Opinion: The Reasonable Expectation Fallacy – Dan Geer writing at CSM’s Passcode
The Intercept on XKEYSCORE: XKEYSCORE: NSA’S Google for the World’s Private Communications and Behind the Curtain; a Look at the Inner Workings of NSA’s XKEYSCORE
Introducing the ‘Right to Eavesdrop on Your Things’; Data Privacy is a Big Enough Deal that Americans Need a New Right – Stanford professor Keith Winstein at Politico
Presentation by Benedict Evans of Andreessen Horowitz on how “Mobile is Eating the World”
As More Tech Start-Ups Stay Private, So Does the Money – Farhad Manjoo in the New York Times
The Rabbit-Hole of ‘Relevant’ – Mattathias Schwartz in the New York Times:
“When a law has a name like ‘Patriot’ or ‘Freedom,’ it’s a sign that you should read the fine print. Somewhere down there, in the terraced subclauses of some forgettable subsection, is a word with a special meaning, a word that offers shelter and concealment to whatever it is that the law actually does.”
Three Pieces on the Open Web: Dave Winer – Key Concept of the Open Web: Working Together; David Weinberger – The Internet That Was (and Still Could Be); As Corporations Like Facebook Gain Control Over More and More Online Activities, the Web’s Core Values are at Stake; and Dries Buyteart – Winning back the Open Web.
The Wait-for-Google-to-Do-It Strategy; America’s Communications Infrastructure is Finally Getting Some Crucial Upgrades Because One Company is Forcing Competition When Regulators Won’t – MIT Technology Review
A New Wave of US Internet Companies is Succeeding in China—By Giving the Government What it Wants – Josh Horowitz at Quartz
The End of Advertising As We Know It – Michael Wolff
Texts (TPP, TISA and TTIP):
TPP (Trans Pacific Partnership), TISA (Trade in Services Agreement) and TTIP (Trans-Atlantic Trade and Investment Partnership) texts have not yet been made officially public, although at least portions of certain drafts have been leaked by Wikileaks (Wikileaks July 2, 2015 press release).
Trade Promotion Authority (2015):
Wikipedia on trade fast track
On Trade, Here’s What the President Signed into Law – White House blog
Trade Promotion Authority (TPA) and the Role of Congress in Trade Policy (pdf; 24 pages) – Congressional Research Service
Analysis and Opinion:
Privacy Is Not a Barrier to Trade; How a Secretive Trade agreement Could Change the Global Internet – law professor Margot Kaminski at Slate
A Congressional Straightjacket: Fast-Tracking the TPP – law professors Gregory Shaffer and Jack Lerner at The Huffington Post
Another Leaked Trade Agreement, Another Reason to Oppose Fast Track – law professor David Singh Grewal at The Huffington Post
TISA: analysis of the leaked ‘core text’ (pdf; 7 pages) – law professor Jane Kelsey
Leaked: What’s in Obama’s Trade Deal – Politico
Dave Aitel on the OPM hack:
“But there’s a little silver lining in the OPM hack, and it is this: (1) Covert identities are dead anyways, because databases full of biometrics are everywhere, and you can read someone’s fingerprints off any beer glass faster than you can say ‘Your Cover Is Blown, Ethan Hunt’. That’s not even counting the DNA revolution of being able to map the entire human family tree out that nobody is talking about yet. Regardless, you cannot hide WHO you are in the modern age if for no other reason than Facebook exists. Deal with it. (2) The entire clearance system as a whole has been obliterated by modern information sciences.”
From the Dailydave Digest; subscribe here.
The new DOD manual is the first since 1956 (pdf; 1,176 pages, with the Cyber Operations portion (Chapter XVI) spanning 15 pages in the pdf, from page 994 to 1009).
Professor Kristen Eichensehr (UCLA Law School) writing at JustSecurity discusses how the new manual’s provisions treat hacking incidents such as the OPM hack.
Just Security’s “mini forum” (series of related posts) on the new Law of War Manual.
The Wiretap Report:
The 2014 Wiretap Report (summary and links to several pdfs) released by the Administrative Office of the United States Courts.
Data Shows Little Evidence for FBI’s Concerns About Criminals ‘Going Dark’ – Motherboard/VICE
Update: Supreme Court Declines to Hear Appeal in Google-Oracle Copyright Fight – New York Times:
“Monday’s Supreme Court decision, which was specific to this appeal, means the Oracle-Google saga will now move back to the lower courts to determine another aspect of the case: Even though Google was using copyrighted software, was it only making ‘fair use’ of it . . . ‘You shouldn’t let the owner of an A.P.I. end up owning the other person’s program,’ said Michael Barclay, special counsel to the Electronic Frontier Foundation, a tech nonprofit devoted to civil liberties. ‘I don’t think we’ll find out how bad a day this is for a long time.'”
Previously – Solicitor General Brief Argued APIs are Copyrightable:
Considering whether to grant certiorari in the Google v. Oracle America case, the Supreme Court earlier in 2015 asked the government to weigh in on the dispute. In response, the Solicitor General filed its brief, surprisingly taking the position that APIs are subject to copyright protection.
The Solicitor General’s Brief for the United States as Amicus Curiae (pdf; 23 pages)
News Reaction to Solicitor General Brief:
Marc Andreesen tweet: “Obama Administration to software programmers: Drop dead!”
The Solicitor General’s Peculiar Brief in Google v. Oracle – Computer & Communications Industry Association (CCIA), Disruptive Competition Project
List and Links to Rulings and Related Filings (under the Tab “Documents” following the brief article) – EFF
See, in particular, the November 2014 “Brief of Amici Curiae Computer Scientists in Support of Petitioner” (pdf; 27 pages, excluding list of amici and tables of content and cited authorities)
Appeals Court Ruling (May 2014) – Court of Appeals for the Federal Circuit
The Appeals Court Decision (pdf; 69 pages)
Reaction (at that time): Tech World Stunned as Court Rules Oracle Can Own APIs; Google Loses Copyright Appeal – GigaOm
Original Trial and Decision (May 2012) – U.S. District Court, Northern District of California
The Original Copyright Related Rulings: “Order re: copyright ability of certain replicated elements of the JAVA application programming interface” (pdf; 41 pages) and “Findings of Fact and Conclusions of Law on Equitable Defenses” (pdf; 3 pages)
News Article Summing Up the Patent Portion of the Case: Jury Clears Google of Infringing on Oracle Patents – ZDNet
Reaction (at that time): Google Wins Crucial API Ruling, Oracle’s Case Decimated; Java API Packages ‘free for all to use under the Copyright Act’ – ArsTechnica
Slow West (Rotten Tomatoes Critics 88%), Ex Machina (Rotten Tomatoes Critics 91%), Ida (from 2014)(Rotten Tomatoes Critics 96%), Locke (from 2014)(Rotten Tomatoes Critics 91%), and A Girl Walks Home Alone at Night (from 2014)(Rotten Tomatoes Critics 96%).
TV (in addition to Game of Thrones, Mad Men, Walking Dead, and The Americans):
Wolf Hall (Rotten Tomatoes Critics 100%), Fortitude (Rotten Tomatoes Critics 88%), The Missing (uk series; season one)(A.V. Club: B), Happy Valley (uk series; season one)(Rotten Tomatoes Critics 100%), Broadchurch (uk series; season two)(Rotten Tomatoes Critics 90% season one and 85% season two), Utopia (uk series; seasons one and two; U.S. David Fincher/Gillian Flynn version currently in production), Witnesses (Les Témoins) (french series; season one), Justified (Rotten Tomatoes Critics 100%), and Better Call Saul (Rotten Tomatoes Critics 100%).
Sufjan Stevens “Carrie & Lowell” (Pitchfork 9.3, Metacritic 90, AV Club A); Torres “Sprinter” (Pitchfork 8.0, Metacritic 81); Courtney Barnett “Sometimes I Sit . . . “ (Pitchfork 8.6, Metacritic 88, AV Club A-); Donnie Trumpet & The Social Experiment “Surf” (Pitchfork 8.3, Metacritic 87, AV Club A-); Levon Vincent [self titled] (Pitchfork 8.3, Metacritic 85); Waxahatchee “Ivy Tripp” (Pitchfork 8.1, Metacritic 81, AV Club B+); Twerps “Range Anxiety” (Pitchfork 7.5, Metacritic 70); Girlpool “Before the World Was Big” (Pitchfork 7.8, Metacritic 79); The Bad Plus Joshua Redman [self titled] (Metacritic 84); Los Hijos De La Montana [self titled]; The Drink “Company” (from 2014); Kamasi Washington “The Epic” (Pitchfork 8.6); and Screaming Females “Rose Mountain” (Pitchfork 6.7, Metacritic 77, AV Club B+).
Washington Post’s “Net of Insecurity” series: Part 1 – The Long Life of a Quick ‘Fix’; Internet Protocol from 1989 Leaves Data Vulnerable to Hijackers; Part 2 – A Flaw in the Design; The Internet’s Founders Saw its Promise But Didn’t Foresee Users Attacking One Another
Bureau of Industry and Standards’ Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items (pdf; 49 pages)
BIS FAQs on the Intrusion and Surveillance Items Implementation
Wassenaar Arrangement – Wikipedia
Analysis and Opinion:
Why an Arms Control Pact has Security Experts Up in Arms – Kim Zetter in Wired
Proposed U.S. Export Controls: Implications for Zero-Day Vulnerabilities and Exploits – Mailyn Fidler at LawFare
Changes to Export Control Arrangement Apply to Computer Exploits and More – Jennifer Granick and Mailyn Fidler at JustSecurity
Why Changes to Wassenaar Make Oppression and Surveillance Easier, Not Harder – ADD/XOR/ROL blog
Regulating the Zero-Day Vulnerability Trade: A Preliminary Analysis (pdf; 78 pages) – academic paper by Mailyn Fidler forthcoming in “I/S: A Journal of Law and Policy for the Information Society”
How Bad? Very Bad:
Attack Gave Chinese Hackers Privileged Access to U.S. Systems – New York Times
China’s Hackers Got What They Came For – The Hill
Hacking as Offensive Counterintelligence; China’s Hack Just Wrecked American Espionage and China’s Spies Hit the Blackmail Jackpot With Data on 4 Million Federal Workers – John Schindler at his XXCommittee blog and at The Daily Beast
How Was It Discovered? During a Product Demo:
Level of OPM Incompetency? High. Very Old Software, Unencrypted Databases, and Foreign Contractors, Including Chinese, with Root Access:
Encryption “would not have helped” at OPM, Says DHS Official; Attackers had Valid User Credentials and Run of Network, Bypassing Security – ArsTechnica, with details of the OPM systems and lack of security
“!! OPM IT outsourced to foreigner contractors, with root access, working from their home country. In this case, China” – John Schindler (@20committee): June 17, 2015
Former NSA and CIA Director, Michael Hayden (quote via Benjamin Wittes @ Lawfare.com) as to what he would have done if he had had the ability to get Chinese records equivalent to the OPM records when he was serving in his IC positions:
“I would not have thought twice. I would not have asked permission. I’d have launched the star fleet. And we’d have brought those suckers home at the speed of light . . . This is shame on us for not protecting that kind of information.”
From Benjamin Wittes writing on the OPM hack at LawFare in his post “Is the Privacy Community Focused on the Wrong Government?“:
“For the record, I have no problem with the Chinese going after this kind of data. Espionage is a rough business and the Chinese owe as little to the privacy rights of our citizens as our intelligence services do to the employees of the Chinese government. It’s our government’s job to protect this material, knowing it could be used to compromise, threaten, or injure its people—not the job of the People’s Liberation Army to forebear collection of material that may have real utility. Yet I would have thought that privacy groups that take such strong views of the need to put limits on American collection, even American collection overseas against non-U.S. persons, would look a little askance at a foreign intelligence operation consisting of the bulk collection of the most highly-personal information—an operation involving not only government employees but also those close to them. You’d think this would raise someone’s privacy hackles, if not mine.”
Adam Elkus writing at BusinessInsider:
“[C]leaning up the systematic dysfunction in OPM and other agencies will require a harsh and swift hand and plenty of pink slips. Fantasizing about super-hackers and visions of cyber-doom are more fun than the boring but necessary drudgery, for example, of modernizing a decrepit and decaying federal information technology base or ensuring that basic security protocols are observed.”
Megan McArdle at BloombergView:
“The serial IT disasters we have seen over the past seven years do not need a blue-ribbon commission or a really stern memo to fix them. If we want these holes fixed before they become catastrophic, we need leaders with a scorched-earth determination to have adequate IT. The only way that determination happens is if these failures become an existential threat to the careers of the politicians in charge.”
Law, Tech and Policy
Got Your Number: Cyber-attacks Make Us Rethink the Idea of Social Security Numbers – California Magazine
Mary Meeker’s annual Internet Trends presentation
What is Code? – an excellent long-read by Paul Ford in Bloomberg BusinessWeek
Why the Blockchain Matters – Reid Hoffman at Wired UK
Quantum Computing is About to Overturn Cybersecurity’s Balance of Power – Washington Post
What is ‘Cybersecurity Law’? – Orin Kerr in The Washington Post
According To The Government, Clearing Your Browser History Is A Felony – TechDirt; Also, When It’s a Crime to Withdraw Money From Your Bank – New York Times
The Fallen of WWII – a captivating visualization (I watched the video (18 minutes); there is also an interactive version) of WWII casualties, including in relation to post-WWII conflicts. Highly recommended.
The Rise and Fall of Silk Road (part I and part II) – Wired; and Sunk: How Ross Ulbricht Ended up in Prison for Life – Inside the Trial that Brought Down a Darknet Pirate – ArsTechnica
26 years after Tiananmen, Chinese Millennials are Forgetting to Fear their Government – Gwynn Guilford at Quartz
Do You Fear an Elite Population of Enhanced Babies? – FuturePundit
Vinod Khosla @ The Stanford Graduate School of Business: “Failure Does Not Matter – Success Matters”
As is readily apparent from the video, Khosla has a very healthy ego, for the most part earned. There are various versions of this talk on the web, but this recent appearance at Stanford GSB is one of the better. The key portion is from the beginning to 35:30 (when the audience questions begin).
An interesting short piece (five paragraphs and an eleven photo slide show) entitled Internet I.R.L. in today’s New York Times magazine about photographer Dave Greer‘s current project photographing where pieces of the internet backbone and related data centers are housed. Tidbit from the article about the One Wilshire building in the above photograph (taken by me from my former loft in downtown Los Angeles): “In 2013, One Wilshire sold for $437.5 million, the highest price per square foot (about $660) ever paid for a downtown Los Angeles office building. Why? Because the Internet. The building is one of the world’s largest data-transfer centers — tenants include network, cloud and information-technology providers — and serves as a major West Coast terminus for trans-Pacific fiber-optic cables.” An excellent reminder that the internet is not some amorphous thing ‘in the cloud’, but based on tangible, physical things, including circuits, switches, servers, cables and other equipment – in many cases, housed in buildings or buried under ground or sea.
Beginning July 13th, a Coursera on-demand course Internet Giants: The Law and Economics of Media Platforms taught by Randy Picker of the University of Chicago Law School. The seven topics to be explored in the course (1) Microsoft: The Desktop vs. The Internet, (2) Google Emerges and the World Responds, (3) Smartphones, (4) Network Neutrality, (5) The Day the Music Died, (6) Control over Video, and (7) The Mediated Book.
From Smoke-Filled Rooms to Computer Algorithms – The Evolution of Collusion – Ariel Ezrachi and Maurice Stucke at The CLS Blue Sky Blog
When Bots Collude – The New Yorker
Artificial Intelligence & Collusion: When Computers Inhibit Competition – Ariel Ezrachi and Maurice Stucke (pdf available at the link; 38 pages)
Antitrust and the Robo-Seller: Competition in the Time of Algorithms – Salil K. Mehra (pdf available at the link; 60 pages)
Recent DOJ Action:
Former E-Commerce Executive Charged with Price Fixing in the Antitrust Division’s First Online Marketplace Prosecution – Department of Justice Press Release. The Topkins DOJ charges: – pdf (5 pages)
“Usability is critical. Lots of good crypto never got widely adopted as it was too hard to use; think of PGP. On the other hand, Tails is horrifically vulnerable to traditional endpoint attacks, but you can give it as a package to journalists to use so they won’t make so many mistakes. The source has to think ‘How can I protect myself?’ which makes it really hard, especially for a source without a crypto and security background. You just can’t trust random journalists to be clueful about everything from scripting to airgaps. Come to think of it, a naive source shouldn’t trust their life to securedrop; he should use gpg before he sends stuff to it but he won’t figure out that it’s a good idea to suppress key IDs. Engineers who design stuff for whistleblowers and journalists must be really thoughtful and careful if they want to ensure their users won’t die when they screw up. The goal should be that no single error should be fatal, and so long as their failures aren’t compounded the users will stay alive.”
— Ross Anderson at Light Blue Touchpaper
Law, Tech and Policy
An Updated Readers’ Guide on Section 215 and the USA Freedom Act – Just Security
All Job Increases Since 2001 are in Non-Routine Work – FuturePundit, commenting on Is Your Job ‘Routine’? If So, It’s Probably Disappearing – Wall Street Journal. But with a bit of the contrary view – Be Calm, Robots Aren’t About to Take Your Job, MIT Economist Says – Wall Street Journal. Also: ProfessorDavid H. Autor’s (MIT) paper Polanyi’s Paradox and the Shape of Employment Growth (pdf; 47 pages), which is cited in the WSJ article. From the abstract: “A key observation of the paper is that journalists and expert commentators overstate the extent of machine substitution for human labor and ignore the strong complementarities. The challenges to substituting machines for workers in tasks requiring adaptability, common sense, and creativity remain immense.”
Tor Browser 4.5 is Released – The Tor Project; plus there’s a relatively recent new version of SecureDrop (0.3) – Announcing the New Version of SecureDrop, with the Results from our Third Security Audit (March 23rd) – Freedom of the Press Foundation and related commentary at BoingBoing. Also: The People Who Risk Jail to Maintain the Tor Network – Motherboard/Vice
Encrypting Your Laptop Like You Mean It and Passphrases that You Can Memorize, but that Even the NSA Can’t Guess – Micah Lee at The Intercept
SEC Adopts Rules to Facilitate Smaller Companies’ Access to Capital – the SEC’s press sheet and fact sheet on its revisions to Regulation A. Also: pdf of the Final Rules and supplementary information (454 pages).
The Mission to Save the Internet by Rewiring it from the Name Up – Motherboard/Vice
China Rates its Own Citizens, Including Online Behavior – Volkskrant; and Planning Outline for the Construction of a Social Credit System (2014-2020) – China Copyright and Media
Where the Real Skyscrapers Are; Hint: North Dakota – ArchDaily on TV masts as some of the tallest structures in the world
ZPM Expresso and the Rage of the Jilted Crowdfunder – New York Times; but see Professor James Grimmelmann Riskstarter; Kickstarter is a Tool for Managing Risk. Also: A Crowdfunded Startup Explains why Crowdfunding can be a Complete Disaster – Verge
The Opinion: pdf (110 pages)
NSA Program on Phone Records is Illegal, Court Rules – Washington Post
NSA Phone Program is Illegal, Appeals Court Rules – Wall Street Journal
Audio Summary for Laypersons: Professor William McGeveran on Wisconsin public radio (approx. 10 minutes)
Analysis and Opinion:
Second Circuit Rules that Section 215 Does Not Authorize Telephony Bulk Collection Program – Marty Lederman at Just Security
Second Circuit Rules, Mostly Symbolically, that Current Text of Section 215 Doesn’t Authorize Bulk Surveillance – Orin Kerr in the Washington Post
Court Backs Snowden, Strikes Secret Laws – Noah Feldman at BloombergView
Background Legal Paper by an Attorney for one of the Amici Curiae: Bulk Metadata Collection: Statutory and Constitutional Considerations by Laura Donohue (2013)(pdf download at the link)
Impact on Patriot Act Section 215 Status/Sunset:
How the Second Circuit’s Decision Changes the Legislative Game – Liza Goiten at LawFare
The Second Circuit and the Politics of Surveillance Reform – Steve Vladeck at Just Security
What to Say When the Police Tell You to Stop Filming Them – The Atlantic
A Due Process Right to Record the Police – Glenn Reynolds and John Steakley (pdf download at the link)
Citizen Recordings of Police in Public Places — First Amendment Protection? – A very good legal roundup at Concurring Opinion
New ACLU Mobile Justice App Empowers Public to Safeguard Rights – ACLU of Northern California
Striking a Balance – Whistleblowing, Leaks and Security Secrets (LawFare podcast)
Key portion: 00:07:29 (after intro and panelist bios) to 01:32:30 (when audience Q&A starts)
A discussion amongst Bob Litt (General Counsel for the Office of the Director of National Security), Ken Dilanian (Associated Press), Gabriel Schoenfeld (Hudson Institute) and Steve Vladeck (LawFare), about leaks, whistleblowing, the Espionage Act and Snowden.
Stewart Baker Discussion with Bruce Schneier (Steptoe CyberLaw podcast)
Key portion: 24:18 to 58:30
Bruce Schneier and Stewart Baker tangle on a variety of topics, including the wisdom and legality of “hacking back”, Bruce’s book “Data and Goliath” and some general surveillance/privacy matters. Nothing particularly new here, but always interesting to hear these two – from opposite ends of the spectrum – tangle.
. . . And We Are Getting Amazing Things. Recent Tech Developments:
IBM Brings Quantum Computing a Step Closer – Wall Street Journal
What Can We Do with a Quantum Computer? – Institute for Advanced Study.
We’re Entering a Golden Era of Quantum Computing Research – SmarterPlanet
Electromagnetic Space Drives:
Evaluating NASA’s Futuristic EM Drive – NASASpaceflight.com
Full Text of the Chinese Scientists’ Research Paper
Editing Human Embryos: So This Happened – National Geographic