Brindle

As it appears that the fake "cybersecurity" bill CISA is heading to a vote in the Senate, some were surprised this week to see the Department of Homeland come out against the bill with a letter expressing concerns that the bill "could sweep away important privacy protections" with its open ended definitions and provisions:

The authorization to share cyber threat indicators and defensive measures with “any other entity or the Federal Government,” “notwithstanding any other provision of law” could sweep away important privacy protections, particularly the provisions in the Stored Communications Act limiting the disclosure of the content of electronic communications to the government by certain providers. (This concern is heightened by the expansive definitions of cyber threat indicators and defensive measures in the bill. Unlike the President’s proposal, the Senate bill includes “any other attribute of a cybersecurity threat” within its definition of cyber threat indicator and authorizes entities to employ defensive measures.)

This has led to some surprise among people who don't follow this that closely, that "even Homeland Security" doesn't like the bill. But that's really ignoring history and what this fight has always been about. Going back many, many years we've been highlighting that the truth behind all of these "cybersecurity" bills is that it's little more than a bureaucratic turf war over who gets to control the purse strings for the massive, multi-billion dollar budget that will be lavished on government contractors for "cybersecurity solutions." That the bill might also boost surveillance capabilities is little more than a nice side benefit.

The key players in this turf war? The NSA and Homeland Security (with the Justice Department occasionally waving its hand frantically in the corner shouting "don't forget us!"). From the beginning, one of the key questions people have asked is "who gets the data?" Obviously, "none of the above" is probably the best answer, but of the remaining options, Homeland Security tends to be the least worst option out of a list of three really bad options. And, so far, the White House has repeatedly pushed to put DHS in charge, giving it more power over the budget. However, CISA does not put DHS in charge.

So that is why DHS is complaining. Yes, the "privacy" concerns are there, but DHS's true concern is that it's not DHS running the show (and controlling the budget). Reread the DHS letter with this as background, and it appears a lot more understandable:

The Administration has consistently maintained that a civilian entity, rather than a military or intelligence agency, should lead the sharing of cyber threat indicators and defensive measures with the private sector. The National Cybersecurity Protection Act of 2014 recognized the NCCIC to be responsible for coordinating the sharing of information related to cybersecurity risks and to be the federal civilian interface for multi-directional and cross-sector sharing of information about cybersecurity risks and warnings. The NCCIC has representatives from the private sector and other federal entities involved in cyber information sharing, from those with whom we have an agreement and share consistently, to those that passively receive information from the center.

Equally important, if cyber threat indicators are distributed amongst multiple agencies rather than initially provided through one entity, the complexity–for both government and businesses–and inefficiency of any information sharing program will markedly increase; developing a single, comprehensive picture of the range of cyber threats faced daily will become more difficult. This will limit the ability of DHS to connect the dots and proactively recognize emerging risks and help private and public organizations implement effective mitigations to reduce the likelihood of damaging incidents. DHS recommends limiting the provision in the Cybersecurity Information Sharing Act regarding authorization to share information, notwithstanding any other provision of law, to sharing through the DHS capability housed in the NCCIC. This would not preclude sharing with any federal entity (indeed, DHS maintains an obligation to share rapidly with federal partners independent of any legislation), and it would further incentivize sharing through the NCCIC.

There's a lot more like that in the letter as well.

Don't get me wrong. Having DHS come out against CISA and speaking out about the privacy concerns the bill raises is great. But don't think that DHS is against these kinds of "information sharing" bills at all. It is not. It just wants to make sure that it's the queen bee when it comes to who's in charge of cybersecurity information... and, with it, who gets to control the budget.

Permalink | Comments | Email This Story

This was an extraordinarily-fast resolution to an excessive force lawsuit, especially considering it took a trip to the appeals court.

The culprit here is Polk County Sheriff's Deputy Anthony Burgess (presumably no relation except for the ultraviolence). Burgess works for Techdirt favorite Sheriff Grady Judd, a man who's more showboat than sheriff and who has frequently mistaken his Florida office for an episode of "To Catch a Predator."

Burgess helped "effect" the arrest of a man who was peacefully going about the business of being arrested. The suspect was ordered to spit out the cigarette he was smoking while he was being cuffed. He turned his head and did so, and the spit cigarette allegedly grazed the sleeve of Deputy Burgess -- whom the suspect hadn't seen approaching from behind him.

This didn't sit well with Burgess, who then interrupted the handcuffing of the suspect by throwing him to the ground in an extremely violent manner.

Deputy Burgess then grabbed Mr. Ramirez by his torso and took Mr. Ramirez to the ground, severely injuring Mr. Ramirez’s right leg and scraping Mr. Ramirez’s face on the road. Mr. Ramirez’s hands were in the air when he was thrown to the ground. Mr. Ramirez testified that the gun was in his face throughout the incident, until he was taken down. Deputy Burgess held Mr. Ramirez on the ground, with his knee on Mr. Ramirez’s spine, and handcuffed Mr. Ramirez. Deputy McLeod then put his foot on Mr. Ramirez’s head. Mr. Ramirez was held on the ground until a police vehicle was brought to the scene. Mr. Ramirez’s tibia was shattered by the takedown, and his face was bleeding, bruised and swollen. Additionally, Mr. Ramirez has tendons and ligaments in his leg that are torn beyond repair as a result of this incident.

Burgess tried for immunity, claiming the use of force was justified and not excessive given the circumstances. The court disagreed.

When Deputy Burgess used force to effectuate the arrest here, Mr. Ramirez had already stopped moving, had surrendered, was obeying the deputies' commands, and posed no threat to the safety of the officers. In fact, by taking Ramirez to the ground, Deputy Burgess interrupted another officer, Deputy McLeod, who was handcuffing Mr. Ramirez. Ramirez was being arrested for a misdemeanor offense, domestic violence – battery. The undisputed facts show that Ramirez followed every command the deputies gave him, including the command to spit the cigarette out. Ramirez could not use his hands to take the cigarette out of his mouth because his hands were either in the air or being held behind his back from the time he was initially stopped until the takedown. There are no allegations that Mr. Ramirez was actively resisting arrest or attempting to flee. Ramirez did not attempt to fight, kick, hit, or swing at the deputies. He was compliant with the deputies’ commands. The evidence, in the light most favorable to Ramirez, indicates that Ramirez did not pose a threat to the safety of the officers or others.

A reasonable law enforcement officer in this situation would not believe that anything more than de minimis force was warranted. Yet, Deputy Burgess used force sufficient to break bones and tear ligaments. That force was excessive.

And because the court found the force excessive, away went Burgess' immunity.

The right to be free of excessive force by law enforcement officers during an arrest is clearly established. Because Deputy Burgess’ conduct violated a clearly established constitutional right of which a reasonable person would have known, he is not entitled to qualified immunity.

Viewing the facts in the light most favorable to the Plaintiff, the cigarette grazed the sleeve of Deputy Burgess’ uniform. Deputy Burgess was not injured by the cigarette and there is no evidence that this action amounted to a level of resistance that made breaking Mr. Ramirez’s leg reasonable – particularly in light of the fact that it was Deputy Burgess who instructed Mr. Ramirez to spit out the cigarette in the first place.

Judd's office appealed the decision. This appeal was swiftly dismissed by the 11th Circuit Court.

This appeal stems from a citizen-police encounter. Defendant Burgess, an officer in the Polk County, Florida, Sheriff’s Office, contends that the District Court erred in denying him qualified immunity as to plaintiff Carlos Ramirez’s claim, brought under 42 U.S.C. § 1983, that Burgess used excessive force in violation of the Fourth Amendment in arresting him on the night of July 28, 2010. We disagree. Taking the evidence in the record in the light most favorable to Ramirez, we conclude that a reasonable jury could find that Burgess used excessive force as Ramirez contends. AFFIRMED.

This is the entirety of the opinion. Very few unpublished opinions run more than a couple of pages at the most, but this unpublished opinion runs only four sentences, and that's if you include "AFFIRMED." This is a swift booting that defines the term "dismissive." One almost can see the eyeroll that accompanied this quick review of the facts. Being an appeals court judge means spending time on the weakest of appeals, simply because every appeal must be looked at. There's nothing in this one, though, and the court only wastes the number of words it absolutely has to in order to send it back where it came from.

Permalink | Comments | Email This Story

There have been plenty of discussions on the possible "risks" of running a tor exit node, where clueless law enforcement might confuse traffic that comes out of that node as being from the person who actually manages the node. And, indeed, last year we wrote about an absolutely ridiculous case in which a tor exit node operator in Austria was found guilty as an "accomplice" because someone used his node to commit a crime. Thankfully, it appears that the US isn't going quite down that road yet. It appears that a month and a half ago, of all places, the website Boing Boing received a subpoena concerning the tor exit node that the site hosts, demanding an appearance before a federal grand jury in New Jersey.

Except, Boing Boing's lawyer, Lauren Gelman, quickly shot off a note explaining "tor exit node" to the FBI... and the FBI understood what was going on and moved on. Really. Here's the note that Gellman sent:

Special Agent XXXXXX.

I represent Boing Boing. I just received a Grand Jury Subpoena to Boing Boing dated June 12, 2015 (see attached).

The Subpoena requests subscriber records and user information related to an IP address. The IP address you cite is a TOR exit node hosted by Boing Boing (please see: http://tor-exit.boingboing.net/). As such, Boing Boing does not have any subscriber records, user information, or any records at all related to the use of that IP address at that time, and thus cannot produce any responsive records.

I would be happy to discuss this further with you if you have any questions.

They didn't have any questions. They understood the situation and (one assumes) continued the investigation through other means. As Cory Docotorow writes:

The FBI agent did his homework, realized we had no logs to give him, and no one had to go to New Jersey. Case closed. For us, anyway. Not sure what went down with the grand jury.

We write plenty of stories about "clueless" law enforcement and politicians overreacting to things by not understanding the technology. Because that's newsworthy. But it is worthwhile, every once in a while, to remember that there are some in these jobs who do understand technology and are perfectly willing to understand what is happening and continue to do their jobs without going overboard.

And, as Cory notes, perhaps this story of nothing actually happening will be useful in convincing a few more people that maybe the "risks" of running a tor exit node aren't quite as high as some have made them out to be. Yes, you may receive a subpoena, but hopefully it's from law enforcement willing to understand how tor actually works and what it means.

Permalink | Comments | Email This Story

We've written a few times about the ridiculousness of so-called ag-gag laws, that prohibit photographing or videotaping farms (sometimes even from public land). These laws were pushed for heavily by large industrial farmers who were sick of animal rights advocates getting images and videos of the conditions in farms and slaughterhouses that were questionable. Whatever you might think of the practices of those advocates, banning taking photographs or videos seemed like a really questionable move -- which would have a chilling effect on whistleblowers of all kinds. It seemed like it had to be unconstitutional -- and a court in Idaho agrees, declaring that state's law unconstitutional.

The court does not mince words, noting that under this law, Upton Sinclair's The Jungle would likely have been illegal:

The story of Upton Sinclair provides a clear illustration of how the First Amendment is implicated by the statute. Sinclair, in order to gather material for his novel, The Jungle, misrepresented his identity so he could get a job at a meat-packing plant in Chicago. William A. Bloodworth, Jr., UPTON SINCLAIR 45–48 (1977). Sinclair’s novel, a devastating expose of the meat-packing industry that revealed the intolerable labor conditions and unsanitary working conditions in the Chicago stockyards in the early 20th century, “sparked an uproar” and led to the passage of the Federal Meat Inspection Act, as well as the Pure Food and Drug Act.... Today, however, Upton Sinclair’s conduct would expose him to criminal prosecution under § 18-7042.

The State responds that § 18-7042 is not designed to suppress speech critical of certain agricultural operations but instead is intended to protect private property and the privacy of agricultural facility owners. But, as the story of Upton Sinclair illustrates, an agricultural facility’s operations that affect food and worker safety are not exclusively a private matter. Food and worker safety are matters of public concern. Moreover, laws against trespass, fraud, theft, and defamation already exist. These types of laws serve the property and privacy interests the State professes to protect through the passage of § 18- 7042, but without infringing on free speech rights.

With this background and context, the Court finds that § 18-7042 violates the First Amendment right to free speech. In addition, the Court finds that § 18-7042 violates the Equal Protection Clause because it was motivated in substantial part by animus towards animal welfare groups, and because it impinges on free speech, a fundamental right.

The ruling also highlights how the politicians behind this bill barely hid their desire to shut up those darn animal rights activists, who they sometimes referred to as "terrorists" in explaining why this bill was necessary.

A review of the legislative record in search of a legitimate purpose does nothing to help the State’s cause.... The overwhelming evidence gleaned from the legislative history indicates that § 18-7042 was intended to silence animal welfare activists, or other whistleblowers, who seek to publish speech critical of the agricultural production industry. Many legislators made their intent crystal clear by comparing animal rights activists to terrorists, persecutors, vigilantes, blackmailers, and invading marauders who swarm into foreign territory and destroy crops to starve foes into submission. Other legislators accused animal rights groups of being extreme activists who contrive issues solely to bring in donations or to purposely defame agricultural facilities.

As the Supreme Court has repeatedly said, “a bare congressional desire to harm a politically unpopular group cannot constitute a legitimate governmental interest if equal protection of the laws is to mean anything.” ... As a result, a purpose to discriminate and silence animal welfare groups in an effort to protect a powerful industry cannot justify the passage of § 18-7042.

It also points out that, for all the talk of animal rights advocates "misrepresenting" things on farms, there's a perfectly good solution to that: counterspeech.

The State has not shown why counterspeech would not suffice to achieve its interest of protecting agricultural production facilities from interference by wrongful conduct.... If an undercover investigator “staged a video” at an agricultural production facility, as some Idaho legislators fear, ... not only could the facility owner sue the investigator for fraud or defamation, but the facility owner could launch its own public relations campaign to refute the video.

The remedy for misleading speech, or speech we do not like, is more speech, not enforced silence....

The court also laughs off the idea that the bill was narrowly tailored or that this particular law was necessary. In fact, the court points out ridiculous things that are illegal under the law:

Indeed, § 18-7042 not only restricts more speech than necessary, it poses a particularly serious threat to whistleblowers’ free speech rights. To convict a whistleblower under the statute, the State does not need to prove that the whistleblower entered a production facility under false pretenses or trespass. Thus, as discussed above, if a diligent and trusted longtime employee witnesses animal abuse or life-threatening safety violations and records it without authorization, the employee could face up to a year in jail and be forced to pay damages to agricultural production facility owner for “twice” the economic loss the owner suffers because of the employee’s whistleblowing activity, even if everything depicted on the video is true and accurate.... In other words, the statute circumvents long-established defamation law and whistleblowing statutes by punishing employees for publishing true and accurate recordings on matters of public concern. The expansive reach of this statute is hard to reconcile with basic speech, whistleblower, and press rights.

And finally, with all the questionable reasons for this bill to exist, one of the least commented on is the fact that this is clearly the state picking industries to give special protections to -- and the court doesn't even let that point slide:

Likewise, the State fails to provide a legitimate explanation for why agricultural production facilities deserve more protection from these crimes than other private businesses. The State argues that agricultural production facilities deserve more protection because agriculture plays such a central role in Idaho’s economy and culture and because animal production facilities are more often targets of undercover investigations. The State’s logic is perverse—in essence the State says that (1) powerful industries deserve more government protection than smaller industries, and (2) the more attention and criticism an industry draws, the more the government should protect that industry from negative publicity or other harms. Protecting the private interests of a powerful industry, which produces the public’s food supply, against public scrutiny is not a legitimate government interest.

Of course, there are still seven other states with ag-gag laws on the books, and hopefully they're about to go down as well. There is still a decent chance that the state will appeal and waste more taxpayer money defending an unconstitutional bill that spits on the First Amendment, but it's difficult to see how the courts could come to any conclusion different than the one here by Judge Lynn Winmill.

Permalink | Comments | Email This Story

And right now, early adopters and smartphone aficionados are really the limit of OnePlus' customer base. Though the company has been able to build tremendous amounts of hype and attention through its fan forums, social media accounts, and on technology blogs, the reality is that OnePlus is far from a household name at this point. Selling 1.5 million phones, as OnePlus did for its first phone, is certainly impressive for an upstart company, but it pales in comparison to the number of units Apple and Samsung move each quarter. I find these numbers jaw-dropping, to be honest. This completely unknown - at the time - company managed to sell 1.5 million of its first phone, and now its second phone has already seen more than one million pre-orders. I don't know about you, but I find that really, really impressive. As for the headline question - I find that unlikely at this point, but does it really matter? Does every company need to be either Apple or Samsung to be considered even remotely interesting by American/western technology media?

Samsung is wasting no time in addressing that nasty “Stagefright” exploit found on more than 95% of Android devices (the one that could allow for a hacker to do all sorts of malicious activities on your device). New for Samsung Galaxy Note 4 owners on Sprint, software build N910PVPU4COG5 will soon makes its way to users and aside from bringing Android 5.1.1 goodies, takes care of that Stagefright bug.

• Android version 5.1.1
• Lollipop OS Upgrade
• Message Waiting Indicator fix
• Security fix (Stagefright)
• Misc. bug fixes

The update weighs in at 615MB and takes care of a few other miscellaneous bugs as well. We haven’t found the usual Sprint support docs announcing the update, so if you don’t see it quite yet, don’t worry — it’s coming. Once completed, feel free to enable MMS auto-download again in your favorite messaging app. While Google did mention that Nexus devices would be seeing an update to fix Stagefright starting this week, we’d wouldn’t be surprised to find other carriers/devices pushing out something similar. Be on the lookout.

[Samsung]

UK Prime Minister David Cameron has been using "porn" moral panics as a wedge issue to ramp up censorship and control over the internet in the UK. He's been pushing aspects of it for years, including demands for the impossible: filters that block "bad content" but allow "good content." Yes, it does seem bizarre that someone in as powerful a position as David Cameron sees the world in such a black and white way, but remember, this is the same guy who bases his defense of more spying powers on what happens in fictional TV crime dramas.

His latest plan? Well, he's insisting that he's going to shut down porn websites if they don't guarantee to keep out everyone under the age of 18. Yes, many sites have some age controls, but kids aren't stupid and can usually figure out a way around them. And that's always going to be the case. And it's been the case since pornography existed. I'm going to go out on a limb and suggest that it's quite likely that David Cameron himself first came across pornographic material long before his 18th birthday.

This whole plan seems like something designed to shut down websites... because kids are clever enough to get around basically any age restriction system. Anyway, it looks like Dan Bull may need to add a new verse to his musical open letter to UK Porn Minister, David Cameron:

Permalink | Comments | Email This Story

Three months ago, Mr. Price, 31, announced he was setting a new minimum salary of $70,000 at his Seattle credit card processing firm, Gravity Payments, and slashing his own million-dollar pay package to do it. He wasn't thinking about the current political clamor over low wages or the growing gap between rich and poor, he said. He was just thinking of the 120 people who worked for him and, let's be honest, a bit of free publicity. The idea struck him when a friend shared her worries about paying both her rent and student loans on a $40,000 salary. He realized a lot of his own employees earned that or less. Yet almost overnight, a decision by one small-business man in the northwestern corner of the country became a swashbuckling blow against income inequality. Whether you support his actions or not, ask yourself this question: what does it say about our society that a young man slashing his own salary to increase that of his employees draws more ire than a CEO raising his own salary to 70 times that of an average employee? Most mystifying of all, though, are the employees leaving because their coworkers got a pay raise to $70000, while they themselves already earned $70000. I don't understand this mindset. You still have your salary. You still get your $70000, except now your fellow men and women on the work floor also get it. Is your self-worth really derived from earning more than the people around you? Is your sense of self really dictated by how much more you earn than Jim from accounting or Alice from engineering? Maybe I'm just too Dutch and too little American to understand this mindset, but I firmly believe this world would be a massively better place if more CEOs cut their own salaries to raise that of their employees.

When Microsoft released Windows 95 almost 20 years ago, people packed into stores to be among the first lucky buyers to get their hands on this cutting edge new technology. Microsoft had an iron grip on productivity software in the enterprise, but even ordinary consumers were accustomed to paying hundreds of dollars for software. Two decades later, Microsoft is releasing Windows 10. But most people won’t have to rush out and purchase a copy. Anyone with a copy of Windows dating back to Windows 7 can upgrade for free, a first for Microsoft. Whether we're talking tiny smartphone applications, or entire operating systems, people now expect software to be free. It's a reality that, obviously, hurts software makers the most. If you'd told me only a few years ago Microsoft would adapt to this new reality this (relatively) quickly, I wouldn't have believed it.

A potentially big ruling came out of the courtroom of Judge Lucy Koh yesterday, in which she affirmed a magistrate judge's decision to tell the government to get a warrant if it wants to obtain historical location info about certain "target" mobile phones (officially known as "Cell Site Location Info" -- or CSLI). The government sought to use a provision of the Stored Communications Act (a part of ECPA, the Electronic Communications Privacy Act) to demand this info without a warrant -- using a much lower standard: "specific and articulable facts" rather than the all important "probable cause." Judge Koh says that's doesn't pass 4th Amendment muster, relying heavily on the important Supreme Court rulings in the Jones case, involving attaching a GPS device to a car, and the Riley case about searching mobile phones.

Based on the preceding U.S. Supreme Court cases, the following principles are manifest: (1) an individual’s expectation of privacy is at its pinnacle when government surveillance intrudes on the home; (2) long-term electronic surveillance by the government implicates an individual’s expectation of privacy; and (3) location data generated by cell phones, which are ubiquitous in this day and age, can reveal a wealth of private information about an individual. Applying those principles to the information sought here by the government, the Court finds that individuals have an expectation of privacy in the historical CSLI associated with their cell phones, and that such an expectation is one that society is willing to recognize as reasonable.

This is big. Obviously, the government is likely to appeal, and so as a first pass, this might seem meaningless. We've still got an appeals court (and possibly a rehearing) and a Supreme Court to get to, but as a first ruling, it's a good one. Koh's analysis is pretty thorough. It notes the similarities to both the Jones and Riley cases:

Here, as in Jones, the government seeks permission to track the movement of individuals—without a warrant—over an extended period of time and by electronic means. CSLI, like GPS, can provide the government with a “comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.” Riley, 134 S. Ct. at 2490 (quoting Jones, 132 S. Ct. at 955 (Sotomayor, J., concurring)). With the proliferation of smaller and smaller base stations such as microcells, picocells, and femtocells—which cover a very specific area, such as one floor of a building, the waiting room of an office, or a single home, ...—the government is able to use historical CSLI to track an individual’s past whereabouts with ever increasing precision. See Riley, 134 S. Ct. at 2490 (explaining that a cell phone’s “[h]istoric location information . . . can reconstruct someone’s specific movements down to the minute, not only around town but also within a particular building”). At oral argument, the government agreed that in some instances CSLI could locate an individual within her home, ... and did not dispute that CSLI will become more precise as the number of cell towers continues to multiply.... This admission is of constitutional significance because rules adopted under the Fourth Amendment “must take account of more sophisticated systems that are already in use or in development.”...

In fact, the information the government seeks here is arguably more invasive of an individual’s expectation of privacy than the GPS device attached to the defendant’s car in Jones. This is so for two reasons. First, as the government conceded at the hearing, over the course of sixty days an individual will invariably enter constitutionally protected areas, such as private residences.... Tracking a person’s movements inside the home matters for Fourth Amendment purposes because “private residences are places in which the individual normally expects privacy free of governmental intrusion not authorized by a warrant, and that expectation is plainly one that society is prepared to recognize as justifiable.” Karo, 468 U.S. at 714; see also Kyllo, 533 U.S. at 31 (“At the very core of the Fourth Amendment stands the right of a man to retreat into his own home and there be free from unreasonable governmental intrusion.” (internal quotation marks omitted)). As one court put it, “Because cellular telephone users tend to keep their phone on their person or very close by, placing a particular cellular telephone within a home is essentially the corollary of locating the user within the home.” ....

Second, the government conceded at oral argument that, compared to GPS tracking of a car, the government will “get more information, more data points, on the cell phone” via historical CSLI... (“But, yes, of course the person has the phone more than they have their car, most people at least do, so it gives [the government] more data.”). Cell phones generate far more location data because, unlike the vehicle in Jones, cell phones typically accompany the user wherever she goes.... Indeed, according to a survey cited by the U.S. Supreme Court in Riley, “nearly three-quarters of smart phone users report being within five feet of their phones most of the time, with 12% admitting that they even use their phones in the shower.”....

Judge Koh points to some survey data from Pew (sent in by EFF) noting that many, many people consider their location information to be "sensitive information" and, on top of that, the fact that CSLI is generated even if someone turns off the GPS or "location data" features on their phone -- meaning they can't even opt out of generating such information to try to keep it private.

More importantly, Judge Koh takes on the issue of the infamous third party doctrine and the awful Smith v. Maryland precedent, which says you have no expectation of privacy in data held by third parties. To date, the Supreme Court has punted on this issue in the Jones and Riley cases. However, Koh addresses the issue head on, and says the third party doctrine should not apply to phone location data like this. The key issue: in the Smith case, the "information" that was given to the third party was the phone number being dialed. This was information that the caller voluntarily conveyed to the phone company in order to make the call. Judge Koh points out that this information is quite different:

Cell phone users, by contrast, do not “voluntarily convey” their location to the cellular service provider in the manner contemplated by Miller and Smith. This is especially true when historical CSLI is generated just because the cell phone is on, such as when cell phone apps are sending and receiving data in the background or when the cell phone is “pinging” a nearby cell tower. As the government’s FBI special agent explained, “CSLI for a cellular telephone may still be generated in the absence of user interaction with a cellular telephone.” .... “For example,” the special agent continued, CSLI may be generated by “applications that continually run in the background that send and receive data (e.g. email applications).” ... At oral argument, the government confirmed that its § 2703(d) application authorizes the government to obtain historical CSLI generated by such activities.

[....] In so doing, a cell phone periodically identifies itself to the closest cell tower—not necessarily the closest cell tower geographically, but the one with the strongest radio signal—as it moves through its network’s coverage area.... This process, known as “registration” or “pinging,” facilitates the making and receiving of calls, the sending and receiving of text messages, and the sending and receiving of cell phone data.... Pinging nearby cell towers is automatic and occurs whenever the phone is on, without the user’s input or control.... This sort of pinging happens every seven to nine minutes....

In Miller and Smith, the individual knew with certainty the information that was being conveyed and the third party to which the conveyance was made. Cell phone users, on the other hand, enjoy far less certainty with respect to CSLI. CSLI, in contrast to deposit slips or digits on a telephone, is neither tangible nor visible to a cell phone user. When the telephone user in Smith received his monthly bill from the phone company, the numbers he dialed would appear.... The CSLI generated by a user’s cell phone makes no such appearance.... Rather, because CSLI is generated automatically whenever a cell tower detects radio waves from a cell phone, a cell phone user typically does not know that her phone is communicating with a cell tower, much less the specific cell tower with which her phone is communicating.... It may be, as the government explained, that a cell phone connects to “many towers” during the length of a call,... and the tower to which a cell phone connects is not necessarily the closest one geographically.... Moreover, when an app on the user’s phone is continually running in the background, ... she may not be aware that the cell phone in her pocket is generating CSLI in the first place.

And thus, even with the third party doctrine, this information is quite different than that discussed in the Smith v. Maryland case, which involved phone numbers dialed:

In light of the foregoing, the Court concludes that historical CSLI generated via continuously operating apps or automatic pinging does not amount to a voluntary conveyance of the user’s location twenty-four hours a day for sixty days. Such data, it is clear, may be generated with far less intent, awareness, or affirmative conduct on the part of the user than what was at issue in Miller and Smith. Unlike the depositor in Miller who affirmatively conveyed checks and deposit slips to the bank, or the telephone user in Smith who affirmatively dialed the numbers recorded by the pen register, a cell phone user may generate historical CSLI simply because her phone is on and without committing any affirmative act or knowledge that CSLI is being generated. Smith, for example, never contemplated the disclosure of information while the landline telephone was not even in use.

This sort of passive generation of CSLI does not amount to a voluntary conveyance under the third-party doctrine.

Judge Koh notes that this ruling isn't rejecting the ruling in Smith -- rightly noting that only the Supreme Court can determine that it's no longer good law -- but notes that the ruling there is different enough from this one that it does not apply. Ideally, the Supreme Court will get around to rejecting the ridiculous third party doctrine altogether, but if it must stand, a ruling like this is helpful in returning just a bit of 4th Amendment protected privacy to the American public.

Permalink | Comments | Email This Story

We've talked a lot about the UK's ambitious plan to marry Orwellian thought crime designations with Minority Report style crime-prediction when it comes to stopping all the terrorism that's barely occurred in the country. The basic idea is that the government will create a boogeyman-list of suspected future-terrorists, people who are not strapping bombs to themselves and blowing up marketplaces filled with children -- but might! -- while tasking the educational system with weeding out tiny, little terrorist children using software so laughably flawed that it ought to belong on HBO's Silicon Valley. In other words: hey, great plan!

Well, counted amongst the fruit of all that idiotic labor is the result we all probably saw coming: a goddamn three-year-old has found his/her way onto the watchlist.

The three-year-old in the programme is from the borough of Tower Hamlets, and was a member of a family group that had been showing suspect behaviour. Many of the government's counter-extremism measures typically relate to older children and adults - buy very young children can be referred if authorities are concerned about the effect of their families on them.

The idea being that the UK government's "concern" is centered around extremist parents will produce extremist children as a matter of course and the best way to combat these must-eventually-be extremist toddlers is by putting them on a watchlist run by the same people who did all the stupidity I mentioned in the first paragraph. Sigh.

As it turns out, the number of people getting caught up in this prevent strategy system is pretty astounding.

They show that a total of 1,069 Londoners have been referred to the government’s “Channel” counter-extremism programme since the start of 2012. That means that the capital accounts for about a quarter of the 4,000 referrals to the programme nationwide since then. The Standard, which obtained the figures from the London Assembly, can also reveal that: Since September last year, 400 Channel referrals were made for teenagers and children under 18.

This is exactly what you'd expect when the government tasks a great many people who have no formalized training in identifying bad guys with identifying bad guys. It's also exactly what you should expect when the government plan for building up a watch list of future-terrorists, including hundreds of innocent children as young as three years old, comes with a complete lack of common sense and is instead the product of fear mixed with nationalism. And this doesn't even touch on the potential or real-life cases of abuse of the system, which are as inevitable as the sunrise.

Look, security is important, and terrorism is an actual thing, but going off the deep end to the point where you've got government eyes on toddlers isn't a solution to any problem.

Permalink | Comments | Email This Story

The National Highway Transportation Safety Association (NHTSA) is supposed to be focused on one thing: safety. For crying out loud, it's right in the middle of its cumbersome name. But the federal funding it hands out to state and local governments is being used for surveillance devices with no discernible "safety" purpose: automatic license plate readers.

The NHTSA is funding license plate readers for highway safety purposes only, but it’s far from clear how law enforcement agencies are interpreting this and whether they are using the funding to buy license plate readers for non-safety uses. The NHTSA should not be funding police technology for surveillance purposes and it should not let law enforcement apply for funding to decrease traffic fatalities and then turn around and use those funds to track people not suspected of any crime.

This is how things are supposed to run versus how things actually run. This funding dodge is pretty much indiscernible from law enforcement agencies obtaining DHS/DoD grants for Stingrays and Bearcats to combat "terrorism," and then using the equipment to do banal, routine policework, like tracking down drug dealers.

So, in the name of "safety," local agencies are asking for federal funding, and then using the subsidization to deploy new surveillance tech. Standard operating procedure. And the companies manufacturing this equipment clearly recognize these exploitable funding opportunities and target prospective purchasers accordingly.

Private license plate reader manufacturers have further facilitated NHTSA granting funds for license plate reader systems by connecting state and local law enforcement agencies with the funding streams. In one 2012 email exchange, an employee of an ALPR maker advises the Florida Department of Highway Safety and Motor Vehicles that “NHTSA funding is available for traffic safety” and provides contact information. Indeed, the company has a whole page of its website devoted to connecting law enforcement agencies with sources of funding.

In essence, the companies are telling agencies this equipment is pretty much free. And it is, as long as you don't think too hard about the original source of the funding: taxpayers. Exploiting this federal funding allows agencies to claim safety is a priority while not actually moving towards that goal. Instead, they get the location tracking technology they want and allow the public to pick up the tab. Then this equipment is turned around and pointed at the same people paying for it, sometimes literally as a tool of tax collection.

And it looks as if this broken, abused system will only get worse. The ACLU reports the NHTSA is soliciting bids for a study into the use of license plate readers to improve driver safety. That this obviously arrives well after NHTSA funds have been used to purchase plate readers is already problematic. Beyond that, any conclusions drawn from the report will simply provide law enforcement agencies with handy citations to use when requesting funding for equipment they have no interest in using for "public safety" reasons.

Permalink | Comments | Email This Story

Remember the opening scene of the first Fast and Furious film? Heists like these could become easier to pull off.

The post Hackers Could Heist Semis by Exploiting This Satellite Flaw appeared first on WIRED.

Earlier this summer we wrote about some ridiculous demands coming out of France, asking that Google expand the "right to be forgotten" globally. As you hopefully already know, last year, a European court came out with a troubling ruling that required Google into a sort of "right to be forgotten" situation, where links associated with someone's name that were magically deemed no longer relevant, needed to be "de-linked." Google reluctantly complied, and has since been busy de-linking many individuals from totally factual news stories about them. But, given that this was the law in Europe, it only did so in Europe.

That resulted in the complaint from France -- to which Google has now responded by saying it will not comply with a global right to be forgotten, because the results would be catastrophic for free speech and the open internet:

This is a troubling development that risks serious chilling effects on the web.

While the right to be forgotten may now be the law in Europe, it is not the law globally. Moreover, there are innumerable examples around the world where content that is declared illegal under the laws of one country, would be deemed legal in others: Thailand criminalizes some speech that is critical of its King, Turkey criminalizes some speech that is critical of Ataturk, and Russia outlaws some speech that is deemed to be “gay propaganda."

If the [French regulator's] proposed approach were to be embraced as the standard for Internet regulation, we would find ourselves in a race to the bottom. In the end, the Internet would only be as free as the world’s least free place.

We believe that no one country should have the authority to to control what content someone in a second country can access. We also believe this order is disproportionate and unnecessary, given that the overwhelming majority of French internet users—currently around 97%—access a European version of Google’s search engine like google.fr, rather than Google.com or any other version of Google.

I can't see into the future, but I'll take a wild guess and suggest that the French regulators aren't going to just back down following this response, no matter how reasonable and rational it is. European regulators continue to seem to think the internet can be twisted, censored and molded in their own interest, and don't seem to understand just how badly that will backfire. It's likely that this simple explanation will fall on deaf ears and there will soon be a big fight over this. Stay tuned.

Permalink | Comments | Email This Story

LG didn’t lose any money in Q2 2015, but no one’s exactly breaking out the champagne for the result they mustered up. The company pulled in 12.69 billion across all its businesses last quarter, which is a 7.6% decline year-on-year but close to the same compared to what they did the previous quarter. The company made just $222.25 million on all that revenue.

While the mobile division wasn’t the biggest to blame — TV revenue was down over 22% quarter-over-quarter thanks to waning interest in LCD — it still wasn’t great. The company shipped 8.1 million smartphones and grew 1% in revenue overall. They achieved their goal of establishing a bigger presence in North America by increasing revenues by as much as 36%, largely thanks to the performance of the mid-range market.

It’s the high-end segment that the company struggled with. The iPhone isn’t leaving much room for many competitors, LG included, and it caused the South Korean company to make just 1.2 cents (US Dollar) for every phone sold. That’s literally pocket change in their world, so you can see why they’d be a bit upset.

That said, things are bound to improve, even if only a little bit. The LG G4 will enjoy its first full quarter of being on the market in Q3, and LG is expected to release a couple of more high-end handsets, including the LG G Pro 3, by year’s end to help compete with Apple’s forthcoming options.

[via LG]

Years before Ed Snowden revealed how the NSA and DOJ had reinterpreted the PATRIOT Act and the FISA Amendments Act to allow the intelligence community to spy on Americans, Senator Ron Wyden tried to warn the public that this had happened:

We're getting to a gap between what the public thinks the law says and what the American government secretly thinks the law says.

For a couple of years after he said that, privacy and civil liberties advocates were forced into something of a guessing game to figure out what that secret law actually said. Eventually, the details were spilled by Ed Snowden who is, of course, now being threatened with a lifetime in prison for blowing the whistle.

This is not the only time that Wyden has made these kinds of warnings, and he's doing it again right now -- this time over CISA, the faux-"cybersecurity" bill that Wyden has made clear is really about surveillance. Recently released papers from the Snowden archives have made it clear why he's saying this, because it showed that, contrary to what's been said in the past, the NSA is using "cyber signatures" to sniff through upstream collections (their taps into the fiber backbone) under Section 702 of the FISA Amendments Act. And this opens up the information collected to so-called "back door" or "incidental" searches by the NSA. The whole point of CISA is to actually encourage companies to give the government more such "cyber signatures" which they can use to monitor the internet.

However, there's likely more going on as well, and in particular, Senator Wyden has been strongly hinting about an important Justice Department memo that remains classified, but which he implies would change the debate.

Wyden... claims that a classified Justice Department legal opinion written during the early years of the George W. Bush administration is pertinent to the upper chamber's consideration of cyberlegislation—a warning that reminds close observers of his allusions to the National Security Agency's surveillance powers years before they were exposed publicly by Edward Snowden.

[....] "I remain very concerned that a secret Justice Department opinion that is of clear relevance to this debate continues to be withheld from the public," Wyden said in his written dissent against CISA, which cleared the Senate Intelligence Committee 14-1 in March. "This opinion, which interprets common commercial service agreements, is inconsistent with the public's understanding of the law, and I believe it will be difficult for Congress to have a fully informed debate on cybersecurity legislation if it does not understand how these agreements have been interpreted by the Executive Branch."

Last year, based on some breadcrumbs that Wyden dropped during the confirmation hearings for Caroline Krass as the CIA's new top lawyer, Marcey Wheeler dug into some more details about this document, and notes that it comes from the same period of time when the Bush administration was twisting itself into knots to justify warrantless wiretapping and torture. In other words, this document seems ridiculously relevant to the debate.

And while it appears that the vote on CISA has likely been delayed yet again, it seems like this is a fairly important detail.

In short, haven't we, as a country, learned enough to note that, when Senator Wyden points out that there's a secret interpretation of the law that is at odds with a plain reading of it, we should all be demanding answers?

Permalink | Comments | Email This Story

Student loan debt is a serious problem here in the US as the price of higher education continues to outpace every standard economic yard stick. Lots of people think the government should step in to do something about it. While the administration makes helpful noises and tries to figure out how it can effectively tell Americans it's alright to rack up debt and walk away from it without actually, you know, encouraging Americans to get deeply in debt and walk away from it, one government employee is taking the bold steps the US government won't to eradicate student loan debt… specifically, his.

In a 2014 audit of the DA’s office representing Washington and Nowata counties [Oklahoma], the State Auditor’s Office found that $5,000 in forfeiture funds had been used to make payments on an assistant district attorney’s student loans.

That's a pretty egregious abuse of seized funds, and that's even if you find the whole asset forfeiture system mostly abuse-free when it comes to seizing property. Unbelievably, the DA's office defended the use of the public's money to pay off personal student loans.

The report said the district attorney maintained the expense was justified because most of the cases the assistant DA prosecuted were drug cases.

Which means what? That he was involved in several drug prosecutions and therefore entitled to a percentage of the take for his own personal use?

But no need to worry about the misspent $5,000. The DA's office has already "repaid" it using money seized a bit more lawfully via taxation.

After the issue came to light, the Oklahoma District Attorneys Council reimbursed the $5,000 using funds from its own student-loan program, the State Auditor’s report states.

So, everything's cool now. Except:

A 2009 audit of the District Attorney’s Office that represents Beaver, Cimarron, Harper and Texas counties found that a Beaver County assistant district attorney began living rent-free in a house obtained in a 2004 forfeiture. A judge had ordered the house sold at an auction, but the prosecutor lived there through 2009.

A bold new opportunity in real estate! Open to law enforcement members only!

There's so much more.

Schroedinger's seized pickup truck -- listed as "sold" at an auction -- remains in a sold/unsold state as neither the pickup, the paperwork nor the cash generated from the sale can be located. One district further perverted the perverse incentives by spending seized money before it had even been processed by the courts. In other instances, the money made its way onto the ledgers as "seized," but forfeiture cases were never filed. (This is particularly evil because without a filing, there's almost no way to challenge the seizure.)

The violations found by these audits are the sort of thing everyone should have expected when they allowed law enforcement to start seizing property without bringing criminal charges. Guns, vehicles and cash go missing. Proceeds from auctions are used to pay court costs and fund retirement parties. The program basically allows officers to steal from people they've already dehumanized as "drug traffickers." So, if someone's property goes missing and ends up as an off-the-books personal use vehicle/gun for some cop, no one's going to spend too much time worrying about the supposed "criminal" whose property has been seized. That's why the accountability is so lax and that's why the laws granting officers these powers need to be -- at minimum -- rewritten, if not taken off the books entirely.

And, as is always the case when asset forfeiture is attacked by legislators and regulators, there's a caricature of law enforcement on hand to offer homespun words of wisdom in defense of the legalized theft:

“I know for a fact we all try to work very hard to rid this devil’s candy (drugs) off of our state. And for someone to try and push us back — sheriff’s departments, police departments — that’s how we continue our fight, is to take that money and go forward,” Stradley said. “That will set us back many, many, many years.”

Will it set you back to 1990? And put you right in the middle of the crack epidemic? Or will it take you back to the 1920's, when marijuana was making jazz music tolerable and turning non-Caucasian males into rapists? How many years exactly will forcing Oklahoma law enforcement to accompany seizures with criminal charges set back these agencies? We all want to know. Even those of us who swore off the devil's candy years ago or never made it past anything harder than devil's food cake.

Permalink | Comments | Email This Story

The White House has finally responded -- more than two years later -- to a petition asking for a pardon of Edward Snowden. The petition surfaced soon after Snowden went public with his identity. Less than three weeks later -- June 25, 2013 -- it had passed the 100,000-signature threshold.

Understandably, the administration was in no hurry to respond to this petition. In the immediate aftermath of the first leaks, no entity was more unpopular than the NSA. Snowden, on the other hand, probably could have won a number of local elections as a write-in candidate at that point. So, the administration sat on it, as it has sat on a great many petitions not particularly aligned with its desires.

Unfortunately, the public's opinion hasn't shifted much. As other agencies have become more plaintive in their requests to undermine privacy and safety to keep criminals from "going dark," the public has become less and less enthusiastic about being forced to make more sacrifices in the interest of security. The NSA also hasn't become more popular in the interim. So buying time by cherry-picking We The People petitions to respond to hasn't made answering this petition any easier for the administration.

More than two years later -- 763 days past the point it became a viable petition -- the administration has answered. And the answer could have been written two years ago, as it refuses to acknowledge Snowden's contribution to recent surveillance reforms. The response was written by Lisa Monaco, the president's advisor on Homeland Security and Counterterrorism. Considering the source, the response is unsurprising. But it starts off with a lie:

Since taking office, President Obama has worked with Congress to secure appropriate reforms that balance the protection of civil liberties with the ability of national security professionals to secure information vital to keep Americans safe.

Wrong. The "appropriate reforms" have been forced into existence by leaked documents Snowden provided. This "conversation" the President keeps claiming he always wanted to have only took place because he could no longer ignore it. This opening sentence is worse than merely disingenuous. It's a complete rewrite of Obama's civil liberties legacy. Before the Snowden leaks, Obama's stance on surveillance was "whatever Bush did, only more."

Next, Monaco goes on to say that no matter how instrumental Snowden was in the recent surveillance reforms (without ever actually saying that), he's still a just a criminal and should be treated as one.

Instead of constructively addressing these issues, Mr. Snowden's dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it.

Except that this administration is no friend to whistleblowers. Snowden knew this. Snowden also knew the "proper channels" were mostly there to ensure whistleblowers were silenced and punished. So he ran. This administration has prosecuted more whistleblowers than all other administrations combined. When Snowden took off, it was five years into Obama's presidency, plenty of time to gauge what sort of odds the "proper channels" offered.

From that point, Monaco goes on to claim that the only legitimate act of civil disobedience is a punished act of civil disobedience.

If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and -- importantly -- accept the consequences of his actions. He should come home to the United States, and be judged by a jury of his peers -- not hide behind the cover of an authoritarian regime. Right now, he's running away from the consequences of his actions.

First off, this is wrong. As has been explained countless times, under the Espionage Act, which is what Snowden would be charged under, he is not allowed to present the evidence in his defense that he was blowing the whistle on an illegal program (and yes, it has been ruled illegal). Nor is he allowed to argue that the leak was in the public interest. In other words, the law is stacked such that he cannot present his argument fairly. The deck is stacked and Monaco knows the deck is stacked and ignores that -- which is exceptionally dishonest.

I would imagine Monaco -- and by extension, the administration -- would also feel that those who hacked Hacking Team are the real criminals here, not the company that sold surveillance software and zero-day exploits to governments known for widespread abuse of their citizens. "Look, we appreciate them highlighting these dubious and likely illegal contracts. But to move forward, we really need to put the hackers who obtained the documents on trial."

But, honestly, no one expected this response to go any other way. No one who holds the top office in the nation is going to sell out the rest of the government for a whistleblower. So, it could have saved everyone the trouble and posted this answer June 26, 2013.

Permalink | Comments | Email This Story

If you talk to the reporters who work for various big media companies, they insist that they have true editorial independence from the business side of their companies. They insist that the news coverage isn't designed to reflect the business interests of their owners. Of course, most people have always suspected this was bullshit -- and you could see evidence of this in things like the fact that the big TV networks refused to cover the SOPA protests. But -- until now -- there's never necessarily been a smoking gun with evidence of how such business interests influences the editorial side.

Earlier this month, we noted that the Hollywood studios were all resisting subpoenas from Google concerning their super cozy relationship with Mississippi Attorney General Jim Hood, whose highly questionable "investigation" of Google appeared to actually be run by the MPAA and the studios themselves. The entire "investigation" seemed to clearly be an attempt to mislead the public into believing that it was somehow illegal for Google's search engine to find stuff that people didn't like online. A court has already ruled that Hood pretty clearly acted in bad faith to deprive Google of its First Amendment rights. As the case has continued, Google has sought much more detail on just how much of the investigation was run by the MPAA and the studios -- and Hollywood has vigorously resisted, claiming that they really had nothing to do with all of this, which was a laughable assertion.

However, in a filing on Thursday, Google revealed one of the few emails that they have been able to get access to so far, and it's stunning. It's an email between the MPAA and two of Jim Hood's top lawyers in the Mississippi AG's office, discussing the big plan to "hurt" Google. Beyond influencing other Attorneys General (using misleading fake "setups" of searches for "bad" material) and paying for fake anti-Google research, the lawyers from Hood's office flat out admit that they're expecting the MPAA and the major studios to have its media arms run a coordinated propaganda campaign of bogus anti-Google stories:

Media: We want to make sure that the media is at the NAAG meeting. We propose working with MPAA (Vans), Comcast, and NewsCorp (Bill Guidera) to see about working with a PR firm to create an attack on Google (and others who are resisting AG efforts to address online piracy). This PR firm can be funded through a nonprofit dedicated to IP issues. The "live buys" should be available for the media to see, followed by a segment the next day on the Today Show (David green can help with this). After the Today Show segment, you want to have a large investor of Google (George can help us determine that) come forward and say that Google needs to change its behavior/demand reform. Next, you want NewsCorp to develop and place an editorial in the WSJ emphasizing that Google's stock will lose value in the face of a sustained attack by AGs and noting some of the possible causes of action we have developed.

In other words, Jim Hood and the MPAA were out and out planning a coordinated media attack on Google using the editorial properties that supposedly claim to have editorial independence from the business side. Notice that with the WSJ piece, they flat out admit that the editorial will be based on the ideas that "we" have developed. If you work for the WSJ, your editorial independence just got shot down. Remember when CBS stepped in and interfered editorially with CNET for giving an award to Dish at the same time that CBS was in a legal fight over that same device? That resulted in reporters quitting.

This is worse.

This is an out and out case where the MPAA is admitting to a plan whereby it will use mainstream media properties to run bogus and misleading stories to "attack" Google, to further the MPAA's (believed, but misleadingly so) business interests. Is this really how the Today Show and the WSJ pick their editorial topics?

The "plan" goes even further after that, getting the MPAA to find (and almost certainly pay for) a lawyer to work with the "shareholder" previously identified to file legal filings against Google.

Following the media blitz, you want Bill Guidera and Rick Smotkin to work with the PR firm to identify a lawyer specializing in SEC matters to work with a stockholder. This lawyer should be able to the [sic] identify the appropriate regulatory filing to be made against Google.

As Google notes in its legal filing about this email, the "plan" states that if this effort fails, then the next step will be to file the subpoena (technically a CID or "civil investigatory demand") on Google, written by the MPAA but signed by Hood. As Google points out, this makes it pretty clear (1) that the MPAA, studios and Hood were working hand in hand in all of this and (2) that the subpoena had no legitimate purpose behind it, but rather was the final step in a coordinated media campaign to pressure Google to change the way its search engine works. It's pretty damning:

The document thus shows that the CID was not the foundation of a legitimate investigation—rather, it was a “final step” that would be issued only “if necessary” to further pressure Google to capitulate to the demands of AG Hood and his supporters.

The court has yet to rule on what else Hollywood needs to turn over, but just from what's coming out already, serious questions are being raised (1) about Jim Hood and his office and what they were up to as well as (2) the editorial independence of the media arms of the MPAA studios, including both NBCUniversal ("the Today Show") and NewsCorp. (the Wall Street Journal).

Permalink | Comments | Email This Story

A year ago, we wrote about the launch of a new program from a bunch of bigger tech companies who were sick of patent trolls: the "License On Transfer" network (LOT). The program, set up by Google, NewEgg, Dropbox, SAP, Asana and Canon was pretty simple in concept. It's a royalty-free patent cross-licensing program. If any patent held by a member of LOT is transferred to another company, a license is automatically granted to every member of LOT. This serves to avoid patents eventually falling into the hands of trolls and being used against members. A bunch of other companies have joined since it launched, including Redhat, GitHub, Ford, JPMorganChase, Mazda, Khan Academy, Pandora and more. It certainly doesn't solve all the patent trolling problems, but it is a nice way to make sure that patents from these organizations are less likely to be used for trolling and has a really nice incentive structure in that to protect yourself from patent trolling you basically have to make sure your patents are less likely to be used by trolls as well.

LOT is still trying to expand, and it appears that Google is taking a step to make it even more attractive, especially for startups: the company is going to start giving away some of its patents to startups, for free, if they meet a few conditions -- including joining LOT (though the membership fees for the first two years will be waived). The program is only available to the first 50 eligible participants who sign up -- and to be eligible, you need to have 2014 revenue between $500k and $20 million. Then Google will offer specific "patent families" from which the startups can choose to take. These patents will not be ones developed by Google itself, but rather ones that it has bought from others. And, of course, the startups agree to issue a license back to Google. And, most importantly, they must agree to only use the patents defensively. If used offensively, the patents go back to Google.

In other words, it's another win-win setup. Startups can get some decent patents for free that they can use for defensive purposes, and LOT gets more members from the startup community. The only ones who "lose" are the trolls and their lawyers, but I can't fathom any reason to be upset about that.

Of course, if we just fixed the damn patent system so that low quality patents and patent trolling were stopped, none of this would be needed. So, in some sense, it's a bit depressing that all of this is really an economic dead weight loss on society created by a broken patent system. But, at the very least, it's nice to see companies proactively looking for non-regulatory/non-legislative ways to minimize the damage created by a broken system.

Permalink | Comments | Email This Story

Update: In addition to the update already added at the bottom of this story, later on Friday it came out that the initial report was wrong and the call for an investigation was not for a criminal investigation. Original post follows:

Earlier this year there was a bit of a scandal over the fact that Hillary Clinton had used a private server for her emails, something she knew was inappropriate and which clearly exposed her emails to foreign spies. When she finally agreed to address the issue, one of the key points she made in her defense was that she never had classified material on the server:

CLINTON: I did not email any classified material to anyone on my email. There is no classified material.

So I'm certainly well-aware of the classification requirements and did not send classified material.

Many -- including State Department officials -- found this nearly impossible to believe, especially given just how much stuff the State Department classifies (whether or not that information should be classified is another discussion for another day).

A former senior State Department official who served before the Obama administration said that although it was hard to be certain, it seemed unlikely that classified information could be kept out of the more than 30,000 emails that Mrs. Clinton’s staff identified as involving government business.

“I would assume that more than 50 percent of what the secretary of state dealt with was classified,” said the former official, who would speak only on the condition of anonymity because he did not want to seem ungracious to Mrs. Clinton. “Was every single email of the secretary of state completely unclassified? Maybe, but it’s hard to imagine.”

Back in May, with the first release of a bunch of her emails, some noted that, indeed, they couldn't find any evidence of classified information, though some were later retroactively classified.

But, of course, that was just one batch of the emails. A few weeks ago, reports started leaking from inside the State Department that, in fact, there was classified information on that server, and late last night the other shoe dropped, with a report in the NY Times that two separate Inspectors General have requested the Justice Department open a criminal investigation into Clinton's mishandling of sensitive information -- in particular the inclusion of "hundreds" of potentially classified emails on her private server.

Two inspectors general have asked the Justice Department to open a criminal investigation into whether Hillary Rodham Clinton mishandled sensitive government information on a private email account she used as secretary of state, senior government officials said Thursday.

The request follows an assessment in a June 29 memo by the inspectors general for the State Department and the intelligence agencies that Mrs. Clinton’s private account contained “hundreds of potentially classified emails.” The memo was written to Patrick F. Kennedy, the under secretary of state for management.

The report also notes that these same Inspectors General were particularly annoyed with how the State Department has been handling this, saying that one of the emails that was revealed publicly last month contained classified information that should not have been released (though they obviously did not identify which email).

In a second memo to Mr. Kennedy, sent on July 17, the inspectors general said that at least one email made public by the State Department contained classified information. The inspectors general did not identify the email or reveal its substance.

[....]

The inspectors general also criticized the State Department for its handling of sensitive information, particularly its reliance on retired senior Foreign Service officers to decide if information should be classified, and for not consulting with the intelligence agencies about its determinations.

Back in March, when the whole email scandal broke, it was pretty clear that Clinton hoped to address it quickly and then hope that the whole thing would blow over. And, for the most part, it actually did. However, a criminal investigation and potential charges would obviously put it back on the front page again. Either way, it still raises serious questions as to what the hell she was thinking and more importantly, what the hell her staff was thinking. There is no way they could not have known how dangerous this was. Clinton's bizarre defense that the system was secure because the server was physically guarded never made much sense, but it still boggles the mind that everyone allowed this to happen in the first place. At this point, it has to be considered all but confirmed that foreign intelligence agencies had full access to all of her emails, including those that had classified information.

Update: Well, this is interesting. Some have noticed that after it was published, the NY Times quietly "softened" its original story... An hour after publishing it, the report changed so that it no longer said that the question was if "Hillary Clinton mishandled" her emails, but rather if "sensitive government information was mishandled in connection with the personal email account Hillary Rodham Clinton."

Permalink | Comments | Email This Story

The NYPD doesn't care for transparency. Its relationship with open records requesters ranges from "frosty" to "antagonistic." It even employs its own in-house, completely arbitrary classification system in order to prevent even more of its documents from making their way into the hands of the public.

And, despite policies specifically mandating the preservation of records, NYPD officials are apparently preemptively deleting certain communications to ensure they'll never be made public.

Attorneys for the city have failed to turn over even one email from the files of former Police Commissioner Raymond Kelly or former Chief of Department Joseph Esposito regarding summons activity over the last eight years, attorney Elinor Sutton writes in new filings in Manhattan Federal Court seeking sanctions against the city.

“It is simply not tenable that Commissioner Kelly and Chief Esposito did not — in the entire period of 2007 through the present — write or receive emails using terms” related to the word “summons,” Sutton writes.

Seven years of discussing police business and not once did Kelly or Esposito use the word "summons," one of the most common terms used when discussing police business. How can this possibly be? Well, when you're looking for evidence that NYPD bosses and supervisors instituted illegal quotas, the word "summons" would figure prominently in responsive documents... if said documents hadn't been memory-holed for the preservation of the greater good their positions.

And it's not just the top two men in the NYPD that have a "summons" hole in their communications. Searches for responsive emails/texts from three other high-ranking NYPD officials came up empty as well.

What Sutton has obtained that points to an unofficial quota system has come from whistleblowers and "other means." Sutton has copies of emails and texts -- sent using NYPD phones/email accounts -- that discuss quota-like "expectations" for officers and reprisals for failing to hit these numbers. But the NYPD's own search for these same documents has found nothing. This either means the NYPD isn't performing thorough searches or it has been destroying incriminating documents. Either way, the NYPD's lack of responsive documents looks very suspicious.

And the city itself is complicit in the "vanishing" of possibly culpatory evidence.

[C]ity lawyers didn’t advise the NYPD to preserve communications related to summonses until 2013 — three years after the suit was filed, Sutton says.

The city won't say much about the lawsuit or its police department's actions, but this contradictory set of sentences says a lot more than the city rep probably intended it to.

In a response filed last week, city attorney Qiana Smith-Williams said the alleged evidence destruction was “short on meritorious claims” and that the sides had not yet “exhausted the possibility of a settlement.”

If you believe the opposition's case is lacking in merit -- and you have an inexhaustible amount of (public) funds to fight it -- why would you be entertaining a settlement? The obvious answer is this: a settlement would allow the city to end the discovery process, maintain its secrecy, allow those involved in the quota scheme to avoid further examination/punishment. Handing out (public) money to the plaintiffs in settlement form also allows the city/NYPD to move on without having to admit wrongdoing. A payout means nothing changes. Quotas will still remain, but steps will be taken to ensure it's better hidden.

Permalink | Comments | Email This Story

Self-driving cars are on the way, and in their wake, they'll leave a variety of entities slightly less better off. Insurance companies may be the first to feel the pinch, as less-than-risk-averse drivers are replaced with Electric Grandmothers more than willing to maintain safe speed limits and the proper distance between vehicles. And as goes the car accident, so go other areas of the private sector: personal injury/DUI lawyers, hospitals, body shops, red light camera manufacturers, towing companies, etc.

But the public sector will take the hit as well. "Flow my tears," said the policeman.

Consider the following. This past year, the City of Los Angeles generated $161 million from parking violations. Red light violations have a fee of $490. Californians caught driving under the influence are fined up to $15,649 for a first-offense misdemeanor DUI conviction and up to $22,492 for an under-21 equivalent. Cities in California collect, on average, $40 million annually in towing fees that they divide with towing firms. Simply put, the hundreds of millions of dollars generated from poor driving-related behaviors provide significant funding for transportation infrastructure and maintenance, public schools, judicial salaries, domestic violence advocacy, conservation, and many other public services.

Since California legalized driverless vehicles, Google has logged more than 1.7 million miles during the testing phase and been involved in 11 accidents, none of which were the fault of the driverless vehicle. Tesla, Mercedes, and others are not far behind. It turns out that automated vehicle technology—unlike humans—abides by the law. And that’s bad news for local government revenues. In other words, once driverless cars become mainstream, deep revenue sources acquired from driving-related violations such as speeding tickets and DUIs will decrease greatly.

Someone has to pay for the roads and other government activities, but it won't be drivers. So, as the Brookings Institution report points out, new revenue streams will have to be sought. The obvious suggestion is tax-per-mile billing, but that puts the government right in your vehicle -- an idea that's not going to gain in popularity any time soon.

While the loss of revenue will have an impact, the picture painted here is skewed. For many years, communities have treated police departments as revenue generators, rather than crime fighters. This has skewed incentives so badly that some small towns have become nothing more than profitable speed traps. That's one end of the issue: the pressure (or the willingness) to overpolice minor traffic violations to keep city governments (and the police departments themselves) funded.

But that's only part of it. The situation looks rather dire, especially if one doesn't examine what's not being said in these paragraphs. As Scott Shackford at Reason points out, the Brookings Institution report does some mighty fine cherry-picking for its list of potentially-affected government services. Without a doubt, a downturn in revenue will affect good government programs like public schools and domestic violence programs. But it will also cut back funding for far more dubious government spending.

What an interesting list of government-financed uses they've chosen. Notice they left off "Poorly made third-party database software that will stop working properly in less than three years and that was purchased from somebody belonging to the same frat as the assistant city manager," "police abuse settlements," and "blatant pension spiking."

These "losses" will also be somewhat offset by less tax revenue being spent on traffic enforcement, accident response units and other related law enforcement activities. This will also mean fewer law enforcement officers will need to be employed, which should further reduce government expeditures.

The problem is that most governments aren't capable of heading off this sort of "threat" to their livelihoods, even with years of advance notice. Trimming back unneeded public sector employees won't happen until years after it's obvious they're no longer needed and will often come accompanied with expensive severance packages. New tax revenue streams won't be explored until they can be put off no longer, and often will just be added on top of existing taxes, rather than replacing those that have slowed to a trickle.

Worse, those most affected by this sort of shift will be the same people most affected by most government tax increases: the poor. The lowest income brackets will be the last to adopt driverless vehicles, leaving them the most exposed to fines for traffic violations (fines that will likely increase as revenue dwindles), as well as new costs like per-mile taxation. They're also most likely to see support programs they rely on suffer cuts as traffic enforcement money dries up.

The report somewhat addresses this outcome with a discussion of income inequality and the "disappearance of the middle class." While some of it is accurate and some of it is mostly buzzwords in search of a point, there's no doubt that traffic enforcement revenue will mostly be collected from those who can least afford it. After all, governments have done this for years -- something that helped fuel the outrage and backlash in Ferguson after the shooting of Michael Brown.

Is Brookings actually trying to blame the gap between billionaires and the poor for the racial tension in Ferguson? Which venture capitalist was it who told the Ferguson police to step up fine collection to rake in more money for the city's coffers? Which hedge fund manager invented the bureaucratic court system in Ferguson and other St. Louis County cities designed to wring every last cent from any indigent minority who couldn't afford an attorney? Which Wall Street "fat cat" is adding additional fees to every little fine so that getting pulled over for something as simple as not signaling a turn could end up costing hundreds of dollars for somebody who could end up losing his license and his ability to even work?

While driverless cars hold a great deal of disruption potential, when it's all said and done, governments will remain largely undisrupted. Whatever changes are made in response will arrive well after they're needed and be badly implemented. The same people who suffered in the previous system will find no improvement in the next one. While one would hope the drastic reduction in traffic enforcement would result in better, smarter policing more focused on serious criminal activity, old habits die hard. Cops will just go where the driverless car ain't, rather than trim that area of law enforcement to the minimum required. And cities will cut programs deemed expendable, rather than subject their own spending habits to greater scrutiny.

Permalink | Comments | Email This Story

As we've noted for years, the security on most "smart" or "connected" cars is aggressively atrocious. And in fact it's getting worse. As car infotainment systems get more elaborate, and wireless carriers increasingly push users to add their cellular-connected car to shared data plans, the security of these platforms has sometimes been an afterthought. Hackers this week once again made that perfectly clear after they demonstrated to a Wired reporter that they were able to manipulate and disable a new Jeep Cherokee running Fiat Chrysler's UConnect platform. While the reporter was driving it:

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission. Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

Uconnect utilizes Sprint's cellular network, and hacker/researchers Charlie Miller and Chris Valasek were able to pwn manipulate nearly everything about the vehicle with a laptop in a house ten miles away. All thanks to one, unspecified vulnerability:

From that entry point, Miller and Valasek’s attack pivots to an adjacent chip in the car’s head unit—the hardware for its entertainment system—silently rewriting the chip’s firmware to plant their code. That rewritten firmware is capable of sending commands through the car’s internal computer network, known as a CAN bus, to its physical components like the engine and wheels.

The two used to have to physically modify cars to get access to these systems, but as vehicles have gone cellular, it has opened the door to a world of new exploits. And if you've ever experienced the incomprehensibly-clunky in-car GUI of most in-car infotainment platforms, rest assured that the quality of the system's security is usually in the same ballpark. Miller and Valasek will publish a portion of their exploit online during a presentation at the Black Hat security conference in Las Vegas next month.

The exploit appears to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. Chrysler/Fiat posted a notice to its website last week informing users that they need to update their in-car software either via USB stick (you can download the update here) or by taking it in to a dealer. Of course like many patches, most users won't be paying much attention to the warning. And we're only talking about Chrysler's UConnect; there's a bounty of half-assed security measures implemented in infotainment systems from automakers worldwide just waiting to be tinkered with by pranksters (or worse).

Of course cars aren't the only tech sector where security has failed to keep pace with ambition. "Smart" TVs have been shown to have similarly awful security, often sharing unencrypted user info (even conversations) with any hacker with a modicum of talent. In the rush to embrace the gee whizzery of the "Internet of things," there are more than a few companies that apparently forgot to bring security and intelligence along for the ride.

Permalink | Comments | Email This Story

Ah, the good ol’ porn industry. They always seem to bring nothing but good things, and here’s another: you can get a free Google Cardboard unit by requesting one from this safe-for-work-site, courtesy of the folks responsible for this other not-so-safe-for-work site.

The video they use to show you how to use it and what to use it for shows the “safe” side of things, though their hope is that you’ll be viewing their “niche” collection of content with it. Our hope is that you won’t be viewing said content anywhere other than home. Want one? Signup takes just a minute, and you should see it appear on your doorstep in due time.