Brindle

Researchers have uncovered a sophisticated cyber spying operation that has been alive since at least 2007 and uses techniques and code that surpass any nation-state spyware previously spotted in the wild.

Late last night, the new publication from Laura Poitras, Glenn Greenwald and Jeremy Scahill launched. It's called The Intercept, and I imagine that it's going to be a must-follow for a variety of reasons. Its first major article digs deep into the NSA's role in killing people with drones (often innocent people) based on questionable metadata. Remember how NSA defenders kept insisting that "it's just metadata" as if that was no big deal? Well, what about when that metadata is being used to kill people?

Just last week, we wrote about Rep. Mike Rogers complaining about new "red tape" that was making it more difficult to indiscriminately kill people with drones. That "red tape" is actually just a new set of guidelines designed to try to prevent more killing of innocent people with drones. This new report highlights how the US government's infatuation with drones, combined with the NSA's obsessive collection of metadata, means that drones are frequently used to kill people based on very little evidence that the people being killed are actually terrorist threats.

One noteworthy point about this article: it relies on two new sources, one named, one kept secret, backed up by Snowden documents. That is, it appears that at least one other source (in this case, a recent member of JSOC’s High Value Targeting task force -- the group that's in charge of figuring out who to capture and kill) has come forward to Greenwald and others, calling foul on what the US government is doing. This person was privy to how targets are selected, and it's pretty scary how little info they're going on. The fact that the NSA was heavily involved in picking targets was revealed a while back, but this person explains how much those choosing targets rely on bad metadata from the NSA to kill people -- often revealed later to be totally innocent.

In one tactic, the NSA “geolocates” the SIM card or handset of a suspected terrorist’s mobile phone, enabling the CIA and U.S. military to conduct night raids and drone strikes to kill or capture the individual in possession of the device.

The former JSOC drone operator is adamant that the technology has been responsible for taking out terrorists and networks of people facilitating improvised explosive device attacks against U.S. forces in Afghanistan. But he also states that innocent people have “absolutely” been killed as a result of the NSA’s increasing reliance on the surveillance tactic.

One problem, he explains, is that targets are increasingly aware of the NSA’s reliance on geolocating, and have moved to thwart the tactic. Some have as many as 16 different SIM cards associated with their identity within the High Value Target system. Others, unaware that their mobile phone is being targeted, lend their phone, with the SIM card in it, to friends, children, spouses and family members.

Some top Taliban leaders, knowing of the NSA’s targeting method, have purposely and randomly distributed SIM cards among their units in order to elude their trackers. “They would do things like go to meetings, take all their SIM cards out, put them in a bag, mix them up, and everybody gets a different SIM card when they leave,” the former drone operator says. “That’s how they confuse us.”

The guy also points out that the metadata is often somewhat questionable in itself:

What’s more, he adds, the NSA often locates drone targets by analyzing the activity of a SIM card, rather than the actual content of the calls. Based on his experience, he has come to believe that the drone program amounts to little more than death by unreliable metadata.

“People get hung up that there’s a targeted list of people,” he says. “It’s really like we’re targeting a cell phone. We’re not going after people – we’re going after their phones, in the hopes that the person on the other end of that missile is the bad guy.”

You would think that someone like Rep. Rogers would be happy that we were trying to improve our targeting and to stop killing innocent people, but apparently making sure the people we target are actually guilty is just too much "red tape." But it hasn't stopped these killings. The source in the article notes that the "overwhelming majority" of the strikes they're doing these days are based almost entirely on the NSA's signals intelligence.

The report also reveals that the NSA has a program in which the drone itself has what's basically its own phone cell attached to the drone, in order to better target a particular phone (note: not person, but phone) when dropping a bomb. The report also reveals another program, this one from the CIA, called SHENANIGANS (really), that maps out WiFi networks from the sky and tries to suck up any data it can. When this program was used in Yemen, the mission was called (again, no joke) VICTORYDANCE.

There's a lot more in the article, which is well worth reading. It's good to see more sources who are uncomfortable with what the NSA, CIA and others are doing getting in touch with Greenwald and others. It's also worth noting that this guy claims he tried to raise these issues through the "proper channels" and was rebuffed.

Permalink | Comments | Email This Story

King CEO Riccardo Zacconi

Before there was Flappy Bird, your friends and family were jonsing for another fix of Candy Crush Saga. Staying true to their name, there’s been a bit of a saga unfolding around Candy Crush developer King, and their alleged wrongdoings now being brought to light.

Which came first, the Candy or the Swipe?

King has been on a bit of trademarking spree as of late, in a move the developer claims is an effort at protecting their IP. Makes sense, Candy Crush Saga is a great game and there’s no shortage of copy-cat games following any title’s new found success. But did you know there was a game strikingly similar to Candy Crush that was actually released 4 months prior (and 2 years before it hit app stores)? The game is called CandySwipe.

Created by Albert Ransom of Runsome Apps, CandySwipe launched in the Android Market back in November of 2010. Like any smart businessman, Ransom had the foresight to trademark the its name. Fast forward a few months when Ransom noticed King attempting to trademark “Candy Crush Saga,” in which he promptly filed an opposition. Was he upset that Candy Crush featured similar match-3 gameplay? Not exactly. What about Candy Crush’s icons, which happened to mirror closely the confections found in CandySwipe? Sorta. But Ransom says with good reason…

Ransom claims, shortly after Candy Crush Saga began climbing the charts, CandySwipe began receiving multiple 1-star reviews from users claiming his title — which launched first — was a mere Candy Crush rip-off. Jumping onto Twitter, Ransom noticed tweets, once again, from ignorant users claiming CandySwipe was a Candy Crush copy-cat, not the other way around. That’s enough to get under anyone’s skin. But it was more than that for Ransom. As a small time developer, he claimed his entire livelihood was at stake. Here’s an example of the confusion caused after Candy Crush blew up.

Ha! But…what about the Kindle knockoff Candy Swipe? #askingforafriend // RT @sarahmae: “Friends don’t let friends play Candy Crush.”

— Mary Carver (@MaryCarver) November 13, 2013

It wasn’t until King would later file for a trademark on the word “Candy” that the Candy Crush owner began receiving some backlash. In an open letter, King’s CEO Riccardo Zacconi attempted to set the record straight, mentioning that this was done in Candy Crush’s defense, and that they had no intentions of going after every game using the word “Candy” — only those that looked encroached on their IP. He also maintained that King doesn’t clone games, and they wouldn’t want anyone cloning theirs. Fair enough.

But just like he did with “Candy Crush Saga,” CandySwipe’s developer said he had full plans to oppose King’s latest attempt to trademark “Candy” as well, and it was in his right to do so. This public call to arms sent King looking for additional ammo, and it seems they found it.

King makes a power move

After battling the original “Candy Crush Saga” trademark for over a year, CandySwipe’s developer Albert Ransom is now finally ready to admit defeat. This is after King strategically managed to buy a trademark predating that of “CandySwipe” from another company. The trademark in question? Candy Crusher. Ouch.

To be fair, Candy Crusher is a much different game from CandySwipe/Candy Crush Saga and it’s still unclear if King is now using this newly acquired trademark to oppose the CandySwipe’s, or if they simply intended on using it as leverage for when Ransom inevitably opposes their “Candy” trademark filing. One thing is clear, CandySwipe’s developer is not happy about King’s latest move, expressing his disapproval in a heartfelt open letter on his site. A real life Candy Crush saga? Who would have thought?

Mobile gamers have already begun choosing sides and, in an effort to help boost CandySwipe’s recognition, are downloading the game and leaving raving 5-star reviews for CandySwipe on the Google Play Store. If you feel like helping the underdog, download link provided below.

Download on Google Play: CandySwipe 2.0

[via Gamezebo]

Shortly after the first Snowden leak back in June of last year, Sen. Rand Paul threatened to file a class action lawsuit against the government for its surveillance of American citizens. This move, while interesting, seemed to be less useful than actually trying to reform the NSA using the legislative process. Nonetheless, Paul was apparently serious and has officially filed his lawsuit in the DC federal court, naming President Obama, NSA head Keith Alexander, ODNI Director James Clapper and FBI Director James Comey as defendants.

“There’s a huge and growing swell of protest in this country of people who are outraged that their records are being taken without suspicion, without a judge’s warrant and without individualization,” Paul said at a news conference outside the U.S. District Court for the District of Columbia…

“I’m not against the NSA, I’m not against spying, I’m not against looking at phone records,” Paul said. “I just want you to go to a judge, have an individual’s name and [get] a warrant. That’s what the Fourth Amendment says.”

It seems like a simple enough requirement. Targeted warrants have long been used for investigations, and there's no reason to believe they simply don't work anymore. The nation's investigative and security agencies have just become accustomed to circumventing this aspect of the Fourth Amendment.

Rand Paul and an untold number of others will be represented by Ken Cuccinelli, former Virginia attorney general, who explains why Paul's lawsuit is different than the dozens of others that have been filed in the wake of Snowden's leaks.

“This case is, first of all, the only case that is strictly challenging the Fourth Amendment elements of the telephone metadata gathering,” Cuccinelli said. “Second of all, this will be certified later in the case as a class action, on behalf of all Americans. The other cases thus far are on behalf of individual plaintiffs … that does not provide relief for every American using telephones. This case will.”

This filing has prompted angry comments (of course) from terrorist appeaser (and current Congressman) Peter King ([sigh] of course.)

Rep. Peter King (R-N.Y.) expressed anger Wednesday that Sen. Rand Paul (R-Ky.) is slated to file a lawsuit against President Obama and other officials over National Security Agency surveillance…

“I think that has really hurt the country,” King said of the leaks on MSNBC. “That is why I am so angry that Rand Paul is bringing this lawsuit today.”

King went on to question whether his party should have Snowden sympathizers in its ranks.

“And let's just say as Republicans ... do we really want people in our party somehow saying they don’t know whether he is a patriot or not? ... Who actually put him in the same classification as the director of national intelligence?”

These questions presumably received no answer other than a saddened headshake from King himself. It looks as though there's only one way to be a Republican these days, and that's to be in total servitude to the surveillance state. Even questioning King's assertion that Snowden is a traitor is bad for America the Republican party King's normally boyishly exuberant outlook on life the current legislative majority, as envisioned by pro bono NSA flack, Peter King.



Permalink | Comments | Email This Story

A terrorist suicide bomb trainer operating out of Iraq accidentally triggered his live explosive vest, killing himself and 21 other would-be bombers. 'So, you find a large crowd kind of like we have assembled here, then you just push this bu--' KABOOM! Presumably everybody in the class got A's for already knowing how to explode so well.

Just last week a suicide bomber struck a popular falafel shop near the Ministry of Foreign Affairs here, killing several people. On Monday evening Raad Hashim, working the counter at a liquor store near the site of the attack, burst out laughing when he heard the news. "This is so funny," Mr. Hashim said. "It shows how stupid they are, those dogs and sons of dogs." More seriously, he said, "it also gives me pain, as I remember all the innocent people that were killed here." "What happened today was not death, but it was life to us," Mr. Hashim said. "Those 22 who were killed today might have killed hundreds of Iraqis, hundreds of innocent souls. May they burn in hell."

"May they burn in hell." Powerful words. Maybe even as powerful as Expecto Patronum. Did I tell you I finally figured out what my Patronus is? A COBRA. Check this out -- EXPECTO PATRONUM! See? "That's definitely a penis." I was afraid of that. Thanks to Andreas, who only wishes more suicide bombers had taken this guy's class.

I'm going to dispense with the normal introductions for this post, because there's so much meat here and we should all get to eating. To keep it short, RockPaperShotgun's John Walker recently wrote an editorial about how GOG.com saves older games for consumers, with a sidebar about how video games should probably eventually enter the public domain after a reasonable period of time, say 20 years. 20 years, for those of you not into gaming, encompasses several eras when it comes to the gaming industry. Predictably, in my opinion, this set off a contingent within the gaming industry that railed against Walker's desire to starve game-producers and murder small puppies, eventually leading to a request that he be fired. That'd be amusing, since it would essentially mean Walker firing himself, but I suppose that's a remote possibility.

Given the maelstrom, Walker has since written a delightful follow up in which he takes the arguments presented against his reasonable approach to task. We'll deal with them in order, with some of the highlights. First up is the annoyingly ubiquitous charge that any reduction in the ownership of creators will result in less incentives to create.

I think this argument is so astronomically false that my hat flies clean off my head when I read it. It’s so ghastly, so gruesomely inaccurate, such a wretched perspective of humans – these wonderful creatures so extraordinarily bursting with creative potential – and it makes me want to weep. The idea that creativity is only feasible if there’s a financial reward is abundantly demonstrably false...And not only does an argument for a more imminent end to copyright periods than the current monstrosities like “life plus 70 years” not inhibit someone from making a living from their creative works, but it also doesn’t even mean they couldn’t continue making a living from the creative works they produced after the copyrights have expired – that’s the magic of Public Domain! They just then share the ability to profit from those works with others.

This hits upon two points we discuss regularly. The first is that financial incentives are of course not the only reason creative folks create. This should be an obvious logical conclusion from the start. After all, would we say that people become creative once they are aware of the financial reasons to do so? Obviously not. Creative people create. The financial incentives are there not to spur creativity, but to create a structure that encourages the disclosure of the creation for public consumption. That point gets lost far too often. Secondly, this myopic view that the public domain ends the ability to profit off of the creation is so demonstrably false it isn't even worth addressing.

Next, Walker takes on the idea that ideas should be owned through copyright as a matter of creative privelage. After digging into some of the history of copyright law, he lets loose with this cogent salvo.

But now copyright seeks to protect individuals, not ideas. In fact, its purpose is to restrict the free flowing of ideas, to prevent cultural exchange, for the profit of the few. Copyright itself is the threat to future creativity, attempting to artificially restrict that most human of actions: sharing ideas. It has returned to its origins, and exists as a form of censorship. Not a censorship many are willing to recognise as such, so successful and endemic is the international brainwashing by the copyright industries, but the censorship of ideas all the same. So why shouldn’t someone get to own ideas like they own a table? Because ideas don’t exist in an ownable form, are born of the shared cultural mass of humanity, and you can’t rest a coffee mug on an idea.

And nor, I would add, should society want idea ownership to perpetuate. Physical objects are one thing, but the moment we began allowing culture and ideas to be locked up, we entered very dangerous territory. Because, I would argue, the next step in this progression is going to be language. Don't laugh, it's not as silly as it sounds. If you think about it, we already do this to some degree tangentially. After all, software is essentially written in a programming language, and the result of that language is locked up. Trademark and copyright already lock down language in a very limited degree, but even that limited degree can be problematic, as the wonderful world of IP lawsuits has shown us. Ideas, culture, and language shouldn't be restricted in any society that wants to continue to progress. That's our entire point.

Next we have the notion that creators should be able to lock down their creations for at least as long as they're alive:

Putting aside that an embracing of the public domain does not prevent someone from profiting from their idea, my response to this question is: why should they? What I’ve found interesting about asking this question of people is that I’ve yet to receive an answer. I’m either told it’s on me to explain why they shouldn’t, as if I hadn’t just spent thousands of words doing that, or I’m told that they just should. I’ve noticed a complete unwillingness for people to stop and engage with the question. Why should someone get to profit from something they did fifty years ago?

It's the same argument I've always made, which is that those attempting to take action have the onus to prove the need for that action. Human beings share inherently. Locking sharing down via copyright may arguably have some merit for some period of time, but it's on those advocating for it to prove that, not us. And that's a tall mountain to climb. Demonstrate that the culture in question deserves payment for the amount of time of a creator's life, demonstrate its value, demonstrate what society gets as a result, and demonstrate that any harm is outweighed by the benefit. That's on the copyright folks, not on us to prove the opposite. They're imposing upon us, not the other way around, no matter what copyright advocates would have you believe.

Finally, there's the argument that people who think the public domain has value don't want those working on video games to be paid.

Games, unlike some other creative pursuits, are often made by huge teams of people. While there may be a project lead, this isn’t like a book’s author. This is a company. People getting paid to do their job, to make a game. The rights to the game, the ownership, lies with the publisher that funds it, not the creatives who create it. When a 20, 30 year old game is still being charged for, not a single person who was involved in its creation is getting a dime. When it is more like book with an author, an indie developer and their self-published project, then yes, there is a greater chance they’ll see the money. But then we return to the my larger, more significant argument: that after those decades of getting paid for it, it’s time to return it to culture.

This, too, is in Techdirt's wheelhouse. When we combat this argument with the way many in the industry, and other creative industries, actually go out of their way to not pay those involved with the creative work, there never seems to be much of an argument against us. Whether its labels ducking royalties, horrific contracts, or movie studios using hollywood accounting practices to keep as much money as possible out of the creative folks' hands, the end recipient of much of this long-term copyright money is a company headed by people who weren't creating in the first place. Yet it's we who are making war on creativity?

Go give the entire thing a read, but this is spot on in nearly every respect. Kudos to Walker for not shying away from the argument. Or firing himself, either.

Permalink | Comments | Email This Story

Illustrator Joe Butcher (aka October Jones) has started spending his daily commute drawing cartoon heads on Post-Its and holding them up to his fellow riders. Me? I put in my earbuds and pretend to be dead. He does a great job, I'm just not sure how I'd feel if I were the one getting the cartoon head. What if you caught somebody holding up a Post-It and taking a picture of you? I don't think I'd like that. I don't want any pictures of me out there, even if they don't include my face. What if there's some internet pervert (WHICH I'M SURE THERE IS) that gets off to pictures of regular people with cartoon heads? I'm not a piece of meat, you know. But I am a piece of-- "Shit." Wow, is somebody having a bad Monday or what? Keep going for a bunch more including Hellboy, Hulk, Batman, Where's Waldo and Wile E. Coyote and the Roadrunner. Thanks to Jerm, who's going to start doing the same thing except with cartoon penises. Jk jk, that's me.

Flappy Bird is dead, in case you haven’t heard. No, no, not the bird itself. At least, we hope that little guy is OK — all this commotion lately can’t be too good for his little heart. We’re talking about the hit game from Vietnamese developer Nguyen Ha Dong that had people going crazy for the past few weeks. Its popularity prompted hundreds of millions of downloads across all available platforms and had Dong raking in over $50,000 a day in ad revenue.

So now that the game is gone (whether it was due to legal pressure or a genuine desire for peace and quiet), how can you get it? Well, some desperate folks seem to be willing to pay thousands. And tens of thousands. And maybe even hundreds of thousands.

Head to eBay right now and do a search for “Flappy Bird,” and you’ll be treated to tons of listings for devices — mainly iPhones — with the game pre-installed. Some are going for as little as $600, though one auction is sitting at a ridiculous $99,900 bid as of the time of this writing. The auction started at $650, but a few aggressive bidders have been battling it out since early Sunday morning. The craziest part is that — 74 bids and $99,900 later — there are still more than 6 days to go before the auction closes.

While we immediately wondered if the high-valued bids were submitted by one-off shill accounts, the latest bid was made by an eBay user with a reputation score of over 700. It was the bidder’s only activity in the past 30 days, though, so we’re still not quite sure what to make of it just yet. For what it’s worth, the next active bidder has a score of 48, and has participated in more than a few different auctions in the past 30 days.

And it’s not just a one auction anomaly, either. The next closest auction with active bids is currently sitting at $99,200 after 65 bids. These two auctions have prompted many other sellers to list Flappy Bird-equipped devices with buy-it-now prices ranging from $25,000 to $75,000. One ridiculous listing even has a Samsung Galaxy S4 with the game going for a buy-it-now price of $1,000,000.

It’s worth noting that none of these auctions or buy-it-now listings have been completed or sold, so it’s tough to know if demand for devices with the game pre-installed is really this insane.

We imagine if people really are crazy enough to buy these phones at these prices, then those who were outbid on the $90,000 auctions would jump at some of the newly-listed buy-it-now offerings as soon as humanly possible. That there haven’t been any sales thus far has us pretty skeptical, but eBay has our attention regardless.

So what do we take from all that? There could be some real serious demand for this insanely popular game that is now no longer available, and some insanely rich folks with more money than sense could be looking to get their hands on it any way they possibly can. That, or some people must really love trolling auctions with fake bids more than anything in the world.

All of this is even sillier when considering you could likely buy a cheap Android device (Moto G for $100, anyone?) and find a ripped APK to sideload just as easily as you could buy one of these overpriced listings. Now, excuse me while I go put my DROID MAXX and iPad up for sale.

Europe has been threatening antitrust charges against Google for quite some time now, and it appears that European regulators have now reached a bizarre settlement with Google in which the company promises "to give rivals more prominence in its promoted results," using a process in which those companies can bid on these slots. Here's how the NY Times describes it:

That includes displaying results from three competitors every time Google shows its own results for searches related to products, restaurants and hotels.

Rivals will have to pay Google each time their results are shown next to the search giant’s own results through a bidding process overseen by an independent monitor, according to European officials.

I'm at a loss as to how this makes any sense for anyone. First, why are European regulators involved in determining what Google should or should not show anyone? If Google users don't like the results they get, they don't have to stick with Google. Second, this actually gives Google's competitors less incentive to build a better product, because they get an easy in to be included in Google. How does that benefit anyone?

Yes, any time a company gets big, there are risks of them abusing their position -- and that's clearly what European regulators are concerned with. But what is the evidence of actual abuse here, and how does this solution prevent that abuse? That doesn't appear to be explained anywhere. This whole process, from the beginning, has appeared to be mostly a Microsoft-driven attempt to dump an annoying regulatory process on Google, just because it, too, has had to waste time with European regulators. Rather than compete by building better products, the focus has been on using the political process to try to slow down a competitor.

Permalink | Comments | Email This Story

We've been among those who have pointed out how laughable the Obama administration's claims to be "the most transparent administration in history" are, when, from nearly every angle, it appears that the Obama administration is ridiculously secretive -- beyond any previous administration. So, it's interesting to see that it's not just us who thinks that. The NYT's executive editor, Jill Abramson, who worked in Washington DC for decades, has noted that the Obama administration is, by far, the most secretive she's ever dealt with.

"I would say it is the most secretive White House that I have ever been involved in covering, and that includes — I spent 22 years of my career in Washington and covered presidents from President Reagan on up through now, and I was Washington bureau chief of the Times during George W. Bush's first term," Abramson told Al Jazeera America in an interview that will air on Sunday.

"I dealt directly with the Bush White House when they had concerns that stories we were about to run put the national security under threat. But, you know, they were not pursuing criminal leak investigations," she continued. "The Obama administration has had seven criminal leak investigations. That is more than twice the number of any previous administration in our history. It's on a scale never seen before. This is the most secretive White House that, at least as a journalist, I have ever dealt with."

I guess that's what happens when you declare that whistleblowers are "aiding the enemy" even as you pretend to support them. Your administration clams up.

Whenever this issue comes up, I keep going back to the speculation from Daniel Ellsberg a few years ago, in which he noted that while President Bush (the younger) abused his power and bulked up the surveillance state in secretive ways, when push came to shove, he believed that Bush was proud of doing that. President Obama, on the other hand, seems to be embarrassed about the way he's abused the power of the Presidency, and goes to tremendous lengths to try to hide those abuses and excesses. It's pure speculation on the part of Ellsberg, but it certainly rings true on multiple levels.

Permalink | Comments | Email This Story

I've already written one piece about Cory Doctorow's incredible column at the Guardian concerning digital rights management and anti-circumvention, in which I focused on how the combination of DRM and anti-circumvention laws allows companies to make up their own copyright laws in a way that removes the rights of the public. Those rights are fairly important, and the reason we have them encoded within our copyright laws is to make sure that copyright isn't abused to stifle speech. But, anti-circumvention laws combined with DRM allow the industry to route around that entirely.

But there's a second important point in Doctorow's piece that is equally worth highlighting, and it's that the combination of DRM and anti-circumvention laws make all of our computers less safe. For this to make sense, you need to understand that DRM is really a form of security software.

The entertainment industry calls DRM "security" software, because it makes them secure from their customers. Security is not a matter of abstract absolutes, it requires a context. You can't be "secure," generally -- you can only be secure from some risk. For example, having food makes you secure from hunger, but puts you at risk from obesity-related illness.

DRM is designed on the presumption that users don't want it, and if they could turn it off, they would. You only need DRM to stop users from doing things they're trying to do and want to do. If the thing the DRM restricts is something no one wants to do anyway, you don't need the DRM. You don't need a lock on a door that no one ever wants to open.

DRM assumes that the computer's owner is its adversary.

But, to understand security, you have to recognize that it's an ever-evolving situation. Doctorow quotes Bruce Schneier in pointing out that security is a process, not a product. Another way of thinking about it is that you're only secure until you're not -- and that point is going to come eventually. As Doctorow notes, every security system relies on people probing it and finding and reporting new vulnerabilities. That allows the process of security to keep moving forward. As vulnerabilities are found and understood, new defenses can be built and the security gets better. But anti-circumvention laws make that almost impossible with DRM, meaning that the process of making security better stops -- while the process of breaking it doesn't.

Here is where DRM and your security work at cross-purposes. The DMCA's injunction against publishing weaknesses in DRM means that its vulnerabilities remain unpatched for longer than in comparable systems that are not covered by the DMCA. That means that any system with DRM will on average be more dangerous for its users than one without DRM.

And that leads to very real vulnerabilities. The most famous, of course, is the case of the Sony rootkit. As Doctorow notes, multiple security companies were aware of the nefarious nature of that rootkit, which not only hid itself on your computer and was difficult to delete, but also opened up a massive vulnerability for malware to piggyback on -- something malware writers took advantage of. And yet, the security companies did nothing, because explaining how to remove the rootkit would violate the DMCA.

Given the post-Snowden world we live in today, people are suddenly taking computer security and privacy more seriously than they have in the past -- and that, as Doctorow notes, represents another opportunity to start rethinking the ridiculousness of anti-circumvention laws combined with DRM. Unfortunately, politicians who are way behind on this stuff still don't get it. Recent trade agreements like the TPP and ACTA continue to push anti-circumvention clauses, and require them around the globe, thereby weakening computer security.

This isn't just an issue for the "usual copyright people." This is about actually making sure the computers we use are as secure and safe as they can be. Yet, in a world with anti-circumvention provisions, that's just not possible. It's time to fix that.

Permalink | Comments | Email This Story

Paul McGuinness, U2's manager, ("World's Richest Band Seeks Handout") has been a longtime critic of Google, whose search engine he views as being nothing more than a portal for pirates. That's when he's not blaming pretty much everyone else (ISPs, any tech company connected to the internet in general) for not making U2 incrementally richer. But Google is never far from his mind, not even when accepting an Industry Icon award from Billboard Magazine for his 35 years as the band's manager.

McGuinness (again) thinks he has a quick fix for the piracy problem, and it all revolves around Google.

What needs to be done is simple, take the sites down and keep them down. If the pirates can manage to replace their sites instantly with legions of bots, Google, with their brilliant algorithm engineers can counter it. We need the technology giants like Google to do the things that labels, the publishers, the artists, the writers repeatedly ask them to do. They need to show corporate and social responsibility. Take down the illegal sites, keep them down and clear the way for the legal digital distributors like iTunes, Spotify, Deezer, the new Jimmy Iovine Beats service, which promises to be a very serious competitor.

Yes. It's all so "simple." Just "take sites down" and "keep them down." Like many people who frequently confuse "Google" for "the Internet" (see also: many people in the UK government), McGuinness overstates the simplicity of his request while granting powers to Google that it simply doesn't possess.

Let's tackle the "simplicity" aspect first. If McGuinness is only referring to delisting sites (and that's somewhat unclear), it's not nearly as easy as he (or the RIAA, MPAA, UK government) thinks. There are several ways this could go wrong (see also: site blocking/web filters), not the least of which is that it puts internet access in the control of agencies and entities that can't even seem to issue DMCA notices without taking down legitimate content sources. So, if labels and studios (and those represented by them) can't even send out failure-free DMCA notices, they're hardly in the position to tell a company that indexes millions of sites how "simple" it would be to "block" or "take down" pirate sites.

Then there's what's actually in Google's power to do. McGuinness does mention "algorithms" but shortly thereafter he's deploying wording that sounds suspiciously like a call for Google to take down sites, as in do a private ICE job and lock up the domain, thus keeping it out of searches and "clearing the way" for legitimate offerings. That's something Google simply can't do, and even if it could, certainly shouldn't do. Google's main product is a search engine. It crawls and indexes sites. It is not in the "internet police" business. That's not what it's product is intended to do and that's not what a majority of those using the search engine want Google to be doing.

But the RIAA, MPAA and others insist this is Google's job -- to sniff out infringing content and remove it from the web (or at least, its search results). Google processes millions of DMCA notices per year, but this is always viewed as a sign of failure on the company's part. If it was "better" at the job McGuinness and others think it should be doing, it wouldn't be receiving so many notices.

Somehow, it always comes back to the claim that Google "owes" millions of content creators something for indexing the web.

I would like to see them open their hearts a little and be more generous to the ecosystem that started their success a few years ago. Google talks a lot about Internet freedom -- that's fine, we all support Internet freedom don't we* -- but let's not confuse freedom of speech with the freedom to steal pirated stuff.

*Note: Paul McGuinness does NOT support internet freedom.

I don't think anyone confuses freedom of speech with piracy, but just like the above situation, it's not nearly as simplistic as McGuinness and others believe it is. Shut down a whole site because it hosts or links to pirated content and you're also shutting down everything that surrounded it, a lot of which greatly resembles "free speech."

McGuinness likely won't be happy until every search engine is completely subverted by IP-heavy industries, but that's apparently acceptable collateral damage if it results in incremental sales increases.



Permalink | Comments | Email This Story

Just last month, we wrote about how some hackers have moved on from installing malware to send out spam or to keylog your bank account info, to pushing hidden Bitcoin mining software instead, using up spare processing power on unsuspecting users' computers, hoping to build big enough Bitcoin mining networks to actual score some Bitcoins. While this particular practice is both illegal and shady, we did note that it wasn't difficult to envision perfectly legal and useful variations on this, in which users consented to allowing their spare cycles to be used this way, just like various other distributed computing projects like the classic SETI@Home project.

Apparently, at a hackathon back in November, some MIT students hacked together a proof-of-concept version of this kind of thing called Tidbit. As the EFF explains:

Tidbit uses a client's computer to mine for Bitcoins as an alternative to website advertising: in exchange for removing ads from a website, a user would give some CPU cycles to mine for Bitcoins instead. Tidbit was clearly presented as a proof of concept, with the developers making clear the code was configured not to mine for Bitcoins. That's because in addition to refining the code, they needed to work out the legal details, like drafting a terms of service, and the ethical details, like making sure there was a way for users to opt-in to the service so their computers weren't being used to mine Bitcoins without their knowledge. Tidbit won the Node Knockout award for innovation and the students thought they were on their way to continuing with their project.

Again: it was a proof of concept that couldn't actually mine Bitcoin, and the developers were working on ways to make sure that it was only useful for legitimate purposes before releasing the software. But, it appears that New Jersey's grandstanding acting Attorney General John Hoffman (who has gone after some app makers who had installed secret Bitcoin miners with apps), along with Deputy Attorney General Glenn Graham, suddenly decided that this proof-of-concept software must be illegal as well, and sent over a ridiculously overbroad subpoena. EFF is now helping the developers fight that subpoena.

As EFF explained in a letter to Graham, the whole effort was ridiculous. Not only do the developers have nothing at all to do with New Jersey, but the code is just a proof of concept and isn't being used for any actual Bitcoin mining -- and the whole point was to use it with consent for legal purposes. New Jersey sent back a somewhat obnoxious letter, basically saying, "screw you, we're New Jersey, you must respond to the subpoena."

Tidbit, with the help of EFF, has now filed a motion to quash the subpoena. Yes, Bitcoin is an emerging field right now, and the regulations around it are a bit up in the air. But there's no way to look at this other than as a massive overreach by politicians in New Jersey who have suddenly decided that any Bitcoin mining app must be up to no good. Hopefully the courts recognize that this is just a massive overreach on several different levels.

Permalink | Comments | Email This Story

41-year old John R. Morales used to play McGruff the Crime Dog. That was many moons ago. Apparently since then he started a massive pot growing operation and was just sentenced to 16 years in the slammer for the results of a raid on his home in 2011. And that, my friends, is why you never want to get your home raided. Even if you have nothing to hide, the cops aren't going to wipe their feet before kicking your door down and tracking mud all over the carpet.

When police raided his house, they seized 1,000 marijuana plants and 9,000 rounds of ammunition for an assortment of 27 weapons -- including a grenade launcher After three years, Morales, 41, pleaded guilty and was sentenced to 16 years in jail Monday. Even though Morales said he was nonviolent, U.S. District Judge Vanessa Gilmore said, "Everything I read about you makes you seem like a scary person."

Who would have ever guessed?! The man in the crime fighting dog costume was actually some sort of drug growing kingpin! It was the perfect disguise. Turns out McGruff wasn't taking a bite out of crime after all, just high and eating junkfood. You ever smashed up a bunch of Oreos in a glass of milk then put it in the freezer for awhile? The trick is not getting so high you forget about it. Thanks again to ChaosLex, who, for two tips in a row, gets to take the D.A.R.E. bear home for the weekend.

The Atlantic is covering the fact that Syrian loyalists have been able to abuse Facebook's "abuse" policy to make various Syrian opposition Facebook pages disappear based on very questionable means. A number of activist pages have simply been wiped out, and even when the folks behind those pages appeal, the appeals get denied. Facebook has, effectively, wiped out much of the key information source for Syrian opposition activists. And this comes even as Facebook itself touted the fact that people in places like Syria were using Facebook to speak up and make themselves heard:

By giving people the power to share, we are starting to see people make their voices heard on a different scale from what has historically been possible. These voices will increase in number and volume. They cannot be ignored.

Well, until Facebook deletes those very pages based on questionable reasons. An example is given of a photo of a man sitting in a chair with a young child on his lap. The man turns out to be an activist who was later killed -- but for reasons known only to Facebook censors, the entire post was deleted by Facebook, claiming that it violates their policies. While the caption notes that the guy was killed by "thugs" it's hard to see how that violates Facebook's policies. This gets at a point that we've been concerned about for quite some time. When you rely on someone else's platform for your speech, you're entirely at the mercy of their terms of service. People use Facebook because it's easy to connect with others and build communities, and that has value, but you're risking having that speech disappeared.

This is why it's often important for people to have platforms that they themselves control -- though even then there are points of weakness and attack. You can host your own site, but people will go after upstream providers, including hosting companies and registrars. And service providers who have more open policies get hounded into creating "abuse" policies that appear to make sense at first... even though those abuse policies themselves are open to abuse.

For example, there were plenty of really good reasons why Twitter beefed up its abuse police last year, after a bunch of people had very legitimate complaints about how they were dealing with incredibly abusive behavior on Twitter. But, of course, it's that kind of "abuse policy" that itself is now being abused by those in Syria seeking to stifle dissent.

And that's where this gets so tricky. When we see people use these platforms in such abusive ways, it's quite natural to want to see policies in place that let those abusive actions be stopped and taken down. But with such a process in place, you're almost guaranteeing that it will be abused as well, and legitimate speech -- such as that of these Syrian activists -- gets removed and deleted (including important historical documentation and discussions that are now gone forever).

Permalink | Comments | Email This Story

[Update]: Google has reached out to remind us that it’s against their developer policies (section C.1.e) to approve Glassware that has any sort of facial recognition technology, and as such they will not be distributing the app through official channels. It could still be possible for the developer to distribute the app themselves and have users sideload it, but there is little chance such an app would get wide distribution.

We’ve seen our fair share of creepy apps, but this one probably takes the cake. It’s called NameTag, and in Robocop-like fashion, the app can scan a person’s face and compare it to a records database consisting of millions of people.

If NameTag successfully finds that person, it spits back tons of information about them, including their full name, their relationship status, what school they went to, their current occupation, their interests, and more. It’ll even tell you if that person has a criminal record.

It does all of this by searching various online social networking profiles for that person and pulling details from the profiles they may have filled out. It also pulls information from public records database, such as online court records in your city and state.

Upon gathering these details, they upload them to FacialNetwork.com‘s database without your permission. Don’t want your information made available? NameTag gives you the ability to opt-out, though we’d contend that something like this should be strictly opt-in.

Legal and moral issues aside, NameTag says that their goal isn’t to invade user privacy:

It’s about connecting people that want to be connected. We will even allow users to have one profile that is seen during business hours and another that is seen in social situations. NameTag can make the big, anonymous world we live in as friendly as a small town.

Except it should be up to that person whether or not they want to make their details known to strangers who happen to be wearing Google Glass and using this app. I know I’m not necessarily interested in talking to and meeting every single person I come across while I’m out and about. If they need to know more about me for whatever reason, they can come up to me, introduce themselves, and ask like normal human beings are supposed to.

NameTag’s angle is to enhance people’s social lives, but one might think up a few other cases where it might be useful. Perhaps you want to know if someone is registered as a sex offender before engaging them or allowing your children to be near them. That would be a noble use-case scenario, though some would contend that people should have a reasonable level of privacy no matter what they may have done in their life.

To be fair to NameTag, using public records and social networking profiles to craft reports about an individual are nothing new. Spokeo allows you to do this with as little as a name or email address, and gives you even more intimate information than NameTag claims to. That said, it’s not often that these types of services maintain their own database and use images to initiate a search for someone instead of their name or other details you might have access to.

We’re excited for the future of Google Glass, but apps like these will continue to come around and make us take a step back every now and then as we ponder how far is too far. Sure, our phones have cameras and would be capable of doing this with the right app (in fact, NameTag is planning on making iOS and Android apps of their own).

Still, it’s a lot more obvious when it’s being done with a smartphone, and there’s something about a camera that sits on your face that may or may not be taking your photo at any given time that makes something like NameTag a bit more uneasy to swallow. How do you feel?

Last month, Senator Bernie Sanders asked a simple question to the NSA: in collecting all those phone records, does that include the phone records of members of Congress (including both their personal and work phones)? The NSA's response was that "Members of Congress have the same privacy protections as all US persons" -- but since the data collection covers all US persons, it was a basic admission that, yes, of course the NSA is sweeping up their phone records as well.

That issue came up again during this week's House Judiciary Committee Hearings, in which some members of Congress finally got to ask the question live to Deputy Attorney General James Cole, who more or less admitted that Congress's information is collected as well:

Rep. Zoe Lofgren, a California Democrat, began by asking Peter Swire, a member of the president's handpicked surveillance review board, whether lawmakers' numbers are included in the agency's phone-records sweeps. Swire protested that he was not a government official and couldn't best answer the question, but said he was unaware of any mechanism that "scrubbed out" member phone numbers from the agency's data haul.

Lofgren's time expired and Rep. Darrell Issa, a California Republican, then put the question to Cole.

"Mr. Cole, do you collect 202, 225, and four digits afterwards?" Issa asked, referring to the prefixes used to call congressional offices.

"We probably do, Mr. Congressman," Cole responded. "But we're not allowed to look at any of those, however, unless we have reasonable, articulable suspicion that those numbers are related to a known terrorist threat."

And while Representatives like Pete King have argued in the past that the NSA should spy on Congress because they might be talking to terrorists, Issa pointed out that he sometimes has perfectly legitimate reasons for talking to those who might be in the NSA's target list:

Issa rejoindered that he had been in touch with the deputy prime minister of Lebanon after accusations emerged that the official had given money to Hezbollah, warning that a senior member of Congress was only two degrees of separation from terrorists.

Slowly, but surely, it appears that more and more people in Congress are recognizing that the NSA's activities are incredibly broad in their overreach.

Permalink | Comments | Email This Story

The law enforcement community and their love of no-knock warrants is starting to cost them. Multiple lawsuits have been filed over the past several years because of these tactics and just last month, a cop was shot dead by a homeowner defending himself against armed attackers who bashed in his door unannounced at 5:30 in the morning. The sick twist to that last incident is that the homeowner is now charged with capital murder, an offense that is punishable by death in Texas.

Now, another suit stemming from a no-knock warrant has gone badly for the law enforcement officer behind the raid. Michael Riley, an investigator for the Rensselaer County (NY) Drug and Gang Task Force is now facing the possibility of a jury trial, all without the safety net of qualified immunity. According to the 2nd Circuit Court's opinion, this is how the no-knock raid went down.

On July 3, 2008, at approximately 6:00 a.m., McColley was awoken in her home by the sound of the City of Troy Police Department Emergency Response Team ('ERT') knocking down her door and the explosion of a flash-bang grenade. Dressed in all black, wearing face masks, and carrying automatic weapons, the members of the ERT screamed for McColley to get on the floor, but as there was not enough space for her to lie on the floor, a member of the ERT instead shoved McColley face down onto her bed. As she had been roused from sleep, McColley was clad in only a T-shirt and underwear. She repeatedly requested to cover herself but was repeatedly denied.

This raid in search of crack cocaine was based on a "confidential informant's" statement that he had visited that particular address "twenty or thirty times" during the previous six months to make drug deals. The task force placed the house under surveillance to verify the informant's claims but noted no drug-related activity. Riley then ran a background check on the house's listed occupant, Ronita McColley, which came up clean. The report indicated she had no criminal background and, additionally noted that a child resided in the house with her.

Riley then acquired a no-knock warrant based solely on the informant's unverified claims, omitting everything the task force had observed (that being "nothing") ass well as the results of the background check. Judge Pooler dissembles exactly how Riley lied by omission to obtain this warrant.

For each of the search locations with the exception of McColley’s home, Riley identified the resident individual and described his or her ties to drug dealing and criminality. Riley never mentioned McColley’s identity, lack of criminal history, or even the fact that there was a resident who lived at 396 First Street—as opposed to the apartment being a location exclusively used by Stink in his drug dealing enterprise. In the warrant application, Riley also made no mention of the fact that surveillance had been conducted and yielded no evidence or even suspicion of narcotics or other criminal activity…

While it is indeed the case that where a warrant “does not report a prior conviction for a particular crime, the magistrate assumes for purposes of determining whether the government has carried its burden that no such conviction exists,” Walczyk, 496 F.3d at 161, the pertinent omission here was not merely McColley’s lack of criminal history. Rather, McColley herself was omitted entirely from the application. The issuing judge did not have the benefit of assuming that “no such conviction exist[ed]” because he was not informed that anyone other than Stink, who was the identified target of the drug investigation, resided in or maintained the first floor apartment at 396 First Street.

Riley, on the other hand, fully knew that McColley, an individual with no criminal history and no purported ties to the targets of the drug investigation, lived there with her child. Especially in the face of Riley’s inclusion of the identity of the residents for each of the other apartments and their present connection to the drug trade, the omission of McColley’s existence is all the more glaring. As drafted by Riley, with no mention of McColley, the warrant application makes it appear to the issuing magistrate that Stink was the only individual with custody and control of 396 First Street. If the residents of 396 First Street were properly identified, a reasonable issuing judge would have questioned the assertion that Stink had “custody and control” over the apartment.

Not only did Riley omit McColley's very existence, but he covered up other areas where evidence lacked. Pooler attacks Riley's double-standard on submitting supporting facts in his warrant applications.

While the police may not have been required to corroborate the CI’s assertions, once they undertook this surveillance and observed no such criminal activity, this lack of corroboration should have been included in the warrant application. The materiality of this information is underscored by the common sense observation that if the surveillance had yielded evidence of criminality, that information certainly would have been included in the warrant application and deemed to have been damning. The mere fact that the outcome of the surveillance was not the one the police would have preferred does not render the information immaterial.

These omissions are what cost Riley his immunity in the first place. The lower court determined these factual omissions raised sufficient Fourth Amendment questions that the county and its employee could not be granted immunity, which the defendants sought through a motion for summary judgement. This was denied and the immunity yanked, prompting the appeal to 2nd Circuit Court. This appeal has now been denied. Despite Pooler's enumeration of Riley's wrongdoing, the appeal is mainly denied on technical grounds (i.e., lack of jurisdiction).

The case is now being sent back to the lower court for a jury trial. McColley still has a chance to hold the county and Riley accountable for violating her Fourth Amendment rights.

And what did Riley's task force secure with its illicitly-obtained no-knock warrant?

The search of McColley’s home did not uncover any money, weapons, drugs, drug related paraphernalia, or any evidence of criminality of any kind. The ERT took only a National Grid electric and gas bill and a registration bill for Hudson Valley Community College as fruits of the search.

Three bills from an residence noted on the warrant application as a "stash house" and all based on the claims of a known criminal who would tell the police anything to stay out of jail and a cop who simply left out any info that would have made a no-knock warrant harder to obtain. CI's suddenly don't look all that "informative" when you depict them like any cop or DA would if they were on the stand rather than running "controlled buys" for their handlers. And the cop himself isn't looking any more trustworthy than his sources.

Permalink | Comments | Email This Story

A live action musical of Back to the Future is coming to London's West End next year, with a possible Broadway run if it proves successful enough. AND HOW COULD IT NOT? You think there's going to have a real DeLorean on stage or just a cardboard cutout?

The film's original screenwriters, Robert Zemeckis and Bob Gale have teamed with British director Jamie Lloyd to write the book. They've also tapped Alan Selvestri to compose the music and Grammy-winning songwriter Glen Ballard (Alanis Morrissette, Michael Jackson) to write the lyrics. Selvestri has scored many of Zemeckis' well-known films including Romancing the Stone, Forrest Gump and Cast Away.

Sad fact: I fell off the stage during my middle school's production of Peter Pan. I was one of the Lost Boys and got SUPER lost after getting blinded by the stage lights and ate shit right in front of the first row of parents. Even sadder fact: another kid's parents won $10,000 on America's Home Videos for the fall because my parents didn't come so they could tape it themselves. That's what they were most upset about, by the way. I BROKE A LEG. Thanks to BBQ, who smells delicious.

There's been less discussion over the TSA's full body scanners recently, especially since the TSA's brief but insanely expensive (with YOUR money!) experiment with the "nudie scanners" went away. However, Politico has a fascinating story from a former TSA agent revealing that much of what you suspect about the TSA is true: they were able to see you naked even as the scanners had little actual value. They do target attractive women and have a rather long list of official sounding "code names" for good looking women so they can alert each other to them while appearing professional. On those nudie scanners, he has the story of the guy who taught them how to use it, who was then asked what he thought of the machines:

“They're shit,” he said, shrugging. He said we wouldn't be able to distinguish plastic explosives from body fat and that guns were practically invisible if they were turned sideways in a pocket.

We quickly found out the trainer was not kidding: Officers discovered that the machines were good at detecting just about everything besides cleverly hidden explosives and guns. The only thing more absurd than how poorly the full-body scanners performed was the incredible amount of time the machines wasted for everyone.

Of course, what he leaves out is the real reason why these were installed in airports across the country. It had nothing to do with terrorist threats, but the fact that former DHS boss Michael Chertoff was getting rich off of helping to sell them to the government agency he used to run.

As for looking at you naked, yes, the TSA folks would look and laugh:

Most of my co-workers found humor in the I.O. room on a cruder level. Just as the long-suffering American public waiting on those security lines suspected, jokes about the passengers ran rampant among my TSA colleagues: Many of the images we gawked at were of overweight people, their every fold and dimple on full awful display. Piercings of every kind were visible. Women who’d had mastectomies were easy to discern—their chests showed up on our screens as dull, pixelated regions. Hernias appeared as bulging, blistery growths in the crotch area. Passengers were often caught off-guard by the X-Ray scan and so materialized on-screen in ridiculous, blurred poses—mouths agape, Ã�’  la Edvard Munch. One of us in the I.O. room would occasionally identify a passenger as female, only to have the officers out on the checkpoint floor radio back that it was actually a man. All the old, crass stereotypes about race and genitalia size thrived on our secure government radio channels.

There were other types of bad behavior in the I.O. room—I personally witnessed quite a bit of fooling around, in every sense of the phrase. Officers who were dating often conspired to get assigned to the I.O. room at the same time, where they analyzed the nude images with one eye apiece, at best. Every now and then, a passenger would throw up two middle fingers during his or her scan, as though somehow aware of the transgressions going on.

And yes, he talks about the ridiculousness of confiscating nail clippers and liquids:

I confiscated jars of homemade apple butter on the pretense that they could pose threats to national security. I was even required to confiscate nail clippers from airline pilots—the implied logic being that pilots could use the nail clippers to hijack the very planes they were flying.

Once, in 2008, I had to confiscate a bottle of alcohol from a group of Marines coming home from Afghanistan. It was celebration champagne intended for one of the men in the group—a young, decorated soldier. He was in a wheelchair, both legs lost to an I.E.D., and it fell to me to tell this kid who would never walk again that his homecoming champagne had to be taken away in the name of national security.

Basically, pretty much everything we already knew about the TSA and its security theater seems to be more or less accurate. There's a lot more in the article, but it really paints a picture of typical bureaucratic insanity. The whole setup of the TSA seems designed to do two things: to help make a few ex-gov't officials very wealthy while giving the public appearance that current government officials are "doing something" about terrorism.

As we've noted in the past, even the TSA knows that there's not much of a threat directed at air travel these days, which is probably why they've started giving up the pretense and waving large groups of folks through at times.

Of course, beyond the government officials getting rich part of this, the simple fact is that the political incentives here always will lead to these kinds of ridiculous results. When there is, inevitably, some other attack, questions will be asked about why we weren't "doing enough." So everyone has incentives to do as much useless stuff as possible, even if it's all really useless. That way they can talk about everything they had already been doing -- and then layering on some other idiotic idea (like taking off your shoes, or not carrying water bottles through security) and go on with the myth that they're "protecting" people. It's just that sometimes this leads to bored TSA agents staring at tons of people naked based on no warrant, no threat and no damned reason at all.

Permalink | Comments | Email This Story

You may recall how, last summer, there was a ridiculous situation in which David Cameron ordered a government official to go down to the Guardian's offices in London and force them to physically destroy a computer that had stored some encrypted documents from the batch of documents that Ed Snowden had given to reporters. The whole thing was ridiculous on multiple levels, as the Guardian's editor Alan Rusbridger clearly told the government officials that there were other copies outside of the UK, and that the Guardian would continue reporting on those documents from its offices in NY. Apparently unaware of how stupid they looked, the government officials continued the charade, and the Guardian physically destroyed the drives and memory cards.

The Guardian has now released a short video that intersperses some commentary and news clips about the event with some actual footage of Guardian employees taking power tools to the components in question. As Rusbridger noted at the time, this was a particularly "pointless piece of symbolism that understood nothing about the digital age." And, really, that line could apply to an awful lot about the NSA/GCHQ affair lately. Yes, they understand a lot about how to spy on everyone via digital tools, but they've shown little to no recognition of the problems this creates for the economy, for technology, for innovation, for privacy, for security and for public sentiment.

Permalink | Comments | Email This Story

By this point, it should be clear that when Senators Ron Wyden and Mark Udall ask questions to senior intelligence community officials in open hearings, it's not because they don't know the answers, but because they do, and they have information that they think should be public. Remember, of course, that, years ago, Wyden and Udall were clearly hinting at what Ed Snowden eventually revealed. So, during yesterday's hearing during which leaders from the intelligence community tried to pull their usual "be scared American people!" schtick, Wyden's and Udall's questions point to some potential mischief by the CIA. Both asked questions of CIA boss John Brennan concerning the legality of certain actions. It is unlikely that they did this because they were just curious. Wyden kicked it off by asking if the Computer Fraud and Abuse Act (CFAA) applied to the CIA:

Wyden: Does the federal Computer Fraud and Abuse Act apply to the CIA?

Brennan: I would have to look into what that act actually calls for and its applicability to CIA’s authorities. I’ll be happy to get back to you, Senator, on that.

Wyden: How long would that take?

Brennan: I’ll be happy to get back to you as soon as possible but certainly no longer than–

Wyden: A week?

Brennan: I think that I could get that back to you, yes.

Of course, we've written about the CFAA many times, and how the broadly (terribly) written law has been abused by law enforcement to go after all sorts of ordinary or reasonable computer activity. But Wyden is flipping this around in a slightly interesting way -- asking if the CFAA applies to the CIA. The answer, actually, is probably no, the CFAA doesn't apply to the CIA. If you look at 18 USC 1030(f) (which is part of the CFAA), it says:

This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.

It seems likely that the eventual answer from Brennan to Wyden will basically point to this particular language. But that's not particularly important, as the intent of the question likely had little to do with actually looking at the scope of the CFAA, but rather hinting very strongly that the CIA is hacking into computers in a manner that would violate the CFAA if it wasn't being done by law enforcement.

This was then followed up soon after with a question from Udall, again to Brennan, asking a slightly different question about the CIA's legal authority, which Brennan doesn't actually answer, instead answering a different question that wasn't asked:

Udall: I want to be able to reassure the American people that the CIA and the Director understand the limits of its authorities. We are all aware of Executive Order 12333. That order prohibits the CIA from engaging in domestic spying and searches of US citizens within our borders. Can you assure the Committee that the CIA does not conduct such domestic spying and searches?

Brennan: I can assure the Committee that the CIA follows the letter and spirit of the law in terms of what CIA’s authorities are, in terms of its responsibilities to collect intelligence that will keep this country safe. Yes Senator, I do.

Got that? He was asked "do you spy on Americans?" and the answer was "we follow the law." Considering that Wyden and Udall have been among the leading folks pointing out that the intelligence community has regularly reinterpreted the laws in secret in order to broaden their claimed authority, that answer is hardly assuring. Instead, it sure sounds like the CIA admitting that, hell yes, they spy on Americans under their twisted interpretation of the law. Combine that with Wyden's question -- which may or may not be about the same issue, but the two have often coordinated on these issues -- and it certainly hints at the idea that the CIA is hacking into Americans' computers.

Over the last few months, much of the focus has been on the NSA, but it's important to remember that the CIA actually is bigger in terms of its budget, and remains incredibly powerful and secretive. Also, over the last decade or so there appears to be significant evidence of incredible abuse by the CIA. As we've noted a few times, the Senate Intelligence Committee has been sitting on a supposedly explosive report that cost $40 million to put together, detailing some horrific CIA abuses, which the CIA has been doing everything possible to stop from being released.

Given all this, how long will it be until we discover "explosive" revelations about the CIA that confirm what Wyden and Udall have been hinting at?

Permalink | Comments | Email This Story

As we covered very recently, the city of Omaha is being sued by the ACLU on behalf of a family whose house was raided by 20+ cops (sans warrant) in order to seize cellphone footage taken of their arrest tactics (read: excessive force) deployed to detain someone asking questions about a vehicle being towed. Despite the multitude of police officers swarming the neighborhood, a person filming the incident from across the street went unnoticed.

By the time it was all said and done (and footage released to the press), 32 police officers had been named as co-defendants, and six of those officers had been fired. But like many police officer firings, it didn't take.

Omaha police officer Bradley D. Canterbury has been reinstated after being fired for a rough arrest at 33rd and Seward last Spring.

Canterbury is the one in the video who seems to throw Octavius Johnson to the ground.

Not only did Canterbury throw Johnson to the ground, but he got in a few swings when (he thought) no one was looking. Here's the video for a refresher. The throw happens about 11 seconds in. At 2:55, Canterbury looks around for watchful eyes, and seeing none, punches Johnson a few times.


An arbitrator decided that those punches don't count, even if Canterbury suspiciously omitted them from his report.

According to the TV report, an arbitrator decided in a 38-page ruling that Canterbury’s use of force was justified, calling the strikes “hammer hits” and noting he didn’t kick or elbow Johnson. The arbitrator also decided the city didn’t have enough evidence to show Canterbury purposely failed to mention the second series of strikes, against an already subdued Johnson, in his report, even as two of the officers are facing charges related to the cover-up of the incident.

Now, it's unclear to me how a "hammer hit" differs from "repeatedly punching" a prone, subdued suspect, but I'm not in the business of putting bad cops back on the street. What it looks like is Canterbury extracting a little "aggravation pay" from the person who kicked off this whole debacle. Finding the street clear of fellow officers (who were warrantlessly storming a house to illegally seize cellphone footage, injuring a wheelchair-bound woman in the process) and, more importantly, citizens with phones, Canterbury "hammer hit" Johnson to remind him who was in charge. Then he submitted a report that glossed over his "hammer hits."

I'm not sure what evidence the city would need to show a reasonable human being that Officer Canterbury purposely failed to include the extra punching in his report other than:

a.) Canterbury's report that doesn't detail the hammer hitting, and

b.) the above video footage.

Perhaps the city should have mentioned that the illegal seizure and destruction of camera footage was indicative of a coverup. Actually, I'm sure it did, considering it used that claim to get rid of the cops in the first place. If cops are covering something up, omitting tiny details like bonus blows is just par for the course.

Now, if Canterbury can get his job back after being caught on tape and caught omitting details, then it stands to reason the other five fired cops have a chance to reclaim their badges. This isn't a great way to weed out bad cops. In the private sector, most fired people stay fired. But on the other side of the blue line, being canned for violent acts or violating rights is often little more than a momentary setback.

Permalink | Comments | Email This Story

The Lenovorola deal went live a few moments ago, and while waiting for the dust to clear, we know there’s still a lot of questions left unanswered. If we could get you to stop staring out your window wondering for a quick moment, we want to help you check at least one of those questions off your list by letting you know that Motorola’s most interesting project — aka Project Ara — will remain in-house at Google under their Android branch.

Motorola will be handing over the reigns of their Advanced Technology and Projects group to Google, where the 100-man team will continue to be lead by Regina Dugan. Only difference is now they’ll be moving their offices to Mountain View, were Dugan will be reporting to Sundar Pichai, although she’s said to maintain a more independent role working alongside the Android team.

Once again, Google will be holding onto the Advanced Technology Group’s patents, and with Google’s resources, Project Ara development should kick into overdrive. We remain cautiously optimistic.

[The Verge]

In early January, while the rest of the consumer technology world at CES marveled at the sheer size of Samsung's upcoming Galaxy tablet, Google execs were dismayed by what they saw on the screen of the massive 12.1-inch slate - a fancy new user interface called Magazine UX. [...] Multiple sources familiar with the companies' thinking say the two technology giants began hammering out a series of broad agreements at CES that would bring Samsung's view of Android in line with Google's own. The results of the talks, which have only just begun dribbling out to the public, also underscore the extent to which Google is exerting more of its influence to control its destiny in the Android open source world. Dilemma. I don't like Google exerting control in this manner, but, on the other hand, anything that - for the love of god - makes Samsung stop building its own software for phones is a good thing. Tough call. Then again, this deal may also simply be another aspect of the big patent deal, indicating that this deal is about much more than patents alone. In any case, the recent renewed collaboration between Google and Samsung seems to indicate that Samsung has little to no intention to move away from Android, and with Samsung still shipping exactly zero Tizen devices, I have little hope we'll ever see that platform jump front and centre.

While there have been some occasional nutty attempts to paint journalists reporting on the documents that Ed Snowden revealed as being somehow legally at risk for doing so, for the most part, US officials have recognized that we do respect the freedom of the press in this country. This has been in stark contrast to the UK, where a whole investigation is ongoing into The Guardian's role in reporting on the documents. However, that changed this morning, when Director of National Intelligence James Clapper appeared before the Senate Intelligence Committee to deliver his "Worldwide Threat Assessment."

In his prepared statement, Clapper made it clear that he views the journalists who have copies of the documents as "accomplices" to Snowden -- who has been charged with violating the Espionage Act. As he said:

Snowden claims that he's won and that his mission is accomplished. If that is so, I call on him and his accomplices to facilitate the return of the remaining stolen documents that have not yet been exposed to prevent even more damage to U.S. security.

While some may claim that this is just a passing phrase, this is a written statement from James Clapper to Congress, meaning it was vetted many, many, many times, and the word choices are clear and specific. As Glenn Greenwald has noted, the implication is not at all subtle. The Obama administration has now officially stated that it views journalists reporting on Snowden documents as "accomplices" to a crime:

Who, in the view of the Obama administration, are Snowden's "accomplices" The FBI and other official investigators have been very clear with the media that there is no evidence whatsoever that Snowden had any help in copying and removing documents from the NSA.

Here, Clapper is referring to "accomplices" as those who can "facilitate the return of the remaining" documents. As Snowden has said, the only ones to whom he has given those documents are the journalists with whom he has worked. As has been publicly reported, the journalists who are in possession of thousands of Snowden documents include myself, Laura Poitras, Barton Gellman/The Washington Post, The New York Times, the Guardian, and ProPublica.

Is it now the official view of the Obama administration that these journalists and media outlets are "accomplices" in what they regard as Snowden's crimes? If so, that is a rather stunning and extremist statement. Is there any other possible interpretation of Clapper's remarks?

That is absolutely crazy. Even more ridiculous is that ODNI's public affair director more or less confirmed the point:

The office's public affairs director Shawn Turner said in an email that “director Clapper was referring to anyone who is assisting Snowden to further threaten our national security through the unauthorized disclosure of stolen documents related to lawful foreign intelligence collection programs.”

Of course, just last year (prior to the Snowden leaks), there was a bit of a scandal when it was revealed that the DOJ was claiming to courts that certain journalists were accomplices in order to spy on them to get access to their sources. That controversy resulted in Attorney General Eric Holder promising new guidelines to stop targeting journalists. And, just today, Holder told Congress that those new rules are already in effect.

Clapper's choice of words here was deliberate. Even if the government doesn't go after any of the journalists with Snowden's documents, the message today's statement made is loud and clear: we can go after you and charge you criminally. And that's an incredibly chilling message in a country that is supposed to respect the freedom of the press.

Permalink | Comments | Email This Story

The NSA's new data center in Utah has provided the flashpoint for legislation targeted at "nullifying" the agency by cutting off its access to public utilities and/or leveraging the powers granted to states to combat federal government overreach. An activist group known as The Tenth Amendment Center proposed a state law that would cut off the new data center's much needed water supply, along with any other public utility or service, like sanitation and road repair, in hopes of (at minimum) forcing the NSA to reconsider its collection tactics, or failing that, to find a new home.

Now, more states are joining the push-back against the agency, again using legislation crafted at the state level to curtail the NSA's overreach, as The New American reports.

Arizona

In Arizona, SB1156, which has 14 Republican sponsors, was introduced by state Sen. Kelli Ward. It would bar the state from providing material support to the agency’s activities and ban any data collected without a warrant from being used in court.

Ward announced her intentions in December to introduce a bill that would keep Arizona from supporting the NSA.

New Hampshire

HB 1533 is a bipartisan bill sponsored by two GOP lawmakers and one Democrat. The measure requires law enforcement to obtain “a warrant to search information in a portable electronic device.”

Section IV of the bill mandates that “A government entity that purposely violates the provisions of this section shall be guilty of a class A misdemeanor.”

New Hampshire's government is also considering another bill (HB 1619), which restores the expectation of privacy to information given to third parties, something the NSA, FBI and others have relied on for years to acquire data without warrants.

An individual shall have an expectation of privacy in personal information, including personal identifiers, content, and usage, given or available to third-party providers of information and services, including telephone; electric, water and other utility services; internet service providers; social media providers; banks and financial institutions; insurance companies; and credit card companies.

As The New American notes, this restoration goes even further than just protecting American citizens. The wording specifically notes this applies to "individuals" rather than just "citizens," extending the protection to non-citizen US residents and visitors.

Tennessee

The Tennessee Fourth Amendment Protection Act was introduced by State Sen. Stacey Campfield (R-Knoxville) late Tuesday evening. Rep. Andy Holt (R-Dresden) will file the companion bill in the House.

Based on model legislation drafted by the OffNow coalition, SB1849 would prohibit the state of Tennessee from “providing material support to…any federal agency claiming the power to authorize the collection of electronic data or metadata of any person pursuant to any action not based on a warrant” as required by the Fourth Amendment.

The entity mentioned in the legislation, OffNow, is a creation of the Tenth Amendment Center, and its legislative activity seeks to nullify the agency through the power of states and their public utilities. With enough support, many states could make themselves inhospitable hosts for the NSA by tying utility access to stipulations like the above. At the very least, state governments who pass laws like these will be "on the record" as not being complicit in the NSA's questionable collection activities. It also indicates they're willing to combat government overreach, which in the age of Real ID, nationalized health care and domestic surveillance, is a good stance to be taking.

The real test of legislation like those above will be when the NSA offers to set up shop in these locations. Turning down the agency means turning down a whole lot of federal money and additional employment, something that may not sit well with many constituents, and even less so with certain politicians.

New Hampshire's and Arizona's bills will face additional challenges as neither limits the wording to only the NSA's collections/"searches." (New Hampshire's bill only says "federal agency.") Arizona's in particular will affect local law enforcement as well, and if they've become used to a certain level of warrantless access, they won't be too thrilled to give that up. The heaviest push-back there may be from local PDs and sheriffs departments, although the arguments against the bills will be very familiar -- swapping only "crime" (or "drugs") for "terrorism."

Permalink | Comments | Email This Story

When police departments begin viewing themselves as revenue generating entities rather than law enforcement entities, it has a deleterious effect on the public, which is now viewed as potential income, rather than citizens. If the incentives become perverted, the department will as well. Everything from "booking fees" to forfeiture laws are prone to abuse, especially when the municipality becomes just as addicted to the cash flow.

An Oklahoma town with the population of 410 is in the news precisely because of this abuse. It seems the Oklahoma Dept. of Public Safety (DPS) isn't happy with the outsized cash haul a single police department has raked in over the past few years.

The Oklahoma Department of Public Safety announced Jan. 13 that Stringtown's police department no longer would be allowed to enforce traffic laws on state and federal highways that run through the town.

After an investigation -- which had been requested by the state attorney general's office -- it was determined that Stringtown generated too much revenue through police-related activities.

State law prohibits cities and towns from generating more than half of their revenue through the collection of traffic fine payments.

According to the most recent audit of Stringtown's finances, the town generated $483,646 in fines during fiscal year 2013. That figure represents 76 percent of all Springtown revenue.

The year before, traffic fines accounted for about the same amount of cash, or 73 percent of all revenue in fiscal year 2012.

Springtown's reputation precedes it. A town that would barely register on a map is one of Oklahoma's most notorious speed traps. And this recent smackdown by the DPS is one of several.

In the mid-2000s, Stringtown police officers were stripped of their authority to write tickets along U.S. 69, causing the department to effectively shut down. Several other towns, including Big Cabin, also had action taken against them around the same time.

It was investigated in the late 1990s, with the end result being an increase in the town's speed limit in order to better match the surrounding areas. A former Transportation Dept. spokesman also said the town's PD had been investigated in the 1980s for the same reason.

So, why can't the Springtown Stringtown PD be taught? Well, it's because the town itself has come to rely on the influx of income its police department provides. But rather than limit itself to a reasonable amount of money and living within the sort of means most towns with a population of 400 would, Springtown Stringtown began viewing law enforcement as a growth industry.

In the early 1980s, Stringtown had just three full-time city employees. After the end of the decade -- six years after Stringtown officials decided to process their own speeding tickets -- the town employed 20 full-time workers, six of them full-time police officers.

The money from speeding tickets also built a new city hall and police station, something that's definitely a luxury for a town that would otherwise be fortunate to bankroll two full-time police officers.

The citizens of Stringtown seem to have bought into the city's delusion that it "needs" 20 employees and six cops.

OHP Captain Jeff Sewell says that's a problem for small towns, like Stringtown, with a population of 410.

"They have no other means for revenue. They had a store there, the store shut down. They had an eating place, it shut down. So they really don't have a place. Nobody puts any businesses up there," Sewell said.

But there is one corner store where employees are concerned about the lack of law enforcement.

"You know, people breaking in, you know, breaking stuff, stealing stuff," store employee Cindy Smith said.

The town is mostly dead and yet, the PD's supporters somehow think a super-prolific speed trap is the proper way to revive it. Smith's worry about people "breaking in" to the one store still alive in town seems misplaced. If the PD's ticket revenue is to be believed, everyone was passing through Springtown Stringtown too quickly to be bothered to pull a smash and grab at what seems to be one of the only surviving businesses in the city limits.

Stringtown has been relying on its police force to balance the town's books for more than 30 years now, despite being forced to go "cold turkey" multiple times. The DPS may have cut off its supply again, but history has proven the town has run out of revenue generation ideas that don't involve a 6-person PD -- stationed in a town of 410 -- ticketing as many drivers as possible.

Permalink | Comments | Email This Story

On Saturday, FOX began advertising a new Simpsons episode titled “Specs and the City.” The episode — which openly pokes fun at Google’s latest wearable tech — begins after Mr. Burns decides to outfit his entire team with “Oogle Goggles,” not out of benevolence mind you, but to better keep tabs on his employees (wonder what they could be implying?).

It doesn’t take long for Homer to become what can only be described as a Glasshole. After going too far by taking Glass into the bedroom (sound familiar?), he’s forced to give up his Google Glass in a game of spin the Goggles. Marge — who was initially apprehensive about Oogle Goggles from the start — becomes the new recipient and soon realizes the finds the augment becoming helpful in her day-to-day life.

Not only is this episode an interesting take on how Hollywood views the new tech (it’s nerd-chic), but we can see how exposure like this has already begun shaping the views and opinions of the mainstream over the new technology. The episode ends with Marge finally taking Oogle Goggles into the bedroom and giving Mr. Burns an eyeful of a bottomless Homer. Ha.

If you guys wanna check it out for yourself, the the episode in all its entirety can be viewed on Hulu via the link below (Hulu Plus required for now).

Watch on Hulu: The Simpsons: Specs and the City

An interesting (and, depending on who you are, disturbing) rumor seems to have crossed the wire this morning. Leakster extraordinaire Eldar Murtazin supposedly has it on good authority that Google is looking to kill off the Nexus program at some point next year. The downfall of Nexus would make way for Google Play Edition devices, which are stock Android versions of existing consumer devices which get software upgrades directly from Google.

We’re obviously going to be taking this rumor with a large grain of salt, but it’d be interesting to see if Google really does plan on going this route. Nexus devices have become more symbolic than anything else, giving Android enthusiasts and developers an inexpensive, yet highly capable option for use and development. There are three things the Nexus program is still known for:

• Fast updates
• Stock firmware with no bloatware
• Cheap price

All of that hasn’t exactly translated well to Google Play Edition devices. More often than not, these devices get upgrades to Android later than their Nexus counterparts, and cost just as much as if you were to buy the handset off-contract straight from carriers and retailers. They still do offer stock firmware with no bloatware, though, so there’s that.

It’s said Google would favor this route as they don’t want to eventually run into a situation where they’re chastised for favoring one group of devices over another. Giving everyone a chance to make Google Play Edition devices would definitely solve that issue, though consumers probably won’t be too happy with what would effectively be see as the death of Android’s most iconic series of devices.

We’re not throwing all our eggs into Murtazin’s basket, though, so don’t get too worked up about this rumor just yet. If anything, just remember that we still have at least a great couple of years to go before we’d see anything like this go down.