Petition: make it safe to report security flaws in computers


Laws like the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act put security researchers at risk of felony prosecution for telling you about bugs in the computers you put your trust in, turning the computers that know everything about us and watch everything we do into reservoirs of long-lived pathogens that governments, crooks, cops, voyeurs and creeps can attack us with.

Read the rest

Rightscorp cuts-and-runs as soon as it is challenged in court

Rightscorp -- a firm that asks ISPs to disconnect you from the Internet unless you pay it money for alleged, unproven copyright infringements -- was finally challenged in court by an ISP, Texas's Grande Communications; as soon as it looked like it would have the legal basis for its business-model examined by a judge, the company cut and ran, withdrawing its threats.

Read the rest

Senate passes phone unlocking bill


The Senate has approved a bill (which already passed in the House) that makes it legal for you to unlock the phones you own so you can choose which carrier you use.

Read the rest

Podcast: News from the future for Wired UK

Here's a reading (MP3) of a short story I wrote for the July, 2014 issue of Wired UK in the form of a news dispatch from the year 2024 -- specifically, a parliamentary sketch from a raucous Prime Minister's Question Time where a desperate issue of computer security rears its head:

Read the rest

How can you trust your browser?


Tim Bray's Trusting Browser Code explores the political and technical problems with trusting your browser, especially when you're using it to do sensitive things like encrypt and decrypt your email. In an ideal world, you wouldn't have to trust Google or any other "intermediary" service to resist warrants forcing it to turn over your sensitive communications, because it would be technically impossible for anyone to peek into the mail without your permission. But as Bray points out, the complexity and relative opacity of Javascript makes this kind of surety difficult to attain.

Bray misses a crucial political problem, though: the DMCA. Under US law (and similar laws all over the world), telling people about vulnerabilities in DRM is illegal, meaning that a bug in your browser that makes your email vulnerable to spying might be illegal to report, and will thus potentially never be fixed. Now that the World Wide Web Consortium and all the major browser vendors (even including Mozilla) have capitulated on adding DRM to the Web, this is the most significant political problem in the world of trusting your browser.

Read the rest

Rightscorp: a business founded on threats of Internet disconnection

Rightscorp, a company that went public last year, has an idea: they'll issue millions of legal threats to alleged music file-sharers, threaten them with millions in fines, and demand nuisance sums ($20/track) too small to warrant consulting with an attorney -- and they'll arm-twist ISPs into disconnecting users who don't pay up. Rightscorp has a secret system for identifying "repeat offenders" who use Bittorrent, and they believe that this gives them to right to force ISPs to terminate whole families' Internet access on the basis of their magically perfect, unknowable evidence of wrongdoing. They call this "holding the moral high ground." More than 72,000 Americans have had "settlements" extorted from them to date, though Rightscorp still runs millions in the red.

Rightscorp's rhetoric is that the sums it demands are "deterrents" to prevent wrongdoing, and that it wouldn't really want to sue people into penury. But it is a publicly listed company with a fiduciary duty to extract as much money as it can from the marketplace. It's a good bet that its prospectus and quarterly investor filings announce that the company will hold its "fines" down to the smallest amount that provides the deterrent effect -- instead of, say, "all the market can bear."

The legal theory under which Rightscorp is operating is pretty dubious: a belief that ISPs have a duty to terminate the Internet connections of "repeat offenders" based on a clause in the Digital Millennium Copyright Act of 1998. This theory has been sparsely litigated, but the one major case in which it has been tested went against Rightscorp's business-model. But as Joe Mullin points out in his Ars Technica profile of the company, they may be able to get past this hurdle just by suborning the increasingly corrupt, noncompetitive, inbred and rent-seeking ISP industry by giving them a piece of the action.

Read the rest

Censorship flood: takedown notices to Google increased by 711,887% in four years


The State of the Discordant Union: An Empirical Analysis of DMCA Takedown Notices , a paper publishing in Virginia Journal of Law and Technology by Stanford/NUS's Daniel Seng, documents the vast, terrifying increase in the use of DMCA takedown notices, which are self-signed legal notices that allow anyone to demand that material be censored from the Internet, with virtually no penalty for abuse or out-and-out fraud. The increase is driven by a small number of rightsholders who have automated the process of sending out censorship demands, industrializing the practice. The three biggest players are RIAA, Froytal and Microsoft, who sent more than 5 million notices each in 2012, and at least doubled their takedowns again in 2013. In the four years between 2008 and 2012, the use of takedown notices against Google grew by an eye-popping 711,887 percent.

Read the rest

Podcast: What happens with digital rights management in the real world?

Here's a reading (MP3) of a recent Guardian column, What happens with digital rights management in the real world where I attempt to explain the technological realpolitik of DRM, which has nothing much to do with copyright, and everything to do with Internet security.

Read the rest

Why DRM'ed coffee-pods may be just the awful stupidity we need


I've been thinking about the news that Keurig has added "DRM" to its pod coffee-makers since the story first started doing the rounds a couple of days ago. I've come to the conclusion that while the errand is a foolish one, and the company deserves nothing but contempt for such an anti-competitive move, that there might be a silver lining to this cloud. As I've written recently, there's not a lot of case-law on Section 1201 of the Digital Millennium Copyright Act (DMCA), the law that prohibits "circumventing...effective means of access control" to copyrighted works. In the past, we've seen printer companies and garage door opener manufacturers claim that the software in their devices was a "copyrighted work" and that anyone who made a spare part for their products was thus violating 1201. But that was 10 years ago, and it's been a while since there was someone stupid and greedy enough to try that defense.

I think Keurig might just be that stupid, greedy company.

Read the rest

Tell Congress to legalize unlocking your phone


Sherwin from Public Knowledge writes, "The Copyright Office and the Library of Congress think that copyright law and the DMCA make it illegal to unlock your phone and take it to a new carrier. This is plainly ridiculous: a year ago, 114,000 Americans wrote the White House to tell them that, and the White House agreed. So did the FCC. And, eventually, so did the phone companies, who say they'll work to unlock most consumers' phones for them. But the law has stayed the same. It's still illegal for you, even if you've paid off your entire contract, to take it upon yourself to unlock your own phone."

Read the rest

AIDS deniers use bogus copyright claims to censor critical Youtube videos

Myles Power, a debunker who goes after junk science and conspiracy theorists, has gone after AIDS denialists and a terrible, falsehood-ridden, dangerous documentary called "House of Numbers," which holds that HIV/AIDS isn't an actual viral illness, but rather a conspiracy to sell anti-viral medication. The AIDS denial movement encourages people who are HIV-positive to go off the medication that keeps them alive.

The producers of "House of Numbers" have used a series of bogus copyright takedown notices to get Youtube to remove Powers's videos, in which he uses clips from the documentary as part of his criticism, showing how they mislead viewers and misrepresent the facts and the evidence. It's pure censorship: using the law to force the removal of your opponents' views.

Google and Youtube have some blame to shoulder here. They should not be honoring these takedown notices, as they are not valid on their face. However, the buck doesn't stop there. The DMCA's takedown procedures have no real penalty for abuse, so it is the perfect tool for would-be censors. What's more, the entertainment companies -- who are great fans of free speech when defending their right to sell products without censorship, but are quite unwilling the share the First Amendment they love so dearly with the rest of us -- are pushing to make censorship even easier, arguing that nothing should be posted on Youtube (or, presumably, any other online forum) unless it has been vetted by a copyright lawyer.

Update: Google has reinstated the video, and published this statement: "When a copyright holder notifies us of a video that infringes their copyright, we remove it promptly in accordance with the law. We reinstate content in cases where there is clear fair use and we are confident that the material is not infringing, removing any associated copyright strikes.”

However, the "accordance with the law" business isn't the whole story. The law says that if Google is sent a takedown notice and they don't remove it, they could be sued along with the person who posted it. But it's up to Google to determine whether it believes the complaint holds water, and whether to assume the risk of disregarding it. IOW: Google could have left the video up, but at some risk of being named in a nuisance suit by some genuinely evil people. It decided that this risk was more costly than the likely temporary removal of the video.

They're probably right inasmuch as they will generally be let off the hook for this. However, to the extent that we -- the people who generate Google's income -- give them a good kicking when they make decisions like this, we will raise the cost of acting on obviously spurious copyright complaints. The higher that cost rises, the less censorship we'll see on Youtube.

Read the rest

Why DRM is the root of all evil

In my latest Guardian column, What happens with digital rights management in the real world?, I explain why the most important fact about DRM is how it relates to security and disclosure, and not how it relates to fair use and copyright. Most importantly, I propose a shortcut through DRM reform, through a carefully designed legal test-case.

Read the rest

WordPress joins its users in court to fight bogus, censoring copyright claims

WordPress has gone to bat for its users in court, joining in two lawsuits over fraudulent DMCA claims that used copyright claims as a means of censoring critics. Back in August, a British anti-gay group called Straight Pride UK used a copyright claim to censor the publication of an on-the-record interview with one of the group's spokesmen. And in February, disgraced cancer researcher Anil Potti used copyright claims to censor Retraction Watch, a science watchdog that had reported on the journals that retracted Potti's papers.

Wordpress was the host for both of these sites, and at the time, it cooperated with the takedowns (the law does not require WordPress to honor takedowns that it deems to be bogus, but if it does not honor a takedown, it can be named as a party to any eventual lawsuit over the alleged infringement). But when the users went to court to fight for their right to publish, WordPress got their backs -- bravo!

Read the rest

WordPress honours fraudulent copyright complaint from UK "straight rights" group, cooperates in censorship

A British anti-gay group called "Straight Pride UK" sent a press-release to a British blogger, expressing their admiration for Vladimir Putin's anti-gay laws, and the measures taken in African countries to criminalise gay people (Robert Mugabe has threatened to decapitate gay people). Afterwards, they changed their mind about the interview and sent a fraudulent DMCA takedown notice to WordPress.com, the blogger's host. WordPress -- who should have seen that there was no possible copyright violation in the interview -- caved and cooperated in censoring the post.

Read the rest

Rotolight sends fraudulent takedown notice to censor unfavorable review


Den Lennie posted a video to Vimeo that compared the Rotolight Anova to a competing product, the Kino Flo Celeb, and found the Rotolight product inferior. Rotolight responded by filing a perjurious, fraudulent DMCA takedown notice with Vimeo (who, to its shame, honored it), claiming that the review violated Rotolight's trademark. This is pure copyfraud: first, because the DMCA is only available as a remedy for copyright infringement (not trademark infringement) and second, because product reviews are not trademark infringements, full stop.

Using a Copyright Infringement claim to shut down the opposition (Thanks, Dave!)