Brindle

The new activist project Intelexit appeals to spy agencies' staff to consider the morality of their surveillance work and offers a way out.

The post This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ appeared first on WIRED.

The Australian government is fighting back against the unrelenting terrorist threat that threatens to consume every Western nation. It, too, has noticed that youngsters and their SnapChats are particularly prone to radicalization from outside forces. As Richard Chirgwin of the Register points out, it has chosen to address this threat to Australian society in the way only a government agency can: with a blend of the bizarre and the tone deaf.

Launched this week by justice minister Michael Keenan (who also glories in the title Minister Assisting the Prime Minister on Terrorism), the Radicalisation Awareness Kit is supposed to help school teachers identify which of their students is going to enter the adult world with a penchant for bomb-throwing.

Cue the cheery faces of unradicalized youth:


The 32-page booklet starts with a long definition of radlicalization, hedged by warnings that not every diversion from the mainstream will result in violence. Then it heads into a series of "case studies" that indicate every deviation from societal norms is a warning sign of impending unlawfulness.

The case studies are the best kind of hilarious: inadvertent.

"Erin" joined a "hate group" and committed crimes against Muslims. After a stay in jail and laying off the booze, "Erin" turned her life around. Not completely, but it's a start.

It is now a number of years since she left the group and Erin has sought treatment for her depression, reconciled with her family, is studying and has made some new friends. However, it was a difficult and slow process. She has moderated her beliefs significantly and makes a point of educating herself on issues rather than just accepting what others tell her. She does not entirely trust the government or police yet – it takes a long time to change some habits of thinking.

If nothing else, this fabricated tale shows the government to be overly-concerned about its place in the world. "Erin" is still partly broken because she doesn't "entirely" trust the government or police. What a shame. But it is hoped "Erin" will be made whole in the near future -- full of trust in the government and prone to only tempered beliefs.

But that's not the worst of it. Much like the Homeland Security Advisor's ridiculous claim that teens acting like teens pose a threat to national security, the Australian government's concerns about future radicalization are also tied to the hallmarks of adolescence.

As Richard Chirgwin points out, the radicalization anecdotes reach their nadir with the story of "Karen," starting with setting these ground rules for Normal Existence.

Karen grew up in a loving family who never participated in activism of any sort.

This is called foreshadowing. Karen soon deviates from her family's path of loving do-nothingness.

When she moved out of home to attend university Karen became involved in the alternative music scene, student politics and left-wing activism.

And there you have it: alternative music is the gateway drug to terrorism. As is politics, oddly enough, considering this narrative has been written by a political agency. And let's not forget the activism -- the kind of thing her normcore family never felt compelled to participate in.

Strangely, the government chalks this up to "normal teenage rebellion" before going on to warn parents about normal teenage rebellion.

One afternoon Karen attended an environmental protest with some of her friends. It was exhilarating, fun and she felt like she was doing the ‘right thing’ for society. She enjoyed spending time with this crowd. Over the next six months Karen progressively dropped out of university in order to live full-time in a forest camp, where she remained for a year. Her family were confused and disappointed and stopped supporting her financially.

:(

You can guess what happened next. Logging operations were screwed with, Karen was arrested multiple times and, finally, she became disillusioned with her radical brethren and sistren. She chucked it all for a staid job at a "mainstream environmentalist organization." Happy endings all around, especially for Karen, who now realized the only way to fight the system was to become part of the system.

She now thinks illegal or aggressive direct-action campaigns only produce short-term solutions, and she is much more interested in working towards developing a sustainable solution using the legal system.

The warning signs the government says to look for are basically A Day in the Life of a Teen.

Issues that can help push someone onto a path of radicalisation may include:

• changes in living or employment
• anxiety, depression, paranoia, suicidal thoughts or other mental health issues
• personal issues such as health problems, addiction, anger or social problems
• dropping out of school or university
• negative changes in friendships and/ or personal relationships
• confrontations with family members
• discrimination and social unfairness
• exposure to hateful attitudes and actions, either as victim or perpetrator, and
• overseas events that may harm their community.

Now, the report does go on to caution that these are normal and don't necessarily signify Early Onset Radicalization. However, the report does make it clear -- especially through its anecdotal evidence -- that these can lead to radicalization when combined with activism, alternative music and an apparently unearned distrust for the government.

Perhaps sensing the sort of response this document might generate, the hefty propaganda leaflet also makes an effort to assure Australians that ASIO (the MI5/FBI of Down Under) is not allowed to crack down on radicalization warning signs -- at least not without going through the pre-lubed proper channels.

There are concerns that ASIO has extraordinary and unaccountable power. A review by the Independent National Security Legislation Monitor has found that ASIO’s powers have been used appropriately and effectively, with no evidence of abuses. As at November 2014, ASIO has not used its powers to detain anyone at all, and has used its questioning powers only 16 times since 9/11.

BUT OF WHAT YEAR?

These questionable anecdotes notwithstanding, the document takes a fairly restrained look at radicalization and its causes. But the nuances of its more cautious wording are undercut by stories that equate trusting your government and steering away from activism with normality, not-so-subtly suggesting any deviations from the norm should be viewed with suspicion.

Permalink | Comments | Email This Story

While most companies tend to go super in-depth about every little feature they stuff into their apps, sometimes they like to leave little surprises or tidbits for us to find ourselves. In the case of Hangouts, you may or may not know that it has a very cool feature that allows you to easily transfer calls from one device to another.

It’s done thanks to the advent of NFC. On a call in Hangouts on your tablet and you need to transfer a call to your phone? Simply hold your devices together so that the NFC chips recognize each other, and the call will be beamed to your phone in effortless fashion, and you’re free to let your tablet’s battery die (if that’s the reason you beamed it) or free it up for other uses.

It’s this sort of cool and convenient functionality that makes us sad devices like the OnePlus 2 opt not to include NFC chips in their phones, and it’s the sort of stuff we’ll always love Android (and Google) for. Give it a try for funsies the next time you’re faced with the need to quickly move from one device to another while you’re on a call.

[via Google+]

Ahmed Mohamed, age 14, arrived at school with a clock sitting inside a pencil box. It was obviously a hoax bomb, which is a Texas thing that allows people who don't possess bombs to be prosecuted as if they did. Fun stuff. I'm sure everyone involved wishes their day had gone another way -- with the exception of Ahmed Mohamed, who has now been invited to Facebook, the White House and MIT. Everyone on the other side of the equation has been invited to do other stuff -- most of it involving nearly-impossible sexual acts or perversely scatalogical feats.

Here's another story about a student with an interest in things school personnel tend to find inordinately worrying. The climate of fear far too many schools actively encourage with zero tolerance policies played a part here, as did law enforcement's worrying willingness to feed off the negative energy this climate generates. On the plus side, overreaction and idiocy played nearly no part in this incident.

Lt. Raul Denis, spokesman for the Horry County Police Department, says someone found the two notebooks containing disturbing material inside a classroom at Forestbrook Middle School. A school resource officer was alerted of the discovery last Wednesday.

The notebooks belonged to an autistic 13-year-old. Here's what police found inside them:

Police say the journals contained information on “sensitive subjects like weapons and explosives science, maps, blue prints, jobs and stories pertaining to a video game called Balloon Tower Defense 5.” Denis said in a release there was also a reference to a school the student had once attended.

The contents have not been published, so we'll never know how much of a threat was posed by the teen's Balloon Tower Defense fan fiction. The "sensitive subjects" deemed "disturbing" by the school are also easily Googled subjects. And this student was hardly the first teen boy to express an interest in weapons and explosives. Perhaps the real problem was the mention of a school, which is like waving a red flag in front of a bull camera in front of a tank factory.

But there's a happy-ish ending to this story. While we may find issue with the contents of the notebook being inherently suspicious, the police did the sort of thing they're supposed to do: they investigated before leaping to ridiculous conclusions.

For a very brief period, the autistic teen was facing charges for "disturbing school." The statute is, as expected, incredibly vague, which makes it a handy thing to use to detain teens with scary notebooks while everything is sorted out.

(A) It shall be unlawful:

(1) for any person wilfully or unnecessarily (a) to interfere with or to disturb in any way or in any place the students or teachers of any school or college in this State

The rest of the statute deals with loitering and "acting in an obnoxious manner."

But this was a very brief detention. The police did all the things they should have done. They determined there was nothing threatening about the contents. They discovered the teen had no access to weapons or explosives. Most importantly, they CONTACTED HIS PARENTS, who explained everything.

“The investigation and examination of the journals found that the child is diagnosed with Asperger’s Syndrome and is highly intelligent, and the journals, which the parents were aware of, are used as a therapeutic/comforting mechanism,” Denis said in a press release. “the child focuses on these subjects because he dreams of being a nuclear engineer.”

At which point, the student was released to his parents and the charge dropped. It would have been better if this could have been conducted without detaining the teen, but considering all the variables, this went about as well as can be expected in the zero tolerance era.

Permalink | Comments | Email This Story

The following companies just betrayed billions of people. Apple, Microsoft, Adobe, Symantec, and a handful of other tech companies just began publicly lobbying Congress to pass the Cybersecurity Information Sharing Act (CISA), a bill that would give corporations total legal immunity when they share private user data with the government and with each other. Many of these companies have previously claimed to fight for their users' privacy rights, but by supporting this bill they've made it clear that they've abandoned that position, and are willing to endanger their users' security and civil rights in exchange for government handouts and protection. Wait, you mean to tell me all that talk about caring about users' privacy was just shallow PR speak gullible people fell for? I'm so surprised.

So just last week, we wrote about the ridiculousness of Presidential candidate Ben Carson threatening a trademark (and copyright and publicity rights) lawsuit against people making Ben Carson (both pro- and anti-) clothing. And, now it appears that Donald Trump is doing the same ridiculous, censorious thing. Fresh off of threatening a completely bogus defamation lawsuit against a critical political organization, Alan Garten, one of Trump's lawyers, fired off a hilariously bogus threat letter to the website StopTrump.us. As you can probably guess, the operators of that site are not fans of Mr. Trump. And, of course, that's both completely allowed and encouraged in a democratic country with freedom of expression.

But not to Donald Trump or his censorious lawyers, apparently. They're claiming it's trademark infringement, as you can see in the ridiculous letter that was sent to the site. Garten throws out lots of scary sounding legal claims -- almost all of which are totally bullshit.

... it has come to our attention that you have registered the Domain Name STOPTRUMP.US and have made a deliberate attempt to sell T-shirts online using TRUMP and DONALD TRUMP brands without any authorization from Mr. Trump. Please be advised that the unauthorized use of this Domain Name infringes upon Mr. Trump's common law and statutory trademark rights in that the name Trump® is protected by US. Trademark Registration No. 3,526,411. Indeed, the Trump® trademark has even been declared "incontestable" by the US. Patent and Trademark Office pursuant to §1065 of the US. Trademark Act (15 U.S.C. § 1065). As such, your use of the Domain Name constitutes a violation of Section 43(a) of the Lanham Act, 15 U.S.C. § 1125(a), entitling Mr. Trump to recover (i) your profits, (ii) any damages sustained by Mr. Trump, and (iii) the costs of bringing an action against you (which may be tripled by the reviewing court).

Your registration (and use) of the Domain Name also constitutes cyber-piracy in violation of the US. Anti-Cybersquatting Consumer Protection Act, 15. U.S.C. § 1125(d). Like the Lanham Act, under Anti-Cybersquatting Act, any person who, in bad faith, registers a domain name that is identical or confusingly similar to the trademark of another person can be held liable for damages -- up to $100,000 per domain. 15 U.S.C. § 1117(d).

Scary, scary and completely bullshit. Law professor Eugene Volokh nicely dismantles Trump's trademark claims, pointing out that political criticism is clearly protected free speech and not covered by trademark. Even if it was, any such lawsuit would fail dreadfully. There's no likelihood of confusion here. There's no dilution (which "expressly exempts uses of a trademark for 'identifying and parodying, criticizing, or commenting upon the famous mark owner or the goods or services of the famous mark owner.'"). Volokh even leaves out the fact that the one registered trademark named only is for "Real estate services, namely, listing, leasing, financing, and managing commercial, residential, and hotel properties." Protesting Trump's political aspirations is none of that.

The cybersquatting claim is also a complete joke. There are so many cases on the books these days saying it's fine to use a trademarked name for criticism, as it's regularly approved for so-called "sucks sites," and there's no way that StopTrump doesn't qualify.

So just this week alone, we've seen Trump and his lawyers make completely bogus threats using defamation law and trademark law to try to stifle political criticism. What's next? Will he ask the FCC to silence his critics? Yup, that too.

I'm curious if there's ever been a Presidential candidate so thin skinned and so willing to make baseless legal threats to stifle pretty ordinary critics?

Permalink | Comments | Email This Story

The Jeb Bush campaign this week unveiled a major part of the candidate's technology platform, and it likely includes taking a hatchet to net neutrality rules. The new policy outline on Bush's website spends some time butchering the very definition of net neutrality as well, parroting several long-standing incumbent ISP narratives that net neutrality is somehow about content companies not paying their fair share, or that modernization of existing rules is somehow "antiquated." Indeed, Bush's definition of net neutrality is rather unique:

"The Federal Communications Commission’s Net Neutrality rule classifies all Internet Service Providers (ISPs) as “public utilities,” subjecting them to antiquated “common carrier” regulation. Rather than enhancing consumer welfare, these rules prohibit one group of companies (ISPs) from charging another group of companies (content companies) the full cost for using their services."

Except as we've been over this ad nauseum; net neutrality isn't about prohibiting ISPs from charging content companies, it's about mammoth broadband providers abusing the lack of last-mile competition to give themselves a leg up in emerging markets. I assume the Bush campaign is referencing the FCC's plan to police interconnection deals between ISPs and the likes of Netflix, something that has actually improved the health of the Internet already. Bush doesn't appear to understand this (or is pretending not to understand this), and proceeds to trot out examples of some poor, little ISPs that will be hurt by the FCC's push to encourage a healthier Internet:

"Small broadband operators—like KWISP (475 customers in rural Illinois) and Wisper ISP (8,000 customers near St. Louis, Mo)—have declared under penalty of perjury that the Net Neutrality rule has caused them to cut back on investments to upgrade and expand their networks."

Any ISP or WISP that has actually cut back on necessary infrastructure investment due the FCC's net neutrality rules frankly either doesn't understand them, or is playing personal partisan patty cake. Even the nation's lumbering mega-ISPs, who've fought net neutrality tooth and nail, have admitted (through their own SEC filings and earnings reports) that their network investment is as healthy as ever. As noted recently, if there are network investment declines, data suggests they've got nothing to do with net neutrality. That net neutrality kills network investment is a dated, disproven dodo that simply won't die.

The Bush policy missive then parrots the idea that the FCC imposed net neutrality rules in "relative obscurity," despite a decade filled will countless open meetings, roundtables, and endless (sometimes nauseatingly so) conversation:

"Agencies today make far more laws than legislators. But unlike courts and legislators, regulators conduct their deliberations in relative obscurity, often outside of the public’s view and effectively accountable to no one, not even the president."

That's just the thing though: net neutrality was passed by regulators only after an unprecedented groundswell of public support demanded protections. It's about protecting consumers and small businesses from the AT&T, Verizon and Comcast's of the world in the absence of competition. Bush is too busy pandering to the mega-ISPs to bother mentioning what his solution for this lack of broadband competition is, or if he's even capable of admitting a lack of competition exists. But in standing up for the mega-ISPs Jeb makes it pretty clear his technology policies are dated somewhere around 2002 or so.

None of this is surprising, since earlier this year Bush proudly declared that net neutrality was the "craziest idea he's ever heard." Of course the craziest idea I've heard is a candidate running in 2016 who thinks it's a smashing idea to defend AT&VerizoCast, and walk back a decade of progress on a subject it's abundantly clear he doesn't actually understand.

Permalink | Comments | Email This Story

Donald Trump may be running for President, but apparently his notoriously thin-skinned approach (along with the quick legal trigger) to handling criticism has not yet gone away. Trump has been fighting with the conservative group Club for Growth for some time, and it put out something of an attack ad against him noting, among other things, that Trump has supported raising taxes (a huge no-no for the Club for Growth) among other things. As political attack ads go, this one is fairly tame. But it didn't stop Trump from having his lawyers send a blustery cease and desist letter to Club for Growth, claiming the ad is defamatory (the letter was first posted by Olivia Nuzzi from the Daily Beast):

Simply stated, your Attack Ad is not only completely disingenuous, but replete with outright lies, false, defamatory and destructive statements and downright fabrications which you fully know to be untrue, thereby exposing you and your so-called "club" to liability for damages and other tortious harm. For example, while your Attack Ad blatantly misrepresents to the public that Mr. Trump "supports higher taxes", nothing could be further from the truth. To be clear, Mr. Trump's tax plan, which is scheduled to be released later this week, supports a lowering of taxes.

Not surprisingly, a closer look at your Attack Ad reveals that your supposed "source" for this statement is -- according to the small print on your website -- nothing more than a single article published in the Advocate on February 15, 2000, which quoted Mr. Trump as supposedly saying he would "impose a one-time net worth tax of 14.25% on the superwealthy ... to pay off the national debt." That's it. While a reputable organization would have at least had the decency to disclose its source -- and the fact that the source article is more than 15 years old -- your pitiful little grup conveniently chose to leave that information out in a delierate attempt to mislead the public into believing that it is reflective of Mr. Trump's current position -- when unquestionably, it is not. Making matters worse, you then chose to appear on several talk shows, including MSNBC's Morning Joe, in which you furthered the erroneous notion that Mr. Trump "supports higher taxes" even though you have absolutely no factual support for that statement. In other words, you lied. Mr. Trump does not support higher taxes. This is the very definition of libel.

Actually, it's not even close to the definition of libel. It's almost certainly not libel at all.

The letter concludes in usual bluster:

In the event, however, we do not promptly receive these assurances, please be advised that we will commence a multi-million dollar lawsuit against you personally and your organization for your false and defamatory statements and the damage you have intentionally caused in my client's interests as well as pursue all other remedies available to us at law or in equity.

You'd think that someone running for president would know better than to totally flip his lid over some random attack ad. You'd think that his lawyer would (1) know that this is not defamation and that (2) threatening as such only gives the original ad much more attention. Trump, as a very public figure, would need to show that the information in the ad was not just false, but that Club for Growth knew it was false and deliberately posted such false information to harm Trump. That's not going to happen, not in the least because there's plenty of evidence to support the claims that Trump has advocated (recently) for higher taxes. The Federalist provides a list of some recent articles:

ABC (Aug. 6): Donald Trump Once Proposed the Biggest Tax Hike Ever
Bloomberg (Aug. 26): Donald Trump says he wants to raise taxes on himself
CNN (Aug. 27): Donald Trump: Tax the rich more
New York Times (Aug. 31): Increase taxes? Talk by Donald Trump alarms G.O.P.
International Business Times (Sept. 8): Elizabeth Warren Praises Donald Trump Tax Plan

Yeah, good luck with that "very definition of libel" thing.

Club for Growth seemed to take the whole thing in stride, tweeting out the following reply: If you can't read it, it says: Short response to @realDonaldTrump Stop Whining. Threatening a bullshit SLAPP suit against a political attack ad that says things that are basically true doesn't seem particularly presidential.

Permalink | Comments | Email This Story

Google Fiber continues to expand and bring much needed competitive pressure to (and public conversation about) duopoly-logjammed broadband markets. Most recently the company stated it was striking preliminary agreements with San Diego, Irvine, and Louisville, negotiating "fiber hut" placement, coordinating install logistics, and getting cities to sign off on franchise deals. The company also recently announced that it had struck a preliminary deal with Tempe, Arizona, laying the groundwork for the deployment of thousands of miles of new fiber in the city, bringing Google Fiber's potential footprint to sixteen cities.

Like any good incumbent broadband ISP, Cox Communications' first reaction wasn't to welcome the challenge of a new competitor, it was to whine like a petulant child about the fairness of it all:

"It's unfortunate that the Tempe City Council is willing to favor a new entrant into the market, and in doing so appears to have violated federal and state law. The waivers granted by the City also give Google Fiber a free pass on obligations that affect public safety; such as emergency alert messaging and protection of subscriber privacy."

Cox has subsequently followed up this early whining with a new lawsuit accusing the Tempe city council of violating the law. According to the suit (pdf), Tempe violated federal law "by establishing a discriminatory regulatory framework" that gives Google Fiber preference over traditional cable companies:

"Tempe’s bald assertion that Google Fiber is not a cable operator is incorrect," Cox argued. "And based on this incorrect assertion, Tempe’s regulatory scheme allows Google Fiber to provide video programming service to subscribers in Tempe under terms and conditions that are far more favorable and far less burdensome than those applicable to Cox and other cable operators, even though Cox and Google Fiber offer video services that are legally indistinguishable."

Here's the thing though: reports out of Arizona indicate that the Tempe city council's vote opened the door for companies like Cox to negotiate their own, new agreements with the city. Indeed, nothing stopped incumbent ISPs from striking new gigabit fiber deployment deals before Google Fiber, they just lacked the competitive incentive to do so. And while some mega-ISPs originally whined about these deals, they quickly quiet down once they realize these new potential deals let them cherry pick broadband deployment (read: just wire high-end developments), something that pre-Google Fiber days used to be considered a bad thing. Note these recent comments by AT&T:

"In the past if we wanted to go into a city environment, the requirement was you build out the entire city," Stephenson explained in a keynote at the J.P. Morgan Global Technology, Media and Telecom Conference. Doing that requires a huge capital investment, one that AT&T felt it couldn't make, he noted. Google's entry into Austin, in particular, enabled AT&T to ask the city for the same terms as Google Fiber received. "Google came in and was very targeted in where they wanted to deploy fiber, and they got municipal endorsement (on that). …We said we'll take the same deal that Google got. And we got the same deal that Google got," Stephenson said."

So yes, under the din of enthusiasm over Google Fiber there is a conversation nobody seems to want to have about the problem of cherry-picked next-gen broadband deployment, but that's obviously not what Cox cares about. Cox sees something in local Tempe law that will allow it to bog Google Fiber's progress in Tempe down in the courts (Google Fiber is also slated for Cox's turf in Phoenix, where it has not filed suit). Cox could simply take Google Fiber's market entry as a challenge to negotiate a new citywide deal and up its own game, but apparently the cable operator thinks that hand-wringing and wasting everybody's time with lawyers is the more sensible tactical option.

Permalink | Comments | Email This Story

The TSA, it appears, is just simply bad at everything. The nation's most useless government agency has already made it clear that it is bad at knowing if it groped you, bad at even have a modicum of sense when it comes to keeping the traveling luggage of citizens private, and the TSA is especially super-mega-bad at TSA-ing, failing to catch more than a fraction of illicit material as it passes by agents upturned noses. And now, it appears, the TSA has demonstrated that it is also bad at pretending to give a shit.

In case you missed the recent news, the TSA's specially designed master key to open all of the specially designed TSA-recognized luggage locks were especially super-hacked by someone with access to such privileged information and equipment as a newspaper subscription and a 3D printer. By using a picture in the Washington Post of a TSA agent's master key and some documents from Travel Sentry, a group that generates and enforces TSA protocols, one security researcher was able to create 3D printer files to create his own master key.

Steven Knuchel, a hacker/security researcher who goes by Xylitol or Xyl2k, used the detailed images obtained from the Travel Sentry website to create the kind of files that 3D printers use to produce models. Since the files were first published, several people have demonstrated that they work, using inexpensive 3D printing plastic called PLA.

So, hey, that's probably bad, right? I mean, here we have the TSA recommending passengers lock their luggage with locks designed with a TSA-backdoor in the form of a master key, and now anyone can make the master key. That would seem to leave thousands (millions?) of passengers' luggage vulnerable to break-in. Not a great look for an agency designed with no other goal beyond security. The TSA response?

“The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security,” wrote TSA spokesperson Mike England in an email to The Intercept. “These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime,” England wrote.

Yes, that's correct. Upon being informed of the TSA lock master key hack, the TSA essentially went with the "we don't give a shit" approach. I will say, at the very least, that it's somewhat refreshing to hear a government representative admit that at least some part of aiport and passenger security boils down to the feel-goods, but I'm of the opinion that a security agency unconcerned about security probably shouldn't be allowed to exist any longer. Especially when that same agency has been touting those same useless locks for years to passengers.

The larger point, of course, is that this is inevitable when you build security with backdoor access.

Nicholas Weaver, a computer security researcher at Berkeley, wrote on the Lawfare blog about the TSA locks and how they are “similar in spirit to what [FBI] Director [James] Comey desires for encrypted phones.”

Xylitol, the GitHub user who published the blueprint of the keys, said that was his point. “This is actually the perfect example for why we shouldn’t trust a government with secret backdoor keys (or any kind of other backdoors),” he wrote in an email to The Intercept. “Security with backdoor[s] is not security and inevitably exposes everyone.”

That's an axiom that other government agencies might want to pay attention to. The breaking of TSA locks wasn't even particularly difficult. If the government truly wants security on the networks of the American people, be the computer, phone, or otherwise, building in government backdoors provides the perfect entry point for bad-actors. If they actually want security, leave the backdoors out, or they risk looking every bit as dumb as the TSA.

Permalink | Comments | Email This Story

This is a video of a guy in a Jeep filming himself drive with a selfie stick. He almost gets impaled by that canoe in the truck in front of him. Man almost dies with selfie stick in his hand -- those might just be the saddest words anybody's ever written. Could you imagine having to explain to this guy's family how he died? You'd have to lie and say he got eaten by alligators trying to rescue a baby. Hit the jump for the video, then don't be a jackass.

Over the last few months, I've heard rumblings and conversations from multiple people within the Obama administration suggesting that they don't support the FBI's crazy push to back door all encryption. From Congress, I heard that there was nowhere near enough support for any sort of legislative backdoor mandate. Both were good things to hear, but I worried that I was still only hearing from one side, so that there could still be serious efforts saying the opposite as well. However, the Washington Post has been leaked quite a document that outlines three options that the Obama administration can take in response to the whole "going dark" question. And the good news? None of them involve mandating encryption. Basically, the key message in this document is that no one believes legislation is a realistic option right now (more on that in another post coming shortly).

That's big!

The document's three options can be summarized as follows:

1. Option 1: Do the right thing, admit that backdooring encryption is a bad idea and dumb, and stand up for real cybersecurity by saying that more encryption is generally good for society. This will make lots of people happy -- including civil liberties folks and the tech industry, and it will also do more to protect the public. It will also help the most with many foreign countries in showing that the US isn't just trying to spy on everyone -- though it may piss off a few countries (mainly the UK) who have doubled down on backdooring encryption. Also, it will undermine China's plan to backdoor encryption as well. Let's call this the right option.
2. Option 2: Yeah, we know what the right thing to do is, but we'll take a half-assed approach to it to try to appease the FBI/law enforcement folks and not come out nearly as strongly against legislation. We'll say there's no legislation, but we'll at least leave the door open to it. In private, we may still push tech companies to backdoor stuff. This will anger lots of folks, but maybe (the administration believes) some civil liberties types will think it's enough of a win to celebrate. Then we pretend that we can hold some sort of "discussion" between people who disagree.
3. Option 3: We totally punt on the issue and don't really say anything. If we do say something, we say that this issue needs a lot more discussion and study (just like people have been saying for the last year). In other words, endless cryptowars with no end in sight.

Clearly, Option 1 is the only sensible option, and the report lays out some pretty strong arguments for why coming out against backdooring encryption would be good. It would actually make the tech industry much more willing to work with the government in productive ways, rather than stupid, privacy and security-destroying ways. It would actually better protect the public and it would stop authoritarian regimes from using our own language against us to break encryption. The cons are basically that law enforcement might whine about it. Well, the administration actually says that it "provides no immediate solution to the challenges that the expanding use of encryption poses to law enforcement and national security" but given that law enforcement still hasn't done a good job showing this is a real problem, that's not really a big deal.

In fact, law enforcement is still relying on made up ghost stories rather than any real evidence that encryption is a problem.

So, now the big question is which option the administration will choose. Will it stand up and take leadership on this issue (Option 1), thereby actually protecting Americans? Or will it do a variety of half-assed measures believing that it has to support "both sides" or some crap like that? From the leaked report, it appears that if it chooses either Option 1 or 2, the White House will make a public statement on the matter within the next few weeks.

Permalink | Comments | Email This Story

Earlier this month, we discussed (or rather, ridiculed) a North Carolina's law enforcement agency's stupid and bizarre prosecution of two teens who consensually sent explicit photos to each other. There was the first (and most familiar) layer of stupidity: the charging of both with distributing explicit material to minors (both teens were 16 at the time of the sexting). Then there was the unexpected stupidity: the charging of both for sexually exploiting themselves. This gained an additional layer of stupidity when the law treated the teens as both minors (being exploited) and adults (doing the exploiting) when processing them.

Most of the charges centered on photos taken of the teens by themselves. These nude pictures of themselves -- possessed by themselves -- were somehow criminal acts. The state's laws have ensured no teen can take/possess a naked photo of themselves without risking being prosecuted as a sex offender, even if they never distribute the photos.

The female half of the sexting duo accepted a plea bargain back in July. It now appears the male participant has done the same. The two plea agreements are substantially similar according to WRAL, which means both teens have been screwed by a "justice" system seemingly obsessed with punishing consensual (and normal) teen behavior -- statutory contortions be damned.

The terms of the plea agreements are extremely onerous, considering the acts were consensual and there was no age discrepancy between the participants. What the teens have agreed to sounds not too different than what's routinely handed to other sex offenders -- except that these teens molested no children, possessed no child porn and performed no acts of sexual violence. Comega Copening, the other participant in this heinous two-person sexting ring will be treated as a criminal not worthy of his own phone for the next 365 days. AND THAT'S NOT ALL...

Judge April Smith, tell him what he's won!

[One] year of probation. During that year... Copening must stay in school, take a class on making good decisions, complete 30 hours of community service, not use or possess alcohol or illegal drugs, not possess a cellphone and must submit to warrantless searches.

The same terms apparently apply to Brianna Denson's plea bargain as well -- as does all the attendant ridiculousness of treating two consenting teens of the same age as child pornographers of each other… and of themselves.

The remaining charge -- the one Denson and Copening have been sentenced for -- is no less ridiculous than the dismissed charges of sexually exploiting themselves. What remains are charges for "disseminating harmful material to minors," which presumes the dissemination itself was harmful, even if it was welcomed and reciprocated.

Permalink | Comments | Email This Story

Politics and intellectual property always get weird and silly, often during Presidential election season. Following on last year's insanity in which Hillary Clinton's PAC tried to take down parodies on CafePress and Zazzle, presidential candidate Ben Carson has apparently decided no one should possibly be allowed to create any kind of Ben Carson merchandise, except for the Ben Carson PAC, and he's decided to list out every possible intellectual property argument he can think of: copyright, trademark, privacy rights. I'm almost surprised he didn't find a way to include patents too.

“The aforementioned action is a violation of the Digital Millennium Copyright Act, The Lanham Act, Federal Trademark Infringement, Federal Copyright Infringement, state misappropriation and privacy laws.”

Except none of that is true. Thankfully, CafePress has been working with Paul Levy from Public Citizen on these issues for many years, and he has sent a reply to K. Clyde Vanel, the lawyer representing the Carson campaign in which he systematically dismantles the arguments made in the letter. As with most letters from Paul Levy (and, yes, he's written one or two on our behalf in the past), it's a work of art. The summary line:

The notion that expressing views about Carson's candidacy violates any of his rights is simply absurd. It is shocking that a lawyer whose web site touts his expertise in intellectual property law would sign his name to such a communication.

Then, let's go one by one through each of the claims to show just how ridiculous they each are. We'll start with trademark. Levy points out that it's true that the "Ben Carson for President 2016" organization has applied for a trademark on a logo for the campaign, but the items they're looking to get taken down do not include that logo.

At most, the items display the phrase "Ben Carson for President 2016," often appearing in the patriotic colors of red, white and blue. Many of them simply use Carson's name, or just his given name or his profession. You cannot use trademark theories to ride roughshod over members of the American public who either share your clients' views and favor Carson's candidacy, or for that matter disagree with their views and oppose Carson's candidacy. They can hardly express their views in that respect without identifying the candidacy about which they wish to speak.

Oh, and you know how SuperPACs need to be entirely separate and independent from campaigns? Well, as Levy notes, if Carson's lawyer's theory is accurate, no SuperPAC can support Carson without violating his trademark:

Moreover, it is very common for people to express their views about presidential candidacies, completely independent of the campaign; this is so common that it defies belief that a reasonably careful consumer would believe that a shirt or bumper sticker advocating your client's election necessarily came from the campaign itself. Indeed, the Super PAC "2016 Committee" carries various wares that display the phrase "Ben Carson for President 2016." E.g., http://store2016committee.org/pins-stickers-and-magnets/. Super PACs have to be independent committees, and cannot coordinate with the official campaign. I assume you are not going to argue that 2016 Committee's use might confuse consumers into believing that Carson or his campaign committee is the sponsor of the PAC. So I doubt that you have any realistic chance of arguing that the items carried by CafePress are likely to cause confusion, a key element of a trademark infringement claim. And because your state law claims regarding misappropriation of name or likeness also require a showing that the use implies that the plaintiff endorsed or authorized the product in question, your inability to show lack of likely confusion condemns those claims as well.

Yes we're this far and we haven't even discussed fair use or that whole First Amendment thing. No worries, Levy's got that covered as well:

More important are the issues of fair use and the First Amendment, which apply equally to your purported misappropriation of name and likeness claims as well as to your trademark claims. Speech about a candidate for president is squarely protected by the First Amendment, hence any effort to use trademark law to quash such uses is highly suspect. Although CafePress users' products are sold, their contents are noncommercial speech, which qualifies for full First Amendment protection.

Okay, next up: privacy rights. Yes, the guy running for President is claiming that T-shirts supporting his campaign for President violate his privacy rights. I'm almost surprised Levy didn't just respond with "Really?":

Your reference to a purported invasion of Carson's privacy is particularly foolish. Given the intense scrutiny that presidential candidates receive in this day and age, it is a matter of some doubt whether any statement about a presidential candidate, especially one who now stands second in the polls of the Republican nomination, could constitute an invasion of privacy, no matter how personal. But there is nothing "private" in the expression contained on the products that CafePress carries-- they are all specifically about the Carson candidacy. That candidacy is certainly not private.

And then the copyright claims. Those should be pretty quick to take care of, because (as you guessed) everything about them is bullshit:

Finally, you make a claim of copyright infringement and claim that the DMCA has been violated. But the DMCA imposes an obligation on the hosts of interactive web sites like CafePress.com only once the purported copyright holder has scrupulously followed the formalities required by 17 U.S.C. §512(c)(3)(A); your email does not meet those requirements. One important flaw in the copyright claim is that you do not identify the specific works that infringe your clients' copyrights, and looking through the various items displayed at http://www.cafepress.com/+ben+carson+gifts, I do not see any materials that are likely to infringe copyrights that your clients own. Most of the items contain some variation of the phrase "Ben Carson for President 2016." That expression lacks sufficient originality for copyright protection. Indeed, if the phrase were copyrightable, your clients might not be the owners of the copyright, because they might not have been the first to fix it in a tangible medium of expression. It is quite possible that some supporter hoping to encourage Carson to run may have written it down before Carson did. That person would own the copyright, if the phrase were copyrightable, and your clients would be among the infringers.

CafePress takes its copyright obligations very seriously. Therefore, I invite you to specify, in detail, the specific works in which your clients claim copyright, so that we can assess whether the inclusion of any copyrighted content in its users' designs might be fair use. Certainly, if you identify any material that genuinely infringes a valid copyright that your clients own, CafePress will take it down.

In closing, Levy points out that way back in 2008, he helped CafePress sue the Republican National Committee for threatening CafePress in a similar manner.

During the 2008 election, the Republican National Committee sent CafePress a series of threats to sue for trademark infringement because CafePress users were having shirts and other items printed with designs expressing views about the Republican Party or various candidates, using the acronym GOP or images of elephants. CafePress eventually had to sue the RNC for a declaratory judgment of non-infringement, and the result was a great deal of embarrassment for the Republican Party; the RNC then retracted its threat, subject to a request that CafePress direct users who, without any other expressive design elements, displayed a particular image of an elephant that the RNC had trademarked, to ask the RNC for permission (the RNC indicated that consent would readily be given).

I trust that Carson will want to save a similar embarrassment for his political campaign. I hope you will issue a prompt retraction of your demand.

Intellectual property sure makes candidates and their lawyers do weird things.

Permalink | Comments | Email This Story

Microsoft has confirmed that Windows 10 is being downloaded to computers whether or not users have opted in. An INQUIRER reader pointed out to us that, despite not having 'reserved' a copy of Windows 10, he had found that the ~BT folder, which has been the home of images of the new operating system since before rollout began, had appeared on his system. He had no plans to upgrade and had not put in a reservation request. I'm sure this is somehow my fault.

YOU WOULDN'T DOWNLOAD A HOUSE.

The defendants shall promptly take the following action in respect of the following external features of the third defendants’ house at lot 23 The Sands Estate Port Douglas:

(a) Feature: Dormer roofs

Action: Remove the dormer roofs.

(b) Feature: Arched and circular windows at the front of the house and such other exterior arched and circular windows as are ordinarily visible from public paths or streets.

Action: Remove and replace with rectangular or square windows and any external remnant space, appearance or outline of the arched and circular window shapes be filled and concealed by rendering.

(c) Feature: Stone edge trim corners at the front of the house and such other stone edge trim corners as are ordinarily visible from public paths or streets.

Action: Grind, cut away or remove the areas of stone edge trim to the extent necessary to render those areas flush with the walls and fill and conceal by render any remnant appearance or outline of the stone edge trim.

This is the opening of a recent decision (sent in by a unnamed Techdirt reader) by the Queensland (AUS) Supreme Court -- the end result of a copyright infringement lawsuit alleging that two builders (James Dormer and Michael Clark) worked in concert with a married couple to construct a copycat house. All of this is absolutely true, including the court's demand that dormer roofs (a fairly common architectural feature, actually) be removed and arched windows be converted to rectangles or squares to turn the house from an infringing edifice into something only faintly echoing the original source.

The events behind this outcome are almost comical. Plaintiff Stephen Coles purchased a house designed by George Skyring because he liked its unique features. Defendants John and Edith Breden also liked the house's unique features, but their bid for the house fell short.

So, the Bredens contacted Port Douglas Builders (who built the home Coles purchased) to construct them a replica version, utilizing the Skyring blueprints. Coles somehow heard about their plan to rob his house of its uniqueness and acquired the copyrights to the design by assignment from Skyring. He told the builders about his acquisition, hoping that this would alter their plans (to use unaltered plans). It had no effect. Construction continued. Litigation ensued.

The court doesn't look too kindly on the defendants' actions (as can readily be inferred from the terms of the judgment). Coles made it clear he didn't want to look out his window and basically see "his" house looking back at him. (The Bredens purchased a lot three houses away from Coles'.) He spoke to the construction company directly to express his concerns and -- after acquiring the copyright for the plans -- asked that the builders provide him with copies of their plans for his approval before construction. PDB's reps -- James Dormer and Michael Clark -- agreed to do so… but never followed through.

Mr Clark testified he received a text from Mr Coles that indicated Mr Coles was away and requested the drawings to be scanned and emailed to Mr Coles. Mr Clark testified they decided to not send such a copy. He testified, most unconvincingly, that their preference was to see Mr Coles face to face and that he anticipated Mr Coles would be in touch when he returned or once the plans were submitted for body corporate approval if he did not like them. I infer the unattractive reality is that knowing they had assured Mr Coles they would provide him with their proposed plans they decided to go back on their word, taking a calculated commercial decision to press on without further reference to Mr Coles.

When Mr. Coles returned from vacation, he saw a concrete slab with fittings in place that looked remarkably like the layout for his house. He again contacted PDB and again was ignored. By the time the lawsuit was filed, the Bredens' new home -- Coles House Mk II -- was nearly complete.

Because the court finds the two houses -- and their underlying plans -- to be substantially similar, James Coles wins the case. So, Coles will go back to the unique house he purchased and the Bredens will go back to their version of the same house, which is due to be remixed into un-uniqueness in the near future.

The discussion of the final judgment is also worth reading. The court finds it difficult to apply an injunction considering the replica house has already been constructed. Short of levelling it and forcing the Bredens to start over (which would inflict damages far in excess of what Coles has actually suffered), the court states that altering certain distinctive features is punishment enough and achieves Coles' original objective: to have a "unique" house. The court also refuses to make the Bredens and the construction company turn over every copy of the original plans, seeing as they might need to be referenced to ensure the ordered alterations can be done without disturbing underlying construction elements.

From the decision, it seems the Bredens themselves had little culpability. How much of Coles' concerns were passed on to the couple isn't detailed and they were not asked to testify. This puts them in somewhat of a bad spot if they were unaware. Obviously, the construction company did everything it could to nail down a second sale of the same house (more or less). Passing up the chance to earn another $1,000,000 is hard to do, even when the threat of litigation lingers in the air.

Australia isn't unique in affording copyright protection to architectural plans and design elements. But it is unusual to see a case being brought by a homeowner rather than a designer and even rarer still to see a copyright judgment result in physical alterations to the exterior features of a constructed residence.

Permalink | Comments | Email This Story

Holly Salzman of Albuquerque, New Mexico went to court to resolve coparenting issues with her ex-husband. The judge ordered Salzman to attend 10 sessions with a counselor named Mary Pepper (Photo).

Read the rest

We talk a lot about police overreacting to things, but this takes things to a new and ridiculous level. The Dallas Morning News released a story last night about police in Irving, Texas, arresting 14-year old Ahmed Mohamed, a freshman in high school, for building a digital clock and bringing it in to school to show his teachers. Ahmed likes to tinker and build electronics. This is the kind of thing you'd think the school and the community would want to encourage. But, instead, he was arrested and sent to a juvenile detention center, suspended from school and the police say they may charge him for making a "hoax bomb." Except it's a clock. He never said it was a bomb. He never implied it was a bomb. Just some teachers and the police freaked out about it.

He kept the clock inside his school bag in English class, but the teacher complained when the alarm beeped in the middle of a lesson. Ahmed brought his invention up to show her afterward.

“She was like, it looks like a bomb,” he said.

“I told her, ‘It doesn’t look like a bomb to me.’”

The teacher kept the clock. When the principal and a police officer pulled Ahmed out of sixth period, he suspected he wouldn’t get it back.

They led Ahmed into a room where four other police officers waited. He said an officer he’d never seen before leaned back in his chair and remarked: “Yup. That’s who I thought it was.”

Ahmed felt suddenly conscious of his brown skin and his name — one of the most common in the Muslim religion. But the police kept him busy with questions.

The bell rang at least twice, he said, while the officers searched his belongings and questioned his intentions. The principal threatened to expel him if he didn’t make a written statement, he said.

“They were like, ‘So you tried to make a bomb?’” Ahmed said.

“I told them no, I was trying to make a clock.”

“He said, ‘It looks like a movie bomb to me.’”

The incredible thing is that the police flat out admit that he never claimed it was a bomb, but they're still considering charging him with making a hoax bomb.

Ahmed never claimed his device was anything but a clock, said police spokesman James McLellan. And police have no reason to think it was dangerous. But officers still didn’t believe Ahmed was giving them the whole story.

“We have no information that he claimed it was a bomb,” McLellan said. “He kept maintaining it was a clock, but there was no broader explanation.”

Perhaps there was no broader explanation because none is needed.

Even more ridiculous: they handcuffed this kid (wearing a NASA t-shirt, by the way) and walked him through the school as they took him away. This picture is shameful.

Ahmed's sister told me to post this. Yes this situation is real for those questioning. pic.twitter.com/Oxd0JxUS6O

— Prajwol/Ru (@OfficalPrajwol) September 16, 2015

You can also see him discuss the invention in this YouTube video: The most depressing part of the news article is how it ends:

He’s vowed never to take an invention to school again.

Curiosity killers.

The school has now doubled down on this move, by sending a letter to parents at the school congratulating themselves for this whole thing:

While we do not have any threats to our school community, we want you to be aware that the Irving Police Department responded to a suspicious-looking item on campus yesterday. We are pleased to report that after the police department's assessment, the item discovered at school did not pose a threat to your child's safety.

Our school is cooperating fully with the ongoing police investigation, and we are handling the situation in accordance with the Irving ISD Student Code of Conduct and applicable laws. Please rest assured that we will always take necessary steps to keep our school as safe as possible.

Even worse... the school is using this as a "teaching moment" telling parents to tell their kids to report any "suspicious" things. Like brown kids being curious and inventing cool shit:

I recommend using this opportunity to talk with your child about the Student Code of Conduct and specifically not bringing items to school that are prohibited. Also, this is a good time to remind your child how important it is to immediately report any suspicious items and/or suspicious behavior they observe to any school employee so we can address it right away. We will always take necessary precautions to protect our students.

And by "address" it, apparently, they mean arrest bright kids for being curious and gifted.

The whole "bomb hoax" thing based on authorities getting confused about a non-bomb reminds me of that time, back in 2007, when Cartoon Network tried to promote Adult Swim with light up boxes of various characters placed around Boston -- and because some people freaked out and the city was shut down, Boston's mayor declared the marketing stunt a "bomb hoax." Once again, if someone is building something that you mistake for a bomb, and they had no intention of passing it off as a bomb, nor does it actually look like a bomb, it's not a bomb hoax. At all. And you look ridiculous calling it out as such.

And, of course, you look that much more ridiculous when you not only overreact like this, but do it against a clearly intelligent and talented teenager who likes to tinker with electronics.

Update: A picture of the clock has now been released. Nothing about it changes the story at all.

.@IrvingPD: this is the homemade clock made by Ahmed Mohamed and brought to @IrvingISD High School. @NBCDFW pic.twitter.com/owUQbQLDQy

— Ellen Bryan (@EllenBryanNBC5) September 16, 2015

Permalink | Comments | Email This Story

At the beginning of this year, Attorney General Eric Holder attempted to close an exploitable loophole in asset forfeiture laws. State and local law enforcement agencies often sought federal "adoption" of seizures in order to route around statutes that dumped assets into general funds or otherwise limited them from directly profiting from these seizures. By partnering with federal agencies, local law enforcement often saw bigger payouts than with strictly local forfeitures.

The loophole closure still had its own loopholes (seizures for "public safety," various criminal acts), but it did make a small attempt to straighten out some really perverted incentives. But deep down inside, it appears the DOJ isn't really behind true forfeiture reform. In fact, it seems to be urging local law enforcement to fight these efforts by pointing out just how much money these agencies will "lose" if they can't buddy up with Uncle Sam.

A cache of documents uncovered by the Institute for Justice today demonstrate that federal law enforcement officials in the Departments of Justice (DOJ) and Treasury are collaborating with local law enforcement organizations in California to undermine efforts to reform the state’s civil forfeiture laws. The California District Attorneys Association is circulating a set of emails from officials with the DOJ and Treasury indicating that the federal government would disqualify the state from receiving funds from the federal Equitable Sharing Program if it passes the pending reforms. The documents also reveal that the DOJ has already disqualified New Mexico from participating in the program, following passage of a sweeping civil forfeiture reform bill this spring.

The DOJ's insertion into the legislative process begins with talking points delivered in emails that stress the amount of money agencies will be "losing" if they're no longer allowed to federalize seizures. The documents show members of the Treasury Department affirming that California's reform will "force" the DOJ to cut state law enforcement agencies out of the loop -- supposedly because the Mother Ship can't secure convictions fast enough.

Citing “resources, desire, or technical capability,” Treasury Executive Office for Asset Forfeiture Legal Counsel Melissa Nasrah wrote in an email to Santa Barbara Senior Deputy District Attorney Lee Carter, “I highly doubt our federal agencies can figure out whether a conviction occurred in any timely manner,” and “it seems the legislation, in effect, takes decision-making authority away from Treasury. Accordingly, I think I would still advise our policy officials here that it would be prudent to not share with CA agencies should this law be passed.”

Sure enough, the "warnings" from the feds are echoed in a letter from the California District Attorneys' Association in opposition of the bill. The association expresses its abject dismay at the fact that law enforcement agencies might actually have to secure convictions to hold onto seized assets. According to the CDAA, asset forfeiture without accompanying convictions is a must because indictments and jail time alone aren't punitive enough.

The current version of the bill would essentially deny every law enforcement agency in California direct receipt of any forfeited assets. California's asset forfeiture law will be changed for the worse, and it will cripple the ability of law enforcement to forfeit assets from drug dealers when arrest and incarceration is an incomplete strategy for combatting drug trafficking.

The Treasury Department, for its part, argues that a conviction requirement would prevent the DOJ from a) being fair and b) performing the studious oversight that has prevented asset forfeiture from devolving into cops going shopping for stuff they want.

A transfer to a state-controlled fund would not be a permissible use of funds, especially when that central fund would redistribute money to all law enforcement agencies in the state, regardless of their eligibility or participation in our program.

All participating agencies must report their expenditures to DOJ at the end of their fiscal year. As you are aware, there are many law enforcement items that cannot be purchased with equitably shared funds, and some are fully prohibited both by policy and executive order. lf a participating agency turns its federally shared funds over to the State of California under those proposed amendments, DOJ can no longer provide appropriate oversight over final expenditures.

The CDAA goes on to complain that the proposed reforms would reverse the one-way screwing it has become accustomed to.

The vast majority of civil narcotic asset forfeiture cases in California resolve by default or settlement. Providing attorney fees to the party that "substantially prevails" could result in attorney fees being available when the People return 50 percent or more of the seizure in a settlement. This would be an unprecedented one-way benefit for a civil litigant, and a huge additional cost to prosecuting forfeitures. Further, in appropriate cases and under existing civil law, attorney fees are already available to claimants in a forfeiture action.

Note the use of "the People" to portray this as robbing the public of the benefits of seized funds when, in actuality, it's usually just the theft of funds from (lowercase) people.

It's easy to see why California law enforcement is panicking. There's almost $84 million at stake, if the CDAA's stats are accurate. These agencies want to control how they get these funds, what they have to do to hold onto them and how they're disbursed. Anything short of the status quo is just a win for drug dealers. This is hardly unexpected behavior. Nothing makes government agencies more defensive than furtive movements in the direction of their wallets.

That the DOJ has decided to pile on -- despite its nominal reform efforts -- is also less than shocking. After all, it takes a cut from every "adopted" investigation -- all the while enabling local entities to bypass statutory safeguards meant to keep the abuse of civil forfeiture to a minimum.

Permalink | Comments | Email This Story

There's been a bit of hysteria in the US lately about "the Chinese stealing our secrets." Now, there's plenty of evidence of corporate espionage going on from China, but the actual impact of it appears to be quite overblown. But as we're in a giant moral panic about everything China related, the White House launched a big "crackdown" on such things recently -- and so far it seems to have resulted in the DOJ destroying innocent people's lives, while getting a lot of egg on its face. The latest: late on Friday the DOJ announced that it was completely dropping all charges against Xi Xiaoxing, the head of Temple University's physics department, who had been arrested earlier this year for apparently sharing the schematics of a special device known as a pocket heater with Chinese scientists. The only problem? It turns out he didn't actually share the schematics of a pocket heater with the Chinese -- the FBI just assumed what he shared must be a pocket heater. But it wasn't.

The schematics, prosecutors said, revealed the design of a device known as a pocket heater. The equipment is used in semiconductor research, and Dr. Xi had signed an agreement promising to keep its design a secret.

But months later, long after federal agents had led Dr. Xi away in handcuffs, independent experts discovered something wrong with the evidence at the heart of the Justice Department’s case: The blueprints were not for a pocket heater.

Faced with sworn statements from leading scientists, including an inventor of the pocket heater, the Justice Department on Friday afternoon dropped all charges against Dr. Xi, an American citizen.

You would think that this is the sort of thing that the DOJ would check before arresting the guy and destroying his life.

“I don’t expect them to understand everything I do,” Dr. Xi, 57, said in a telephone interview. “But the fact that they don’t consult with experts and then charge me? Put my family through all this? Damage my reputation? They shouldn’t do this. This is not a joke. This is not a game.”

And he's not kidding about putting his family through a terrible situation. A dozen FBI agents "with guns drawn" stormed his home when he was arrested back in May. His whole family was there at the time.

Meanwhile, as the NY Times report notes, this is not the first time this kind of thing has happened. Just a few months ago, the DOJ similarly dropped all charges against Sherry Chen, who worked for the National Weather Service. The story here is perhaps even more ridiculous. Chen, in a visit back to China to see her parents, had also visited with a former classmate, who was a senior official in the Ministry of Water. In passing he asked her some questions about how certain projects concerning US reservoirs were funded. Chen later emailed him some links to public websites that contained some basic info (not even that relevant to the original question). She also put him in touch with a colleague she had worked with at the Army Corps of Engineers who might be able to answer more questions. That person reported the emails to officials saying she was "concerned" about what was happening.

And, from there, the DOJ flipped out. It got a warrant, searched her emails and work computers and discovered a very weak link. In searching around, Chen had accessed another database, just for US government workers, using a colleague's password, since she didn't have a password to that particular database (but was allowed to access it). She had downloaded some info that was useful to a project she was working on, and had told her former classmate back in China that if he wanted info from the database, he would need to go through more official channels, suggesting the colleague at the Army Corps. of Engineers... who had just turned her in as a possible spy.

She was later arrested and her name was all over the press -- and then eventually dropped months later when the DOJ finally took the time to realize that she hadn't actually done anything wrong, and it had jumped to all sorts of crazy conclusions because of her one 15 minute meeting and her sending a few emails with public information.

A week before trial was to begin, Mr. Zeidenberg requested a meeting with Carter M. Stewart and Mark T. D’Alessandro, two United States attorneys for the Southern District of Ohio.

“Why,” Mr. Zeidenberg said he asked, “if she’s a spy, is she coming back from China and telling her colleagues that ‘I met this guy in China and this is what he wants to know’? Why is she telling the guy in China, ‘Here’s my boss’s phone number’? Why is she asking for a password over email? Why would you do that?”

Mr. Zeidenberg says the prosecutors listened. On March 10, the day after their meeting, they dismissed the charges.

“Thank God,” Mr. Zeidenberg added.

You'll notice, of course, that both of the individuals arrested are American citizens, but were born in China, leading to reasonable accusations that the DOJ is overreacting to Chinese-Americans and assuming that anything they do with people back in China may be espionage.

Again, it's likely that there is real espionage going on. No one denies that. But when we scare ourselves so much that we're looking for ghosts, we're taking down innocent people because the DOJ is just too amped up looking for "bad guys" and either unable or unwilling to actually look at the evidence first. That's really, really messed up.

Permalink | Comments | Email This Story

A few weeks ago there was a fair bit of controversy after a US drone-strike killed an ISIS "hacker" who was, among other things, popular on Twitter. While US officials tried to paint him as a much bigger deal behind the scenes, some are now admitting that he was just noisy online. ABC News is reporting on the supposed internal debate among US counterterrorism officials concerning how to best deal with ISIS Twitter users. Some are arguing that these guys are small time annoyances, while others are arguing that we should just straight up kill ISIS tweeters. This next quote is fairly incredible.

“We are the angel of death. This war is a propaganda war too. Why only limit it to military leaders? Should we be ignoring the propagandists that speak English and are tech savvy who know how to reach westerners?” a senior counter-terrorism official knowledgeable about the counter-ISIS strategy told ABC News. “I don't see why you would want to curtail either targeting strategy. This is also a war of ideas.”

And if you're running a propaganda war, do you really think the best strategy is to kill people for speaking their minds? That doesn't convince anyone to change the way they're thinking. It just radicalizes more people. Having US officials state "we are the angel of death" doesn't project anything other than pure bloodlust among US officials. It suggests a war where at least some US officials think the way to deal with ISIS is to stoop to their level -- by mindlessly killing people we don't agree with and assuming it's "fair game" so long as they've mouthed off online.

As for Junaid Hussain, the guy killed in that drone strike, the report confirms what we'd heard from a bunch of people: despite what US officials put out in the news about his death, the reality was he was just a guy with a Twitter account who was loud:

“Junaid Hussain was a Twitter noisemaker and a hack hacker. He wasn't a first disseminator on anything important, as far as I can tell. Nothing at all in his profile leads me to think he'd be close to the inner circle of leadership,” said “ISIS: The State of Terror” author J.M. Berger, who tracks jihadists online.

In the article, those defending killing ISIS tweeters claim that it makes sense because they believe that it somehow stops the recruitment of English-speaking individuals into ISIS:

“So the English-speaking ISIS guy that is removed, in a drone strike for example, could equal a thousand potential fighters who never self-radicalize and leave home,” said Anderson, who was a top aide and advisor to the current and former Secretaries of Defense.

Except there's an implicit assumption in there: that these Twitter accounts are successfully recruiting members of ISIS by the thousands. As we've pointed out before, the evidence suggests that, while the internet may play a part in radicalizing some individuals, it's likely a fairly small part. Your local (in person) social network is a much, much bigger factor, and almost no one is simply becoming radicalized because they started to follow an ISIS person online.

Either way, it's difficult to see how deciding to just start killing off people for being mouthy online is going to convince anyone who hates the US that they're somehow on the wrong track. It seems like it will only confirm their preheld opinions. But, you know, the "angel of death" apparently doesn't give a shit:

“Shoot your mouth off all you want. Eventually we are going to kill you,” the senior counter-terrorism official said.

I can't see how that makes us any safer. It seems like quite the opposite is likely.

Permalink | Comments | Email This Story

As Google, Tesla, Volvo, and other companies make great strides with their self-driving car technology, we've started moving past questions about whether the technology will work, and started digging into the ethics of how it should work. For example, we recently discussed whether or not cars should be programmed to sacrifice their own driver if it means saving the lives of countless others (like a number of children on a school bus). Programmers are also battling with how to program vehicles to obey all rules -- yet still account for highway safety's biggest threat: shitty human drivers.

But another key question recently raised its head in discussing what this brave new self-driving world will look like. Just how much power should law enforcement have over your self-driving vehicle? Should law enforcement be able to stop a self-driving vehicle if you refuse to? That was a question buried recently in this otherwise routine RAND report (pdf) which posits a number of theoretical situations in which law enforcement might find the need for some kind of automobile kill switch:

"The police officer directing traffic in the intersection could see the car barreling toward him and the occupant looking down at his smartphone. Officer Rodriguez gestured for the car to stop, and the self-driving vehicle rolled to a halt behind the crosswalk.

Commissioned by the National Institute of Justice, the RAND report is filled with benign theoreticals like this, and while it briefly discusses some of the obvious problems created by giving law enforcement (and by proxy intelligence agencies) this type of power over vehicle systems and data, it doesn't offer many solutions. As parts of the report make clear, having immediate access to driver and vehicle history and data is an incredibly sexy concept for law enforcement:

"Imagine a law enforcement officer interacting with a vehicle that has sensors connected to the Internet. With the appropriate judicial clearances, an officer could ask the vehicle to identify its occupants and location histories. … Or, if the vehicle is unmanned but capable of autonomous movement and in an undesirable location (for example, parked illegally or in the immediate vicinity of an emergency), an officer could direct the vehicle to move to a new location (with the vehicle’s intelligent agents recognizing “officer” and “directions to move”) and automatically notify its owner and occupants."

Yes, because if the history of intelligence and law enforcement is any indication, the "appropriate judicial clearances" are of the utmost importance. Thanks to what will inevitably be a push for backdoors to this data, we'll obviously be creating entirely new delicious targets for hackers -- who've already been poking holes in the paper mache grade security currently "protecting" current vehicle electronics. The report does briefly acknowledge this "risk to the public’s civil rights, privacy rights, and security," but as we've seen time and time again, these concerns are a footnote in the expansion of surveillance authority.

We already live in an age where the consumer doesn't have the ability to control or modify their own vehicle's electronics courtesy of DRM and copyright, and self-driving cars are already going to be a tough sell for many people from a liberty and personal freedom perspective. Adding the ability for law enforcement to not only snoop on vehicle data but take direct control of your vehicle -- is a conversation we should start having sooner rather than later.

Permalink | Comments | Email This Story

If you want a rough estimate on how much respect law enforcement agencies (and the contractors they hire) have for your personal information, all you have to do is take a look at how well they protect the vast amount of data they slurp up.

Investigative reporter Kenneth Lipp has been digging up documents and data left unguarded by government contractors for several months now. While researching the use of ALPRs (Automatic License Plate Readers) in Boston, Lipp came across a publicly-accessible database of plate scans and motor vehicle records. The problem is: it wasn't supposed to be publicly-accessible.

Prior to two weeks ago, when this reporter alerted authorities that they had exposed critical data, anyone online was able to freely access a City of Boston automated license plate reader (ALPR) system and to download dozens of sensitive files, including hundreds of thousands of motor vehicle records dating back to 2012. If someone saw your shiny car and wanted to rob your equally nice house, for example, they could use your parking permit number to obtain your address. All they had to do was find the server’s URL.

This data wasn't being housed by Boston law enforcement. Instead, it was in the hands of its contractor, Genetec, which owns the popular ALPR brand, AutoVu. As Lipp points out, the city of Boston's first ALPR deployments were no big secret. The camera system was mounted on the roofs of Transportation Department vans along with sodium lights. The surveillance was no secret, but the data collected certainly was -- which was why it was left in the hands of a private corporation.

ALPRs were eventually noticed by watchdogs, and in 2004 spurred a public records request, which was denied by the BTD [Boston Transportation Department] on the grounds that the database was privately owned and “on loan” from AutoVu.

Ten years later, the city is still putting its faith (and its un-FOIA-able records) in Genetec. Not that Genetec deserves it. When Lipp pointed out its unguarded portal, it denied any responsibility for its carelessness.

Reached by email for this story, the company’s Vice President of Marketing and Product Management Andrew Elvish wrote that the server in question was a “location used by a customer to transfer data to be used in a parking or law enforcement patrol car, equipped with a Genetec system.” The data, Elvish added, was “not gathered by a Genetec AutoVu ALPR system … [which is] automatically encrypted.”

Lipp investigated further and found that the server was actually run by a Xerox subsidiary. Two hours after being notified of the security hole, the company closed it.

This would normally be the end of the story. But it goes on from there. What was uncovered during Lipp's foray into a supposedly secured and encrypted server points to further dishonesty, going beyond Genetec's disowning of a database it has (or had) direct access to.

As the ACLU's Kade Crockford points out, autogenerated notifications found on the server point to Boston law enforcement continuing to utilize a program it had previously told the public it would be abandoning.

I was surprised to discover these records because in 2013, in the wake of local reporter Shawn Musgrave's expose on privacy and civil liberties problems with the department’s license plate reader program, the Boston Police told the public that it was scrapping the program altogether. The Xerox records suggest scrapping isn’t at all what occurred. Indeed, the automated emails from BTD’s license plate reader program to the Boston Police, left on the Xerox server for anyone to download at will, appear to have started at around the same time the cops told the public they’d stopped using license plate readers. That's to say, instead of scrapping the program as the police told the public they would, BPD appears to have bootstrapped their license plate reader program from BTD data.

The government may claim license plate data has no expectation of privacy (unless you ask for it…) but people hardly expect their records to be exposed to the public at large. And they certainly don't expect them to be accessible from the web and stored in plaintext. Even if the public is willing to accept the portrayal of plate/location data as nothing more than the digital equivalent of human eyeballs on public streets, it will be far less likely to forgive the government's apparent disinterest in ensuring these records received even a minimal level of protection.

Permalink | Comments | Email This Story

Medical records have long been given an increased expectation of privacy, something that dates back to before the passage of HIPAA. (See also: Hippocratic Oath.) Consultations with doctors -- and the written records resulting from them -- have generally been treated as confidential, seeing as they contain potentially embarrassing/damaging information. Personal health information can be reported to law enforcement for many reasons: suspicion of criminal activity on the health entity's property, suspicion of criminal activity related to an off-site emergency, reporting a death, patients with stabbing/gunshot wounds, or in the case of a serious/immediate threat. Otherwise, HIPAA's rules for law enforcement say personal information can only be released under the following conditions:

To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or an administrative request from a law enforcement official (the administrative request must include a written statement that the information requested is relevant and material, specific and limited in scope, and de-identified information cannot be used).

The bar is set pretty low and the DEA has been taking advantage of it. Jon Cassidy of Watchdog.org is reporting that the agency is rooting around in medical records in hopes of finding patients or health care providers who might be abusing drugs.

The Drug Enforcement Administration has been sifting through hundreds of supposedly private medical files, looking for Texas doctors and patients to prosecute without the use of warrants.

What the DEA is using instead is a blend of impersonation and administrative permission slips sporting the agency's own signature.

Instead, the agents are tricking doctors and nurses into thinking they’re with the Texas Medical Board. When that doesn’t work, they’re sending doctors subpoenas demanding medical records without court approval.

How often is this happening? Apparently it's so close to "all the time" that the DEA doesn't even have an approximate guess. This is what a DEA spokesperson told the Daily Caller.

“It’s not like there’s ten of them. There’s probably thousands — I know there are thousands,” Matt Barden, spokesman for the DEA, told the Daily Caller News Foundation about the DEA’s use of administrative subpoenas.

Early last year, a federal court in Oregon ruled the DEA could not access the state's prescription database without a warrant. Unfortunately, this was due to Oregon's state laws being more restrictive than federal law. A federal judge in Texas reached the opposite conclusion, finding that the DEA's use of administrative subpoenas complied with both HIPAA and state law. This decision is now headed for the Fifth Circuit Court of Appeals, where it is hoped a finding similar to the decision in Oregon will be the end result. But judging from the laws in place, that outcome is doubtful.

While the DEA's use of administrative subpoenas appears to comply with HIPAA's restrictions, its repeated attempts (many of them successful) to access medical records with no paperwork whatsoever seem less likely to stand up to legal scrutiny.

The Dallas-area doctors bringing the lawsuit against the DEA have uncovered plenty of DEA subterfuge. In their case, three DEA agents showed up at their offices with a state medical board investigator. Only the investigator identified herself. The agents remained silent, allowing the nurse to believe they, too, were with the state medical board.

The state medical board may have every right to view medical records without any accompanying paperwork, but that's because this information falls directly under its purview. The DEA, however, is looking to build criminal cases. This brings with it additional Fourth Amendment considerations and, at the very least, should bind it to the minimal restrictions of HIPAA. Apparently, issuing its own permission slips is still too much work and the delivered paperwork might accidentally restrict it to only certain medical records pertaining to certain people. By impersonating medical board members, agents have unrestricted access to whatever they ask for.

As Watchdog's Jon Cassidy points out, patients who'd like their privacy respected may want to seek their prescriptions and refills… elsewhere.

The DEA’s practice of avoiding warrant requirements has produced this absurdity: If you have a prescription for Adderall or OxyContin, you might be safer getting your drugs on the street than through your own doctor.

Street dealers, after all, don’t keep patient records, and they’re afforded more constitutional protections than medical practitioners. That is, cops still need a warrant to search them.

While the latter isn't strictly true in all cases, it's true enough to show how limited the protections of HIPAA actually are. The more disturbing aspect is that the DEA isn't even satisfied with near-instant access to a wealth of medical records provided by administrative subpoenas. It apparently only uses the correct paperwork as Plan B, preferring to mislead medical practitioners by allowing them to believe its agents are investigators working for the state medical board.

Permalink | Comments | Email This Story

AT&T and ZTE today announced the wireless company’s first WiFi hotspot module made specifically for vehicles. It’s called the ZTE Mobley, and, well, it’s a hotspot. It runs on AT&T’s 4G LTE network, so you’ll be able to muster up decent speeds for whatever it is you need to do in LTE-covered areas.

The ZTE Mobley differs from other hotspots in a couple of ways, though. For starters, you don’t need to turn the device on or off: it’s always on when your car is on, and automatically shuts off when it isn’t. It likely sips power from the cars’ massive battery and plugs right into a standard on-board diagnostics port which can be found in most vehicles released since 1996.

AT&T also won’t charge you for the hardware if you opt for a 2-year commitment to paying for service, though it only costs $100 without the chains attached. Even better is that it can be added to Mobile Share Value Plans for just $10 per month, so it can sip from a large pool of data (which should be plentiful now that they support rollover data).

Otherwise, you can pay $20 per month for 1GB, or $30 per month for 3GB. That’s not a whole ton, but if all you need the hotspot for is basic work (such as email and messaging) then it should be more than enough.

Worth it? That’s up to you to decide. The convenience factor is the biggest reason for its existence, though if you’re an AT&T customer with a Mobile Share Value Plan you already have hotspot features on your smartphone at no added cost. You may as well use that if you don’t mind having to turn it on and off each time you hop into your car (and having it plugged into a mobile charger, because hotspot eats smartphone battery right up).

The ZTE Mobley September 11th both online and in-store, so be sure to head out to a store near you that day if you’re interested.

Privacy advocates get another big win today thanks to a new rule passed by the United States Department of Justice. The department has installed a new policy called “Enhanced Policy for Cell-Site Simulators” which details the ways in which federal law enforcement can use Stingray technology, which is used for snooping in on calls of the suspects they’re targeting.

One of the biggest clauses of this new policy is that federal agencies now need a warrant to use Stingray, except in cases where there is immediate danger to the health of the nation or individuals. This includes situations where a hack is ongoing, or where a person would be caused bodily harm or death. Sounds fair enough. The clause also forbids the agencies from doing anything other than monitoring the calls — that means your text messages and email are safe in the odd event that a federal body would ever need to monitor your communications.

There are even restrictions in place for how long they can keep the log of your communications. They’re required to delete your data if they use the Stingray to locate the subject’s phone, or at least once a day otherwise. Otherwise, the maximum they can keep the data is 30 days. All these rules will also apply if a federal agency uses the equipment to help local law enforcement.

The DoJ says they will implement appropriate supervision and accountability measures to make sure the policy is enforced and upheld, too. Whether that actually happens remains to be seen, but it’s nice to know that they’re doing more and more to ensure our privacy isn’t being violated for anything other than ensuring our safety. You can check the full document out in this PDF file detailing the policy change right here.

[via DoJ]

It would appear that the FTC is quickly emerging as the counterforce to the FBI/NSA's push to backdoor encryption. We recently wrote about how the FTC's CTO, Ashkan Soltani, put up a blog post extolling the virtues of full disk encryption for devices, noting that it can even help to prevent or solve crimes (contrary to the scare stories you hear from the FBI and other law enforcement officials). And now, pretty quickly after that, FTC Commissioner Terrell McSweeny, has written a post for the Huffington Post arguing in favor of strong encryption as well. After discussing the range of threats, as well as the rise of personal data being collected by services, she notes that strong encryption is now being used to better protect consumers:

Encouragingly, many companies are taking meaningful steps to improve their security practices including greater use of encryption technology for data in transit and at rest, whether it be stored in the cloud or on devices. Encryption has helped protect the information of millions of consumers -- for example, protecting credit card information when a merchant is breached or protecting passwords when a popular website is hacked. The impact of major breaches may also be reduced the more that users' data and communications are encrypted end-to-end.

Moreover, there are more products on the market providing consumers with better security and privacy tools -- including encryption as the default for information stored on smartphones, apps that use end-to-end encryption, and services that encrypt data on devices and then back them up in the cloud. Competition in the marketplace of security and privacy technology holds considerable promise for consumers.

She also discusses how any attempt to backdoor encryption could create serious harm for future innovation and our economy:

This debate, sometimes called the crypto wars, is hardly new -- it has been going on in some form or another for decades. But what is changing is the extent to which we are using connected technology in every facet of our daily lives. If consumers cannot trust the security of their devices, we could end up stymieing innovation and introducing needless risk into our personal security. In this environment, policy makers should carefully weigh the potential impact of any proposals that may weaken privacy and security protections for consumers.

It's great to see the FTC coming out so publicly on this issue. I hope that others in other parts of the government will do the same as well. Unfortunately, thanks to the overly vocal FBI and NSA, many believe that the entire federal government believes that we should backdoor encryption, and that sets up a very unfortunate "us v. them" attitude between technologists and the government. Instead, it's clear that many, many people in government support strong encryption and are against backdoors. It's good to see more of them speaking up and making their voices heard.

Permalink | Comments | Email This Story

Whether you’re an occasional or avid Docs/Sheet/Slides user, student or businessman, new additions headed to the service could have a big impact on your productivity. Announced on the official Google Docs blog, Google is adding a new set of tools that makes it easier than ever to keep your nose inside your work, and quickly type out thoughts as soon as they come to you.

The new Research tool infuses Docs with Google Search. This means that you technically never have to leave Docs when looking up something, whether it’s general info, facts, or images. To highlight the new feature, Google even uploaded a quick video to their YouTube channel. Check it out below.

Another new addition — and probably the most groundbreaking — is Voice typing. Gone are the days of having to physically type out words on a keyboard like an animal. Instead, you just speak them and Google’s voice recognition will jot down everything for you. The feature is available in more than 40 languages, so there’s a good chance Google’s got you covered. You can see it in action via the (extremely short) video down below.

But that’s only the half of it. There’s a handful of other additions rolling out on Docs starting today. Things like the “See new changes” button when collaborating with others, new themes in Forms, a new collection of templates in Docs/Sheets/Slides, Explore in Sheets, and Share to Classroom Chrome extension. To learn more about these great new features, hit up the source link down below.

[Google]