US Customs’ domain-seizure program punishes the first amendment, leaves alleged pirates largely unscathed

TorrentFreak’s postmortem of the DHS’s domain-seizure program (“Operation In Our Sites”) in which the .com and .net dozens of allegedly infringing sites were seized without due process and with a great deal of sloppiness. Though the program was willing to toss out the first amendment and turn the US government into a business agent for entertainment companies, it was a near-total failure in removing its targetted sites:

It wasn’t hard for the affected sites to continue their operations. Since their servers had not been touched physically it was a simple matter to change a few settings to make the sites available to the public again under a new domain, something achieved in a few minutes. This is exactly what most of the streaming and file-sharing related sites have done.

During the latest round of seizures under the “Operation In Our Sites” flag in February, a total of 10 domain names were targeted, belonging to 6 different sports streaming services. Despite the thousands of dollars in tax payer money that were spend on the enforcement effort, all of the sites were back up in no time under new domains.

As of today, only one of the six is no longer accessible and that is the site of Bryan McCarthy, who was arrested by the feds last month. McCarthy initially continued his website under a new domain at The day after his arrest this site was still up and running and it is believed that due to the circumstances he took it offline himself after he was bailed out.

US Government’s ‘Pirate’ Domain Seizures Failed Miserably

Urban farming family who trademarked “Urban Homesteading” accused of plagiarism

Remember the Dervaeses, the family from Pasadena, CA who decided to trademark “Urban Homestead,” a term that has been in common use for decades? Well, a fellow by the name of Michael Nolan (co-author of a book called I Garden: Urban Style) says the Dervaes Family has been plagiarizing material from his website.

Under ordinary circumstances I might have chosen to contact the Dervaes Family and quietly attempt to settle the matter but given their penchant for threatening letters and frivolous trademark registrations as well as their reputation for being terribly difficult to deal with directly, I made the decision to bring this problem to the public so that everyone might see just what this family will do when they think no one is watching.

The evidence is pretty damning!

Bonus: Here’s an interesting tid bit for people who like to catch hypocrites and for people who enjoy being apologists for hypocrites: a member of the Dervaes family recently wrote a schoolmarmish post about the naughtiness of plagiarism.

Michael Nolan: How the Dervaes Family Stole My Victory Garden ((Submitterated by badger510)

EFF: FBI may have committed more than 40K intelligence violations since 9/11

A new report from the Electronic Frontier Foundation analyzes more than 2,500 pages’ worth of FBI documents extracted using Freedom of Information Act litigation and finds disturbing, system-wide violations of civil liberties on a scale that is far beyond anything reported to date:

Using documents obtained through EFF’s Freedom of Information Act (FOIA) litigation, the report finds:

• Evidence of delays of 2.5 years, on average, between the occurrence of a violation and its eventual reporting to the Intelligence Oversight Board

• Reports of serious misconduct by FBI agents including lying in declarations to courts, using improper evidence to obtain grand jury subpoenas, and accessing password-protected files without a warrant

• Indications that the FBI may have committed upwards of 40,000 possible intelligence violations in the 9 years since 9/11

Release: EFF Uncovers Widespread FBI Intelligence Violations

Report: Patterns of Misconduct: FBI Intelligence Violations from 2001 – 2008

(Image: FBI, a Creative Commons Attribution (2.0) image from groovysoup’s photostream)

EFF warns: mobile OS vendors aren’t serious about security

Chris Palmer — formerly Google Android security framework engineer and now Technology Director of the Electronic Frontier Foundation — writes about the cavalier attitude toward security exhibited by the major mobile operating system vendors, and the risk this poses to all of us:

By contrast, mobile systems lag far behind the established industry standard for open disclosure about problems and regular patch distribution. For example, Google has never made an announcement to its android-security-announce mailing list, although of course they have released many patches to resolve many security problems, just like any OS vendor. But Android open source releases are made only occasionally and contain security fixes unmarked, in among many other fixes and enhancements…

Android is hardly the only mobile security offender. Apple tends to ship patches for terrible bugs very late. For example, iOS 4.2 (shipped in early December 2010) contains fixes for remotely exploitable flaws such as this FreeType bug that were several months old at the time of patch release. To ship important patches so late is below the standard set by Microsoft and Ubuntu, who are usually (though not always) much more timely. (For example, Ubuntu shipped a patch for CVE-2010-2805 in mid-August, more than three months before Apple.)

Don’t Sacrifice Security on Mobile Devices

EFF obtains docs that reveal when authorities can get your data from social media companies

The Electronic Frontier Foundation today posted analysis of documents obtained under the Freedom of Information Act which show how various popular social media companies handle requests for user data from authorities. The issue became a focal point earlier this month when the US Department of Justice obtained a court order for records from Twitter on users affiliated with WikiLeaks. The EFF’s Jennifer Lynch writes:

We received copies of guides from 13 companies, including Facebook, MySpace, AOL, eBay, Ning, Tagged, Craigslist and others, and for some of the companies we received several versions of the guide. We have combed through the data in these guides and, with the Samuelson Clinic’s help, organized it into a comprehensive spreadsheet (in .xls and .pdf) that compares how the companies handle requests for user information such as contact information, photos, IP logs, friend networks, buying history, and private messages. And although we didn’t receive a copy of Twitter’s law enforcement guide, Twitter publishes some relevant information on its site, so we have included that in our spreadsheet for comparison.

The guides we received, which were dated between 2005 and 2010, show that social networking sites have struggled to develop consistent, straightforward policies to govern how and when they will provide private user information to law enforcement agencies. The guides also show how those policies (and how the companies present their policies to law enforcement) have evolved over time.

For example, the 2008 version of Facebook’s guide explains in detail the different types of information it collects on its users, but it does not address the legal requirements necessary to obtain this data. In contrast, the 2009 version groups this information into three categories (basic subscriber information, limited content, and remaining content) and describes, under the Electronic Communications Privacy Act (ECPA), the different legal processes required to obtain the various data. However, the 2010 version merely says that the company “will provide records as required by law.” Facebook doesn’t explain why it changed its language from year to year. While the 2010 guide’s language may allow the company to be flexible in responding to requests under a complicated and outdated statute, it does so through a loss of transparency into how it handles these requests.

Social Media and Law Enforcement: Who Gets What Data and When? (

Previously: US orders Twitter to hand over account data on Wikileaks and multiple Wikileaks supporters

Free Kinect drivers released; Adafruit pays $3k bounty to hacker, $2k more to EFF

The swell hackers at Adafruit Industries have declared a winner in their cash-prize contest to reverse-engineer the Microsoft Kinekt controller and release a free/open library that would let hardware hackers incorporate it into their own projects. The winner is a fine gent named Hector, who says, “Here’s my take on the Kinect driver. Supports depth and RGB images and displays them on an OpenGL window. It’s very hacky right now but it does prove the concept :)”

To commemorate Hector’s achievement, Adafruit is giving him $3,000 (he’s vowed to spend it on more hacking tools), and will donate a further $2,000 to the Electronic Frontier Foundation.

WE HAVE A WINNER – Open Kinect driver(s) released – Winner will use $3k for more hacking – PLUS an additional $2k goes to the EFF!

Evoting security researchers at U Michigan root DC’s voting machines with ease

Oldsma sez, “DC election officials put a test version of their voting system up in a mock primary and invited white hat attacks. U. Michigan broke it completely within 36 hours. DC officials reply, in a nutshell, ‘Well, that’s why we asked people to test it.'”

D.C. voting officials knew there might be openings in the upload procedure, said Paul Stenbjorn, director of information services at the D.C. Board of Elections and Ethics.

“It was disappointing that it was as easy as it was for them,” he said, “and that we hadn’t been more proactive about closing down these known issues.”

In the end, Stenbjorn considers the experiment a success. “This was why we had the public examination period,” he said. “Obviously, we would have liked a smooth noncontroversial deployment of our new system, but this was a known potential outcome…”

Halderman expected the system to be fairly easy to compromise. “Web security is a very difficult problem,” he said. “Major web sites like Facebook and Twitter regularly suffer from vulnerabilities, and banks lose millions of dollars to online fraud every year. These high-profile sites have greater resources and far more security experience than the municipalities that run elections, and yet they are still constantly having problems. It may someday be possible to build a secure method for voting over the Internet, but in the meantime, such systems should be presumed to be vulnerable based on the limitations of today’s security technology.”

Michigan researchers hack Washington DC computer voting system

EFF E-Voting

(Thanks, Oldsma, via Submitterator!)

Hari Prasad, India’s evoting researcher, working to save Indian democracy from dirty voting machines

Hari Prasad is one of the winners of this year’s Electronic Frontier Foundation Pioneer Awards; in Prasad’s case, the prize was awarded based on his excellent work dissecting the (deeply flawed) electronic voting machines used in India’s elections. Prasad was imprisoned by Indian authorities for pointing out the many vulnerabilities he and his colleagues discovered.

Free again, Prasad continues to work for fair and honest elections in India, the world’s largest democracy. EFF fellow Jim Tyre has written up Prasad’s amazing story in a blog post. Prasad and the other Pioneer winners will receive their awards next Monday, November 8, at a ceremony at San Francisco’s 111 Minna Gallery (I’m emceeing).

Even after Prasad was released on bail in late August, he was mostly prevented for a significant period of time from returning to his home, family, and work in Hyderabad. The police in Mumbai had the right to question Prasad every day, and in fact did on most days. Because of the substantial distance between the two cities, returning to Hyderabad for more than a few very short trips was a practical impossibility until early October. During that time, the police repeatedly questioned Prasad about the identity of the anonymous source and little else, and told him that he would be discharged if he revealed the name.

Subsequent to Prasad’s release on bail, there have been a number of significant developments. The police have continued their quest to discover the identity of the anonymous source. An engineer and activist from Pune, Mukund Lagoo, was arrested and held without bail. Though not the anonymous source, Lagoo is believed by the police to be the person who made the physical delivery of the machine to Prasad. Dozens of others have been questioned by the police, including a former political leader who was able to get anticipatory bail in advance of being questioned, and many employees of Prasad’s company and their families.

In early October, at a meeting between the Election Comission of India (ECI) and all the political parties, there was a substantial call for a trial use of EVMs with paper trails. However, Congress expressed satisfaction with the EVMs. (Congress is the name of the largest political party in India, it is not an equivalent of the U.S. Congress.) ECI asked its expert committee to study the feasibility of incorporating a voter verifiable paper trail into the EVMs, a significant change for ECI. Later, ECI invited all recognized national and regional political parties to submit suggestions to the committee, and to appoint their own technical experts to interact with the committee.

2010 Pioneer Award Winner Hari Prasad Defends India’s Democracy (Thanks, Jim!)

EFF announces Pioneer Award winners: Stephen Aftergood, James Boyle, Pamela Jones and Groklaw, and Hari Krishna Prasad Vemuru

The Electronic Frontier Foundation has awarded its annual Pioneer Awards for leaders on the electronic frontier who are extending freedom and innovation in the realm of information technology. This year’s winners are Stephen Aftergood, James Boyle, Pamela Jones and Groklaw, and Hari Krishna Prasad Vemuru, and the awards will be presented in San Francisco at a ceremony at the 111 Minna Gallery on November 8.

I was honored to be one of this year’s judges, and I’ll be emceeing the awards in San Francisco on the 8th. I hope to see you there as we honor these wonderful activists. The Pioneer Awards are nominated by the public, and awarded by a panel of independent judges. Click through for full bios of the winners.

Continue reading “EFF announces Pioneer Award winners: Stephen Aftergood, James Boyle, Pamela Jones and Groklaw, and Hari Krishna Prasad Vemuru”

Viacom v Internet: round one to Internet

Google’s won the first round of the enormous lawsuit Viacom brought against it. Viacom is suing Google for $1 billion for not having copyright lawyers inspect all the videos that get uploaded to YouTube before they’re made live (they’re also asking that Google eliminate private videos because these movies — often of personal moments in YouTubers’ lives — can’t be inspected by Viacom’s copyright enforcers).

The lawsuit has been a circus. Filings in the case reveal that Viacom paid dozens of marketing companies to clandestinely upload its videos to YouTube (sometimes “roughing them up” to make them look like pirate-chic leaks). Viacom uploaded so much of its content to YouTube that it actually lost track of which videos were “really” pirated, and which ones it had put there, and sent legal threats to Google over videos it had placed itself.

Other filings reveal profanity-laced email exchanges between different Viacom execs debating who will get to run YouTube when Viacom destroys it with lawsuits, and execs who express their desire to sue YouTube because they can’t afford to buy the company and can’t replicate its success on their own.

On Wednesday, U.S. District Judge Louis Stanton ruled that YouTube was protected from liability for copyright infringement by the 1998 Digital Millennium Copyright Act (DMCA). The DMCA has a “safe harbor” provision that exempts service providers from copyright liability if they expeditiously remove material on notice that it is infringing. Viacom’s unique interpretation of this statute held that online service providers should review all material before it went live. If they’re right, you can kiss every message-board, Twitter-feed, photo-hosting service, and blogging platform goodbye — even if it was worth someone’s time to pay a lawyer $500/hour to look at Twitter and approve tweets before they went live, there just aren’t enough lawyers in the universe to scratch the surface of these surfaces. For example, YouTube alone gets over 29 hours’ worth of video per minute.

Viacom has vowed to appeal.

In dismissing the lawsuit before a trial, Stanton noted that Viacom had spent several months accumulating about 100,000 videos violating its copyright and then sent a mass takedown notice on Feb. 2, 2007. By the next business day, Stanton said, YouTube had removed virtually all of them.

Stanton said there’s no dispute that “when YouTube was given the (takedown) notices, it removed the material.”

Calling Stanton’s reasoning “fundamentally flawed,” Viacom said it was looking forward to challenging the decision in appeals court.

Judge sides with Google in $1B Viacom lawsuit (Thanks, Mike P!)

(Image: Viacom, a Creative Commons Attribution Non-Commercial Share-Alike (2.0) image from mag3737’s photostream — used with permission)