• Shortcuts : 'n' next unread feed - 'p' previous unread feed • Styles : 1 2
aA :  -   + pdf Infos Unsubscribe

» Publishers, Monetize your RSS feeds with FeedShow:  More infos  (Show/Hide Ads)


Date: Thursday, 17 Apr 2014 13:49

Edward Snowden has generally been staying out of the limelight so that the NSA story is about the surveillance not the whistleblower. He's given occasional interviews and delivered a few short speeches via videolink, but usually of a fairly low-key nature. That makes his unexpected appearance today on a marathon televised question-and-answer session with Vladimir Putin -- again by videolink -- extremely odd. Here's his question, as reported by The Guardian:

Snowden asked: "Does Russia intercept or store or analyse the communication of millions of individuals?" He went on to ask whether increasing the effectiveness of internal security systems could ever justify such actions.
To which Putin replied:
"Mr Snowden you are a former agent, a spy, I used to work for a intelligence service, we are going to talk the same language."

He said Russia did not have a comparable programme, stating: "Our agents are controlled by law. You have to get court permission to put an individual under surveillance. We don't have mass permission, and our law makes it impossible for that kind of mass permission to exist."

He said he was aware that "criminals and terrorists" relied on this kind of [technology], and that their actions demanded a response from the security services. "We have to use technical means to respond to their crimes, including those of a terrorist nature, we do have some efforts like that. We don't have a mass control. I hope we [w]on't do that," he said.
It's really hard to know why Snowden asked this question. Perhaps he wanted to emphasize the disproportionate nature of NSA spying by contrasting it with Russia's approach; perhaps he thought his appearance would jolt a jaded public and focus renewed attention on the key issues. But surely he must have guessed that Putin would answer as he did -- whether or not it is true -- that Russia uses surveillance strictly according to the law, that there is no massive, disproportionate spying of the kind practiced by the NSA, etc. etc. He must have known that Putin would easily turn Snowden's question into a wonderful opportunity to score points against the US.

Inevitably, then, this appearance will be leapt on by those who have maintained that Snowden is some kind of Russian spy, and that he has been working for Putin all along. As Techdirt has noted, that story doesn't stand up, but this unexpected intervention by Snowden certainly doesn't do anything to dispel it. For someone who until now has judged when and how to make public statements so skilfully and effectively, this seems like an incredible misstep. It really makes you wonder what might lie behind it.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+



Permalink | Comments | Email This Story







Author: "Glyn Moody"
Send by mail Print  Save  Delicious 
Date: Thursday, 17 Apr 2014 12:39

Searching beyond Comcast itself, it's hard to find too many people who have no objections to this massive cable company acquiring another massive cable company. Inside the Beltway, where it possibly matters most, you can find a few defenders, many of whom have pocketed Comcast's money during their legislative careers. But once you step outside of the insiders, you have a multitude of people who realize that, thanks to years of abusive behavior by incumbent service providers, making these companies bigger certainly won't make them better.

I'm not sure where the Washington Post's editorial board falls in terms of insider/outsider status, but it just issued an editorial supporting the merger. And, oh man, it's just a terrible set of opinions bolstered by some equally terrible assertions. The gist of it is that a massive cable company is no problem because regulators have done such a great job at ensuring a competitive playing field to this point.

The government’s smartest move is not to block the merger, but to make clear that regulators will respond if big industry players begin to violate basic principles of market fairness.
There's no question of "if." The violations are not only happening, they're ongoing. Incumbents have squeezed out upstart competitors by using their entrenched positions, pushing for favorable legislation and protecting it all with an army of lawyers that makes it almost impossible for new players to enter the market.

WaPo's board tries to deflect the arguments raised by merger opponents by deploying a combination of Comcast talking points and assertions that have no basis in fact.
[T]raditional cable television and wired broadband providers are in increasingly dire competition with online video services, wireless Internet providers and a cash-flush Google expanding its installation of high-speed fiber-optic cable across the country. Consolidation is the only way to ensure these companies have enough capital to invest in new and better technology that will keep their customers happy — or, at least, satisfied enough not to cancel their subscriptions.
Of everything that's wrong with this paragraph, the presentation of Google's fiber service as a serious competitor is perhaps the worst. Google's limited market entry only presents a direct threat to incumbents in the few areas it's selected to offer its service. At some point in the future, Google may expand the number of markets, but it's a stretch to call a handful of deployments a true competitor to the cable giants. Even the incumbents seem to realize they won't be going head-to-head with Google any time soon -- if at all -- judging from the number of "fiber to the press release" statements being issued.

And it's not as if the cable companies are lacking in capital. The biggest names in the business are also flush with money and they're certainly not spending it on "new and better technology." The supposed "wireless competitors" are giants themselves -- old school incumbents like AT&T that are divesting themselves of their landlines just as quickly as regulators will let them. These companies prefer wireless because it's more profitable, not because they have any desire to keep their customers happy. The maintenance costs are lower and the opportunity to deploy caps on calls and data keeps margins high. One needs only look at Verizon's post-Hurricane Sandy efforts in New York, which saw the provider tell customers it was inferior wireless packages or nothing and the service they once had wasn't going to be repaired.

More bad-to-inaccurate assertions follow.
Some criticism of the merger is misleading or speculative. Cable subscribers will not lose flexibility to get their television service from another company. The market is split geographically: Comcast and Time Warner Cable do not compete for customers.
The first part is only true because many cable subscribers already have little to no flexibility. There's very little for them to actually "lose." For many customers, the only "true" choice is Cable Giant A or DSL Giant A -- at best. That's not competition. That's an illusion of choice. In most markets, the number of competitors rarely rises above a very small number of interchangeable companies that work together to ensure their existing market share never dwindles. They act in concert to keep upstarts out and customers locked in.

That these two companies rarely compete directly for customers makes no difference. Turning two companies into one doesn't magically increase the number of options available to cable customers. Instead of simply aligning behind the scenes to preserve a duopoly, the unity of vision will now be out in the open. If anything, this will result in a more transparent screwing of customers, but that's hardly the sort of thing regulators should be giving their thumbs up to, or be encouraged by a responsible journalistic outlet.



Permalink | Comments | Email This Story







Author: "Tim Cushing"
Send by mail Print  Save  Delicious 
Date: Thursday, 17 Apr 2014 10:38
Just a few weeks ago we wrote about scientific publishing giant Nature's somewhat abhorrent open access policy, where it's telling researchers at universities that require open access publishing that they need to get a waiver from that policy. So it seems rather strange to see that very same Nature, just days later, publishing an article about open access, in which it talks about how two of the largest funders of scientific research today, Wellcome Trust in the UK and the National Institute for Health (NIH) in the US, are starting to punish grant recipients who don't follow through on open access obligations. Both of those organizations require certain open access standards, but apparently have mostly just trusted researchers to follow through. Not any more:
Now they are done with just dangling carrots. Both institutions are bringing out the sticks: cautiously and discreetly cracking down on researchers who do not make their papers publicly available.

Neither agency would name those who have been sanctioned. But the London-based Wellcome Trust says that it has withheld grant payments on 63 occasions in the past year because papers resulting from the funding were not open access. And the NIH, in Bethesda, Maryland, says that it has delayed some continuing grant awards since July 2013 because of non-compliance with open-access policies, although the agency does not know the exact numbers.
The report notes that this has resulted in a "noticeable jump in researchers following the rules." That makes sense.

Of course, nowhere in the Nature article does reporter Richard Van Noorden ever bother to mention that his own publication is fighting against those requirements. In fact, the article reads as if it's a strong supporter of open access rules:
Some scientists are not even aware that they could be penalized. Nature's news team contacted Sheila MacNeil, a tissue engineer at the University of Sheffield, UK, who has published hundreds of articles, including a March 2013 paper on making stem-cell lattices for corneal repair that was funded by the Wellcome Trust (I. Ortega et al. Acta Biomater. 9, 5511–5520; 2013). Nature pointed out that the article should be open access but is not. "This is new to me," responds MacNeil, who plans to make the paper available. "Agreeing with open access is easy — making it happen, less so," she says.
Perhaps the Nature "news team" should take a look at how their own publisher is forcing researchers to ignore their open access obligations.

Permalink | Comments | Email This Story







Author: "Mike Masnick"
Send by mail Print  Save  Delicious 
Date: Thursday, 17 Apr 2014 07:08

As people have begun to learn about corporate sovereignty through plans to include it in TAFTA/TTIP, the European Commission has been trying to scotch the idea that it might allow corporations to dictate policies to nations. Here, for example, is a comment in the Commission's main TTIP FAQ, which tries to answer the question "Why is the EU including Investor to State Dispute Settlement in the TTIP?":

Including measures to protect investors does not prevent governments from passing laws, nor does it lead to laws being repealed. At most, it can lead to compensation being paid.
Those are all true statements in theory, but that's probably not much comfort to Romania, which has been discovering the harsh reality in the long-running discussions over whether to allow a Canadian company to create a huge open-cast gold and silver mine in the country. Here's what happened last year:
Gabriel Resources Ltd. (GBU), backed by billionaire hedge-fund manager John Paulson, threatened to seek as much as $4 billion of damages should Romanian lawmakers vote to oppose its gold mine project in the country.

"We have a very, very robust case, and we believe we have claims up to $4 billion that we can send to the Romanian state," Gabriel Resources Chief Executive Officer Jonathan Henry said today in a telephone interview. "We will go ahead and do that if the vote is against."
As the European Commission notes, the existence of a bilateral investment treaty with Canada that includes a dispute settlement mechanism did not, in itself, stop the Romanian politicians from blocking the gold mine project in the parliamentary vote, which took place in December 2013. So everything's fine, right? Democracy prevailed, and the people were heard. After all, "at most", as the FAQ helpfully reminds us, Romania will have to pay $4 billion damages at some point.

Except that, for a country with a GDP of less than $200 billion in 2013, this represents 2% of the country's entire economic production. That seems an incredibly high price to pay for the exercise of basic democracy. The danger is that faced with the threat of such enormous fines, other parliaments will lack the courage shown by Romanian's politicians, and choose to ignore the will of their people by meekly acquiescing to corporate demands.

Does GBU deserve some compensation if a project is cancelled by the local government because of widespread public concerns about its safety? Perhaps -- although business always involves some risk, and foreign investment is no different. If a company is really worried about that aspect, it can take out insurance -- from the World Bank, for example. Does GBU deserve to be awarded 2% of a country's GDP, paid for by the citizens of a land struggling to raise its living standards? That hardly seems fair. And yet it's precisely what ISDS could allow, because the arbitration panel that decides such corporate sovereignty cases is unconstrained in what it can award, and not at all concerned with what the knock-on effects might be.

But the politicians making up the European Commission should be, since they are supposed to represent the 500 million European citizens that pay their salaries. The fact that they are pushing as hard as they can for ISDS in TAFTA/TTIP shows which side they are really on, and that they are quite happy to put corporations before nations, and profits before people.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+



Permalink | Comments | Email This Story







Author: "Glyn Moody"
Send by mail Print  Save  Delicious 
Date: Thursday, 17 Apr 2014 03:04
If you don't know who Tom Lehrer is, well, you've missed out for a long, long time. Still, it's never too late to catch up, and there are plenty of great sources, including the The Tom Lehrer Wisdom Channel on YouTube (though, hardly a "rare cut" this remains my favorite). Of course there's much more to the lore of Lehrer than just his music, and Ben Smith at Buzzfeed has an has an excellent long discussion of Lehrer's life, including his very brief, but massive, music career, and his life for the past half a century in which he more or less tries to hide from or live down that whole episode of his life. It's a great read.

But what caught my attention was some discussion that Lehrer has had with certain fans concerning the copyright on his works, whether or not it's okay to put them online and what happens to them after his death. The simple answer seems to be that Lehrer couldn't care any less about all of it.
While Lehrer has made startlingly little effort to ensure a future for his work, a handful of superfans have filled in the gap. One is Erik Meyn, a Norwegian who manages the Tom Lehrer Wisdom Channel on YouTube, a feed of performance videos and playlists that has received more than 10 million views since 2007. Meyn originally posted content to the channel without Lehrer’s permission and called him from overseas in December 2008 to apologize, a conversation he later posted on the “Tom Lehrer!” Facebook page. An excerpt:

TL: Well, you see, I’m fine with that channel.

EM: You’re very kind. But my question is: Who in your family will take care of your copyright and your songs in the distant future?

TL: I don’t have a family.

EM: OK, but what do you think will happen to the channel and your songs? And if you have someone who will act on your behalf, could you give them my name in case they’d want the channel taken down?

TL: Yes, but there’s no need to remove that channel.

EM: I was just wondering what will happen in the future, because you’re certainly going to continue to sell records.

TL: Well, I don’t need to make money after I’m dead. These things will be taken care of.

EM: I feel like I gave away some of your songs to public domain without even asking you, and that wasn’t very nice of me.

TL: But I’m fine with that, you know.

EM: Will you establish any kind of foundation or charity or something like that?

TL: No, I won’t. They’re mostly rip-offs.

There's also the discussion with a fan who has been in contact here and there with Lehrer for the past 20 years or so, who stopped by his house once, found Lehrer's master tapes, and Lehrer just gave them to him:
In 2011, Morris was rummaging through the Sparks Street basement, and alongside the collection of books and records Lehrer referred to as his “Noel Coward shrine” were two boxes marked “masters.” They were, to Morris, “the holy grail.” These were the original recordings of the 1959 album More Songs by Tom Lehrer: the orchestral session and outtakes and Lehrer’s recordings. Morris offered to help Lehrer remix them from half-inch tapes into stereo recordings.

“Well, why don’t you just take them with you?” Lehrer said.

“I was like, ‘Are you kidding?! These are the master copies!’” Morris recalled. “I was just trying to reassure him, I’ll be very careful with them, I won’t let them fall in the wrong hands, I’m not going to distribute copies to anyone without your permission.”

“I don’t care!” Lehrer told him. “They’re not worth anything to me.”
None of this is to suggest that any other artists should necessarily follow down the same path. But I always find it interesting to see artists who decide that the traditional concepts of copyright don't make any sense to them, and just choose not to have anything to do with them. Given that Lehrer is so influential on so many people in so many different fields today, it seemed worth sharing this little tidbit.

Permalink | Comments | Email This Story







Author: "Mike Masnick"
Send by mail Print  Save  Delicious 
Date: Thursday, 17 Apr 2014 00:00
Trying to find a date using statistics and computers isn't exactly a new idea. (Punch cards were used in some of the earliest versions of computer dating.) As technology has improved, you might expect that dating has gotten better as well, but some modifications of the Drake equation show just how unlikely the odds are. Here are a few more data points in the realm of romantic relationships. If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Permalink | Comments | Email This Story







Author: "Michael Ho"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 22:42
Michael Geist is raising the alarm on a dangerous new bill in Canada, called the "Digital Privacy Act" (Bill S-4), which will actually serve to undermine many people's privacy. Much of the bill is focused on security breach disclosure rules, something that is important and useful. But, with that are some hidden, and extremely problematic, sections as well.
In light of revelations that telecom companies and Internet companies already disclose subscriber information tens of thousands of times every year without a court order, the immunity provision is enormously problematic. Yet it pales in comparison to the Digital Privacy Act, which would expand the possibility of warrantless disclosure to anyone, not just law enforcement. Bill S-4 proposes that:

"an organization may disclose personal information without the knowledge or consent of the individual... if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;


Unpack the legalese and you find that organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both past breaches or violations as well as potential future violations. Moreover, the disclosure occurs in secret without the knowledge of the affected person (who therefore cannot challenge the disclosure since they are not aware it is happening).
Of particular concern is how this could be a huge boon for copyright trolls, who can get information from ISPs without a court order, by simply claiming that it's for the purpose of "investigating a breach of an agreement or a contravention of the laws of Canada." Similarly, this would put a serious chill on protections for anonymous speech, as claims of defamation or other issues might lead to quick revelations of anonymous commenters, without any role for a Canadian court to balance the interests of free speech and privacy.

It's difficult to see how a bill that is supposed to be about protecting people's privacy actually has this clause that will effectively decimate privacy for many individuals. Industry Canada insists that this provision is narrowly targeted, but Geist highlights how the government rejected much narrower constructions, and seems unable to comprehend how disastrous the current bill will be for Canadians' privacy.

Permalink | Comments | Email This Story







Author: "Mike Masnick"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 21:41
So we just had a story about a court recognizing that, yes, blogs are a part of the media, and noted how ridiculous it was that this is still an issue in 2014. However, it appears that the Supreme Court is still living in a different century (okay, maybe not a huge surprise, since they still haven't figured out email). If you follow issues around litigation, it's likely that sooner or later you'll read SCOTUSblog, which is (deservedly) the go to source for anything related to anything having to do with Supreme Court cases. On mornings when decisions come out, it's always the first source I check, and I'm hardly alone among legal watchers.

And yet... the Supreme Court has denied SCOTUSblog's request for a press pass based on a stupidly convoluted system for which the Senate is partly to blame as well. According to SCOTUSblog:
SCOTUSblog is not now, and has never been, credentialed by the Supreme Court. The Court’s longstanding policy was to look to credentials issued by the Senate. We pursued a Senate credential for several years, modifying several policies of the blog to address concerns expressed by the Gallery. Last year, we finally succeeded – the Senate Press Gallery credentialed Lyle as a reporter for SCOTUSblog. We then presented that credential to the Supreme Court, thinking that the issue was resolved.

But the Court declined to recognize the credential, explaining that it would instead review its credentialing policy. The Court has not indicated when that review will conclude.
This is complicated further by the fact that the Senate Press Gallery has now rejected SCOTUSblog's request for a press pass, and also told the blog it will not renew Lyle's press pass -- thereby cutting off the blog to both the Senate and the Court. SCOTUSblog's Tom Goldstein does note that the Supreme Court itself has actually tried to accommodate the blog's requests for public seats, despite not agreeing to give it a press pass. The situation is clearly ridiculous:
All that said, the Senate Press Gallery’s decision to deny us a credential is important to us. We wanted the credential in substantial part because we cover Supreme Court-related matters in the Senate. Most significantly, we do gavel-to-gavel, liveblog coverage of Supreme Court nominations. We also expect to cover hearings related to the Court’s budget. So those efforts are now more difficult.

So we plan to appeal the Senate Gallery’s credentialing decision. We do not have a written list of the reasons for the denial, which makes the process more difficult. Our impression is also that the appeal may go to the same group that denied the application in the first place. If the appeal is denied, then we expect to litigate the issue. We’re now coordinating all those efforts with other groups that kindly have offered to support us.

All in all, the refusal by the Court and the Senate to credential us have always seemed strange. No one seems to doubt that we are a journalistic entity and that we serve a public function. Winning the Peabody and other awards would seem to confirm that. And the Court for years has functionally recognized us, because obviously the overwhelming majority of Lyle’s work is for us. We do not want any kind of special treatment. Credentialing the blog doesn’t give us any special power or recognition; it just makes our jobs incrementally easier. All in all, it doesn’t seem to make sense to impose burdens on us that are greater than those that apply to others who fundamentally do the same thing.
I don't think "strange" is the right word. Shameful works better. Stupid would apply as well.

Permalink | Comments | Email This Story







Author: "Mike Masnick"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 20:38

Time for an update on the NYPD scene. As you'll recall, both Mayor Bloomberg and Police Chief Ray Kelly exited their respective offices in their respective huffs, claiming the city would fall apart if the sanctity of the NYPD's Constitution-skirting programs (stop-and-frisk, the Muslim-watching Demographics Unit) weren't preserved.

The legal battle over the constitutionality of the stop-and-frisk took several turns, including the removal of the presiding judge for "appearances of partiality." Incoming mayor Bill de Blasio promised to drop the city's appeal of Judge Scheindlin's ruling, and oddly enough, actually did.

An attempt to keep the appeal going was filed by the union representing the NYPD, but this was shot down by the appeals court. It did, however, allow it to be part of the final negotiations. The end result was the installation of five years of oversight over the NYPD's controversial program in order to move it towards something more resembling compliance with the Constitution.

The apocalypse Bloomberg and Kelly claimed was unavoidable if stop-and-frisk was curbed has failed to materialize. Even before the ruling was handed down, the program had been scaled back, with 86% fewer stops being recorded in the first quarter of 2014 than in the same quarter of 2012. Despite this lack of pushing random people up against the wall, crime is down 13% compared to 2013. Was stop-and-frisk ever truly essential? Or was it simply something that became an all too easily abused "tool" of the NYPD? At this point, the numbers seem to indicate that stop-and-frisk had very little real effect on criminal activity.

More good news on the NYPD v. Constitution front: the infamous Muslim-spying wing of the NYPD -- the stupidly-named "Demographics Unit" -- has been disbanded. This program, started by a former CIA officer who leveraged the city's post-9/11 anxieties to craft major changes to guidelines governing the surveillance of New Yorkers, spent a considerable amount of time infiltrating and surveilling entire mosques under the pretense that each and every member was somehow related to ongoing counterterrorism investigations.

The investigations performed by this unit did considerable damage to the civil liberties of mosque attendees over the last decade, but failed to turn up any credible suspects, much less terrorism-related arrests. The unit's pervasive surveillance so thoroughly violated First and Fourth Amendment protections that the CIA and FBI were unable to avail themselves of the "intelligence" collected by the NYPD without violating federal guidelines. When even the CIA can't look at your investigative results for fear of violating its own minimal civil liberties protections, you know you've got a problem.

Bill Bratton, returning to the NYPD commissioner's office, seems to have realized that programs like the Demographics Unit ultimately do more harm than good. When heading the Los Angeles Police Department, he was approached with a similar idea for tracking that city's Muslim community. He had this to say then:

“A lot of these people came from countries where the police were the terrorists,” he said at the time. “We don’t do that here. We do not want to spread fear. We want to deal with criminals.”
The NYPD, before his return, had no such concerns. If anything, the NYPD actively created distrust -- both in the New York Muslim community and around the world, sending its officers uninvited to peer over the shoulders of local police and investigative units at scenes of terrorism activity in countries like Kenya and Bali.

The new NYPD is still staffed with the old NYPD, which means change will be slow and likely fought every step of the way. Muslims are understandably concerned that the public disbandment of the Demographics Unit will just result in the level of surveillance being unchanged, if only a bit more unfocused. Bratton seems to be nudging the department towards a more FBI-esque set of rules, which isn't ideal, but is certainly much better than the abusive behavior permitted under the NYPD's internal guidelines.

It does appear the NYPD will be moving towards something resembling an actual police force, rather than a law unto itself. Without Kelly and Bloomberg around to defend its every overstep, the NYPD can no longer expect to skirt the Constitution with impunity. But there's a long way to go to fix things, so any optimism must be tempered by the fact that good habits are tough to instill and bad habits are extremely hard to break. Five years of oversight is a start, but the city -- meaning the mayor and the police commissioner -- must be willing to hold its officers accountable.



Permalink | Comments | Email This Story







Author: "Tim Cushing"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 19:38
A few years ago, we wrote about the bizarre and quixotic effort by Florida businessman Christopher Comins to find any possible way to sue University of Florida student and blogger Matthew Frederick VanVoorhis for his blog post concerning a widely publicized event in which Comins shot two dogs in a field (video link). The story made lots of news at the time, but Comins didn't go after any of the major media -- instead targeting VanVoorhis for a defamation suit. The original blog post is "novelistic" but it's difficult to see how it's defamatory. Either way, Comins' case was shot down on fairly specific procedural grounds: namely that Florida defamation law requires specific notice be given to media properties at least 5 days before a lawsuit is launched. Specifically, the law says:
Before any civil action is brought for publication or broadcast, in a newspaper, periodical, or other medium, of a libel or slander, the plaintiff shall, at least 5 days before instituting such action, serve notice in writing on the defendant, specifying the article or broadcast and the statements therein which he or she alleges to be false and defamatory.
Comins' lawsuit was dumped because he failed to give such notice. Comins argues that he did give such a notice (though the letter he sent did not meet the requirements of such notice under the law) and (more importantly for this discussion) that VanVoorhis' blog did not count as a media publication, and thus the law did not apply. The original court ruling rejected that pretty quickly, and now on appeal, a state appeals court has not just rejected Comins' anti-blog claim more thoroughly, but also highlighted the importance of blogs to our media landscape.

The full ruling does a nice job giving the history and purpose of the law above, as well as the importance of encouraging the media to report on difficult stories. And from there, it explains why VanVoorhis' blog is clearly a part of the media and why blogs in general are so important:
...it is hard to dispute that the advent of the internet as a medium and the emergence of the blog as a means of free dissemination of news and public comment have been transformative. By some accounts, there are in the range of 300 million blogs worldwide. The variety and quality of these are such that the word “blog” itself is an evolving term and concept. The impact of blogs has been so great that even terms traditionally well defined and understood in journalism are changing as journalists increasingly employ the tools and techniques of bloggers – and vice versa. In employing the word “blog,” we consider a site operated by a single individual or a small group that has primarily an informational purpose, most commonly in an area of special interest, knowledge or expertise of the blogger, and which usually provides for public impact or feedback. In that sense, it appears clear that many blogs and bloggers will fall within the broad reach of “media,” and, if accused of defamatory statements, will qualify as a “media defendant” for purposes of Florida’s defamation law as discussed above.

There are many outstanding blogs on particular topics, managed by persons of exceptional expertise, to whom we look for the most immediate information on recent developments and on whom we rely for informed explanations of the meaning of these developments. Other blogs run the gamut of quality of expertise, explanation and even- handed treatment of their subjects. We are not prepared to say that all blogs and all bloggers would qualify for the protection of section 770.01, Florida Statutes, but we conclude that VanVoorhis’s blog, at issue here, is within the ambit of the statute’s protection as an alternative medium of news and public comment.
While it seems crazy that this kind of issue is still being debated in 2014, it's good to see a court make such a clear statement on the fact that blogs will often qualify as media properties.

Permalink | Comments | Email This Story







Author: "Mike Masnick"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 18:36
We've pointed out for a while how the various attempts at creating revenge porn bills will have serious unintended consequences and raise serious First Amendment issues. This is not to minimize the problems of revenge porn (or to absolve the sick and depraved individuals who put together, submit to or regularly visit such sites). However, it's to point out that pretty much any way you try to legislate such actions as criminal likely will create other problems. For example, I'm sure many of you heard the story recently about US Airways... um... unfortunate pornographic tweet. It was the story of the internet a few days ago, in which a United Air social media employee did a very unfortunate cut and paste error, tweeting out a very graphic image that involved a naked woman and a plane where it... doesn't quite belong (for slightly lighter fare, I highly recommend reading some of the of the funny replies to that tweet). For what it's worth, US Air has said that it was an honest mistake and it's not even firing the person responsible.

What does any of this have to do with revenge porn? Well, not a whole lot, other than to note, as lawyer Scott Greenfield did, if you retweeted the picture, there's a good chance you violated criminal revenge porn laws. And that's true -- though it's really specific to one law, right now, which is New Jersey's. California has a revenge porn law too, but it's much more limited and likely wouldn't apply here. New Jersey's law on the other hand includes this:
An actor commits a crime of the third degree if, knowing that he is not licensed or privileged to do so, he discloses any photograph, film, videotape, recording or any other reproduction of the image of another person whose intimate parts are exposed or who is engaged in an act of sexual penetration or sexual contact, unless that person has consented to such disclosure. For purposes of this subsection, "disclose" means sell, manufacture, give, provide, lend, trade, mail, deliver, transfer, publish, distribute, circulate, disseminate, present, exhibit, advertise or offer.
Even if the original photograph was done "consensually" note that you need consent for that specific disclosure. In other words, if you retweeted that image, you probably violated New Jersey criminal laws.

And, yes, it seems likely that the expected introduction of a federal anti-revenge porn bill will include a similar provision. It's already been stated that law professor Mary Anne Franks is helping draft the legislation, and her draft legislation relies heavily on New Jersey's. Here's one version of her draft legislation:
An actor commits a crime if he knowingly discloses a photograph, film, videotape, recording, or other reproduction of the image of another person whose intimate parts are exposed or who is engaged in an act of sexual contact, when the actor knows or should have known that the person depicted did not consent to such disclosure and under circumstances in which the person has a reasonable expectation of privacy. A person who has consented to the capture or possession of an image within the context of a private or confidential relationship retains a reasonable expectation of privacy with regard to disclosure beyond that relationship.
Franks' bill does include some exceptions, and she might argue that this might qualify under the exception for "disclosures that serve a bona fide and lawful public purpose," though that leaves the person retweeting the image in the unenviable position of defending that retweeting a major US airline accidentally tweeting a photo of a woman with a model plane stuck up her vagina is somehow "a bona fide and lawful public purpose." Of course, that's part of why we have the First Amendment, because we don't want people to have to defend why the particular speech they're making has a "bona fide and lawful public purpose." Instead, we recognize that making people have to defend the intent of their speech likely has chilling effects.

Permalink | Comments | Email This Story







Author: "Mike Masnick"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 17:30
There have been a number of libel cases popping up over the past few years where random insults on Twitter are turned into full blown court cases. Tragically, these cases have picked up the "twibel" name -- a neologism that seems silly and pointless. Still, it's good to see that courts appear to (mostly) be recognizing that random insults shouldn't be considered libelous. Venkat Balasubramani has the details of a recent ruling (where both parties represented themselves!), in which a court recognized that saying on Twitter that someone is "fucking crazy" isn't libelous, especially as part of a "heated" online discussion. I won't get into the details of the case, other than that it involves a horse named Munition, but here's the Court's discussion:
The tweet cannot be read in isolation, but in the context of the entire discussion. In this case, the tweet was made as part of a heated Internet debate about plaintiff’s responsibility for the disappearance of her horse. Furthermore, it cannot be read literally without regard to the way in which a reasonable person would interpret it.

The phrase “Mara Feld . . . is fucking crazy,” when viewed in that context, cannot reasonably be understood to state actual facts about plaintiff’s mental state. It was obviously intended as criticism—that is, as opinion—not as a statement of fact. The complaint therefore cannot base a claim of defamation on that statement
Of course, as Eric Goldman amusingly notes at the end of Venkat's post, "bringing a defamation lawsuit over tweets is almost always fucking crazy," reminding us that it will almost certainly reinforce the association between the phrase and the person who brought the lawsuit, Mara Feld.

Permalink | Comments | Email This Story







Author: "Mike Masnick"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 16:25
Last fall, we noted that the world's largest patent troll, Intellectual Ventures, was running out of cash, which is somewhat incredible, given that it had previously claimed to have raised $6 billion in investments (though many of its earliest deals with tech companies were categorized as "investments" when they were really promises not to sue, combined with access to the patent bank) and a further $3 billion in licenses. It should take a long time to spend $9 billion when your company produces nothing that has ever been brought to market, but that's IV for you. As we noted in that story last fall, many of the tech companies that initially "invested" in Intellectual Ventures had no interest at all in re-upping, as they felt that the whole thing had been a bait-and-switch. They were initially told it was a "patent defense fund," not a giant patent troll itself.

However, while many of the companies have indeed avoided giving IV any more money, it appears that Microsoft and Sony were quite happy to dump a lot more cash into IV, which has now ramped up its patent buying efforts again (as well as its lobbying and political contributions in an effort to kill off patent reform). Microsoft, of course, has always been close to IV, seeing as it was started by the company's former CTO, Nathan Myhrvold, who is also a close friend of Bill Gates (who has directly helped IV get some patents). Similarly, Microsoft has become one of the most aggressive patent abusers over the last decade, increasingly relying on its stock of patents to make money from other people's innovations, rather than innovating on its own.

It is similarly no wonder that the company somewhat famous for having nearly all of its major success based on copying the work of others, is now trying to stop anyone else from doing the same without paying a massive tax. There was a time when Bill Gates said:
"If people had understood how patents would be granted when most of today's ideas were invented and had taken out patents, the industry would be at a complete standstill today... A future start-up with no patents of its own will be forced to pay whatever price the giants choose to impose."
And, now, via Intellectual Ventures and its own patent holdings, Microsoft seems to be trying to make sure Gates' prediction is a reality. It all fits in to the same paradigm we've observed for years. When you're young, you innovate. When you're old, you litigate. Microsoft appears to have given up on innovation, but is ramping up on litigation, and re-investing in patent trolling via Intellectual Ventures is merely the latest step.

Permalink | Comments | Email This Story







Author: "Mike Masnick"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 15:10
Yet another story of hypocrisy by the recording industry? Why yes, indeed. For years now, we've been covering the issue of pre-1972 sound recordings. When Congress wrote the 1909 Copyright Act, it did not cover sound recordings, because Congress didn't think that sound recordings qualified for copyright. In a statement released by Congress with the Act, it said it deliberately chose not to cover sound recordings, believing that they weren't covered by the Constitutional limitation on "writings" for copyright protection:
Indeed, the report released with the Copyright Act expressly stated that Congress did not intend to protect sound recordings: "It is not the intention of the committee to extend the right of copyright to the mechanical reproductions themselves, but only to give the composer or copyright proprietor the control, in accordance with the provisions of the bill, of the manufacture and use of such devices." According to one commentator, Congress had two principal concerns about sound recordings, leading it to decline to protect them. First, Congress wondered about the constitutional validity of such protection. The Constitution allows Congress to protect "writings," and Congress was uncertain as to whether a sound recording could constitute a writing. Second, Congress worried that allowing producers to exclusively control both the musical notation and the sound recording could lead to the creation of a music monopoly.
That latter concern certainly was prescient. When Congress did a massive overhaul of copyright law in 1976, the recording industry was a much more powerful lobby, and so sound recordings were included. However, in the years between 1909 and 1976, many states had created their own (often bizarre) "state" copyrights to protect recordings. Rather than deal with this in an intelligent way, Congress basically said the new federal copyright rules would only apply to songs recorded in 1972 or after, and pre-1972 recordings would remain in a bizarre limbo. This has created a whole host of legal issues, and the Copyright Office has been trying to figure out what to do about this for years.

However, it appears that the recording industry would like it both ways. When it's to their advantage, they claim that pre-1972 recordings should be treated just like modern song recordings. And when it's not to their advantage, they insist that pre-1972 recordings should be treated wholly differently. In various hearings about the issue, the RIAA has been one of the most vocal in arguing against treating pre-1972 recordings as if they're covered by federal copyright law. And, at the same time, they've argued in court repeatedly that the DMCA safe harbors don't apply to pre-1972 recordings, making various music storage lockers liable for any such recordings they host. Some courts have rejected this theory, while others have accepted it. Either way, the recording industry has been pretty adamant that pre-1972 recordings should be treated differently, so they can sue whomever they want.

And yet... when various streaming music companies recognize this fact, and note that pre-1972 recordings aren't covered under statutory licensing regimes... the recording industry freaks out. Michael Huppe, the President of SoundExchange -- an organization created by the RIAA -- is writing in Billboard magazine about how unfair it is that streaming services like Sirius XM and Pandora don't pay statutory rates for pre-1972 recordings. Huppe complains that "this is not fair" and notes:
It's a matter of simple fairness to offer equal treatment for all sound recordings.
Okay. If that's true, then why aren't SoundExchange and the RIAA out there in support of federalizing the copyright in pre-1972 recordings? Why aren't SoundExchange and the RIAA agreeing to the fact that the DMCA's safe harbors apply equally to pre-1972 recordings? I'm all for "equal treatment for all sound recordings" as well, but someone ought to point out to SoundExchange and the RIAA: you first.

Permalink | Comments | Email This Story







Author: "Mike Masnick"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 13:53
This won't come as a huge surprise, but Ladar Levison and Lavabit have now lost their appeal on whether or not they were in contempt for failing to compromise the security of every one of Lavabit's customers in complying with the DOJ's demands to get access to who Ed Snowden had been emailing. The ruling does a decent job explaining the history of the case, which also details some of the (many, many) procedural mistakes that Lavabit made along the way, which made it a lot less likely it would succeed here. Let this be a massive reminder that, if you're dealing with this kind of stuff, getting a good lawyer on your side immediately is important. Unfortunately, the procedural oddities effectively preclude the court even bothering with the much bigger and important question of whether or not a basic pen register demand requires a company to give up its private keys. As the court details, the problem seems to be how Lavabit went about the legal process here:
In the district court, Lavabit failed to challenge the statutory authority for the Pen/Trap Order, or the order itself, in any way. Yet on appeal, Lavabit suggests that the district court’s demand for the encryption keys required more assistance from it than the Pen/Trap Statute requires. Lavabit never mentioned or alluded to the Pen/Trap Statute below, much less the district court’s authority to act under that statute. In fact, with the possible exception of an undue burden argument directed at the seizure warrant, Lavabit never challenged the district court’s authority to act under either the Pen/Trap Statute or the SCA.
The court basically says that because Lavabit mucked up the process, the appeal is going to fail. It further rejects the claim that Lavabit did, in fact, challenge the Pen/Trap order when Levison objected to turning over his keys. The court notes that such a claim is a stretch.
In making his statement against turning over the encryption keys to the Government, Levison offered only a one-sentence remark: “I have only ever objected to turning over the SSL keys because that would compromise all of the secure communications in and out of my network, including my own administrative traffic.” (J.A. 42.) This statement -- which we recite here verbatim -- constituted the sum total of the only objection that Lavabit ever raised to the turnover of the keys under the Pen/Trap Order. We cannot refashion this vague statement of personal preference into anything remotely close to the argument that Lavabit now raises on appeal: a statutory-text-based challenge to the district court’s fundamental authority under the Pen/Trap Statute. Levison’s statement to the district court simply reflected his personal angst over complying with the Pen/Trap Order, not his present appellate argument that questions whether the district court possessed the authority to act at all.
Levison represented himself pro se at the beginning of the case (adding to the mess of procedural problems), and while his legal team tries to use that as a reason why the court should forgive some of the procedural mistakes, the court rejects that as well (even noting that, as a limited liability company, Lavabit shouldn't have been allowed to proceed pro se in the first place).

The hail mary attempt in the case was to argue that because the underlying issues are of "immense public concern" (and they are) that the court should ignore the procedural mistakes. The court flatly rejects that notion:
Finally, Lavabit proposes that we hear its challenge to the Pen/Trap Order because Lavabit views the case as a matter of “immense public concern.” (Reply Br. 6.) Yet there exists a perhaps greater “public interest in bringing litigation to an end after fair opportunity has been afforded to present all issues of law and fact.” United States v. Atkinson, 297 U.S. 157, 159 (1936). And exhuming forfeited arguments when they involve matters of “public concern” would present practical difficulties. For one thing, identifying cases of a “public concern” and “non-public concern” –- divorced from any other consideration –- is a tricky task governed by no objective standards..... For another thing, if an issue is of public concern, that concern is likely more reason to avoid deciding it from a less-than-fully litigated record....

Accordingly, we decline to hear Lavabit’s new arguments merely because Lavabit believes them to be important.
This is unfortunate on many levels, because it's not just Lavabit that believes these issues to be of immense public concern. Either way, this mess of a case should be a reminder that, especially when dealing with the government, it's important to get good lawyers on your side from the very beginning.

Permalink | Comments | Email This Story







Author: "Mike Masnick"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 12:23
Usually, the NSA's whoppers are so ham-fisted everyone knows them for falsehoods. And if there's any question, you can usually rely on the fact that when the agency's lips move, it's stretching the truth so far that it's as good as a lie.

But from the start of Snowden's revelations, one of the NSA's tall tales has differed vastly from the others. It's so subtle and ubiquitous, such a consummate Big Lie, that even the surveillance-state's fiercest critics haven't spotted it.

Can you? Let's play Find the Fib with this testimony to Congress last June from Deputy Attorney General James Cole (though, to be fair, he doesn't state the Big Lie outright but only implies it in the phrases I've emphasized):
"[T]here's a great deal of minimization procedures that are involved here, particularly concerning any of the acquisition of information that deals or comes from US persons. As I said, only targeting people outside the United States who are not US persons."
Want another hint? Check out the letter Director of National Intelligence James Clapper wrote Sen. Ron Wyden, though he too merely implies the Big Lie:
"There have been queries … using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States … These queries were performed pursuant to minimization procedures approved by the FISA court and consistent with the statute and the Fourth Amendment."
Yep, those are my emphases again -- and I included "Fourth Amendment" because that's the biggest clue of all. Here's the text of that strangled, mangled, moribund member of the Bill of Rights:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Anyone see notation there about "US persons" and "non-US persons?" Yet for basically its entire existence, the NSA has pretended that the Fourth prohibits the government from searching American citizens without a warrant (not that that's stopped the spooks) while authorizing it to search the rest of the world willy-nilly.

But the Fourth's language is so clear that even Clapper should comprehend it: without a warrant, the government may not "violate" anyone's "person, house, papers, and effects." Whether he's Australian or American, from Utah or Uzbekistan, living in or visiting Mexico or Massachusetts is irrelevant.

"Wait a minute!" the NSA's bureaucrats sneer. "'People' is just a synonym for 'citizens.'"

Wrong. The Founding Fathers wrote "citizen" when that's what they meant (remember, most of these Dead White Men were fluent in Greek and Latin, which is to say they understood and used language precisely). And though they employ "citizen" eleven times in the body of the Constitution, they mention only "people" and "persons" in the Bill of Rights. For example, when delineating the requirements for election to the House of Representatives, the Senate, and the presidency, the Constitution specifies the minimum number of years each official must have been a citizen.

But when the Constitution concludes, and its amendments begin, "citizen" goes on hiatus. As you may recall from high-school history, the Anti-Federalists insisted on adding ten amendments to the Constitution, the partial list of liberties known as the Bill of Rights. Anti-Federalists distrusted and loathed government, even the Constitution's severely limited one: they eerily, accurately predicted today's creeping totalitarian state and tried to protect themselves with a written guarantee that the government would never restrict their speech, disarm them, spy on them, etc.

The Anti-Federalists also realized that politicians and bureaucrats powerful enough to silence, disarm, and spy on foreigners will certainly pull the same stunts at home. That's why the Bill of Rights consistently says "people," as in the Ninth Amendment: "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people." The nationality of the government's victim doesn't matter: politicians and bureaucrats may not silence, disarm, or spy on, etc., anyone. Then, bingo, when the Bill of Rights ends and nationality becomes pertinent again in the Eleventh Amendment, "citizen" pops up like clockwork.

Of course, at this point, discussions of the Constitution are somewhat academic: our rulers have amply demonstrated their disdain for it and us. But, unlike Sen. Dianne Feinstein or German Chancellor Angela Merkel, we should be as livid when the Feds spy on others as when they spy on us. The Constitution clearly, adamantly prohibits both.

Becky Akers is the author of two novels, Halestorm and Abducting Arnold. Both are set during the American Revolution, when Peeping Toms were horsewhipped rather than handsomely paid to spy on citizens.

Permalink | Comments | Email This Story







Author: "Becky Akers"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 10:16

The LAPD wants you, Joe Citizen, to help it out with its surveillance. It has enlisted the help of a crowdsourcing tool called LEEDIR to collect photos and recordings from everyday people who may have additional footage of natural disasters or civil unrest that could help out both emergency responders and cops looking to put a few more demonstrators in jail.

In today's announcement, earthquakes, terrorist attacks, and the Boston Marathon bombings were mentioned as scenarios in which LEEDIR could help law enforcement respond to disasters or large-scale public security threats. One might also imagine large citizen protests like Occupy Wall Street being the focus of such crowdsourced surveillance.
It's unarguable that the addition of crowdsourced photos and video helped authorities track down the Boston Bombing suspects, which shows that there is some value to this service. But, as is pointed out by Xeni Jardin, it could also be used to build a database of people enjoying First Amendment-protected activities. Currently, the site is soliciting input for any info related to last week's party-turned-riot in Isla Vista, CA, where over 100 arrests were made and 44 people injured, including five police officers. The notice clearly states the police are "seeking to identify several subjects wanted for violent felonies that occurred during the evening."

This is a potentially useful tool that isn't completely evil, but there are some definite concerns. For one, there's no real way to submit anything anonymously. You aren't required to input your name, but the app itself demands access to GPS data and any other communications-related metadata is likely hoovered up by LEEDIR when images and video are uploaded.


There are also other questions left unanswered about the handling of the data submitted.
According to today's announcement, agencies might typically retain uploaded content for a month or two, then delete it. But there's no requirement to delete it…
And the way the system is accessed and used seems to lend itself to abuse.
It's up to law enforcement to provide analysts or investigators to sort through all of the content uploaded to LEEDIR and find potential evidence…

Once the content is uploaded, it belongs to law enforcement, [Co-Global CEO Nick] Namikas said. It's up to each agency to decide how long they want to store the content in the cloud – a service being provided by Amazon.
An unfiltered influx of photos and videos curated by law enforcement officers. What could possibly go wrong? The tool may be aimed at natural disasters (which provides free access to police and emergency responders in the affected area), but paid subscriptions are available which would keep LEEDIR live at all times for any law enforcement agency willing to foot the bill.

As if the potential negatives of this sort of crowdsourcing weren't apparent enough, there's also the very large problem of who's behind this new system.
Under the leadership of disgraced former LA County Sheriff Lee Baca, the department is said to have conceptualized the web service and smartphone app, which was built by Citizen Global with Amazon

Baca's administration was plagued by corruption and scandal, and he resigned amid ongoing investigation into possible criminal activity. Certainly no such imperfect leader would misuse LEEDIR.
But LA Sheriff's Dept. commander Scott Edson sees no downside:
“I like to call this a flag-waving opportunity,” Edson said. “This is a great opportunity for the public who really wants to catch those guys as badly as any law enforcement agency wants to catch them. Now they’re going to have an opportunity.”
Sure. Just like "see something, say something" filled DHS Fusion Centers with thousands of reports of people using cameras. With unfiltered access to whatever citizens submit, law enforcement can browse for unrelated criminal activity or simply use it to fill in the holes in their surveillance network.

It's not that it couldn't help, as it did in the Boston Bombing. It's that the downside isn't even being considered by the proponents of the system, which include a former law enforcement official accused of corruption. There's seemingly no oversight to the program and absolutely no concerns being raised about privacy or the potentially endless retention of non-relevant footage and photos.



Permalink | Comments | Email This Story







Author: "Tim Cushing"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 07:11

In the wake of the serious Heartbleed flaw in OpenSSL, more people are becoming aware of how widely used and important open source encryption tools are, and how their security is too often taken for granted. Some people were already worrying about this back in September last year, when we learned that the NSA had intentionally undermined encryption by weakening standards and introducing backdoors. As Techdirt reported, that led to a call for a security audit of TrueCrypt, a very popular open source disk encryption tool. Fortunately, the Open Crypto Audit Project raised a goodly sum of money through FundFill and IndieGogo, which allowed the first phase of the audit to be funded. Here's what's now been done (pdf):

The Open Crypto Audit Project engaged iSEC Partners to review select parts of the TrueCrypt 7.1a disk encryption software. This included reviewing the bootloader and Windows kernel driver for any system backdoors as well as any other security related issues.
The good news:
iSEC found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.
However, it did still find vulnerabilities in the code it examined:
the iSEC team identified eleven (11) issues in the assessed areas. Most issues were of severity Medium (four (4) found) or Low (four (4) found), with an additional three (3) issues having severity Informational (pertaining to Defense in Depth).

Overall, the source code for both the bootloader and the Windows kernel driver did not meet expected standards for secure code. This includes issues such as lack of comments, use of insecure or deprecated functions, inconsistent variable types, and so forth.
Because of that, among the recommendations that iSEC made was the following:
Improve code quality. Due to lax quality standards, TrueCrypt source is difficult to review and maintain. This will make future bugs harder to find and correct. It also makes the learning curve steeper for those who wish to join the TrueCrypt project.
That's an important point, and probably something that other open source projects might take to heart, too. Some have called into question whether Linus's Law -- that "all bugs are shallow, given enough eyeballs" -- is really true for free software (although Eric Raymond, author of "The Cathedral and the Bazaar", has offered a robust defense of that claim.) One reason why those eyeballs may not be finding the bugs is that the code, though open, is unnecessarily hard to read.

The fact that vulnerabilities were found -- even if "all appear to be unintentional, introduced as the result of bugs rather than malice" as iSEC puts it -- is another reason why the second phase of the audit, which will look at the details of how the cryptographic functions have been implemented, is necessary. The discovery of "issues" in TrueCrypt's code also underlines why similar audits need to be conducted for all important open source security programs: if there are vulnerabilities in TrueCrypt, there are likely to be more elsewhere, perhaps much more serious. Finding them is largely a question of money, which is why companies currently free-riding on free software -- perfectly legally -- should start seriously thinking about making some voluntary contributions to help audit and improve them to prevent another Heartbleed.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+



Permalink | Comments | Email This Story







Author: "Glyn Moody"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 03:05
Interesting report over at the WSJ noting that some at Google are considering if they should boost the search results for sites that are encrypted as an attempt to encourage more widespread use of encryption. I would be a bit surprised if the company did this, as Google always claims that it's focus is entirely on the quality of the content of sites, and delivering people to what they're looking for. While the search algorithms do take into account things like page load time, it seems like encryption status might not be seen as a real indicator of quality. Still, I hope that Google does seriously consider such a move, because it could (very quickly) drive many more sites to encrypt -- and, it would probably (finally) drive more services that refuse to make encryption work to figure it out. For example, almost no media sites will do full encryption because it would effectively break most ad networks. So, for most media properties, going full encryption automatically means taking a huge hit in ad revenue. The various ad networks could do things to fix this, but very few of them seem interested (actually, very few of them seem to even understand the issue). If Google were to make this change, then the pressure coming from media properties (many of whom live and die based on their Google rankings) to ad networks to figure this out, would hopefully be enough to create a real shift.

Permalink | Comments | Email This Story







Author: "Mike Masnick"
Send by mail Print  Save  Delicious 
Date: Wednesday, 16 Apr 2014 00:00
Most folks don't really like flying for more than a few hours at a time, so it's not really a problem for a lot of people that most planes aren't even capable of flights lasting longer than day. (Zeppelins can fly for weeks at a time, but those ships haven't been flying regularly for a while.) Autonomous drones have been making some really long flights recently, and there may be more uses for aircraft that can stay up in the air for long periods of time. Here are just a few examples. If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Permalink | Comments | Email This Story







Author: "Michael Ho"
Send by mail Print  Save  Delicious 
Next page
» You can also retrieve older items : Read
» © All content and copyrights belong to their respective authors.«
» © FeedShow - Online RSS Feeds Reader