Given the heightened interest in the government's efforts to compel companies like Apple to break into their own products for them, the EFF figured it would be a good time to ask the government whether it had used FISA court orders to achieve these ends.
Naturally, the government would rather not discuss its efforts to force Apple, et al. to cough up user data and communications. Hence the secrecy surrounding its use of NSLs, subpoenas and gag orders. Hence, also, its desire to keep cases involving All Writs Acts orders under seal if possible. Hence also (also) its refusal to discuss the secret happenings in its most secret court.
The EFF filed FOIA requests with the DOJ in October of last year and followed up with more in March. The October request sought documents about FISA court decisions related to requests for technical assistance from US companies. After a few months of back-and-forth, the DOJ claimed only two responsive documents were found -- neither of which was a court decision… and neither of which would be released.
The EFF's most recent request broadened the search parameters in hopes of landing more responsive documents.
Any “decision, order, or opinion issued by the Foreign Intelligence Surveillance Court or the Foreign Intelligence Surveillance Court of Review (as defined in section 601(e)),” issued from 1978 to June 1, 2015, “that includes a significant construction or interpretation of any provision of law, including any novel or significant construction or interpretation of the term ‘specific selection term.’”
It also requested the same documents for the period of June 2015 to the present. As of this point, it has yet to receive a response.
The EFF is now suing the DOJ for wrongfully withholding responsive documents and other violations of FOIA regulations, including "performing inadequate searches."
The documents it's seeking are of significant public interest, especially now that the FBI's All Writs-enabled technical assistance demands are at the center of a second war over encryption. As staff attorney Nate Cardozo points out, the devices and services used by millions of Americans shouldn't be subject to the whims of secret courts relying wholly on government ex parte presentations and submissions.
“If the government is obtaining FISC orders to force a company to build backdoors or decrypt their users’ communications, the public has a right to know about those secret demands to compromise people’s phones and computers,” said Cardozo. “The government should not be able to conscript private companies into weakening the security of these devices, particularly via secret court orders.”
from the pretty-much-why-the-transparency-should-have-been-in-place-the-whole-time dept
With multiple redactions and having survived a declassification review, another FISA court opinion has been released to the public. The opinion dates back to November of last year, but was only recently dumped into the public domain by the Office of the Director of National Intelligence. While the five-month delay seems a bit long, the alternative is no public release at all. The small miracle that is the public release of FISA court opinions can be traced directly to Ed Snowden and a handful of FOIA lawsuits -- not that you'll see either credited by the ODNI when handing over documents.
The bad news is that the FISA court has uncovered still more abuse by the NSA and FBI. While there appears to be no imminent danger of the court yanking the agencies' surveillance privileges (as nearly happened in 2008), the presiding judge (Thomas Hogan) isn't impressed with the agencies and their cavalier attitude towards mass surveillance. The stipulations put in place to offset the potential damages of untargeted mass surveillance -- strict retention periods and minimization procedures -- are the very things being ignored by the NSA and FBI.
"The court was extremely concerned about NSA's failure to comply with its minimization procedures—and potentially" a provision in federal law, Hogan wrote. The NSA violations appeared to involve preserving surveillance data in its systems beyond the two or five years after which it was supposed to be deleted.
"Perhaps more disappointing than the NSA's failure to purge this information for more than four years, was the Government's failure to convey to the Court explicitly during that time that the NSA was continuing to retain this information," the judge wrote in the Nov. 6, 2015, opinion made public Tuesday.
The NSA apparently can't even tell the truth to a court in which it has the luxury of making its submissions ex parte and whose decisions aren't released until months after the fact in heavily-redacted form.
The ODNI has defended its actions using the "sins of omission" clause (not actually a thing).
"The Government has informed the Court that there was no intent to leave the FISC with a misimpression or misunderstanding, and it has acknowledged that its prior representations could have been clearer..."
Not mentioned in the pseudo-mea culpa is the fact that the "misimpressions" were based on "prior representations" made by the government over a period of several years. Judge Hogan refers to the NSA and FBI's abuses as "compliance issues," which sort of undercuts the irritation shown in the opinion -- as if illegal surveillance were nothing more than misplaced MSDS sheets.
Fortunately, Judge Hogan doesn't let the NSA's co-signer -- the FBI -- off the hook for its abuses. While the FBI is allowed to partake in the NSA's data haul to collect info on criminal investigation targets located overseas, the communications collected must be reviewed by a "taint team" to ensure that any privileged communications (suspects' correspondence with legal representation, etc.) are removed from the collection. Privilege, schmilege.
Hogan said the FBI revealed some such incidents in 2014, but the number was redacted from the opinion made public Tuesday. "The government generally attributed those instances to individual failures or confusion, rather than a 'systematic issue,' " Hogan wrote. However, more incidents occurred from mid-2014 and through 2015, although again the precise number was not released. In some instances, FBI agents believed, incorrectly, that they didn't need to set up a review team if the indictment was under seal or outside the U.S.
The FBI's excuses for these failures range from merely sad to WTF. It's almost impossible to see how it could reach the conclusion that it should have access to privileged communications simply because of a sealed indictment. Sealed indictments are the bread-and-butter of FBI-related prosecutions, especially now that it's a full-time participant in the War on Terror. According to this assertion, the FBI apparently believes it should have access to scooped up attorney-client communications in a vast majority of its investigations.
The decision notes the FBI has put new minimization procedures in place. Much like the FBI, the judge won't discuss the new procedures in detail. The opinion only notes that he is "satisfied" the FBI is "addressing the issue." Hopefully, the new controls are much tighter than the previous set, as the administration has announced it's granting the FBI even more access to NSA data hauls. Of course, the FBI has shown repeatedly -- over the entire history of the agency -- that it will craft policies stipulating inches and help itself to several yards.
This was widely expected, but the EU Commission, led by Competition Commissioner Margrethe Vestager, has officially announced that it's going after Google over some of its practices concerning Android. This comes just a day after Canadian antitrust officials went in the other direction, finding no evidence that Google's activities stifle competition. The EU has a few specific concerns about Android:
The Commission's preliminary view is that Google has implemented a strategy on mobile devices to preserve and strengthen its dominance in general internet search. First, the practices mean that Google Search is pre-installed and set as the default, or exclusive, search service on most Android devices sold in Europe. Second, the practices appear to close off ways for rival search engines to access the market, via competing mobile browsers and operating systems. In addition, they also seem to harm consumers by stifling competition and restricting innovation in the wider mobile space.
I definitely worry about monopolistic practices by incumbent players crowding out startups and innovation, so I was keen to dig in on the details here, but they seem oddly... lacking. I've noted in the past that the EU tends to view antitrust through a fairly different lens than the US does, and perhaps that's the issue here. This is a broad generalization, but for the most part, the US focuses on whether or not practices harm consumers. The EU tends to focus on whether or not a company is really big. I think the US standard makes a lot more sense.
Let's dig in to the specific complaints raised by the EU, saying each of these practices violated antitrust laws:
requiring manufacturers to pre-install Google Search and Google's Chrome browser and requiring them to set Google Search as default search service on their devices, as a condition to license certain Google proprietary apps;
Many people have compared this to the case against Microsoft from the early 2000s, in which it got dinged for making Internet Explorer the default. Of course, a quick retort on that is: where is Internet Explorer in the browser market today? It's basically a non-entity, and it wasn't because of any antitrust penalties (which were basically wrist slaps). And, either way it appears that the issue here with Google is that it requires all of its core services to be bundled together: so if you want to offer the Google Play Store, then you have to also offer the other pieces of the Google app suite so that they work well together. But, of course, this also doesn't stop phone makers or service providers from adding their own apps as well. I now have a bloat-free Android phone running Cyanogenmod, but back when I had a Samsung S4 on Sprint, it came with a ton of bloatware from both Samsung and Sprint (and, frankly, all of it was useless and annoying).
Perhaps there's an issue with making Google search the default, but is anyone actually harmed by having Google's search as the (easily changed) default on an Android phone? It certainly seems like Apple's iOS ecosystem is a lot more restrictive. At least with Google you can route around Google's app store and sideload apps easily or use alternative app stores. I frequently use Amazon's app store, for example.
preventing manufacturers from selling smart mobile devices running on competing operating systems based on the Android open source code;
This is the one prong (out of three) that at least seems worth investigating more. I can understand Google's position -- that if you're offering Google's suite of apps, you need to offer Google's version of Android to make sure everything works together well -- but this seems like an unnecessary condition for Google to include in those agreements. The simple fact is that most manufacturers are likely to want to go with a stock Android anyway, and just pile on their own customizations and bloatware. In most cases, there isn't going to be that much desire for manufacturers to use an Android fork. But, if they do... so what? I don't really understand why Google prevents manufacturers from choosing to offer different flavors of Android, but I'm also not sure that this is an antitrust issue.
giving financial incentives to manufacturers and mobile network operators on condition that they exclusively pre-install Google Search on their devices.
This one probably confuses me the most. This is just a business deal for installing software on phones. For years, Google paid Mozilla to be its default search in Firefox, and then Yahoo outbid it to become the default. That's how business works. Google isn't leveraging its market position here -- it's just doing a deal. The EU claims that its issue is "not with financial incentives in general but with the conditions associated with Google's financial incentives, in particular with the condition that the financial incentive is not paid if any other search provider than Google Search is pre-installed on smart mobile devices." But... isn't that the nature of the deal? If you're doing a business deal to be the exclusive search provider, then, shouldn't you be the exclusive search provider?
It will obviously be worth watching how all of this plays out. The EU has made it clear for a while that it has it in for Google, so if I had to predict, this process won't go well for Google.
Frankly, if I were Google, I probably would have dropped a lot of the exclusivity requirements. I know they're in a race to see who will get access to the most data, but let the apps and services compete and see who wins out. Google's app ecosystem does well because it tends to be pretty good. Google could have avoided at least some of this fight by just trusting its own services to win out, rather than pushing for certain defaults and exclusivities. Some others have made this point as well:
I'm pretty sure Google can survive and come out the winner. The best of its products -- that ones that have the most users -- are excellent. People won't stop using Google Maps just because it isn't preinstalled on their phones. It's among the top 10 most downloaded applications in Apple's App Store because iPhone users often prefer it to Apple's own map software. Chrome is in the top 100 most downloaded apps even though it's impossible to change the default browser in iOS from Apple's Safari without "jailbreaking" the device to untether it from Apple support.
Google's search engine, too, wouldn't be dominant if it didn't index more pages than competitors and produce better results. YouTube is a must-have app, while Google's cloud office services are free, unlike, say, Microsoft's, and they work just as well.
These are great, competitive products. They don't really need the extra push from restrictive deals between Google and phone manufacturers. Google's brand name is strong with those who buy Android phones, and, given a choice, they are likely to prefer Google products rather than spend time researching alternatives. The company may need to spend a bit more on advertising its products in a free-choice situation, but that won't break the bank because the apps are already hugely popular.
But what Google should do, and what the EU should force it to do, are different questions. I'd much prefer that Google take a more open approach to these things, but I'm not convinced that we want bureaucrats deciding for the company exactly what Google's approach on the mobile phone should be.
Amazon Web Services is quickly becoming the go-to cloud-based service for many businesses. The $39 Advanced Cloud Computing with AWS courses will help introduce you to the world of cloud computing and how AWS can help businesses achieve better operational efficiency. The courses include over 17 hours of instruction, hands-on assignments, and follow up quizzes to help you understand how to build better and more cost-effective solutions through AWS' suite of offerings.
Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
As part of our funding campaign for our coverage of encryption, we reached out to some companies that care about these issues to ask them to show their support. This post is sponsored by Golden Frog, a company dedicated to online privacy, security and freedom.
For many, many years we've hit pretty hard at the USTR (United States Trade Rep) for appearing to basically view trade and trade agreements solely through the lens of 20th century industry, without any recognition of the importance of startups and innovation -- especially on the internet. As such, many of the policies that the USTR has promoted through trade agreements seemed almost entirely focused on baking in and protecting potentially obsolete business models, and stifling innovation and competition. Many people have pointed this out over the years, but the USTR tends to spend most of its time with lobbyists and representatives from the big, old industries, rather than startups and innovators that are actually building the businesses of tomorrow. I mean, how else can you explain that the focus on internet related issues doesn't seem to change in trade agreements, despite massive changes in the actual tech ecosystem?
Over the past decade, China’s filtering of cross-border Internet traffic has posed a significant burden to
foreign suppliers, hurting both Internet sites themselves, and users who often depend on them for their
businesses. Outright blocking of websites appears to have worsened over the past year, with 8 of the top
25 most trafficked global sites now blocked in China. Much of the blocking appears arbitrary; for example,
a major home improvement site in the United States, which would appear wholly innocuous, is typical of
sites likely swept up by the Great Firewall.
China has hit back against this claim, arguing that the Great Firewall is not about trade barriers, but "about national security," which is a somewhat laughable claim.
Still, as an article by Matt Schruers at the Disruptive Competition Project notes, the document actually goes much further in calling out other bad internet practices in other countries. For example, it calls out new rules in India that undermine intermediary liability protections and lead to censorship by ISPs:
India’s 2011 Information Technology Rules govern the liability of internet intermediaries (internet service
providers (ISPs), hosting services, search engines, social networks, online forums, and other web platforms)
for content on their networks. U.S. stakeholders have raised concerns that these rules are vague and
inconsistently applied, and do not provide safeguards against abuse of the process. Any citizen can
complain that certain content is “disparaging” or “harmful,” and intermediaries must respond by removing
that content within 36 hours. Failure to act, even in the absence of a court order, can lead to liability for
the intermediary. Such strict rules encourage over-compliance with takedown notices, causing
intermediaries to remove content that may not be illegal. Foreign companies providing internet services in
India are forced to choose between needlessly censoring their customers and subjecting themselves to the
possibility of legal action.
It calls out countries like Pakistan for establishing site-blocking regimes that have resulted in YouTube and WordPress being completely blocked in the country:
Pakistan has blocked access to websites deemed to be blasphemous or immoral, including YouTube, which
has been blocked since September 2012, and WordPress, which was temporarily blocked for several days
in 2015 with little explanation from the authorities. YouTube reopened in January 2016 after Google
created a country specific site which allows the government of Pakistan to request the removal or blockage
of content. Pakistan has also intermittently blocked both Facebook and Twitter, while Facebook is routinely
asked by the government to censor material deemed to be blasphemous.
It's also really good -- if fairly surprising -- to see the USTR note that the EU's "Digital Single Market" plans with things like increased intermediary liability could result in serious problems for free expression. Even better, the USTR recognizes that these moves to increase intermediary liability are almost entirely about legacy companies trying to shackle innovators, competitors and upstarts:
The Commission is simultaneously exploring whether to increase online intermediaries’ network and
system management responsibilities as they pertain to illegal content and to require some platforms to more
proactively monitor and filter such content (i.e., a “duty of care”), despite logistical difficulties and
implications for free expression. Consequently, the Commission may eventually introduce a new regulatory
regime to more tightly control platforms’ behaviors. The e-Commerce Directive 2000/31/EC currently
grants limitations of liability to intermediary service providers.
Both these initiatives appear motivated, at least in part, by legacy businesses struggling to compete against
the efficiencies provided by Internet-based commerce. This underscores the risk that even well-intentioned
goals can, if implemented through heavy-handed regulation, or even just threat thereof, seriously undermine
innovative business development and hurt the EU’s own efforts to inject more dynamism into its markets.
The USTR also calls out the ridiculous "Google tax" concept, also known as "link taxes" or "ancillary copyright" that have been seen in a variety of European countries, that would require sites that aggregate and link to news sites to pay those news sites for the privilege of sending them traffic. As the USTR rightly notes, this is clearly a trade barrier in the free flow of information:
Over the past several years, publishers in Europe have been advocating for the right to impose fees for the
right to link to content published online. This effort appears to target in particular news aggregators that
index stories and allow users to more conveniently find and access such content by the inclusion in search
results of headlines or other extracts of the stories that the underlying publisher typically offers, without
charge (e.g., supported by advertising) on its own website. Aggregators, including but not limited to U.S.
service suppliers, have pushed back against such requirements, arguing that that they help drive traffic to
publishing sites, and therefore help increase viewership and revenue, and should not be required to pay for
a valuable service they provide. After Belgium and Germany attempted to impose such requirements, some
aggregators simply dropped links to sites seeking additional compensation, causing publishers in those
countries to opt out of requiring such payments after they evaluated the economic impact. In late 2014,
however, Spain passed a similar measure called “Canon AEDE,” which, unlike in Germany and Belgium,
made such payments mandatory (i.e., publishers could not opt out of requiring payments for links). As a
result of this new law, many aggregators, including from the United States, simply pulled out of the Spanish
market. A 2015 study by the Spanish Association of Publishers of Periodical Publications (AEEP) revealed
that publishers’ revenue decreased and that many smaller publishers, which had depended on aggregators,
were disproportionately affected. Since parts of the EU publishing industry are advocating adopting similar
measures EU-wide, which will likely have a negative effect on many U.S. stakeholders, this issue bears
careful monitoring, as well as stepped-up engagement with the EU to ensure that innovative business
models are beneficial to EU content suppliers themselves.
Of course, there's lots of other stuff in the report that is quite concerning (I mean, this is the USTR we're talking about). Ridiculously, some of it even contradicts the points we've raised above. For example, the report repeatedly talks about stronger copyright enforcement and encourages more actions against those who link to infringing content. There's obviously a big disconnect here within the USTR -- in that it doesn't seem to realize that whining about intellectual property in these situations just gives various countries exactly the cover they need to leave in place the ideas discussed above. Don't want your Great Firewall to look like it's about censoring dissent? Just claim it's necessary to stop piracy online! Still want to tax links? Just explain how it's an anti-piracy measure to make sure links are tracked and evaluated to make sure their content is not infringing!
So, yes, this is still the same old USTR on the one hand. But, in the past, the USTR just focused on issues like that, not realizing how it was playing into the hands of others who looked to control and censor the internet, and to stifle innovation. At least now, for the first time, at least someone at the USTR is recognizing how important issues like censorship, site blocking, intermediary liability and the free flow of information online may be. Given how long it's taken, it may feel a bit late, but it's at least an encouraging step in the right direction.
Hopefully, it means the attitudes within the USTR are shifting and it may actually start to focus on the issues that are important in keeping the internet open globally.
When you testify before Congress, it helps to actually have some knowledge of what you're talking about. On Tuesday, the House Energy & Commerce Committee held the latest congressional hearing on the whole silly encryption fight, entitled Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives. And, indeed, they did have witnesses presenting "industry" and "law enforcement" views, but for unclear reasons decided to separate them. First up were three "law enforcement" panelists, who were free to say whatever the hell they wanted with no one pointing out that they were spewing pure bullshit. You can watch the whole thing below (while it says it's 4 hours, it doesn't actually start until about 45 minutes in):
Lots of craziness was stated -- starting with the idea pushed by both chief of intelligence for the NYPD, Thomas Galati and the commander of the office of intelligence for the Indiana State Police, Charles Cohen -- that the way to deal with non-US or open source encryption was just to ban it from app stores. This is a real suggestion that was just made before Congress by two (?!?) separate law enforcement officials. Rep. Morgan Griffith rightly pointed out that so many encryption products couldn't possibly be regulated by US law, and asked the panelists what to do about it. You can watch the exchange here:
You see Cohen ridiculously claim that since Apple and Google are gatekeepers to apps, that the government could just ban foreign encryption apps from being in the app stores:
Right now Google and Apple act as the gatekeepers for most of those encrypted apps, meaning if the app is not available on the App Store for an iOS device, if the app is not available on Google Play for an Android device, a customer of the United States cannot install it. So while some of the encrypted apps, like Telegram, are based outside the United States, US companies act as gatekeepers as to whether those apps are accessible here in the United States to be used.
This is just wrong. It's ignorant and clueless and for a law enforcement official -- let alone one who is apparently the "commander of the office of intelligence" -- to not know that this is wrong is just astounding. Yes, on Apple phones it's more difficult to get apps onto a phone, but it's not impossible. On Android, however, it's easy. There are tons of alternative app stores, and part of the promise of the Android ecosystem is that you're not locked into Google's own app store. And, really, is Cohen literally saying that Apple and Google should be told they cannot allow Telegram -- one of the most popular apps in the world -- in their app stores? Really?
Galati then agreed with him and piled on with more ignorance:
I agree with what the Captain said. Certain apps are not available on all devices. So if the companies that are outside the United States can't comply with same rules and regulations of the ones that are in the United States, then they shouldn't be available on the app stores. For example, you can't get every app on a Blackberry that you can on an Android or a Google.
Leaving aside the fact he said "Android or a Google" (and just assuming he meant iPhone for one of those)... what?!? The reason you can't get every app on a BlackBerry that's on other devices has nothing to do with any of this at all. It's because the market for BlackBerry devices is tiny, so developers don't develop for the BlackBerry ecosystem (and, of course, some BlackBerries now use Android anyway, so...). That comment by Galati makes no sense at all. Using the fact that fewer developers develop for BlackBerry says nothing about blocking foreign encryption apps from Android or iOS ecosystems. It makes no sense.
Why are these people testifying before Congress when they don't appear to know what they're talking about?
Later in the hearing, when questioned by Rep. Paul Tonko about how other countries (especially authoritarian regimes) might view a US law demanding backdoors as an opportunity to demand the same levels of access, Cohen speculated ridiculously, wildly and falsely that he'd heard that Apple gave China its source code:
Here's what Cohen says:
In preparing for the testimony, I saw several news stories that said that Apple provided the source code for iOS to China, as an example. I don't know whether those stories are true or not.
Yeah, because they're not. He then goes on to say that Apple has never said under oath whether or not that's true -- except, just a little while later, on the second panel, Apple's General Counsel Bruce Sewell made it quite clear that they have never given China its source code. Either way, Cohen follows it up by saying that Apple won't give US law enforcement its source code, as if to imply that Apple is somehow more willing to help the Chinese government hack into phones than the US government. Again, this is just blatant false propaganda. And yet here is someone testifying before Congress and claiming that it might be true.
Thankfully, at the end of the hearing, Rep. Anna Eshoo -- who isn't even a member of the subcommittee holding the hearing (though she is a top member of the larger committee) joined in and quizzed Cohen about his bizarre claims:
She notes that it's a huge allegation to make without any factual evidence, and asks if he has anything to go on beyond just general "news reports." Not surprisingly, he does not.
Elsewhere in the hearing, Cohen also insists that a dual key solution would work. He says this with 100% confidence -- that if Apple and law enforcement had a shared key it would be "just like a safety deposit box." Of course, this is also just wrong. As has been shown for decades, when you set up a two key solution, you're introducing vulnerabilities into the system that almost certainly let in others as well.
And then, after that, Rep. Jerry McNerney raises the point -- highlighted by many others in the past -- that rather than "going dark," law enforcement is in the golden age of surveillance and investigation thanks to more and new information, including that provided by mobile phones (such as location data, metadata on contacts and more). Cohen, somewhat astoundingly, claims he can't think of any new information that's now available thanks to mobile phones:
Here's Cohen:
Sir, I'm having problems thinking of an example of information that's available now that was not before. From my perspective, thinking through investigations that we previously had information for, when you combine the encryption issue along with shorter and shorter retention periods, in a service provider, meaning they're keeping their records, for both data and metadata, for a shorter period of time, available to legal process. I'm having difficulty finding an example of an avenue that was not available before.
Huh?!? He can't think of things like location info from mobile phones? He can't think of things like metadata and data around unencrypted texts? He can't think of things like unencrypted and available information from apps? Then why is he on this panel? And the issue of data retention? Was he just told before the hearing to make a point to push for mandatory data retention and decided to throw in a nod to it here?
At least Galati, who went after him, was willing to admit that tech has provided a lot more information than in the past -- but then claimed that encryption was "eliminating those gains."
Cohen is really the clown at the show here. He also claims that Apple somehow decided to throw away its key and that it was "solving a problem that doesn't exist" in adding encryption:
There he's being asked by Rep. Yvette Clarke if he sees any technical solutions to the encryption issue, and he says:
The solution that we had in place previously, in which Apple did hold a key. And as Chief Galati mentioned, that was never compromised. So they could comply with a proper service of legal process. Essentially, what happened is that Apple solved a problem that does not exist.
Again, this is astoundingly ignorant. The problem before was that there was no key. It wasn't that Apple had the key, it's that the data was readily available to anyone who had access to the phone. That put everyone's information at risk. It's why there was so much concern about stolen phones and why stolen phones were so valuable. For a law enforcement official to not realize that and not think it was a real problem is... astounding. And, again, raises the question of why this guy is testifying before Congress.
It also raises the question of why Congress put him on a panel with no experts around to correct his many, many errors. At the very least, towards the beginning of the second panel, Apple GC Sewell explained how Cohen was just flat out wrong on these points:
If you can't see that, after his prepared remarks, Sewell directly addresses Cohen's claims:
That's where I was going to conclude my comments. But I think I owe it to this committee to add one additional thought. And I want to be very clear on this: We have not provided source code to the Chinese government. We did not have a key 19 months ago that we threw away. We have not announced that we are going to apply passcode encryption to the next generation iCloud. I just want to be very clear on that because we heard three allegations. Those allegations have no merit.
A few minutes later, he's asked directly about this and whether or not the Chinese had asked for the source code, and Sewell says that, yes, the Chinese have asked, and Apple has refused to give it to them:
Seems like they could have killed 3 hours of ignorant arguments presented to Congress, if they had just not allowed such ignorance to be spewed earlier on.
When Netflix recently expanded into 190 different countries, we noted that the company ramped up its efforts to block customers that use VPNs to watch geo-restricted content. More accurately, Netflix stepped up its efforts to give the illusion it seriously cracks down on VPN users, since the company has basically admitted that trying to block such users is largely impossible since they can just rotate IP addresses and use other tricks to avoid blacklists. And indeed, that's just what most VPN providers did, updating their services so they still work despite the Netflix crackdown.
Netflix's frankly over-stated "crackdown" is an effort to soothe international broadcasters, justly worried about licensing content to a company that is demolishing decades-old broadcasting power centers. But even superficial as it may be, Netflix's crackdown on VPNs still managed to erode user privacy and security, since obviously there are countless people using VPNs for reasons other than engaging in global Netflix tourism.
There was uproar from customers, some of which simply use VPNs to protect their privacy, with a petition calling for the ban to be lifted attracting over 40,000 signatures. But it seems Netflix, which generally cherishes its user experience, doesn’t seem fussed by this uprising.
“It’s a very small but quite vocal minority,” CEO Reed Hastings said during this week’s earnings call. “So it’s really inconsequential to us, as you could see in the Q1 results.”
And, if looking solely at growth, he's not wrong; the company reported that it now serves 81.5 million members, 42% of whom are now outside of the United States. That's 44,740,000 TV subscribers in the States alone, double Comcast's latest tally of 22,347,000 TV customers. While investors are worried about growing competition from Amazon and grandfathered customers' reaction to next-month's price hike (actually announced two years ago), most customers, VPN or otherwise, aren't leaving.
And while Netflix may be annoying some VPN users now, the company has repeatedly stated that its ultimate goal is to eliminate geographic broadcast restrictions entirely. That not only makes it so Netflix tourism is unnecessary, but it should reduce piracy -- something Netflix Chief Product Officer Neil Hunt reiterated earlier this year at CES:
“Our ambition is to do global licensing and global originals, so that over maybe the next five, 10, 20 years, it’ll become more and more similar until it’s not different”... “We don’t buy only for Canada; we’re looking… for all territories; buying a singular territory is not very interesting any more.... When we have global rights, there’s a significant reduction in piracy pressure on that content. If a major title goes out in the U.S. but not in Europe, it’s definitely pirated in Europe, much more than it is if it’s released simultaneously,” Mr. Hunt says.
In other words Netflix's long-term vision may be to eliminate fractured broadcast licensing so users don't need to use VPNs. But in the short term Netflix should probably try a little harder to avoid alienating its more technically savvy customers. They may be "inconsequential" now during Netflix's heyday, but may prove important once Netflix's streaming battle against Amazon, Hulu, Apple, and countless other companies starts to heat up.
from the anyone-who-owns-a-dog-completely-unsurprised dept
Drug dogs here in the US are mainly one-trick ponies, to clumsily mix a metaphor. Domesticated canines aim to please. Training of drug dogs involves giving them treats or toys upon alerting. You don't have to be Pavlov to see how this plays out in the real world. Dogs will alert in hopes of a reward or be nudged in that direction by conscious or unconscious "nudges" by their handlers. Hence, we have drug dogs in use with horrendous track records. (But, notably, not horrendous enough to result in judicial smackdowns, for the most part.)
The UK deploys its own drug dogs as well. Turns out they have the same problems… sort of. For one, they're not all that great at detecting drugs or other contraband, according to a report by the UK's Independent Inspector of Borders and Immigration. (via Mashable)
The report finds the human staff at the Manchester Airport to be mostly capable. The dogs, however, not so much.
The deterrent effect of the detection dogs was difficult to measure, but seizures alone represented a low return on investment, given £1.25m spent on new kennels and the costs of operating the unit.
Apparently, one of the key forms of contraband the drug dogs were supposed to detect went completely undetected during an eight-month period.
Heroin and cocaine were assessed as 'very high' priority within both air passengers and freight. Yet, according to the data provided by Border Force, the dogs had made no Class A drugs detections in the period November 2014 to June 2015.
It's not that the dogs weren't detecting anything at all. There were "alerts," but they weren't for illegal drugs, cash, etc. and they weren't false alerts triggered by handlers. Instead, the dogs appeared to be operating on empty stomachs.
When deployed, the POAO dog made multiple accurate detections, but most were of small amounts of cheese or sausages, wrongly brought back by returning British holidaymakers and posing minimal risk to UK public health.
The only motivation more powerful than the innate desire to please: the desire to consume sausage and cheese.
To be fair, the dogs did detect some illegal drugs…
In our own sample from 1 November to 30 April (Figure 16), the six detections were three small amounts of Class B drugs and three lots of tablets – Human Growth Hormone, Viagra and Bromazepam.
Which is why the Inspector is understandably unimpressed that six dogs have cost the agency £1.25m plus whatever yearly maintenance costs. The report cuts the underperforming dogs a lot of slack by suggesting "routine" use has altered drug smugglers' strategies to route around the drug sniffers. On the other hand, the multiple "detections" of foodstuffs dogs naturally find delicious suggests £1.25m isn't enough money to feed the dogs properly.
The agency agrees with the Inspector, leading to this very weird sentence.
A senior manager agreed that there was a lack of innovation in the use of the dogs.
Perhaps we've reached peak drug dog. There may be no further innovation possible. The reality is that, while the animals enjoy the use of heightened senses, they're still just animals and will default to instinctual behavior faster than (most) humans will. It really wouldn't be a problem if law enforcement and security officials recognized this inherent drawback, but they rarely do. Instead, trained dogs are presented to citizens and courts as miracles of nature and instrumental contributors to various Wars on Things -- even as evidence continues to mount indicating they're no better at detecting contraband than their handlers, who don't possess heightened olfactory capabilities.
One of central claims made by supporters of corporate sovereignty chapters in trade deals is that companies "need" this ability to sue the government in special tribunals. The argument is that if the extra-judicial investor-state dispute settlement (ISDS) framework is not available to a company, it will be defenseless when confronted with a bullying government. A new case in Australia shows why that's not true. A column in The Sydney Morning Herald provides the background, which concerns a US company called Nucoal:
In 2013, the NSW [New South Wales] Independent Commission against Corruption found that there had been corrupt conduct relating to the granting of mining licences to Nucoal and other mining companies and the NSW government cancelled the licences.
Naturally, Nucoal unleashed its lawyers:
[Nucoal] demanded compensation of more than $900 million in Australia's High Court, claiming the decision to cancel its licence without compensation was unconstitutional and had reduced the value of the company. The High Court found in April 2015 that under Australian law Nucoal was not entitled to compensation.
Now Nucoal had a problem. Normally, a company in this situation would invoke the corporate sovereignty chapter in a relevant trade deal, and move the case to secret ISDS tribunals, which were likely to be more favorable to its cause than the independent national courts. But with unusual foresight, Australia refused to accept ISDS in the 2004 AUSFTA trade agreement between the US and Australia -- which makes its decision to acquiesce to ISDS in TPP doubly foolish. Despite what fans of corporate sovereignty claim, Nucoal still has another option at this point:
Nucoal is pressuring the US government to put a case to the Australian government that the denial of compensation has violated the general investment terms of the [AUSFTA] agreement. This could result in a formal complaint from the US government demanding trade sanctions against the Australian government.
Last week The Australian reported that the CEO of the US Chamber of Commerce in Australia has announced that the US government will raise the issue in a closed-door review of the AUSFTA to be held in May.
That is, unable to avail itself of the investor-state dispute mechanism, Nucoal now wants to take advantage of the state-state dispute settlement process (pdf) whereby the US government formally complains to the other government concerned. Now, whether the US government should really be taking up a case involving corruption is another question. The key point is that it is not absolutely necessary to include corporate sovereignty provisions in a trade deal to protect companies, because there is always the state-to-state mechanism that can be invoked if necessary.
Plenty of people like a big, rare steak every once in a while. It's probably not the healthiest meal, but everything in moderation, right? How about insect protein for "meatless Mondays" or seaweed salads before dinner? Everything in moderation, right? Here are just a few interesting ways to expand your palate and maybe eat in a more sustainable fashion -- if you can stomach it.
RSS
