EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.25.18

EPO, a Longtime Privacy Offender, Uses General Data Protection Regulation (GDPR) Day to Lie to the Public

Posted in Deception, Europe, Patents at 5:40 pm by Dr. Roy Schestowitz

They won't pay attention to your crime. If you keep insisting you oppose that crime...

Summary: The European Patent Office (EPO) has the nerve to pretend to value privacy after all it has done; it’s just exploiting the “GDPR Day” buzz to spread some more face-saving lies about the very subject it has become incredibly notorious for

MUCH remains or needs to be said about what the EPO wrote today. Unlike the USPTO, for example, the EPO is widely known for privacy abuses and data handling violations. The EPO is notorious for breaking such laws. But remember that it’s immune from lawsuits (unlike the USPTO — a subject to be covered this weekend).

“The EPO is notorious for breaking such laws.”We’re going to leave aside new tweets about software patents (the EPO has once again promoted its sponsored ‘study’ which is actually advocacy of software patents), the latest (re)tweets about “Inventor Award” (still about half a dozen per day, promoting the looting of the EPO's treasury), and even the Cypriot tweet from Georgios Lakkotrypis, who wrote: “Delighted to welcome the @EPOorg 12th Annual Meeting in #Cyprus. At a time when IP protection is vital for accelerated innovation, the 2-day deliberations in #Limassol offer an excellent opportunity for enhanced cooperation.”

These just aren’t particularly new of interesting. Let’s look at this promotion of Battistelli’s ‘blog’ (warning: epo.org link) where he wrote: “At the other end of the spectrum, the integrity of personal data held by organisations has been widely reported recently and that is sure to continue when the EU GDPR enters into force today. The EPO holds personal data but the amount we have is kept to the minimum legally required under the European Patent Convention and its rules, and with strict adherence to the personal data minimisation principle.”

“Battistelli is a serial violator of privacy who clearly broke the law on several different occasions and should be prosecuted for it (but he’s immune).”Really?! Battistelli is a serial violator of privacy who clearly broke the law on several different occasions and should be prosecuted for it (but he’s immune). Now he pretends that the EPO values privacy. The EPO’s official site has just written about it too (warning: epo.org link), basically piggybacking the General Data Protection Regulation (GDPR) to spread a big lie about its record on privacy. Thankfully, we have plenty of information with which to rebut. See for example the EPO's passage of data to Europatis, the company of a former EPO Vice-President (VP1).

How about the time Battistelli libeled a judge by liaising with Dutch and German media to label that judge “Nazi”? And the same (or similar) for Elisabeth Hardon and other staff representatives, whom Battistelli accused of Nazi-type saluting? Remember that not only was illegal surveillance deployed but selected ‘leaks’ of confidential inquiries were made available to the press. It was a dirt-dishing exercise by the IU, the ‘gestapo’ of Battistelli. And they have the audoacity to brag about “privacy” today. How dare they? The EPO is the very antithesis of privacy, with number plate recognition (more obtrusive surveillance) recently added to the building as if patent examiners are CIA/BND agents.

“The EPO is the very antithesis of privacy, with number plate recognition (more obtrusive surveillance) recently added to the building as if patent examiners are CIA/BND agents.”Incidentally, Märpel has just published some additional details about the Elisabeth Hardon case. Battistelli and his IU apparently intruded a GMail account after they had already snooped on other E-mails to and from Hardon, eventually firing EPO staff representatives (not only her) for speaking about a profoundly critical matter (a staff suicides epidemic). To quote Märpel:

There are so many problems with this judgement that Märpel does not know where to start. Maybe she should simply start with the facts: someone committed suicide and Mrs Elisabeth Hardon, who had dealt with that person as a staff representative, was understandably upset. She was all the more upset because it was the second suicide under the same manager. Judgment 3968 fails to mention that “detail”, although the tribunal was certainly informed by the defendant.
After that suicide Mrs Hardon send an E-mail to an internal SUEPO distribution list were she stated as follows:
“[...] most of us believe that the behaviour of [the deceased staff member's] (previous) manager and the unfounded attacks by PD4.3 (culminating in a disciplinary procedure) have contributed significantly to his death. [...] Formally the Office will of course deny any guilt. But we hope that this letter will contribute to an internal discussion and maybe some lessons will be learnt.”
(This is the text, verbatim, from judgement 3968.)

Märpel finds that text to be a rather measured response to a double suicide. Mr A., the manager of the two deceased persons, considered that single e-mail harassment.

Harassment has always been a difficult subject at the EPO, so difficult that the definition of harassment was the subject of several circulars. Märpel understands that Mrs Hardon was found guilty under the terms of a circular published after the facts (point 8 of judgement 3968).

Actually, Mrs Hardon was NOT found guilty, twice. VP4 wrote to that effect on 13 July 2012 (point 4 of judgement 3968) and the disciplinary committee wrote a report to the same effect on 28 January 2014 (point 8 of judgement 3968). But President Battistelli found otherwise and decided to downgrade Mrs Hardon.

Judgement 3968 confirmed the sanction. Most striking is point 18: “Consistent case law holds that the executive head of an international organisation is not bound to follow a recommendation of any internal appeal body nor bound to adopt the reasoning of that body”. Märpel understands that AT-ILO is satisfied that President Battistelli can strike any staff member he wants, with complete disregard for internal disciplinary bodies.

Isn’t there a problem with that?

Mrs. Hardon was dismissed later and for another case of “harassment” (that time a single word and not an email). She was dismissed together with another SUEPO official, Ion Brumme. A third SUEPO official, Malika Weaver, was downgraded. The 3 cases are planned for the next session of AT-ILO, right in time for President Battistelli end of contract bonus and inventor of the year event. Timing is everything. Märpel hates to predict the future, but her contacts in the 7th floor of the Isar building told her that the celebrations shall not be spoiled. It is a little known fact that the Office receives AT-ILO judgements before official publication.

Having already published the very detailed IU report, or the ‘case’ (‘trial’?) against Hardon, it’s very clear to us that the EPO breached privacy laws. Does the public care? Can Battistelli carry on lying about privacy without being challenged on it?

“Can Battistelli carry on lying about privacy without being challenged on it?”Soon enough, according to sources, Battistelli will treat himself like a literal king where he plans to prematurely inaugurate a Dutch building instead of showing up for trial at the ICC nearby. One reader asked us about this lavish, self-flattering ceremony: “Any idea what Battistelli’s big announcement at inauguration of new building is about? And why Campinos is not invited? The rumours are vague.”

Well, in case someone knows, please get in touch. As we understand it, Battistelli’s parade will be rained on when SUEPO in the Netherlands organises a party to celebrate his departure. SUEPO in the Netherlands, having already witnessed staff jumping from the window (during working hours), certainly knows that this ‘king’ has blood on his hands — probably a much more serious issue than his privacy violations — like those used against a Dutch lady who ‘dared’ speak about suicides.

Isn’t it funny that the EPO cited “privacy” when it sent me several legal threats (SLAPP) but was perfectly happy to violate the privacy of all EPO staff, especially those whom Battistelli tried getting rid of?

The Unitary Patent and the Unified Patent Court (UPC): This Week’s Latest Spin and Lies

Posted in Europe, Patents at 4:40 pm by Dr. Roy Schestowitz

The EPO wrote this (below) more than two years ago

UPC

Summary: The EPO has adopted a largely passive approach, choosing barely to comment at all on the UPC whereas Team UPC keeps repeating the same misleading if not patently untrue claims to perpetuate the notion that UPC is inevitable

THE EPO does not mention the UPC so much anymore. In fact, it barely ever mentions it at all. Ever since the complaint in Germany got ‘docketed’ the cabal of Battistelli mostly hid under a rock, choosing not to comment much on the corruption involved (it was more than political stunts and gross manipulation). António Campinos will likely be more of the same regarding UPC.

“Ever since the complaint in Germany got ‘docketed’ the cabal of Battistelli mostly hid under a rock, choosing not to comment much on the corruption involved (it was more than political stunts and gross manipulation).”Earlier today and yesterday [1, 2] the EPO spoke of this upcoming event (warning: epo.org link) which covers, as per the page: “Update on unitary patent protection” (litigation).

“António Campinos will likely be more of the same regarding UPC.”“Three days left to register for the next EPO User Day,” they said. “Need a review of the formal requirements in the European patent procedure and their implications for online filing? If so, this is the event for you…”

Notice how much of a side issue UPC is; it’s just one bulletpoint in a very long list. This, in our view, represents a reality wherein the EPO basically chooses not to make promises about the UPC (for fear of further embarrassment, knowing that UPC isn’t coming to fruition).

“Notice how much of a side issue UPC is; it’s just one bulletpoint in a very long list.”But what about Team UPC? These people spent (or shall we say wasted?) many years and plenty of money crafting this horrible thing and lobbying for its passage. Bristows, for example, having just flung copies of its UPC propaganda pieces at sites like Lexology (the patent microcosm, mirroring the corporate blog of Bristows), tells us we’re supposed to think that UPC will kick off soon and the only remaining question is, who’s in it? That’s a classic Team UPC lie which we’ll see more of in a moment..

“Spanish government provides further reasons for not joining unitary patent and UPC system,” says the headline. Gemma Barrett and Manuel Rey-Alvite Villar wrote towards the end something which is at least instructive:

In addition to the language regime, the Minister indicated the following were reasons for non-participation:

the uncertainty of the system’s future due to both the challenge in the German Constitutional Court and Brexit;

a Spanish company would still be able to obtain a unitary patent and enforce it (outside Spain) in the UPC; and

the higher costs of litigation in the UPC than in a Spanish court, which would be a particular problem for SMEs.

All of these (3 reasons) are applicable to every single country in the EU, so why do some politicians agree to ratify (text which they never even bothered actually reading)?

Writing about Italy yesterday, IAM’s sister site said this:

Italy is also a party to the Agreement on the Unified Patent Court (which was ratified in November 2016) and in July 2015 joined the enhanced cooperation on the unitary patent system. It has also been decided that Milan will host the Italian local division of the court.

“Will host” assumes certainty; but they meant “would” and the answer/outcome is likely “wouldn’t.”

They are talking about the UPC in future tense/s as though it will definitely happen/materialise, but the UPC is dead in the water right now. It may take several years for the negative outcome to be confirmed.

“They are talking about the UPC in future tense/s as though it will definitely happen/materialise, but the UPC is dead in the water right now.”IAM’s sister site also wrote about Saudi Arabia on the same day and it was so full of patent maximalism. It’s not hard to understand considering this network’s funding sources. Here they go on about the GCC’s “unitary patent” (not the same thing): “In 1992 the GCC approved a patent regulation that established a unitary patent right covering all GCC countries. The GCC Patent Office was established in 1992 in Riyadh, Saudi Arabia and started accepting applications in 1998. The GCC patent regulations were amended in 2000, notably adding in a novelty requirement for patentability. A GCC patent is valid and enforceable in all GCC states with no need for further validation steps.”

Going back to the EU-centric “unitary patent”, watch Claire Wallis, Tobias Reker and Coreena Brinck (CMS Cameron McKenna Nabarro Olswang LLP) making some dubious claims, such as:

Finally, the last hurdle the UPCA currently faces is the pending court case before the German courts as to whether the participation of Germany in the UPCA and UP is unconstitutional.

No. Not last. Because the UK cannot participate either. Brexit is arguably far bigger a barrier than the constitutional complaint, which actually ties into it (Brexit is brought up as one of four core arguments).

“Brexit is arguably far bigger a barrier than the constitutional complaint, which actually ties into it (Brexit is brought up as one of four core arguments).”“If the German complaint is found inadmissible it is possible that the UPC may finally come into force, by the end of 2018,” it concludes. Not really, that’s the EPO management’s talking point. And it’s as misleading as can be. The EPO has been making promises like these for a number of years (projecting the start of UPC just months ahead); it was always, without exception, in vain.

REGIMBEAU’s Stéphanie Celare continues to spread Team UPC’s lies as well. All the above are from yesterday, just like this one. In short, the UPC simply cannot start without the UK and the UK cannot participate; that’s aside from serious corruption that served to impede and ultimately stopped UPC ratification in Germany. To quote Celare:

Will the UK be part of the Unitary Patent System after Brexit? The UK’s future relationship with the Unified Patent Court will be subject to negotiation with European partners as they leave the EU. Now the UK Government has ratified the UPC Agreement, it seems clear that the UK wishes to be part of the Unitary Patent System after Brexit, and to maintain a branch of the Unified Patent Court in London. Some amendment to the UPC Agreement will however be necessary to enable such a scenario.

This again is false; they’re just reusing each other’s misleading talking points, leading many potential clients to utter disappointment (not to mention waste of money). Team UPC is, to put it bluntly, a bunch of greedy and legally-aggressive liars. In fact, they either intentionally lie or are deeply deluded. They keep pretending that the only question about UPC is, “who’s in it?”

“They try to silence those who correct them. It never ends well.”This is bad legal advice if not malpractice. A lot of legal professionals have long been pointing out the same thing, whereupon Team UPC simply resorted to more flagrant censorship of blog comments. They try to silence those who correct them. It never ends well.

Links 25/5/2018: OpenSUSE 15 Leap Released, PostgreSQL 11 Beta

Posted in News Roundup at 3:07 pm by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

Free Software/Open Source

  • FOSS as a Part of a Corporate Sustainability Plan

    In 1983 the United Nations convened a commission of 22 people to investigate the question of the worldwide environmental and social impact of human development. Four years later, in 1987, the commission released Our Common Future, more commonly known as the Brundtland Report in honour of Gro Harlem Brundtland, chairperson of the commission. This report detailed the very real socio-environmental issues facing humanity. One of its recommendations was for governments, organizations and companies to start engaging in what it called sustainable development. That is, “…development that meets the needs of the present without compromising the ability of future generations to meet their own needs”.

    Since then there’s been steep growth in the number of corporations that maintain and operate according to a corporate sustainability plan. These plans encompass environmental as well as social aspects of doing business. They encompass actions within an organization—such as natural resource usage, diversity and inclusion, and fair treatment of employees—as well as those external to the organization—such as the sustainability operations of their entire supply chain as well as the overall impact the corporation has on the Earth and its inhabitants.

  • Securing Third-Party and Open Source Code Components: A Primer [Ed: Citing, as usual, firms that try to sell their proprietary software by badmouthing FOSS]

    The increasing popularity of open source code continues to be a boon for developers across the industry, allowing them to increase efficiency and streamline delivery. But there are security risks to be considered when leveraging open source and commercial code components, as each carries with it a significant risk of becoming the enemy within, creating a vulnerability in the program it helps build.

  • Events

    • Speak at Open Source Summit Europe – Submit by July 1

      Open Source Summit Europe is the leading technical conference for professional open source. Join developers, sysadmins, DevOps professionals, architects and community members, to collaborate and learn about the latest open source technologies, and to gain a competitive advantage by using innovative open solutions.

  • Web Browsers

    • Mozilla

      • Firefox 63 to Get Improved Tracking Protection That Blocks In-Browser Miners

        Mozilla developers are working on an improved Tracking Protection system for the Firefox browser that will land in version 63, scheduled for release in mid-October.

        Tracking Protection is a feature that blocks Firefox from loading scripts from abusive trackers. It was first launched with Firefox’s Private Browsing mode a few years back, but since Firefox 57, released in November 2017, users can enable it for normal browsing sessions at any time.

      • Firefox 63 To Block Cryptojackers With Advanced Tracking Protection

        It has been reported by Bleeping Computer, a security blog, that Firefox 63 will be launched with an improved tracking protection system to ward off the threats and security concerns posed by in-browser miners.

        With the surge in incidents involving mining malware trying to use your CPU power to perform some CPU-intensive calculations for their own benefit, many browsers have raised their guards by providing additional security features. (You can read more about blocking cryptocurrency mining in your browser in our earlier published article.)

      • What’s the 411 on 404 messages: Internet error messages explained

        Nothing’s worse than a broken website. Well, maybe an asteroid strike. Or a plague. So maybe a broken website isn’t the end of the world, but it’s still annoying. And it’s even more annoying not knowing what those weird error messages mean. That’s why we’ve decoded the most common HTTP error messages.

  • SaaS/Back End

    • Canonical founder calls out OpenStack suppliers for ‘lack of focus’ on datacentre cost savings

      The OpenStack supplier community’s reluctance to prioritise the delivery of datacentre cost savings to their users could prove “fatal”, says Canonical co-founder Mark Shuttleworth.

    • OpenStack in transition

      OpenStack is one of the most important and complex open-source projects you’ve never heard of. It’s a set of tools that allows large enterprises ranging from Comcast and PayPal to stock exchanges and telecom providers to run their own AWS-like cloud services inside their data centers. Only a few years ago, there was a lot of hype around OpenStack as the project went through the usual hype cycle. Now, we’re talking about a stable project that many of the most valuable companies on earth rely on. But this also means the ecosystem around it — and the foundation that shepherds it — is now trying to transition to this next phase.

    • Free OpenStack Training Resources
    • How the OpenStack Foundation Is Evolving Beyond Its Roots

      The OpenStack Foundation is in a period of transition as it seeks to enable a broader set of open infrastructure efforts than just the OpenStack cloud project itself.

      In a video interview at the OpenStack Summit here, OpenStack Foundation Executive Director Jonathan Bryce and Chief Operating Officer Mark Collier discussed how the open-source organization is still thriving, even as corporate sponsorship changes and attendance at events declines.

      At the event, Collier said there were approximately 2,600 registered attendees, which is nearly half the number that came to the OpenStack Boston 2017 event. OpenStack’s corporate sponsorship has also changed, with both IBM and Canonical dropping from the Platinum tier of membership.

  • Databases

    • PostgreSQL 11 Beta 1 Released!

      The PostgreSQL Global Development Group announces that the first beta release of PostgreSQL 11 is now available for download. This release contains previews of all features that will be available in the final release of PostgreSQL 11, though some details of the release could change before then.

      In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 11 in your database systems to help us eliminate any bugs or other issues that may exist. While we do not advise for you to run PostgreSQL 11 Beta 1 in your production environments, we encourage you to find ways to run your typical application workloads against this beta release.

    • PostgreSQL 11 Beta 1 Released With JIT Compilation, More Performance Tuning

      The first beta of PostgreSQL 11.0 is now available for testing.

      Just yesterday we happened to be talking about the new features coming for PostgreSQL 11 and today happened to mark the beta availability. PostgreSQL 11 is bringing continued performance optimizations, better handling of large data sets, usability improvements. initial JIT compilation support by making use of LLVM, and more.

    • MariaDB launches Oracle compatible enterprise open source database

      Enterprise computing has often been reliant on proprietary database architecture, but this can be both complex and costly, putting up a barrier to innovation.

      Now open source database specialist MariaDB is launching its latest enterprise offering with Oracle compatibility. This allows existing Oracle Database users to reuse existing code and established skill sets when migrating applications or deploying new ones.

      MariaDB TX 3.0 introduces built-in, system-versioned tables, enabling developers to easily build temporal features into applications. This eliminates the need to manually create columns, tables and triggers in order to maintain row history, freeing DBAs to simply create new tables with system versioning or alter existing tables to add it, streamlining the process significantly. Developers can query a table with standard SQL to see what data looked like at a previous point in time, such as looking at a customer’s profile history to see how preferences have changed over time.

    • MariaDB TX 3.0 Delivers First Enterprise Open Source Database to Beat Oracle, Microsoft and IBM

      MariaDB® Corporation today announced the release of MariaDB TX 3.0, the first enterprise open source database solution to deliver advanced features that, until now, required expensive, proprietary and complex databases.

    • 5 Open-Source SQL IDEs for You to Learn and Explore

      If you’ve done a lot with SQL, you’ve probably used some form of SQL IDE to help you complete that work. Yes, it’s possible to do everything in SQL from the command line; but creating or even maintaining databases and tables that way is an exercise in masochism. There are some nice commercial IDEs such as dbArtisan and SQL Server’s Management Studio, but IDEs is one area where open-source can do just as well (or in some cases, even better).

  • Oracle/Java/LibreOffice

  • Pseudo-Open Source (Openwashing)

  • BSD

  • FSF/FSFE/GNU/SFLC

    • FSFE Newsletter – May 2018

      Following a more than a decade long tradition, the FSFE once again led its annual Free Software Legal and Licensing Workshop (LLW) in Barcelona, Spain, as a meeting point for world-leading legal exper…

Leftovers

  • Science

    • Opinion: Should Human-Animal Chimeras Be Granted “Personhood”?

      There are several emerging biotechnologies that raise ethical questions regarding the definition of personhood. One of these innovations is xenotransplantation, which uses gene editing (CRISPR-Cas9) and stem cell technologies to create human-pig or human-sheep chimeras that can grow human organs for transplantation. While most people understand that pigs growing human livers and kidneys could save lives, there is an ethical fear that these technologies may generate animals that incorporate human cells into their brains or sex organs—situations that require broader discussions regarding the question whether such organisms attain the status of personhood.

    • Ingestible “bacteria on a chip” could help diagnose disease

      MIT researchers have built an ingestible sensor equipped with genetically engineered bacteria that can diagnose bleeding in the stomach or other gastrointestinal problems.

      This “bacteria-on-a-chip” approach combines sensors made from living cells with ultra-low-power electronics that convert the bacterial response into a wireless signal that can be read by a smartphone.

      “By combining engineered biological sensors together with low-power wireless electronics, we can detect biological signals in the body and in near real-time, enabling new diagnostic capabilities for human health applications,” says Timothy Lu, an MIT associate professor of electrical engineering and computer science and of biological engineering.

  • Hardware

    • Internal Documents Show Apple Knew the iPhone 6 Would Bend

      Apple’s internal tests found that the iPhone 6 and iPhone 6 Plus are significantly more likely to bend than the iPhone 5S, according to information made public in a recent court filing obtained by Motherboard. Publicly, Apple has never said that the phones have a bending problem, and maintains that position, despite these models commonly being plagued with “touch disease,” a flaw that causes the touchscreen to work intermittently that the repair community say is a result of bending associated with normal use.

      The information is contained in internal Apple documents filed under seal in a class-action lawsuit that alleges Apple misled customers about touch disease. The documents remain under seal, but US District Court judge Lucy Koh made some of the information from them public in a recent opinion in the case.

  • Health/Nutrition

    • Swiss Group Suggests Switzerland Use Compulsory Licences To Curb Cancer Drug Prices

      Public Eye, a well-known Swiss non-governmental organisation, convened the side event at the 71th World Health Assembly, taking place from 21-26 May. On this occasion, they launched a new campaign: ‘For Affordable Drugs’.

      According to Public Eye’s press release, the Swiss healthcare system is struggling to cope with the skyrocketing prices of new treatments, and in particular cancer drugs. Cancer treatments often reach over CHF 100,000 (US$100,000) per patient, per year, they said.

    • Why Your Health Insurer Doesn’t Care About Your Big Bills

      Michael Frank ran his finger down his medical bill, studying the charges and pausing in disbelief. The numbers didn’t make sense.

      His recovery from a partial hip replacement had been difficult. He’d iced and elevated his leg for weeks. He’d pushed his 49-year-old body, limping and wincing, through more than a dozen physical therapy sessions.

      The last thing he needed was a botched bill.

      His December 2015 surgery to replace the ball in his left hip joint at NYU Langone Medical Center in New York City had been routine. One night in the hospital and no complications.

      He was even supposed to get a deal on the cost. His insurance company, Aetna, had negotiated an in-network “member rate” for him. That’s the discounted price insured patients get in return for paying their premiums every month.

      But Frank was startled to see that Aetna had agreed to pay NYU Langone $70,000. That’s more than three times the Medicare rate for the surgery and more than double the estimate of what other insurance companies would pay for such a procedure, according to a nonprofit that tracks prices.

  • Security

    • [Crackers] infect 500,000 consumer routers all over the world with malware

      VPNFilter—as the modular, multi-stage malware has been dubbed—works on consumer-grade routers made by Linksys, MikroTik, Netgear, TP-Link, and on network-attached storage devices from QNAP, Cisco researchers said in an advisory. It’s one of the few pieces of Internet-of-things malware that can survive a reboot. Infections in at least 54 countries have been slowly building since at least 2016, and Cisco researchers have been monitoring them for several months. The attacks drastically ramped up during the past three weeks, including two major assaults on devices located in Ukraine. The spike, combined with the advanced capabilities of the malware, prompted Cisco to release Wednesday’s report before the research is completed.

    • Do Not Use sha256crypt / sha512crypt – They’re Dangerous

      I’d like to demonstrate why I think using sha256crypt or sha512crypt on current GNU/Linux operating systems is dangerous, and why I think the developers of GLIBC should move to scrypt or Argon2, or at least bcrypt or PBKDF2.

    • Intel CPU Bug Affecting rr Watchpoints

      I investigated an rr bug report and discovered an annoying Intel CPU bug that affects rr replay using data watchpoints. It doesn’t seem to be hit very often in practice, which is good because I don’t know any way to work around it. It turns out that the bug is probably covered by an existing Intel erratum for Skylake and Kaby Lake (and probably later generations, but I’m not sure), which I even blogged about previously! However, the erratum does not mention watchpoints and the bug I’ve found definitely depends on data watchpoints being set.

      I was able to write a stand-alone testcase to characterize the bug. The issue seems to be that if a rep stos (and probably rep movs) instruction writes between 1 and 64 bytes (inclusive), and you have a read or write watchpoint in the range [64, 128) bytes from the start of the writes (i.e., not triggered by the instruction), then one spurious retired conditional branch is (usually) counted. The alignment of the writes does not matter, and it’s not related to speculative execution.

    • Security updates for Friday
    • Ryzom falling: Remote code execution via the in-game browser

      Ryzom’s in-game browser is there so that you can open links sent to you without leaving the game. It is also used to display the game’s forum as well as various other web apps. The game even allows installing web apps that are created by third parties. This web browser is very rudimentary, it supports only a bunch of HTML tags and nothing fancy like JavaScript. But it compensates for that lack of functionality by running Lua code.

      You have to consider that the Lua programming language is what powers the game’s user interface. So letting the browser download and run Lua code allows for perfect integration between websites and the user interface, in many cases users won’t even be able to tell the difference. The game even uses this functionality to hot-patch the user interface and add missing features to older clients.

    • For Red Hat, security is a lifestyle, not a product

      Red Hat has a sterling reputation in Linux security circles. That means the company has a workable process for preventing problems and responding to them. Even if you don’t use Linux, the Red Hat security approach has a lot going for it, and some of its practices might be worth adopting in your own shop.

    • How insecure is your router?

      Your router is your first point of contact with the internet. How much is it increasing your risk?

      [...]

      I’d love to pretend that once you’ve improved the security of your router, all’s well and good on your home network, but it’s not. What about IoT devices in your home (Alexa, Nest, Ring doorbells, smart lightbulbs, etc.?) What about VPNs to other networks? Malicious hosts via WiFi, malicious apps on your children’s phones…?

      No, you won’t be safe. But, as we’ve discussed before, although there is no such thing as “secure,” it doesn’t mean we shouldn’t raise the bar and make it harder for the Bad Folks.™

    • 24 best free security tools
  • Defence/Aggression

    • The NFL’s ‘Anthem Policy’ Is Pure Hypocrisy

      The NFL’s new “anthem policy” requires players to “respect” the flag and the national anthem or stay in the locker room until it is played. The NFL refers to this as a compromise — it was anything but.

      This was a mandate, not a decision arrived at through a collaborative process. Despite claiming that they would consult with the players before making a decision on this issue, the National Football League Players Association said, “The NFL chose to not consult the union in the development of this new ‘policy.’” So the league and owners will decide what shows “respect.”

      Kneeling is out. The Pittsburg Steelers indicated that raising a fist or linking arms is out. If one team decides a gesture or posture is respectful but another team doesn’t like it, what will happen? One of the NFL officials actually said, “We will know it when we see it.”

      [...]

      John Elway and other NFL officials have said that we should “take the politics out of football.” Really? What about the millions of dollars paid to the NFL by the Department of Defense to promote the military? If encouraging people not to serve in the military is a political act, then encouraging them to serve is equally political. What about the show of military aircraft flying overhead and flags streaming across the field? Kneeling during the anthem has nothing to do with being for or against military recruiting, but the Pentagon paid for the NFL to promote the military — an overtly political act — and the NFL has been delivering. There is nothing wrong with that, but it is what it is. The NFL gave up being non-political a long time ago.

      The NFL said the new policy would change “a false perception among many that thousands of NFL players were unpatriotic.” Think about that for a minute. There was a false perception that players were unpatriotic, meaning the players kneeling were patriotic. The cure for this false perception is to force players to stand when they would prefer to kneel. By forcing them to stand, the fans will now know they are patriotic. This makes no sense.

    • Cuba regrets CIA Bay of Pigs veteran died without trial

      Havana expressed regret Thursday that a former CIA agent who led a bloody campaign against Fidel Castro had died without ever being brought to justice for “terrorist” crimes against Cuba.

      Luis Posada Carriles, a Cuban-born veteran of the failed 1961 Bay of Pigs invasion, died Wednesday aged 90 at his home near Miami.

    • Cuba regrets CIA veteran died in Miami without facing trial for ‘terrorist’ crimes
    • U.S. Attacks That Killed ‘Hundreds’ of Russians and Syrians Detailed in New Report

      ew details have emerged regarding clashes between a U.S.-led coalition and an alliance of Syrian and Russian forces fighting on behalf of Syrian President Bashar al-Assad in a new, dramatic report.

      Citing interviews and documents obtained by the newspaper, The New York Times revealed how a four-hour firefight erupted February 7 in eastern Syria, leaving hundreds of pro-Syrian government fighters—including Russians—dead. Syria has blamed the U.S. for the bloodshed, which the U.S. argues was in self-defense. Russia has distanced itself from the incident, telling the Pentagon that the Russians involved were volunteer fighters, not part of Russia’s armed forces.

  • Transparency/Investigative Reporting

    • Julian Assange’s refuge ‘in jeopardy’
    • Assange’s refuge in Ecuadorian embassy ‘in jeopardy’

      Julian Assange’s nearly six-year refuge at the Ecuadorian embassy in London is in danger, opening the WikiLeaks founder to arrest by British authorities and potential extradition to the US, multiple sources with knowledge tell CNN.
      While Assange has in the past claimed his position in the embassy was under threat, sources say his current situation is “unusually bad” and that he could leave the embassy “any day now,” either because he will be forced out or made to feel so restricted that he might choose to leave on his own. His position there is “in jeopardy,” one source familiar with the matter said.
      Assange’s exit from the embassy could open a new phase for US investigators eager to find out what he knows.

    • Report: Julian Assange Might Get Kicked Out of Ecuadorian Embassy

      WikiLeaks founder Julian Assange is on the verge of being evicted from his hideout at the Ecuadorian embassy in London, according to CNN. A source said Assange could leave “any day now,” subjecting himself to extradition to the United States. CNN reports that the U.S. is pressuring Lenin Moreno, Ecuador’s new president, to kick Assange out. Assange might also be “made to feel so restricted that he might choose to leave on his own,” according to CNN.

    • Wikileaks Founder Julian Assange May Be Forced Out of Ecuadorian Embassy in London ‘Any Day Now’

      Wikileaks founder Julian Assange may be forced out of the Ecuadorian Embassy in London where he has lived for the past six years “any day now,” according to a CNN report.

    • Julian Assange “in jeopardy” of being forced into UK and US detention

      According to a CNN report today, WikiLeaks founder Julian Assange is in imminent danger of being forced to leave the Ecuadorian embassy in London. He would face arrest by British authorities and potential extradition to the US, where he could face life imprisonment or execution on espionage charges.

      CNN said that “multiple sources with knowledge” of Assange’s “unusually bad” situation warned that he could be removed from the embassy “any day now”—either forced out or made to feel so restricted that he might leave on his own.

      Since seeking political asylum in the embassy in 2012, Assange has been effectively detained in a tiny room without charge for 2,726 days. For 59 days, he has been denied visitors and outside communications since the Ecuadorian government cut off his access on March 28.

    • If Trump’s team was colluding with Russia, why did it keep asking WikiLeaks for things?
    • Assange’s protection from US extradition “in jeopardy”

      Almost two months after Julian Assange’s ability to receive visitors and access to digital communications was severely curtailed by the Government of Ecuador, CNN reports that the situation has become “unusually bad”.

      Without the protection of the Ecuadorian government, Assange is liable to be arrested in the UK on charges related to a bail violation. More seriously, this would also open the way to questioning and a likely extradition request from the United States, where a grand jury investigation has been looking into Assange and WikiLeaks for publishing US secrets since 2010.

      Last week, the Guardian reported that the UK and Ecuador were engaged in negotiations to attempt to bring the impasse over Assange’s asylum status to an end, without a guarantee that Assange should be protected from the prospect of extradition for his publication activities. Such a settlement would appear to breach principles of international and Ecuadorian domestic law.

    • Both Democrats And Republicans Blame The Messenger When Leaked Emails Are Made Available

      Back during the 2016 election, when Wikileaks published John Podesta’s leaked emails, Democrats freaked out and blamed Wikileaks, and even tried to lie about the validity of those emails. Many supporters of the Democratic party, to this day, believe that Wikileaks and/or Julian Assange should face legal consequences for publishing those hacked emails. Of course, Republicans cheered on that effort. Sean Hannity, who back in 2010 was screaming about how Assange was “waging his war against the U.S.” by publishing the leaked documents from Chelsea Manning and demanding that Obama “arrest” Assange, is now seen as one of Assange’s most vocal supporters even having him on his show.

      But, of course, when the shoe is on the other foot, things change. Just recently, various news organizations started reporting on shenanigans by top Trump fundraiser, Elliott Broidy, based on a leak of Broidy’s emails. Broidy’s not taking this very well, issuing a subpoena to the Associated Press to try to uncover the news organization’s source for his emails.

  • Environment/Energy/Wildlife/Nature

  • Finance

    • Trump is proposing to lift ZTE’s ban for $1.3bn and nobody is happy

      The latest word is that Trump wants a complete management overhaul at ZTE and a $1.3bn ‘fine’ paid to lift the restrictions which prevent the company from buying parts made by American companies.

      As if that wasn’t enough, Congress appears to be united against Trump on this – both sides of the house have expressed the wish that no deal is done and that the ZTE ban remains in place.

    • Media Quote Frank on Rolling Back Dodd/Frank–Not Disclosing He’s Now a Bank Director

      The House of Representatives voted on Tuesday to roll back key provisions of the landmark Dodd/Frank Wall Street Reform and Consumer Protection Act, a 2010 law that increased regulatory scrutiny of banks following the 2008 financial crisis.

      One of the many provisions of the original Dodd/Frank law subjected banks with over $50 billion in assets to annual economic “stress tests” to gauge their potential for collapse in the event of an economic crisis. The rollback bill raises that threshold to $250 billion, which would exempt at least two dozen “small” banks, including SunTrust, BB&T, Charles Schwab and American Express. By comparison, in 2008, key failed bank Countryside had only $172 billion in assets, and so would have avoided stress testing, while other financial dominos like Washington Mutual ($264 billion) and Bear Stearns ($289 billion) were close to the lower limit.

      The Dodd/Frank rollback also relaxes banks’ reporting requirements on borrowers, and adds exemptions for banks with less than $10 billion in assets from the Volcker Rule, a Dodd/Frank provision that bars banks from investing deposits in risky private equity and hedge funds.

  • AstroTurf/Lobbying/Politics

    • Elon Musk has a very bad idea for a website rating journalists

      Fact-checking sites perform an invaluable service, but they are labor-intensive, not a self-regulating system like what Musk proposes. Such systems are inevitably and notoriously ruled by chaos, vote brigades, bots, infiltrators, agents provocateur and so on.

    • Tom the Dancing Bug: Our Nation’s Leaders Analyze the Data on USA’s Gun Violence
    • European Earthquake as Populist Government Forms in Italy

      The revolt of voters across the Western world has reached a high point in Europe.

      The Five Star Movement and the League, two so-called “populist” political parties in Italy, are preparing to form a government after Wednesday’s appointment of a new prime minister following an election result that could directly challenge the foundations of the European Union.

      Like other anti-system movements around Europe, the Italian parties are calling in particular for abandoning the neoliberal economic policies and speculative finance, which are hollowing out the middle class.

      The breakthrough comes two and a half months after the elections held on March 4, in which Italian voters sent an unequivocal message to the current political institutions, not simply of protest, but of a desire to actually give power to those willing to implement deep changes.

    • Hey Elon Musk, Let’s Talk About The Media

      And, yesterday you went on a bit of a Twitter rant about the media and said that you were going to start a media truth rating site called Pravda (clever!). And, as with the Boring Company, I believe you’ll do it. I mean, you actually did incorporate Pravda Corp. last fall. So, you’ve got that going for you.

      On top of that, I even think you have a general point about how bad the mainstream media is. We’ve been at this for over 20 years, and some of our most successful stories have been calling out really bad reporting by big publications. It’s good to keep them honest.

      That said, I have some pretty serious concerns about this whole setup and believe you’ve misdiagnosed the problem.

      [...]

      I’m curious if you could point to any actual example of that happening in practice today for a mainstream publication? I know that Gawker — who your former colleague Peter Thiel killed off — used to pay writers a bonus based on clicks, but I can’t think of any other news organization that still does that. It’s a nice story that people outside the media like to claim, but actual journalists know is not actually the case. Hell, here at Techdirt, I’ve never actually told any of our writers how much traffic their stories get, because I don’t want them thinking about clicks at all. I want them to write the best stories they can write, and then they can let me focus on how to monetize good content and a good insightful community, rather than just going for scale and clicks.

      [...]

      But, there is a larger, more important issue here that should be discussed. I know you’ve dismissed a few people who have suggested your anti-media rant does more harm than good, but you might want to rethink that stance. Yes, the media makes mistakes. Sometimes those mistakes are pretty serious. And, yes, some media organization are just… terrible. But painting the entire media industry with a broad brush, at the same time that many other powerful institutions who don’t want to be held accountable (*cough* *cough*) are doing the same thing, doesn’t help make the media better or more credible. It just empowers those who seek to discredit the actually good and necessary job of underpaid, overworked reporters who are actually breaking important stories, holding the powerful accountable and speaking truth to power.

    • Are Democrats Screwing Themselves Over By Suing Russia?

      The DNC is suing Russia, Wikileaks, and Donald Trump for alleged campaign and election interference, and this lawsuit might be one of the biggest mistakes the Party has made in recent years. Ring of Fire’s Mike Papantonio and Farron Cousins discuss this.

    • Trump Administration Ordered to Help DNC With Lawsuit Against Russia

      The Democratic National Committee won a court order forcing President Donald Trump’s administration to help in the group’s lawsuit accusing Russia of interfering in the 2016 election.

      U.S. District Judge John Koeltl on Wednesday granted the DNC’s request to enlist Secretary of State Mike Pompeo’s department to formally serve Russia with the complaint through a provision of the Foreign Sovereign Immunities Act. Russia generally refuses to accept U.S. legal complaints in the mail, complicating the Democratic group’s suit over the meddling.

      [...]

      Beginning in mid-2016, WikiLeaks released almost 20,000 emails from inside the DNC that showed, among other things, how staffers had favored Hillary Clinton during her primary campaign against Bernie Sanders — prompting Representative Debbie Wasserman Schultz of Florida to resign as committee head. Later in the campaign, WikiLeaks released tens of thousands of emails from the Gmail account of John Podesta, Clinton’s campaign chairman.

  • Censorship/Free Speech

    • Federal judge rules that Trump can’t block Twitter users

      Ever since Donald Trump took office, there’s been controversy around his Twitter addiction. Chief among the issues with president’s use of Twitter is how he frequently blocks his critics. As an elected official, many have argued that his account represents official communication that should be free for anyone to see, and there have already been several lawsuits around his habit of blocking users. As of today, it looks like there’s some legal weight behind that argument: a Federal judge just ruled that Trump should not be allowed to block users because it is a first amendment violation.

    • Court rules that Trump can’t block people on Twitter

      A New York federal judge has ruled that Donald Trump can’t block people he doesn’t like on Twitter, because he uses Twitter to communicate his edicts and policies as President of the United States, and the US government can’t exclude communications based on viewpoint, as this violates the First Amendment.

    • A Judge Ruled It’s Unconstitutional for President Trump to Block Twitter Users

      Because Trump’s account is considered a “public forum,” the judge ruled that “blocking of the plaintiffs based on their political speech constitutes viewpoint discrimination that violates the First Amendment.”

    • Judge rules Trump can’t block users on Twitter

      But Buchwald did not order Trump or Scavino to unblock the individual plaintiffs in the case or prohibit them from blocking others from the account based on their views as the plaintiffs’ had asked.

      She said a declaratory judgment should be sufficient.

    • Court Says It’s Unconstitutional For Trump To Block People On Twitter, But Doesn’t Actually Order Him To Stop

      Just last month, we noted that a court in Kentucky had ruled that the Governor of that state was free to block critics on social media accounts, saying that while people are free to speak, the First Amendment does not mean that the Governor has to listen. As we noted at the time, that ruling did not bode well for a more high profile case that was filed by the Knight First Amendment Center at Columbia University against President Donald Trump under similar circumstances. However, as you may have heard, a federal court in New York has now ruled that Trump’s blocking is unconstitutional.

      This is, not surprisingly, getting lots of attention, but many people commenting on it are not fully understanding the actual issues in the lawsuit (shocking, I know, that people doing legal analysis on the internet might sometimes not get it right…). As we’ve noted plenty of times in the past, the First Amendment does not apply to private platforms, and nothing in this ruling means that Twitter is a “public forum” (as some nuttier lawyers are trying to argue in other cases). Instead, the ruling is specific that it is just the commentary in response to Donald Trump that has become a public forum.

      [...]

      There is one odd bit that is not mentioned in most of the commentary on this ruling. And it’s this: the court does not actually order Trump to stop blocking people. It just says that it’s unconstitutional. Given the choice between giving the Knight Center injunctive relief (i.e., forcing the defendant to comply) and merely declaratory relief (i.e., telling the plaintiff they are correct), it chose the latter. It notes that there is some question of whether or not the courts can impose injunctive relief on a sitting President, and decides to side-step the question altogether.

    • Swedish Journalist Probed for ‘Hate Speech’ Over Sharia-Mocking Cartoons

      According to Sjunnesson, he was reported to the police by the taxpayer-funded Näthatsgranskaren (Net Hate Examiner) group, which is on the lookout for online posts containing hate [sic] speech. The group presents itself as independent, yet received a total of SEK 600,000 ($74,000) in state aid via the Swedish Agency for Youth and Society (MUCF) in 2017.

      Fellow journalist and writer Katerina Janouch urged the public to share these “insulting” pictures to “give these Net Hate Terrorists a pain in the neck” and support Jan Sjunnesson. “Please RT. Let’s commit felony together,” Janouch tweeted.

    • NRATV host equates gun restrictions to media censorship

      “You can still report on the shootings, we just need reasonable laws that place limitation on the glory and fame you give to these killers and their twisted motivations,” he said.

      Noir then goes on to reveal that the calls to censor media coverage of shooters was a setup.

      “You know that feeling of anxiety that shot through your body when I said the government should pass laws to limit the media’s ability to exercise their First Amendment right?” Noir asked. “That’s the same feeling gun owners get when they hear people say the same thing about the Second Amendment.”

    • Childish Gambino shows pop music can be powerfully political despite censorship

      The ConversationIt is a violently subversive darkly comic take on police brutality, white supremacy, and US machismo – and Childish Gambino’s music video, This is America, has been released to critical acclaim, 180 million YouTube hits (and counting), and minimal backlash.

      It may seem incongruous, then, that in 1988, Noam Chomsky and Ed Herman proposed that the media industry would not oppose state or private power in any fundamental way.

      Herman and Chomsky highlighted five causal factors that led them to this conclusion: concentrated corporate ownership; the prevalence of advertising money; the reliance on official information sources; the disproportionate ability of powerful organisations to issue flak against dissenters, and a pervasive axiom that the Western economic system is a panacea.

    • Swedish ISP Telenor will voluntary block The Pirate Bay

      Now, a year later, Telenor – an ISP which has long fought against site-blocking in Sweden – will voluntarily begin blocking The Pirate Bay.

    • Prosper High School journalists allege newspaper censorship by principal, fight editorial policy

      Student journalists at Prosper High School are fighting an editorial policy that they say unfairly restricts what they can and cannot print after three controversial pieces were censored this year.

      Students were told by principal John Burdett that editorials would not be published because they were “incorrect, not uplifting and did not voice all 3,000 students at their high school,” a news release states.

    • Students protest censorship, job cuts at Otago uni

      About 170 students braved freezing weather to march on the University of Otago clocktower brandishing signs opposing the disposal of editions of Critic magazine, university job cuts, and too much of a focus on marketing at a protest today.

      [...]

      Representatives of the group Students Against Sexual Violence also spoke at the protest, about what they perceived as an attempt to censor them from speaking about sexual assault on campus.

    • Conservatives Fail the N.F.L.’s Free Speech Test

      The United States is in the grips of a free-speech paradox. At the same time that the law provides more protection to personal expression than at any time in the nation’s history, large numbers of Americans feel less free to speak. The culprit isn’t government censorship but instead corporate, community and peer intimidation.

      Conservatives can recite the names of the publicly shamed from memory. There was Brendan Eich, hounded out of Mozilla for donating to a California ballot initiative that defined marriage as the union of a man and woman. There was James Damore, abruptly terminated from Google after he wrote an essay attributing the company’s difficulty in attracting female software engineers more to biology and free choice than to systemic discrimination. On campus, the list is as long and grows longer every semester.

      It is right to decry this culture of intolerance and advocate for civility and engagement instead of boycotts and reprisals. The cure for bad speech is better speech — not censorship. Take that message to the heartland, and conservatives cheer.

    • Ukraine war on free speech coordinated with US

      There is no independent policy in Kiev, they do everything in conjunction with the US, and new sanctions against Russian media reinforce those suspicions, executive editor of 21st Century Wire.com Patrick Henningsen told RT.

      Ukraine has blocked access to the websites of Russian news organizations by including them on a sanctions list that is in sync with the US Treasury. RIA Novosti-Ukraine and Sputnik with the agencies’ resources are banned for three years.

    • Russia accuses Ukraine of ‘censorship’ after sanctions on RIA news agency

      Ukraine’s decision to include a Russian state news agency in its sanctions list amounts to “political censorship”, the agency, RIA, quoted Russian foreign ministry spokeswoman Maria Zakharova as saying on Thursday.

      Kiev has added Russian state news agency RIA Novosti to its sanctions list, the website of the Ukrainian president said earlier on Thursday.

    • Ukraine blocks access to websites of leading Russian TV channels
    • Sanctions Against Sputnik Another Act of Political Censorship – Foreign Ministry
    • ‘USSR Blocked Western Media, Modern Ukraine Blocks Russia’s’ – Writer
    • Journalistic Community Slams Kiev’s Ban on Russian media
    • Sputnik, RIA Novosti Ukraine Blocked in Ukraine According to New Sanctions List
    • Menstruation magazine cover sparks censorship row in New Zealand
    • Row over New Zealand student magazine’s ‘period issue’
    • Kevin McCarthy Won’t Stand For Conservative Censorship
  • Privacy/Surveillance

    • The EU’s new data-privacy law takes effect Friday. Its reach extends into the Triangle.

      Red Hat, SAS and other companies that hold data on Europeans have a new set of data privacy rules to deal with as of Friday.

      But while the local software giants, like other firms, have had two years’ notice of the advent of the European Union’s “General Data Protection Regulation” and think they’ve made a solid effort to comply, they admit the jury is still out on whether they’ve thought of and covered everything.

    • ​ICANN Makes Last Minute WHOIS Changes to Address GDPR Requirements

      The Board of Directors of the Internet Corporation for Assigned Names and Numbers (ICANN) struggled and sweated and with days left came up with a way to make the Domain Name System (DNS) and WHOIS, the master database of who owns what website name, compliant with the European Union (EU)’s General Data Protection Regulation (GDPR).

      We’ll see.

      It doesn’t appear to me that ICANN’s “Temporary Specification for gTLD Registration Data” will pass muster with the GDPR Article 29 working party, the GDPR enforcement group.

    • What is the GDPR Privacy Law and Why Should You Care?

      The General Data Protection Regulation (GDPR) is a new European Union law that takes effect today, and it’s the reason you’ve been receiving non-stop emails and notices about privacy policy updates. So how does this affect you? Here’s what you need to know.

      The new GDPR law takes effect today, May 25th, 2018, and it covers data protection and privacy for EU citizens, but it also applies to a lot of other countries in various ways, and since all the tech giants are huge multi-national corporations, it affects a lot of the stuff that you use on a daily basis.

    • Woman says her Amazon device recorded private conversation, sent it out to random contact

      A Portland family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon’s Alexa — the voice-controlled smart speaker — and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family’s contact list.

      “My husband and I would joke and say I’d bet these devices are listening to what we’re saying,” said Danielle, who did not want us to use her last name.

    • Amazon Alexa Records Couple’s Personal Conversation And Sends It To A Contact

      Another day, another stop in the ‘privacy breach’ journey of IoT.

      In a startling and alarming incident, a Portland, Oregon based woman named ‘Danielle’ has accused Amazon Alexa of recording her personal conversation with her husband and sending it to a contact without permission.

    • Wireless Carrier Abuse Of Location Data Makes The Facebook, Cambridge Scandal Look Like Amateur Hour

      As we’ve noted a few times now, however bad the recent Facebook and Cambridge Analytica scandal was, the nation’s broadband providers have routinely been engaged in much worse behavior for decades. Yes, the Cambridge and Facebook scandal was bad (especially Facebook threatening to sue news outlets that exposed it), but the behavior they were engaging in is the norm, not the exception. And watching people quit Facebook while still using a stock cellphone (which lets carriers track your every online whim and offline movement) was arguably comedic.

      As the recent Securus and LocationSmart scandal highlights, wireless carriers pretty routinely sell your location data to a laundry list of companies, governments, and organizations with only fleeting oversight. And while some lawmakers are pressuring the FCC to more closely investigate the scandal (which resulted in the exposure of wireless location data of some 200 million users in the U.S. and Canada), few expect the same FCC that just killed net neutrality to actually do anything about it.

    • Trial Underway for Refugee Who Challenged NSA Surveillance

      A refugee from Uzbekistan conspired to support a terrorist group financially and planned to travel overseas to join them, U.S. prosecutors said Thursday, walking jurors through a trove of phone calls, emails and other online activity they said proves the man’s desire to help the group.

      The start of Jamshid Muhtorov’s trial comes more than six years after his arrest at a Chicago airport. The case led to the U.S. Justice Department’s first disclosure that it intended to use information obtained through one of the National Security Agency’s warrantless surveillance programs.

      Muhtorov challenged the constitutionality of the warrantless surveillance program but Judge John Kane ruled in 2015 that the program may have potential for abuse but did not violate his rights.

    • ‘Obama already did it to the French’: WikiLeaks weighs in on Trump’s ‘Spygate’ claims

      US President Donald Trump has seemingly found a ‘Spygate’ ally in WikiLeaks, after the whistleblowing organization tweeted to remind the public of CIA “espionage orders” for the 2012 French election.

      Reports that domestic intelligence chiefs in the US instructed an FBI informant to contact Trump’s campaign team during the 2016 US presidential election have incensed the current US commander-in-chief. In a hail of tweets, Trump dubbed the revelation ‘Spygate’ and described it as “one of the biggest political scandals in history.”

      Trump has since instructed the Department of Justice to investigate whether the alleged informant, an unnamed Cambridge University professor, was planted by his predecessor Barack Obama’s administration. WikiLeaks soon weighed in and responded directly to Trump’s tweets on the matter.

    • Comcast bug made it shockingly easy to steal customers’ Wi-Fi passwords

      A security hole in a Comcast service-activation website allowed anyone to obtain a customer’s Wi-Fi network name and password by entering the customer’s account number and a partial street address, ZDNet reported yesterday.

      The problem would have let attackers “rename Wi-Fi network names and passwords, temporarily locking users out” of their home networks, ZDNet wrote. Obviously, an attacker could also use a Wi-Fi network name and password to log into an unsuspecting Comcast customer’s home network.

      Shortly after ZDNet’s story was published, Comcast disabled the website feature that was leaking Wi-Fi passwords. “Within hours of learning of this issue, we shut it down,” Comcast told ZDNet and Ars. “We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn’t happen again.”

    • Comcast Exposes Customer WiFi SSIDs and Passwords For Customers Paying To Rent A Comcast Router

      Look, when it comes to Comcast, it’s obviously quite easy to slap the company around for any number of its anti-consumer practices. Just sampling from the most recent news, Comcast was sued over its opt-out mobile hotspot from your home router plan, the company has decided to combat cord-cutting by hiking prices and fees on equipment for customers who cord-cut cable television, and it also has put in place a similar plan to charge all kinds of bullshit fees on equipment installations for customers who aren’t bundling in other services with its ISP offering. You should be noticing a trend in there that has to do with how Comcast handles so-called “equipment rental” fees for its broadband customers and how it handles customers that choose to bring their own device to their home networks instead. Comcast has always hated customers that use their own WiFi routers, as the fees for renting a wireless access point represent a huge part of Comcast’s revenue.

      Which is why you would think that the company would at least not expose the home networks of customers who use that equipment. Sadly, it seems that Comcast’s website made the network SSIDs and passwords available in plain text of customers who were renting router equipment, while those that used their own routers were completely safe.

    • What Facebook’s New Political Ad System Misses

      Facebook’s long-awaited change in how it handles political advertisements is only a first step toward addressing a problem intrinsic to a social network built on the viral sharing of user posts.

      The company’s approach, a searchable database of political ads and their sponsors, depends on the company’s ability to sort through huge quantities of ads and identify which ones are political. Facebook is betting that a combination of voluntary disclosure and review by both people and automated systems will close a vulnerability that was famously exploited by Russian meddlers in the 2016 election.

      The company is doubling down on tactics that so far have not prevented the proliferation of hate-filled posts or ads that use Facebook’s capability to target ads particular groups.

    • Zuckerberg accused of avoiding questions in luke-warm European Parliament grilling

      Indeed, many MEPs in attendance complained that the format meant that Zuckerberg had to wait for all of the leaders of the European Parliament’s various political groups – who, of course, all love the sound of their own voice – to ask several questions apiece before he could respond. Zuckerberg could then pretty much decide which questions he condescended to respond to.

      As a result, Zuckerberg spent a total of just 22 minutes answering questions, missing out any he didn’t like the sound of.

    • How GDPR will affect HR departments

      Here are four ways in which HR departments will be affected by GDPR.

    • FBI repeatedly exaggerated how many phones it needed to decrypt and couldn’t

      The agency has – not once – but repeatedly provided hugely inflated stats to Congress about how bad things are, claiming that 7800 devices had been nabbed last year, locked, as part of investigations.

      The real figure is somewhere between 1000 and 2000 says The Washington Post. The exact figure is somewhere around 1200, as far as we know.

  • Civil Rights/Policing

    • There Is Power in a Union

      For a period of 40 years, something managed to keep inequality in check in the United States. From 1940 to 1980, the richest 1 percent took home 9 percent of the wealth generated by the economy. Today, just as they did in the 1920s, the top 1 percent grabs about double that share. Surprisingly, the cause of this midcentury “Great Compression” has been largely neglected by economists, with many of them casually dismissing the role of unions.

    • Trump’s Assault on American Governance Just Crossed a Threshold

      The President has demanded that the Justice Department open an investigation into its own investigation of possible collusion between the Trump campaign and the Russian government.

    • Why Low-Level Offenders Can Get Longer Sentences Than Airplane Hijackers

      Marion Hungerford has a severe form of borderline personality disorder that led to her numerous suicide attempts. As her mental state deteriorated, her husband of 26 years left her. Alone and unable to support herself, she began a relationship with a man whom she helped to commit a string of armed robberies. She never even touched the gun the man used for the robbery. Even though this was her first offense, Hungerford was sentenced to 159 years in federal prison.

      Her case tells us everything we need to know about a set of harsh sentencing laws, particularly one known as “924(c),” that prosecutors use to swell prison populations and perpetuate injustice. There are already too many stories like hers, and Attorney General Jeff Sessions’ charging and enforcement policies — which roll back the previous administration’s more enlightened approach — will only worsen the problem and fuel mass incarceration across the nation.

      The details of Hungerford’s case do not match her over-a-century sentence. She “took no active part other than driving [the man] to or from the scene of the crime or casing the stores that [he] later robbed,” as one of the judges who reviewed her case explained. Together, they stole fewer than $10,000. No one was injured during the crime. The man turned on Hungerford in exchange for leniency in his sentencing — he got 32 years. At trial, a psychiatrist testified that she had a “very low capacity to assess reality” and “low level of intellectual functioning.”

    • DHS Fusion Center Gets Request For Documents On Extremists, Decides To Hand Over Mind Control Docs Instead

      Once you release a document to a public records requesters, it’s a public record, whether you meant to release it or not. The person handling FOIA requests for the Washington State Fusion Center (a DHS/local law enforcement collaboration known more for its failures than successes) sent Curtis Waltman something unexpected back in April. Waltman asked the Fusion Center for records pertaining to Antifa and white supremacy groups. He did get those records. But he also got something titled “EM effects on human body.zip.”

      [...]

      The files did not appear to have been generated by any government agency, but rather collected from other sources who thought there might be some way the government could control minds using electronic stimulation or “remote brain mapping.” Why the Fusion Center had them on hand remains a mystery, as does their attachment to a FOIA request containing nothing about electronic mind manipulation.

      This inadvertent disclosure has led to more requests for the same documents. Only this time, requesters — like Joshua Eaton of ThinkProgress — are asking specifically for government mind control files. It appears the Fusion Center first thought about withholding some mind control docs, but somewhere along the line decided it couldn’t pretend the documents that weren’t supposed to be released hadn’t actually been released.

    • In the ‘50s, CIA decried Soviet torture tactics that would later be used at Gitmo and Agency black sites

      In the early days of MKULTRA, while the Central Intelligence Agency scrambled to defend against the alleged “brainwashing” programs of foreign countries, and to create its own, Agency staff responsible for the program responded to a report describing reported Soviet brainwashing efforts. In a letter formerly classified SECRET, CIA staff dismissed the Soviet techniques as “police tactics which would not be condoned in a democratic country.” The tactics described in the report not only mimic tactics which have been used in Guantanamo and in CIA black sites, proved to be a source of inspiration for some post-9/11 interrogation programs.

      [...]

      The stress positions included the benign sounding forced prolonged standing, the effects of which are described in excruciating detail. According to the report, an edema is produced, resulting in the ankles feet, and even thighs swelling to twice their normal size. “The skin becomes tense and intensely painful. Large blisters develop … Eventually there is a renal shutdown. Urea and other metabolites accumulate in the blood.” The ultimate result would be “a delirious state, characterized by disorientation, fear, delusions and visual hallucinations,” which the report described as “psychosis.”

    • The Fairfax, Virginia, Fire Department Is Sexist

      When I returned to the FRD in the spring of 2016 after my fellowship, I was on a high, feeling optimistic about creating positive change for our department’s future leaders. A few weeks after my return in the spring of 2016, a young firefighter named Nicole Mittendorff took her own life. It turned out that she had been harassed on an anonymous website by people claiming to be her male co-workers. In response to the media scrutiny over the department’s sexist culture, I was named to the long-vacant position of women’s program officer.

      I knew firsthand how important it was to create a culture that’s more inclusive for women firefighters. Ever since Judy Brewer became America’s first female firefighter 45 years ago, women have been hazed in the fire service, including sabotaged oxygen tanks and glass in their boots. Today, fewer than four percent of the nation’s firefighters are women. One landmark study found that the majority of them face differential treatment, wear ill-fitting safety gear meant for male bodies, work in departments with no anti-discrimination procedures, and witness disrespectful treatment of female leaders.

      In Fairfax, I’ve been trying for a long time to tackle similar problems. In 2005, I joined with a group of FRD women to sue the department over a wide range of disparities, from hiring to promotions to harassment. We settled a year later, in exchange for promises that things would change. Although a report published in 2017 found that FRD is on par with the national average of women in the rank and file, we still lag far behind in command staff. That’s despite five more sex discrimination lawsuits filed against the department since it settled mine.

    • Reality Check: Will Haspel Stick to Her Word on Torture?

      It has been a heated fight for the nomination of Gina Haspel as the new CIA director. Some have nicknamed her the “Queen of Torture.”

      [...]

      Keep in mind, as I have told you before, Gina Haspel didn’t just oversee a black site prison. She helped to destroy evidence of the program she now says did damage to the U.S. standing in the world.

    • Egyptian Blogger and Activist Wael Abbas Detained

      When we wrote of award-winning journalist Wael Abbas being silenced by social media platforms in February, we never suspected that those suspensions would reach beyond the internet to help silence him in real life. But, following Abbas’s detention on Wednesday by police in Cairo, we now fear that decisions—and lack of transparency—made by Silicon Valley companies will help Egyptian authorities in their crackdown on journalists and human rights activists.

      Abbas was taken at dawn on May 23 by police to an undisclosed location, according to news reports which quote his lawyer, Gamal Eid. The Arabic Network for Human Rights Information (ANHRI) reported that Abbas was not shown a warrant or given a reason for his arrest. He appeared in front of state security yesterday and was questioned and ordered by prosecutors to be held for fifteen days. According to the Association for Freedom of Thought and Expression (AFTE), Abbas was charged with “involvement in a terrorist group”, “spreading false news” and “misuse of social networks.”

    • ICE Trying To Deport Journalist For Reporting On Abusive ICE Behavior

      For many years (looong before this current administration), we’ve documented the problems with ICE, a government agency that has long been totally out of control, abusing its power and authority not just in dealing with immigration, but in literally seizing blogs, because Hollywood told them to do so. The organization has done nothing to improve its reputation over the years, and lately almost seems to relish in the free reign it has to act like complete thugs in uniform.

      The latest story — as with seizing blogs — appears to have some serious First Amendment concerns, though there’s no indication that ICE cares at all about that. In this story, ICE detained a journalist and is trying to have him deported because of that reporter’s coverage of ICE activities. Freedom of the Press has the details, but the short version is that Manuel Duran, who fled El Salvador a decade ago over death threats there, has been living in the US and reporting for a few different Spanish language news organizations.

    • [Old] Trust damaged between Milwaukee police and community, Department of Justice draft report says

      The Milwaukee Police Department fails the community and its own officers by not communicating clearly, making too many traffic stops and applying inconsistent standards when disciplining officers, according to a draft of a federal report obtained by the Milwaukee Journal Sentinel.

      The draft report offers a particularly damning critique of Chief Edward Flynn’s reliance on data, a signature component of his strategy since he took over the department in 2008. Federal evaluators found this approach is having a damaging, if unintended, effect on police-community relations.

      “MPD’s attention to crime data has distracted the department from the primary tenet of modern policing: trust between law enforcement agencies and the people they protect and serve,” the draft report states.

    • Report On Milwaukee PD Body Cams Show Fewer Complaints, Fewer Stops, But No Reduction In Use Of Force

      The DOJ also found officers had no idea what community policing entailed, suggesting it only applied to other officers officially designated as community liaisons. The DOJ highlighted the disconnection between the MPD’s statements and actions on community policing using this depressing anecdote.

      [...]

      It’s not all negative, however. As noted above, officers with cameras received 50% fewer complaints, suggesting the presence of another “witness” causes both parties to treat each other with a little more respect. Camera use can result in de-escalation, which is something rarely willfully practiced by officers.

      But we can’t read too much into that either. The drop in complaints is tracked by a drop in stops, which may suggest the cameras aren’t “civilizing” interactions so much as fewer of them are taking place.

      Body cams are band-aids, at best. They can never be a panacea, but they’re far from useless. Things do change when law enforcement operates under additional scrutiny. But they don’t change as quickly or dramatically as proponents of cameras hope they will. A seismic cultural shift is needed in most departments and body cameras will only incrementally increase the speed in which bad apples are expunged from the barrel. But the barrel will still be filled with slightly-less-rotten apples. That being said, cameras should be a requirement as should the presumption that missing footage weighs against a cop’s statements. Just because they’re not working as well as many of us thought they would doesn’t mean it’s without its merits.

  • Internet Policy/Net Neutrality

  • Intellectual Monopolies

    • Brian Soucek on Aesthetic Judgment in Law

      As noted in my last post, one of the most quoted lines in copyright law is from Justice Holmes’s 1903 opinion in Bleistein: “It would be a dangerous undertaking for persons trained only to the law to constitute themselves final judges of the worth of pictorial illustrations.” This aesthetic neutrality principle has found purchase far beyond copyright law. But in a compelling new article, Aesthetic Judgment in Law, Professor Brian Soucek challenges this dogma: “Almost no one thinks the government should decide what counts as art or what has aesthetic value. But the government often does so, and often, it should.” Soucek’s article may have flown under the radar for most IP scholars because he does not typically focus on copyright law, but it is well worth a look.

      Soucek’s first point is that despite the “widespread aversion to aesthetic judgment” by government decisionmakers, such judgments are ubiquitous both at the “retail” level of individual artworks and at the “wholesale” level of “what constitutes art or aesthetic value in the first place.” A number of scholars have made similar points in the IP space; see, for example, Andrew Gilden’s argument that courts are more likely to consider images of women and racial minorities to be “raw materials” that are free to use. But the point holds even more strongly in other areas of law. Perhaps most obviously, there is significant direct spending on the arts that falls on the “government-set” side of the who decides? spectrum, including grant decisions by the National Endowment for the Arts, book purchases by public libraries, and hiring and curriculum decisions by humanities departments at public universities. Other examples are easy to find: Tariff and tax laws embody Congress’s decision to benefit only certain types of art, and they require government officials to make judgments such as whether abstract art is art. Land-use laws ban conduct that is “offensive to the visual sensibilities of the average person” like front-yard clotheslines. The test for obscenity asks whether the work “lacks serious literary [or] artistic” value.

    • Trademarks

      • Woof: The Prosecco People Successfully Oppose A Pet-Treat Company’s ‘Pawsecco’ Trademark Application

        In the realm of the alcohol industry, the French champagne makers have distinguished themselves for their jealous protection of the name of their sparkling white wine. This protectionism is taken to the extreme, with association groups representing champagne makers essentially forbidding anyone else from even using the term. France’s neighbor, Italy, has its own sparkling white wine called prosecco. And it seems that the makers of prosecco are trying to take a page from their champagne-making cousins in “protecting” their trademarks to a ridiculous degree.

        A maker of drinks for pets recently tried to trademark the name of a product it makes called “Pawsecco.” The pet treat is not alcoholic, is sold only to pet owners, and is, frankly, puntastic. Despite all of this being supremely obvious, Woof and Brew faced a trademark opposition from the prosecco people.

    • Copyrights

      • Forget The GDPR, The EU’s New Copyright Proposal Will Be A Complete And Utter Disaster For The Internet

        Today is GDPR day, and lots of people are waking up to a world in which EU regulations are having a widespread (and not always positive) impact on how the internet works. As we’ve detailed over the past couple of years, while there are many good ideas in the GDPR, there are also many ridiculously bad ones, combined with poorly thought out drafting, and we’re already seeing some of the fallout from that. But, believe it or not, there’s an even larger threat from the EU looming, and it’s received precious little attention: the EU’s new copyright reform proposal is set to be voted on next month and it will truly be disastrous to the internet. As it currently stands, it will require widespread censorship in the form of mandatory filtering and also link taxes that have already been shown to be harmful to news.

      • The Demise Of Copyright Toleration

        Although denying fair use, these content owners were acknowledging a larger truth about copyright, the Internet, and even the law in general: It works largely due to toleration. Not every case is clear; not every outcome can be enforced; and not every potential legal outcome can be endured. Instead, “grey area” conduct must be impliedly licensed, or at least tolerated.

        Counsel then or now could not have cited a single court holding on whether the private, noncommercial recording of a song is a lawful fair use. Long before the Supreme Court in Sony Corp. of America v. Universal City Studios, Inc. said that video home recording from broadcasts as a fair use, the music industry could have pursued consumers for home audio recording from vinyl records. But the risk of losing and establishing a bad precedent was too great.

      • Mexico’s new copyright law allows censorship of online content, rights advocates warn

        Legal censorship of online content could be much easier in Mexico due to recently approved changes to the country’s copyright laws.

        On April 26, the Mexican Senate passed a bill that modified the Federal Copyright Law, enabling judges to order the removal of internet content that allegedly violates copyright law without needing to prove it in court or by sentence.

        The bill allows the suspension and removal of public content and includes “precautionary measures” against the equipment that enables the spread of such content. Approval of these changes was given hastily without following legislative procedures.

      • BPI Wants Piracy Dealt With Under New UK Internet ‘Clean-Up’ Laws

        This week, Matt Hancock, Secretary of State for Digital, Culture, Media and Sport, announced the launch of a consultation on new legislative measures to clean up the ‘Wild West’ elements of the Internet. In response, music group BPI says the government should use the opportunity to tackle piracy with advanced site-blocking measures, repeat infringer policies, and new responsibilities for service providers.

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts