tracking via E-Mail, the Amazon Shopping app, Text Message, and through the Amazon Key app. This would normally be annoying, but I prefer to be annoyed when it comes to deliveries, and you can adjust notification preferences as you see fit.

You can also REFUSE in-home delivery if you originally opted for it but don’t want visitors for some reason.

Was our Amazon Key Delivery Successful???

I’ll be updating this post, sharing how the delivery went, and publishing a full review in the next few days. If you’d like to follow along please:

• Like us on Facebook
• Follow us on Twitter
• Subscribe on YouTube
• Hit us up on Google+
• Download our app

Why I’m Excited (Amazon Key isn’t Amazon Key)

The best thing about Amazon Key is that it’s NOT just Amazon Key. Your new Smart Lock and the Amazon Cloud Cam work perfectly as standalone smart home solutions- that’s (partially) why I’m so pumped about Amazon Key.

This new setup will allow you to:

• Access your own house with custom pass codes
• Lock/Unlock your house remotely through the app
• Provide neighbors, guests, workers, etc… custom access codes
• Monitor entries/exits through your door in real-time
• View live video and see video recordings of entries/exits

Yes it has the ADDED ability of being certified by Amazon for package deliveries, but the base functionality of the Smart Lock and Cloud Cam are serious improvements for someone interested in making their entire home smarter.

That Amazon Key is only for cities where package thieves prowl is a common misconception. This is a great option for anyone who wants a Smart Home starter-kit of sorts, regardless of whether or not you’ll use Amazon Key. You get the lock, you get the cam, you get free installation, all the features that come with a smart lock and security cloud camera, plus the cutting edge feature of In-House Amazon deliveries- which for me personally is a game-changer.

There are reasons to love Amazon Key and reasons to hate Amazon Key… but until our package arrives we’ll let you debate that in the comments.

Update: Successful Delivery

My package arrived safe and sound- here is the video of the Amazon Key delivery from the Amazon Cloud Cam:

Stay tuned for the full review!

We've reached the point in terrorism hysteria where someone can be prosecuted simply for having a copy of book already owned by millions. Ryan Gallagher details the trial of Josh Walker -- a man who actually left the UK to fight against terrorists, only to be charged under the nation's terrorism laws when he returned.

Police had arrested Walker when he arrived at the airport. They later searched his apartment, turning up a copy of the infamous “Anarchist Cookbook,” which contains bomb-making instructions along with information about how to eavesdrop on phone calls and commit credit card fraud. Walker was accused of violating the Terrorism Act because he possessed information “likely to be useful to a person committing or preparing an act of terrorism.” He faced the possibility of a 10-year jail sentence.

Walker didn't even possess a physical copy of the book, so to speak. He did what any number of people could have done: downloaded a freely-available PDF and printed it out. Walker downloaded his copy from a local library for use with a role-playing "crisis game" group. He apparently used it to create terrorism scenarios for the group to work with. This was corroborated by statements from other members of the group.

Not wishing to alarm outsiders, the group routinely destroyed its notes and other documents post-game. This was the direct result of being previously reported to the police by a janitor who came across notes the group left behind after role-playing a terrorist attack. Apparently, Walker forgot to toss his printed Anarchist Cookbook PDF into the fire with the rest of the prep materials.

The prosecution claimed Walker retained his copy of the book -- again, a book anyone can download from the local library -- because he was "curious" about the contents. More ridiculously, the prosecution suggested the printed PDF Walker had in his bedroom "endangered public safety."

The government apparently wanted to take an actual terrorist fighter down for obtaining a copy of book that's not actually illegal to possess in the UK. But even the government's expert witnesses seemed to feel it's unlikely the book posed any sort of threat.

Walker’s case seemed to strengthen on Wednesday, when Sharon Marie Broome, an explosives expert with the British Ministry of Defence, told the court that while the makeshift explosive instructions in the “Anarchist Cookbook” were “credible,” much of the same information could be obtained from freely available books and academic literature.

Broome said that she had worked for 25 years assessing explosives, sometimes forensically analyzing devices used in real terrorist attacks perpetrated in the U.K. and overseas. Bennathan, Walker’s lawyer, pressed her on whether she had ever encountered a terrorist case that involved the use of the “Anarchist Cookbook.” She could not provide any examples.

Fortunately, there's a happy ending to this story. Walker was found not guilty by the jury. But that this happened at all should be of concern to anyone who thinks the best way to fight terrorism is by expanding the reach and power of the government. Simply possessing something the government finds objectionable is apparently a criminal act in and of itself, even without any evidence suggesting the contents of the book were going to be used nefariously. Walker won't be the last person prosecuted for reading "dangerous" things or thinking "dangerous" thoughts. And it's giving terrorists exactly what they want: a steady pruning of citizens' rights and protections by fear-fueled legislators.

Permalink | Comments | Email This Story

With cameras now becoming a ubiquitous part of our lives thanks to being embedded in nearly every single electronic device we use, it’s no surprise that nude photos can end up online without a person’s explicit permission. The term for this is revenge porn and it typically happens when nude photos that were once consensual are uploaded to social media sites without the subject being aware until it’s spotted by a close friend or colleague.

It’s a very real concern in today’s modern society, so it stands to reason that Facebook is doing something to try and prevent “revenge porn” from being uploaded to its various services like Instagram and Facebook Messenger. Facebook is partnering with an Australian government agency to test a new program to help prevent revenge porn from spreading.

The test program will allow users to upload their nudes and send them to themselves via Facebook Messenger, where Facebook will use its image algorithms to create a digital fingerprint of that image and prevent copies from being uploaded to the service. The idea is that by creating a digital fingerprint of the image as soon as it’s created, you can prevent it from being spread through social media sites as the algorithm matches the copy to the original.

“They’re not storing the image, they’re storing the link and using artificial intelligence and other photo-matching technologies. So if somebody tried to upload that same image, which would have the same digital footprint or hash value, it will be prevented from being uploaded.”

The technology isn’t all that different than Google’s own Content ID that it uses to find copyrighted videos and music that have been uploaded to YouTube so it can remove them automatically at the copyright holder’s request. Content ID is easily spoofed by slowing audio, so hopefully, Facebook has considered that when trying to use algorithms to prevent the spread of a specific image.

What do you think? Would you upload your nudes to Facebook to prevent them from being spread without your permission?

This is the 'Wine Of Sacred Purity Wine Holder Kitchen Decoration Sculpture Statue' designed by DWK and available on Amazon for around $18. As far as wine bottle holders go, this is probably the most unicorn one I've seen. "Because it's a unicorn." We're both very observant. You know what would make it even crazier though? "If instead of wine you made it hold a bottle of its own tears?" You're sick and you need help. Keep going for a couple more shots. Thanks to Hazel, who informed me you're not supposed to give your unicorn wine because it makes them fly shitty.

The last time we talked about Germany's Strafgesetzbuch law, specifically section 86a that prohibits the display of Nazi symbols, iconography, or historical figures with few exceptions, was when Ubisoft accidentally sent the country versions of a South Park video game chock full of swastikas. I feel much the same today about the law as I did then: I get why the law was created, but it's probably time for it to be retired. While the law does make room for Nazi symbols to be displayed for the purposes of art and education, too often those exceptions are either not actually adhered to in real-world examples, while those that might be able to fit their work within those exceptions don't bother trying, too chilled by the law that limits their speech. Coupling that along with the simple fact that German citizens who really want to see Nazi symbols don't have to work particularly hard to circumvent the law resolves the whole matter as being somewhat silly.

And it produces silly results. For instance, the latest game in the Wolfenstein series got around the law with what appears to be the minimum amount of effort possible.

The German Strafgesetzbuch section 86a outlaws the use of Nazi symbols as part of the denazification of the country post World War II. This law covers not only symbols like the swastika, but gestures like the Nazi salute. It doesn’t explicitly prohibit depictions of Adolf Hitler, but nevertheless, Hitler’s appearance in Wolfenstein 2: The New Colossus has been censored: they took his mustache off.

Other than barely changing the Nazi symbols in the game and removing Hitler's initials from what looks to be a monogrammed smoking jacket, that's pretty much it. Compliance with the law resulted in the removal of a 'stache. Meanwhile, anyone playing the game with it's World War 2 themes will know exactly who they are seeing: Hitler.

When a law, well-meaning or not, requires its citizens to be criminally stupid for it to be of benefit, it should be obvious that the law is broken. And it would take someone without a functioning brain to play this scene in this specific game and not realize that Hitler was on the screen. That makes the law useless at anything other than forcing us to notice how much Hitler could have looked just like our own Uncle Larry and causing us to have to deal with that reality.

Again, I understand why the law was created. Even so, it's time to sunset it.

Permalink | Comments | Email This Story

We've noted for months how an unknown party has been using bots to bombard the FCC website with entirely bogus support for the agency's planned attack on net neutrality. Inquiries so far have indicated that whatever group or individual is behind the fake support used a bot that automatically pulled names -- in alphabetical order -- from a compromised database of some kind. Earlier this year one reporter actually managed to track down some of these folks -- who say they never filed such comments or in many instances had no idea what net neutrality even is.

Earlier this year, some reporters discovered that some of the biggest fans of the FCC's myopic assault on net neutrality appear to be dead:

"As the war over the fate of America's free and open internet lumbers on, it appears that opponents of net neutrality will do anything in their power to turn control of the internet over to massive telecom companies—including committing fraud. As detailed in a letter sent to the FCC Thursday morning, people are pissed that their personal information was used without their knowledge to post anti-net neutrality comments to the FCC's website, which includes at least two people who are recently deceased.

Others have since continued to dig through the names used to support Ajit Pai's attack on net neutrality -- and continue to find that many of them had never visited the FCC website, had no idea what net neutrality is, or were no longer breathing. Like John Skalski of Sharpsburg, Georgia -- who back in May purportedly submitted this (factually incorrect) comment to the FCC comment proceeding. Note its content is different from the bot-generated comments that had been methodically submitted already:

Which is interesting because John is, well, dead:

"However, if you go to his house on 11 Tee Pee Row, you will unfortunately speak to a kind person who will tell you that John has been passed away since 2016 and no one else there has the same name. Unfortunately, that is a fake public comment. I found Mr. Skalski’s obituary later:

This is where we'll remind you that the FCC has shown no interest whatsoever in investigating any of this. Similarly, when I contacted the agency to tell them someone else had written a fraudulent comment in my name supporting the attack on net neutrality, I was told there was simply nothing that could be done. Combined with the agency's apparently fabricated DDoS attack, there's more than a few indicators that the agency is eager to malign the integrity of the public feedback period in order to try and downplay the massive public backlash to its handout to the telecom industry.

Since the FCC is expected to unveil its full plan ahead of Thanksgiving for what will likely be a vote right before Christmas, contacting your lawmakers on this subject remains of utmost importance. Should the FCC decide to ignore the public and dismantle the protections anyway, it seems more than likely that this recent necromancy will play a starring role in the inevitable lawsuits to come.

Permalink | Comments | Email This Story

Do the police in Fairfax County, Virginia really not know about the 1st Amendment? It certainly appears that way after watching the video of them violently arresting a reporter named Mike Stark, who was trying to cover the gubernatorial campaign of Ed Gillespie. Now, because some people will want to mention this, I'll note that the following is (a) true and (b) makes no difference at all to this story: Stark works for a highly partisan website that is strongly opposed to Gillespie. But the points here would be identical if it were a reporter at the other end of the partisan divide following the opposing candidate. The positions of the reporter (or the candidate) are meaningless to the basic question of why the fuck was Mike Stark thrown to the ground, piled on by cops and arrested.

And "fuck" seems to be the key word here. The background is that Stark appeared to be filming Gillespie's bus, and a police office told him to "get out of the road" (from the video it's a little unclear, but it really looks like Stark was standing in what appears to be a driveway, not a road). Either way, he backs up a bit and argues a bit with the cop, most of which is impossible to hear. But you can make out him saying "I'm a fucking reporter doing my job." At that point, another cop says "If you curse again, you're going to go to jail." To which, Stark responds in the most responsible manner possible: "Fuck this." At that point, the one officer points to him and says "Go to jail" and the other moves him up against a fence. The officers appear to have some trouble getting Stark's hands behind his back, though it does not appear due to Stark resisting, just police officers who don't appear to be very good at their job. So they just swipe his legs out from under him, throw him to the ground (hitting his head on the pavement) and then a bunch of other officers run over and they all just pile on Stark, who repeatedly says he'll give them his hands if they just get off him so he can move the arm out.

Eventually, the cop cites Fairfax County Ordinance 511 which does (amazingly) say that "If any person profanely curse or swear or be drunk in public he shall be deemed guilty of a Class 4 misdemeanor." So that law is on the books -- but it's bullshit. There is no way that such a law is even remotely compatible with the First Amendment. And, of course, when actually charged, Section 511 was nowhere to be found. Instead, the cops charged him with the favorite of police who have arrested someone for no cause: "disorderly conduct" and "resisting arrest."

This is... bad. It's a clear First Amendment violation and an attack on a reporter. Others who have been arrested (sometimes on similar charges) for filming in public, have sometimes been successful filing civil rights lawsuits against the cops.

On a separate, but related note, it appears the cops did not realize they were being filmed until towards the end of the video where one of the cops walks over and angrily says to the person holding the camera:

"I'd appreciate it if you didn't film us. Really would. Ok? This job's hard enough. Honestly? It's hard enough."

Yeah, must be real hard when you get to body slam a reporter for daring to say the word "fuck" and then have to answer to public scrutiny for your thuggish violation of his rights. Real tough job.

Permalink | Comments | Email This Story

So if you've followed the debate over net neutrality for much of the last decade, you probably remember images like these, purporting to show what the internet might look like if we let broadband duopolies like AT&T or Comcast dictate internet access pricing structure:

And while these mock ups were tongue in cheek, large ISPs have given every indication that this idea of freedom costing extra isn't too far from their ideal. And abusing a lack of broadband competition to force users to shell out additional funds to access to the content and services of their choice isn't too far off of what has already happened, whether we're talking about AT&T's decision to block Facetime from working unless users shelled out for more expensive plans, or Verizon's recent decision to charge users $10 more just to avoid arbitrary video throttling.

While the EU does have some fairly decent net neutrality rules, countries do have some leeway in terms of enforcement -- especially when it comes to "zero rating" (or the act of imposing usage caps, then exempting your own or a partner's content). So ISPs in Portugal have already started taking advantage of it in a way that eerily echoes the warnings net neutrality advocates have been making for years. Lisbon-based mobile and fixed broadband provider MEO has been selling broadband service tiers for some time that cap your internet data usage, after which they're happy to sell you additional buckets of data depending on which types of services you traditionally use:

It's important to note that capping usage then doling out additional data based on types of content isn't the same idea as blocking users from accessing parts of the internet unless they pay up. Several news outlets have conflated MEO's pricing above with the outright blocking of certain services, which simply isn't the case. Most ISPs realize that outright blocking of content is a PR disaster that's more trouble than its worth.

That said, what MEO is doing is still detrimental to the health of the internet. As we saw with T-Mobile's Binge On program -- which exempted certain video and music services from the carrier's caps, these "zero rating" and usage caps plans are designed to create the illusion of a bargain. But these types of plans not only raise questions about ISP power to dictate which companies and services are whitelisted, but they're based on a fundamentally incorrect premise that these usage restrictions are necessary in the first place.

Usage caps and overage fees aren't based on network or economic realities. They aren't useful to manage congestion. Their entire function is to creatively drive up costs via arbitrary and artificial barriers to entry, after which ISPs convince consumers they're somehow getting a deal by providing additional data "for free" or "at a discount." ISPs have often falsely tried to equate this as the same thing as 1-800 numbers or free shipping, which is bullshit. All that's really happening is that internet access is being artificially limited, and users are being forced to pay more money to access the internet as intended.

While people often like to focus on the threat of ISPs blocking access to content, ISPs know that's a surefire way to earn public scorn. That's why ISPs around the world have long since developed a myriad of more creative ways to (ab)use the lack of competition in the space to ill effect, whether that's imposing arbitrary and unnecessary usage caps and overage fees, exempting an ISPs own services from said caps, or hamstringing competitors elsewhere in the network, as we saw when ISPs began intentionally clogging peering points to drive up costs for streaming competitors and transit operators (interconnection).

With the Trump administration rushing forward with its plan to kill net neutrality here in the States, and a rise in cable's monopoly over fixed-line broadband, you can expect a whole lot more U.S. broadband pricing and package "creativity" in the not so distant future. That may not involve outright blocking your access to content, but it's more than likely to involve entirely arbitrary, uncompetitive and harmful limits you'll be told are somehow necessary and for your own good.

Permalink | Comments | Email This Story

We've long noted how one of the sleazier telecom industry lobbying tactics involves paying minority, diversity, or other groups to parrot policies that actually undermine their constituents, but provide the illusion of public support for shitty positions. Like when the cable industry paid Jesse Jackson to claim that trying to bring competition to the cable box was akin to racism in the 1960's American South. Or when AT&T paid the The Hispanic Institute to support the company's planned acquisition of T-Mobile, ignoring that the deal would have killed tens of thousands of jobs, while driving up wireless rates for all Americans.

Because there appears to be zero public repercussion for this grotesque tactic, it has continued to be highly effective -- and has been of great use to AT&T, Verizon and Comcast as they attempt to gut net neutrality rules. While this sort of group co-opting is always in bad taste, the Intercept noticed that the Verizon-funded National Puerto Rican Chamber of Commerce decided to take things to the next level this week. In an editorial over at The Hill, executive director Justin V&‌eacute;lez-Hagan claimed killing net neutrality would aid storm-stricken Puerto Rico:

"My organization’s interests — especially those of small businesses and entrepreneurs in Puerto Rico who now need to be afforded every advantage and opportunity to grow more than ever before — and our members’ mutual experience have made it clear that the best thing for America’s fragile economy will be for the FCC to continue its plan to repeal the unnecessary regulations."

Vélez-Hagan wrote that the public should back the effort by Pai and others to place the Republican majority in Congress in charge of remaking net neutrality rules. Doing so, Vélez-Hagan wrote, would provide the “incentive for businesses to invest in Puerto Rico (and others impacted by natural disasters) instead of relying solely on relief packages.”

So one, as documented countless times, the claim that modest U.S. net neutrality rules (which didn't go half as far as other international implementations in Canada, India or elsewhere) hurt broadband investment is indisuptable nonsense, a position supported by SEC filings, earnings reports, and ISP executives' own statements. That doesn't stop the broadband industry from paying countless economists, fauxcademics, astroturfers, politicians, diversity groups and other paid policy parrots to repeat this claim ad nauseam -- despite all of them knowing full well it simply isn't true.

Two, the idea that gutting popular consumer protections will magically help Puerto Rico rebuild is both nonsensical and offensive. Many Puerto Ricans continue to struggle to get clean drinking water and medical care, and most telecom services won't be restored until sometime next year. The idea that Puerto Ricans have the luxury to worry about net neutrality right now is obnoxious tone deafness, and the claim that killing effective, useful consumer protections is almost as good as traditional relief funding is both ignorant and dangerous.

Of course, since this cozy quid pro quo is never clearly put into writing, groups like this can usually hide behind a quick "no comment" or some faux breathless indignation at the idea these groups are little more than glorified parrots for industry. Meanwhile, outlets like the Hill are more than happy to print this kind of prattle without the slightest funding and conflict of interest disclosures, only perpetuating the problem.

Permalink | Comments | Email This Story

Two weeks ago, security researchers managed to disable the Intel Management Engine, and last week, Google held a talk at the Open Source Summit (née LinuxCon) in which they unveiled their plans to completely (well, almost completely) replace every bit of code between the operating system you know about (Windows, Linux, BSD, whatever) and the bare metal x86 processor (Intel-only, for now). With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a "Ring -2 hypervisor"). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs. Our answer to this is NERF (Non-Extensible Reduced Firmware), an open source software system developed at Google to replace almost all of UEFI firmware with a tiny Linux kernel and initramfs. The initramfs file system contains an init and command line utilities from the u-root project (http://u-root.tk/), which are written in the Go language. Both the slides from the talk and the video are available.

Apple, AT&T, the FCC and Alphabet's X division have all put into motion efforts to give residents of Puerto Rico more cellular connectivity. Apple has been working with AT&T to extend and activate cell service for users in Puerto Rico. To improve what is a terrible connectivity situation there, it’s going to enable a provisional band of LTE that has been recently approved, but not activated in the US and Puerto Rico, where it has not been licensed. This will allow iPhones to connect to Alphabet X's Project Loon balloons in the region, which were activated today. This should allow users to send text messages and access some critical online services. It's always a welcome change of pace to see companies like this working together to help people in need. Good work, Alphabet/Google, Apple, and AT&T. Now there's a sentence you won't hear very often.

The Trump Administration is continuing its war on leakers. It's probably meant to keep whistleblowers at bay as well. This isn't necessarily a trait unique to Trump's White House. There really hasn't been a whistleblower-friendly administration in pretty much ever, but this particular administration has been awash in leaked documents, each one prompting more severe crackdowns.

But it's going to come to a head at the national security level. The "Intelligence Community" -- sixteen agencies participating and partaking in intelligence analysis and collection under the Office of the Director of National Intelligence -- is basically ousting its internal oversight. Jenna McLaughlin, writing for Foreign Policy, has the details.

[Dan] Meyer, whose job is to talk to intelligence community whistleblowers, can no longer talk to whistleblowers. He has been barred from communicating with whistleblowers, the main responsibility of his job as the executive director for intelligence community whistleblowing and source protection. He is currently working on an instructional pamphlet for whistleblowers, and he will have no duties to perform after he’s completed that work.

He can also no longer brief the agencies or the congressional committees on his work as he’s done in the past, send out his whistleblower newsletter, or conduct outreach. And he has no deputy or staff.

This is the end result of internal struggles and the continual sidelining of the so-called "proper channels." They weren't worth much when Snowden decided to leak. They were relatively worthless when others leaked documents years before Snowden began changing the intelligence community from the far outside. And if they were ever going to be worth anything, that effort has been derailed in favor of hunting down leakers.

This is incredibly stupid. If the administration wants to stop leaks, one of the better tools is proper channels that actually work -- ones that get results and shield whistleblowers from retaliation. Instead, intelligence officials have decided leaking and whistleblowing are pretty much the same thing and have headed off attempts to build an official whistleblowing outfit worth a damn

What's being ousted, bit by bit, is the IC's Inspector General's office. Elimination of whistleblower outlets may only be part of the plan. Once rendered toothless, it may be prevented from performing other oversight duties. But the war of leakers starts where it always starts: with whistleblowers. If the Inspector General's office is completely neutralized, the only option will be leaking, not exactly the best news for this particularly sieve-like administration.

Permalink | Comments | Email This Story

Because the world is rapidly coming to an end, Private Jet Studio based in Moscow, Russia will rent Instagrammers a grounded Gulfstream 650 jet with professional photographer for 2 hours for around $244 (~$191 if you bring your own cameraman or just plan on taking selfies) so they can trick their followers into thinking they live some sort of luxurious lifestyle. Granted I'm sure there are legitimate photographers who need shots inside or outside a jet for their own purposes, but if you really are just an Instagrammer renting a grounded to fool your followers, you need to take a long hard look at your life, then start living a completely different one. Keep going for a couple more shots of the possibilities. Thanks to Allyson S, who agrees nobody feels good about themselves wearing a fake Rolex.

A lawsuit filed against President Trump alleges a host of First Amendment violations stemming from Trump's Twitter blocklist. According to the suit filed by the Knight First Amendment Institute at Columbia University, an official government account shouldn't be allowed to block users from reading tweets. Sure, there's an actual official presidential Twitter account, but nothing of interest happens there. Everything from retweets of questionable GIFs to arguable threats of nuclear war happen at Donald Trump's personal account. But everything's all mixed together because the president insists on using his personal account (and its blocklist) to communicate a majority of his thoughts and opinions.

The government's lawyers are now forced to defend the president (and his blocklist) from these allegations. It's not an easy job. In fact, as Alison Frankel reports, it requires a significant amount of cognitive dissonance.

First, the government has argued the Twitter account President Trump uses most is not a publicly-owned (read: government) Twitter account.

The brief’s primary argument is that @realdonaldtrump is not a public forum. It’s a private platform governed by the rules of a private company, the Justice Department said. The president opened his account before he was an elected official, the brief said, and his continued operation of the account is not a right conferred by his election to the presidency. “The president does not operate his personal Twitter account by virtue of federal law, nor is blocking made possible because the President is clothed in Article II powers,” the brief said.

This makes some sense, even if Trump's use of this account to announce positions on issues and potential government action undermine the "not a public forum" argument. He did have this account prior to the presidency, but perhaps he should have abandoned it for the official presidential account once he took office. Even though this argument is somewhat credible, the next argument from the government almost completely undermines it.

President Trump, in other words, is not flexing his presidential power when he tweets as @realdonaldtrump, according to the Justice Department. But at the same time, Justice argued in the summary judgment brief, the president can’t be sued for posting to his private account because he’s acting as the president.

He's not the president (so to speak) when he tweets from his personal account. But he is the president, so he can't be sued. No matter how many accounts he blocks. The president, according to White House counsel, is able to occupy two states simultaneously thanks to the magical powers of Twitter.

It sounds ridiculous (and it is), but as Frankel points out, seemingly contradictory arguments are made all the time at this point in the pleadings. The judge is one that decides which arguments move forward -- sometimes even without calling out lawyers for arguing against their own arguments.

Stripping the case of all legalese, the account Trump prefers to use should be considered an official account. And if it's an official account, Trump needs to lay off the "block" button. You can't force citizens to jump through hoops to view proclamations made in a de facto public square. Even if Trump can't be sued, he should at least lift the blocks. It's not very presidential to pointedly lock certain people out of public discussions.

Permalink | Comments | Email This Story

A few weeks ago, we wrote about a hellishly sketchy plan by a drug company, Allergan, to avoid the process as known as "Inter Partes Review" of its weak patents. In the weeks since that post a bunch has happened, but before we catch you up, a refresher is important. One of the biggest problems of the patent system for years has been the US Patent Office's willingness to grant terrible patents. This is only partially the Patent Office's own fault -- as some of it is just the nature of how our patent system is designed. As it is, patent examiners have limited time to review patents, and all of the incentives are to approve them, rather than reject them (a rejection can be endlessly appealed, granting gets it off the examiner's plate and improves the "productivity" of the office). On top of that, there's no adversarial process -- an examiner only gets info on why the patent should be granted, and not reasons it shouldn't. In an age where unscrupulous patent attorneys push to patent absolutely everything and many view patents as a lottery ticket, you have a situation where an overwhelmed Patent Office is approving a ton of bad patents, and letting the courts deal with it down the road.

That, of course, has been a disaster for actual innovators who don't have time and money to waste in court fighting bogus patent lawsuits. In the last round of patent reform, the America Invents Act, in 2010, a small, but smart, change was added to the system: the IPR setup. The idea was that it was a way to get a tribunal at the patent office to take another look -- by creating the adversarial process that is lacking from the original patent review process. This enables third parties to raise issues about the patent to the tribunal -- called the Patent Trial and Appeal Board (PTAB) -- and lets the PTAB review whether the patent should have been granted in the first place. Many patent system supporters hate the whole IPR thing, because they don't like the fact that their bad patents can be more easily invalidated. It certainly cuts off one part of the patent troll shakedown game. The Supreme Court is currently considering a case right now to throw out the PTAB as unconstitutional, while Congress has been kicking around ideas to kill it as well.

In the meantime, though, some lawyers have come up with a truly sneaky, and truly awful "work around" that they've basically now productized. After a decision by the PTAB earlier this year to refuse to even hear an IPR request involving a patent held by the University of Florida after the University (a part of the state of Florida) argued "sovereign immunity", lawyers realized that anyone could get out of the IPR process if they just "sold" their patent to a government entity who could claim sovereign immunity. From there is was only a few logical leaps to realize that Native American nations could claim such sovereign immunity. Hence, the deal to "sell" Allergan's patents to the St. Regis Mohawk Tribe.

Basically everyone recognizes this is a sham sale. The St. Regis Mohawk Tribe has no interest in this patent. Or the other patents its now "buying." It just gets some cash, which the original patent holder finds worth paying because it helps them avoid the IPR process. Everything gets "licensed" back to the original patent holder anyway, so the actual transaction is quite clear: patent holders paying Native American tribes solely to avoid a review by the patent office of their sketchy patents.

When the Allergan deal became public, lots of people grew concerned. It seemed like such a naked attempt to game the system. The House Oversight Committee began investigating the issue, noting its serious concerns with what was happening.

On top of that, the issue flowed into the case involving the patents in question. Remember: the IPR process is handled at a special tribunal at the patent office. But there can still be lawsuits going on in parallel, and that's what was happening with Allergan in its patent fight against Teva Phramaceuticals (who is challenging the validity of Allergan's patents). The case still goes on no matter what happens with the IPR process, but Teva raised the issue of whether or not the Mohawk tribe now needed to become a plaintiff in the case too. After a pretty quick back and forth of papers flying in the court, the judge has, in fact, added the tribe as a plaintiff to the case, while issuing an order that raises serious concerns about this practice of laundering the patents through a Native American tribe to avoid IPR. While the court doesn't directly claim that the transfer is invalid, it certainly suggests the court does not look kindly on the practice:

The Court has serious concerns about the legitimacy of the tactic that Allergan and the Tribe have employed. The essence of the matter is this: Allergan purports to have sold the patents to the Tribe, but in reality it has paid the Tribe to allow Allergan to purchase—or perhaps more precisely, to rent—the Tribe’s sovereign immunity in order to defeat the pending IPR proceedings in the PTO. This is not a situation in which the patentee was entitled to sovereign immunity in the first instance. Rather, Allergan, which does not enjoy sovereign immunity, has invoked the benefits of the patent system and has obtained valuable patent protection for its product, Restasis. But when faced with the possibility that the PTO would determine that those patents should not have been issued, Allergan has sought to prevent the PTO from reconsidering its original issuance decision. What Allergan seeks is the right to continue to enjoy the considerable benefits of the U.S. patent system without accepting the limits that Congress has placed on those benefits through the administrative mechanism for canceling invalid patents.

If that ploy succeeds, any patentee facing IPR proceedings would presumably be able to defeat those proceedings by employing the same artifice. In short, Allergan’s tactic, if successful, could spell the end of the PTO’s IPR program, which was a central component of the America Invents Act of 2011. In its brief, Allergan is conspicuously silent about the broader consequences of the course it has chosen, but it does not suggest that there is anything unusual about its situation that would make Allergan’s tactic “a restricted railroad ticket, good for this day and train only.”...

Although sovereign immunity has been tempered over the years by statute and court decisions, it survives because there are sound reasons that sovereigns should be protected from at least some kinds of lawsuits. But sovereign immunity should not be treated as a monetizable commodity that can be purchased by private entities as part of a scheme to evade their legal responsibilities. It is not an inexhaustible asset that can be sold to any party that might find it convenient to purchase immunity from suit. Because that is in essence is what the agreement between Allergan and the Tribe does, the Court has serious reservations about whether the contract between Allergan and the Tribe should be recognized as valid, rather than being held void as being contrary to public policy.

The court doesn't go quite that far, noting that it doesn't need to determine this issue at this time, and the issue maybe better suited for the PTAB rather than federal court, but it certainly is noteworthy to see such strong language condemning the plan. Of course, that ruling was probably the least of Allergan's worries, as at the same time, the judge also invalidated the patents in question for obviousness. This post is about a different aspect of Allergan's sketchy plans, so we won't even bother digging into the 100+ pages in the judge's decision on this, other than to note that it appears to include even more sketchy behavior on the part of Allergan.

Of course, this is not stopping others from following in Allergan's footsteps. Just days after that court ruling, the very same "Mohawk Tribe" had magically teamed up with a company called SRC Labs, and filed a patent infringement case against Amazon and Microsoft. SRC Labs, if you're wondering, appears to be the estate of Seymour Cray, the founder of Cray Inc. (who was just involved in another important case unrelated to all of this). And, this is not the only such case.

It's hard to see this loophole lasting very long. Hopefully the IPR process survives the various challenges its facing, but on top of that, hopefully the PTAB and/or the courts, shut down this obvious gamesmanship for patent holders to avoid accountability.

Permalink | Comments | Email This Story

The NYPD is actively opposed to transparency. It does all it can to thwart outsiders from accessing any info about the department's inner workings. This has led to numerous lawsuits from public records requesters. It has also led to a long-running lawsuit featuring the Bronx Defenders, which has been trying to gain access to civil forfeiture documents for years.

The NYPD has repeatedly claimed it simply cannot provide the records the Bronx Defenders (as well as other records requesters) have requested. Not because it doesn't want to, even though it surely doesn't. But because it can't.

The department has spent $25 million on a forfeiture tracking system that can't even do the one thing it's supposed to do: track forfeitures. The Property and Evidence Tracking System (PETS) is apparently so complex and so badly constructed, the NYPD can't compile the records being sought.

Oddly enough, the Bronx Defenders has pieced together enough data from the NYPD's broken PETS (along with other public records) to at least point out the glaring discrepancy between what the department publicly claims it has in its forfeiture accounts and what the database says it does.

At the hearing, the NYPD claimed that it only legally forfeited $11,653 in currency last year — that is, gone to court and actually made a case as to why the NYPD should be taking this money.

[...]

In the accounting summaries which the Bronx Defenders submitted as part of its testimony, the NYPD reports that as of December 2013, its property clerk had almost $69 million in seized cash on hand. This amount had been carried over from previous years, showing an annual accumulation of seized cash that has reached an enormous amount. The documents also show that each month, the five property clerk’s offices across the city took in tens of thousands of dollars in cash, ultimately generating over $6 million in revenue for the department.

When pressed in court, NYPD experts claim the NYPD lacks the expertise to extract the sought data from its forfeiture database. These assertions are at odds with the NYPD's self-perception: that it is fastest and smartest law enforcement agency in the US (better than the FBI, in fact) and foreign governments should be grateful its officers and analysts are showing up uninvited at scenes of overseas terrorist attacks.

Somehow, these highly-trained officers are unable to extract data from a $25 million database. Maybe it's not the lack of talent. Maybe it's the lack of desire. Maybe the NYPD has zero interest in tracking this data because it doesn't want the public to see how much it has hoovered up or make it any easier for citizens to challenge forfeitures.

The lawsuit continues, with the NYPD continuing to top itself with each round of expert testimony. As Adam Klasfield reports for Courthouse News, the NYPD's $25 million database is worth even less than previously assumed.

New York City is one power surge away from losing all of the data police have on millions of dollars in unclaimed forfeitures, a city attorney admitted to a flabbergasted judge on Tuesday.

“That’s insane,” Manhattan Supreme Court Judge Arlene Bluth said repeatedly from the bench.

It is insane. There's no way around it. The assumption would be that a $25 million database has built-in redundancy. But of course it wouldn't. Not with the NYPD running it and not with its active disinterest in providing records to records requesters or having any accountability present in its forfeiture system.

And why should the NYPD fix it? From its perspective, this is fine. Data goes in and never comes out. If it all disappears because someone trips over the power cord, the NYPD suffers no negative consequences. Everything it has taken over the years defaults to the NYPD until proven otherwise by claimants. And that's going to be a lot tougher to do when the NYPD has no records related to the forfeiture.

The court is in no position to do anything about this. It can't order the NYPD to fix its system. All it can do is demand it comply with records requests and pay the legal fees of prevailing parties. But the NYPD can continue to run a useless system for the rest of whatever. The burden of proof in forfeiture cases is already shifted to claimants. A broken system places even more of a burden on those seeking return of their property, thanks to PETS being unable to confirm or deny existence of responsive records. It's GlomarDb and it makes a mockery of public records laws and due process simultaneously.

Permalink | Comments | Email This Story

I was in the Grand Central Station Apple Store for a third time in a year, watching a progress bar slowly creep across my computer's black screen as my Genius multi-tasked helping another customer with her iPad. My computer was getting its third diagnostic test in 45 minutes. The problem was not that its logic board was failing, that its battery was dying, or that its camera didn't respond. There were no mysteriously faulty innerworkings. It was the spacebar. It was broken. And not even physically broken - it still moved and acted normally. But every time I pressed it once, it spaced twice. "Maybe it's a piece of dust," the Genius had offered. The previous times I'd been to the Apple Store for the same computer with the same problem - a misbehaving keyboard - Geniuses had said to me these exact same nonchalant words, and I had been stunned into silence, the first time because it seemed so improbable to blame such a core problem on such a small thing, and the second time because I couldn't believe the first time I was hearing this line that it was not a fluke. But this time, the third time, I was ready. "Hold on," I said. "If a single piece of dust lays the whole computer out, don't you think that's kind of a problem?" The keyboard on the MacBooks and MacBook Pros is an unmitigated disaster. In pursuit of thinness nobody else is looking for, Apple severely crippled its most important Mac product line - and that's even without taking the Touchbar into account.

Google has announced support for Movies Anywhere, so you can join your Google Play Movies, iTunes, Amazon, and Vudu accounts and access purchased movies on any device no matter where you purchased the content.

A little over a month ago, body cam footage of a police officer trying to bully a nurse into breaking the law went viral. Salt Lake City police detective Jeff Payne wrapped up his failed intimidation attempt by arresting nurse Alex Wubbels for following her hospital's policy on blood draws. If there are no exigent circumstances and the person not suspected of criminal activity, police need a warrant to draw blood.

None of those factors were present when Detective Payne demanded the hospital draw blood from an accident victim. The victim was, in fact, a reserve police officer from an Idaho law enforcement agency, who had been hit head-on by a fleeing suspect. This officer later died from his injuries. He was in a coma when Detective Payne began demanding the hospital hand over some blood, obviously in no condition to consent to the search.

The entire bodycam video of the incident can be seen below.

Payne argued, after being fired for violating department blood draw policies (and for violating a Supreme Court decision, but Payne isn't expected to know the laws directly affecting his position on the PD's blood draw team), he arrested Wubbels because he "didn't want to create a scene" in the emergency room. If he hadn't arrested her, or demanded she violate both the law and hospital policy, there would have been no scene to be concerned about.

Instead, Payne thought he could intimidate his way through this. Now he's out of a job and attempting to sue his way back in. (Side note: Payne also lost his moonlighting gig as a paramedic as the body cam footage also caught him saying he would start routing "good patients" to another hospital and bring Wubbels' ER "transients.")

His lawyer is making a hell of an argument: Payne was unfairly fired because the public saw him violating department policies.

Attorney Greg Skordas, who represents Payne, said his client plans to appeal a firing he considers unfair and over the top. Skordas said Payne would still be employed if the body camera footage hadn't generated so much attention and blown the events out of proportion.

There are (at least) two ridiculous implications contained in this statement.

First is the implication that the only "proper "investigation is one that clears the officer of wrongdoing and/or results in the most minimal of discipline. The second follows the first: Skordas is basically affirming law enforcement agencies rarely hand out proportionate discipline unless forced to by public outcry. Neither are good looks for Skordas, his client, or his former employer.

The internal investigation reached the same conclusions anyone would have after viewing the body camera footage: both Payne and his supervisor, Lt. James Tracy, acted in bad faith during the incident, using both intimidation and a profound -- perhaps even deliberate -- misconstruing of applicable laws in hopes of taking blood from an accident victim (and fellow police officer).

Beneath Skordas' argument is another ugly assertion: his client feels he's being unfairly treated because a police camera captured him behaving exactly the way he behaved when he arrested a nurse for following hospital policy and a Supreme Court decision. Detective Payne deprived someone of their liberty -- albeit briefly -- for daring to stand up for the rights of her patient. That's about as ugly as it gets.

Permalink | Comments | Email This Story

When you've got an official narrative to deliver, you need everyone to pitch in to keep it from falling apart. No one can say ICE didn't try. The Trump administration -- bolstered by supporting statements conjecture from DOJ and DHS officials -- has portrayed undocumented immigrants as little more than nomadic thugs. Unfortunately, there's hardly any evidence available to back up the assertion that people here illegally are more likely to commit serious criminal acts.

Back in February, shortly after Trump handed down immigration-focused executive orders, ICE went all in on arresting undocumented visitors and immigrants. Included in this push was a focus on so-called "sanctuary cities" like Austin, Texas, which had vowed to push back against Trump's anti-immigrant actions.

Emails obtained by The Intercept show ICE doing all it can to prop up Trump's "dangerous criminal" stereotyping. Unfortunately, despite all of its efforts, ICE failed to come across many dangerous criminals during its February sweeps.

On February 10, as the raids kicked off, an ICE executive in Washington sent an “URGENT” directive to the agency’s chiefs of staff around the country. “Please put together a white paper covering the three most egregious cases,” for each location, the acting chief of staff of ICE’s Enforcement and Removal Operations wrote in the email.

It's a good starting point, especially if the administration is relying on you to back up its assertions. ICE was willing to go the extra mile to do just that, apparently.

“If a location has only one egregious case — then include an extra egregious case from another city.”

This is an interesting ploy: cannibalizing nearby cities' reporting in order to present some semblance of an "egregious case" immigrant nightmare --one that would need to be stripped of redundancy before final presentation.

Unfortunately for ICE agents, you can't make something out nothing. Three cases per city proved to be almost impossible. Many raids failed to uncover even one egregious case. With the clock ticking down, some ICE offices decided to grab "egregious cases" completely unrelated to the current operation.

In February 11, an official responded to a colleague’s list of egregious cases by pointing out that they were unrelated to the ongoing operation. “The arrest dates are before any operation and even before the EO’s. What is up with these cases?” the official wrote.

What's up with those cases is there were almost zero new cases to report to the man upstairs. Hundreds of arrests were made, but many involved people with no prior criminal record. In the remaining arrests, most of the priors found were minor violations, with the worst being drunk driving.

Not exactly the "public safety threat" the Trump administration had promised. When it became clear the "egregious case" reports might total only a handful of serious criminal offenses from hundreds of arrests nationwide, ICE quickly applied its own spin.

As criticism escalated, ICE shifted to downplaying the operation as “no different than the routine,” telling reporters that the raids were the same “targeted arrests carried out by ICE’s Fugitive Operations Teams on a daily basis,” and suggesting off the record that claims to the opposite were “false, dangerous, and irresponsible.” As it became clear that dozens of individuals with no criminal history had been apprehended, ICE shifted gears and told reporters that in addition to targeting safety threats, the raids were always meant to target those whose only crimes were immigration-related, like re-entering the U.S. after deportation…

By spinning it this way, ICE can pay needed lip service to the administration's "dangerous immigrants" narrative and portray the lack of egregious cases as the result of the banal day-to-day work of immigration enforcement. But in doing so, it undercuts the narrative it's trying to serve. If there are so many dangerous criminals out there, why isn't ICE focused on them, rather than dozens of people whose only criminal act is a lack of documentation? ICE can't have it both ways. Neither can the White House.

Permalink | Comments | Email This Story