EFF Tells Court Defendants Must Be Allowed To Examine The DNA Software Used To Convict Them

from the rolling-dice-with-more-sides-but-they're-still-just-dice dept

A proper adversarial system means the accused can confront the accuser. But that's rarely the case when crime solving software is involved. The FBI doesn't allow accused child porn downloaders to examine the malicious software it used to identify their computers. Multiple law enforcement agencies have dropped cases rather than discuss Stingray devices in open court.

All DNA analysis is handled by software. Most DNA analysis utilizes proprietary code created by private companies which license it to government agencies. The analysis may be performed by government agencies and employees, but when it comes to giving defense lawyers and their clients a chance to examine the software used to generate evidence, it suddenly becomes a very private matter.

Companies routinely intercede in criminal cases, telling judges that handing over source code or other information about their algorithms would somehow make it impossible for them to compete in the crime solving market. In most cases, judges are sympathetic to claims about trade secrets and proprietary code, allowing the accused to only confront their accuser by proxy, via a government expert or an employee of the software company.

In rare cases, the court actually finds in favor of the defendant. Earlier this year, a case involving third-party DNA software and the EFF's intercession went the defendant's way with a federal judge in Pennsylvania telling the government it couldn't hide behind third-party trade secret assertions to keep this code out of the accused's hands. As the court reasoned then, if DNA evidence is central to the case against the defendant, the defendant should have access to the evidence and the software that created it.

The EFF is hoping for a similar outcome in a case being handled in California. It deals with the possibly wrongful conviction of a 70-year-old man for rape. And it involves a DNA software company whose algorithm was the only one that tied the suspect to the crime.

An elderly woman was sexually assaulted and murdered in her home and two witnesses described seeing a black man in his 50s on the property on the day of the murder. Dozens of people had passed through the victim's home in the few months leading up to the murder, including Mr. Davis and another individual. Mr. Davis is an African American man who was in his 70s at the time of the murder and suffers from Parkinson’s disease. Another individual who met the witnesses’ description had a history of sex crimes including sexual assault with a foreign object.

DNA samples were taken from dozens of locations and items at the crime scene. Mr. Davis’s DNA was not found on many of those, including a cane that was allegedly used to sexually assault the victim. Traditional DNA software was not able to match Mr. Davis to the DNA sample from a shoelace that was likely used to tie up the victim—but STRMix did, and the prosecution relied heavily on the latter before the jury.

As the EFF points out in its brief [PDF], DNA software is anything but infallible. STRMix was caught a half-decade ago when a bug in its code possibly led to dozens of false arrests and convictions. Presumably that bug has been patched, but if no one outside of STRMix is allowed to examine the code, it's impossible to see if it might be leading prosecutors and government experts to overstate the certainty of DNA matches.

The necessity of independent source code review for probabilistic DNA programs was starkly demonstrated when FST (a counterpart to STRmix that was used in New York crime labs) was finally provided to a defense team for analysis. According to a defense expert, the undisclosed portion of the code could incorrectly tip the scales in favor of the prosecution’s hypothesis that a defendant’s DNA was present in a mixture. Reply Mem. of Law in Supp. as to Kevin Johnson at 19-21, United States v. Kevin Johnson, (S.D.N.Y. Feb. 27, 2017) (No. 15-CR-565 (VEC), D.I. 110). In fact, STRmix8 has suffered from programming errors that created false results in 60 cases in Queensland, Australia.

The problems caused by nondisclosure are especially acute in the context of the latest generation of probabilistic DNA analysis because there is no objective baseline truth against which the output from the program may be evaluated—and thus it is impossible to gauge the accuracy of these programs by examining their results.

If there's no objective baseline, every DNA analysis program is allowed to grade on its own curve. DNA matches aren't actually matches. They just reflect the likelihood of a match. With no baseline, the probability of it being an actual match is left to the discernment of prosecutors and their expert witnesses -- all of whom come out looking better if they can secure a conviction.

Unlike breathalyzers, the latest generation of complex DNA analysis tools cannot be measured against an objective truth. Instead, these DNA programs are more akin to probabilistic election forecasting models, such as those designed by FiveThirtyEight and The Economist. The outputted results are based on the calculation of the probability of events—that the defendant, rather than a random person, contributed to the DNA mixture or that person X will win an election—a value that is not an objectively measurable fact. This is why different DNA programs, and even different laboratories using the same program, will generate substantially different results for the same sample.

This is why courts should allow defendants to examine the software that has, for the most part, accused them of committing crimes. If different algorithms produce different outcomes using the same inputs, none are to be trusted until they're independently examined. And DNA software companies aren't interested in that happening -- not solely because of any trade secrets but because any defendant who successfully casts doubt on the accuracy of test results undermines their business model.

But protecting a business model isn't the court's business. The courts are there to serve justice, which means protecting the rights of the accused from accusers utilizing proprietary tech while waving around signed NDAs.

Filed Under: dna, due process, evidence, software

UK Court Overturns 39 Convictions Of Post Office Workers Caused By Buggy Software

from the shittiest-skynet-ever dept

Never underestimate the power of technology to destroy lives. Flawed software used for the last 20 years by the UK postal service resulted in dozens of wrongful criminal convictions which are only just now being overturned.

Judges have quashed the convictions of 39 former postmasters after the UK's most widespread miscarriage of justice.

They were convicted of stealing money, with some imprisoned, after the Post Office installed the Horizon computer system in branches.

[...]

The clearing of the names of 39 people follows the overturning of six other convictions in December, This means more people have been affected than in any other miscarriage of justice in the UK.

The notoriously buggy software debuted in 1999. Apparently it was unable to do math properly, resulting in reported cash shortages that actually weren't happening. Some employees attempted to make up these faux shortfalls with their own money by digging into savings or remortgaging their homes. Rather than address the problematic software, the UK Post Office went into prosecutorial overdrive, bringing cases against employees at the rate of one per week… for fourteen years straight. A total of 736 employees were prosecuted by the Post Office from 2000 to 2014.

And yet, the UK Post Office continued to rely on software that was actively destroying lives.

Marriages broke down, and courts have heard how some families believe the stress led to health conditions, addiction and premature deaths.

"The past nine years have been hellish and a total nightmare. This conviction has been a cloud over my life," said former Oxfordshire sub-postmaster Vipinchandra Patel, whose name was cleared late last year.

Seema Misra was pregnant with her second child when she was convicted of theft and sent to jail in 2010. She said that she had been "suffering" for 15 years as a result of the saga.

By the end of 2019, the Post Office had agreed to settle claims brought by 555 employees. And now the last of the wrongful convictions have been overturned. But, so far, no one at the Post Office or Fujitsu (the software developer) has been held accountable for the nearly 20-year run of destruction they oversaw.

That could change in the near future. The UK court seems completely unimpressed with the Post Office's actions (or lack thereof).

At the Royal Courts of Justice in London, Lord Justice Holroyde said the Post Office "knew there were serious issues about the reliability of Horizon" and had a "clear duty to investigate" the system's defects.

But the Post Office "consistently asserted that Horizon was robust and reliable" and "effectively steamrolled over any sub-postmaster who sought to challenge its accuracy", the judge added.

Sure, everyone at the Post Office seems pretty apologetic now. But that's after 15 years of ignoring the problem and choosing to believe software rather than the people hired to do the job. Tech can make things better and increase productivity, but it's rarely flawless and generally shouldn't be considered more trustworthy than the people who have to interact with it on a daily basis.

Filed Under: criminal convictions, software, uk, uk postal service

EFF, College Student Sue Proctorio Over DMCAs On Fair Use Critique Tweets Of Software

from the failing-grade dept

Late last year, while the COVID-19 pandemic was gearing up to hit its peak here in the States, we wrote about one college student and security researcher taking on Proctorio, a software platform designed to keep remote students from cheating on exams. Erik Johnson of Miami University made a name for himself on Twitter not only for giving voice to a ton of criticism Proctorio's software has faced over its privacy implications and inability to operate correctly for students of varying ethnicities, but also for digging into Proctorio's available source code, visible to anyone that downloads the software. But because he posted that code on PasteBin to demonstrate his critique of Proctorio, the company cried copyright infringement and got Twitter to take his tweets down initially as a result, before they were later restored.

But if Proctorio thought that would be the end of the story, it was wrong. The EFF has now gotten involved and has filed a lawsuit against Proctorio in an effort to end any online harassment of Johnson.

The lawsuit intends to address the company’s behavior toward Johnson in September of last year. After Johnson found out that he’d need to use the software for two of his classes, Johnson dug into the source code of Proctorio’s Chrome extension and made a lengthy Twitter thread criticizing its practices — including links to excerpts of the source code, which he’d posted on Pastebin. Proctorio CEO Mike Olsen sent Johnson a direct message on Twitter requesting that he remove the code from Pastebin, according to screenshots viewed by The Verge. After Johnson refused, Proctorio filed a copyright takedown notice, and three of the tweets were removed. (They were reinstated after TechCrunch reported on the controversy.)

In its lawsuit, the EFF is arguing that Johnson made fair use of Proctorio’s code and that the company’s takedown “interfered with Johnson’s First Amendment right.”

“Copyright holders should be held liable when they falsely accuse their critics of copyright infringement, especially when the goal is plainly to intimidate and undermine them,” said EFF Staff Attorney Cara Gagliano in a statement.

Frankly, it's difficult to understand what Proctorio's rebuttal to any of that would be. What Johnson did with his tweets and the replication of the source code that was the subject of his criticism is about as square an example of Fair Use as I can imagine. The use was not intended to actually replicate what Protctorio's software does. Quite the opposite, in fact. It was intended as evidence for why Proctorio's software should not be used. It was limited in its use as part of a critique of the company's software. And it was decidedly non-commercial in nature.

In other words, it was clearly an attempt by Proctorio to silence a critic, rather than any legitimate concern over the reproduction of the source code, which is again freely available to anyone who downloads the browser extension. It's also worth noting that there is a pattern of behavior of this sort of thing by Proctorio.

Proctorio has engaged critics in court before, although more often as a plaintiff. Last October, the company sued a technology specialist at the University of British Columbia who made a series of tweets criticizing the platform. The thread contained links to unlisted YouTube videos, which Proctorio claimed contained confidential information. The lawsuit drew ire from the global education community: hundreds of university faculty, staff, administrators, and students have signed an open letter in the specialist’s defense, and a GoFundMe for his legal expenses has raised $60,000 from over 700 donors.

It's the kind of behavior that doesn't end just because some tweets get reinstated or there is a modicum of public outrage. Instead, it takes a concerted effort by groups like the EFF to force a corporate bully to change its ways. Given Proctorio's bad behavior in all of this, let's hope the courts don't let them off the hook.

Filed Under: bogus copyright claims, cheating, copyright, copyright as cenosrship, criticism, dmca, erik johnson, remote exams, software
Companies: eff, proctorio

Arizona's $24-Million Prison Management Software Is Keeping People Locked Up Past The End Of Their Sentences

from the taking-life,-wasting-tax-dollars dept

The Arizona Department of Corrections is depriving inmates of freedom they've earned. Its $24 million tracking software isn't doing what it's supposed to when it comes to calculating time served credits. That's according to whistleblowers who've been ignored by the DOC and have taken their complaints to the press. Here's Jimmy Jenkins of KJZZ, who was given access to documents showing the bug has been well-documented and remains unfixed, more than a year after it was discovered.

According to Arizona Department of Corrections whistleblowers, hundreds of incarcerated people who should be eligible for release are being held in prison because the inmate management software cannot interpret current sentencing laws.

KJZZ is not naming the whistleblowers because they fear retaliation. The employees said they have been raising the issue internally for more than a year, but prison administrators have not acted to fix the software bug. The sources said Chief Information Officer Holly Greene and Deputy Director Joe Profiri have been aware of the problem since 2019.

The management software (ACIS) rolled out during the 2019 Thanksgiving holiday weekend, which is always the best time to debut new systems that might need a lot of immediate tech support. Since its rollout, the software has generated 19,000 bug reports. The one at the center of this ongoing deprivation of liberty arose as the result of a law passed in June of that year. The law gave additional credit days to inmates charged with low-level drug offenses, increasing the credit from one day for every six served to three days for every seven.

Qualified inmates are only supposed to serve 70% of their sentences, provided they also complete some other prerequisites, like earning a GED or entering a substance abuse program. That law hasn't been implemented in the Arizona prison system because the $24 million software can't seem to figure out how to do it.

To be sure, legislation that changes time served credits for only a certain percentage of inmates creates problems for prison management systems. But that's why you spend $24 million buying one, rather than just asking employees if they're any good at Excel.

But that's what has actually happened. With the expensive software unable to correctly calculate time served credits, prison employees are doing it by hand.

Department sources said this means “someone is sitting there crunching numbers with a calculator and interpreting how each of the new laws that have been passed would impact an inmate.”

“It makes me sick,” one source said, noting that even the most diligent employees are capable of making math errors that could result in additional months or years in prison for an inmate. “What the hell are we doing here? People’s lives are at stake.”

Hundreds of inmates are affected. A spokesperson for the prison system says the DOC has identified 733 inmates who qualify for the increased time served credits. But that number is still likely on the low end since the software is incapable of accurately identifying qualifying inmates, much less accurately calculating the length of time they have left to serve.

Meanwhile, the bug that's killing freedom remains unpatched. And it appears the software's many other bugs are making time spent in prison even more dangerous and miserable than it already is. Medical information goes missing or fails to transfer correctly when inmates are moved. Rival gang members have been placed in the same cells. Head counts are inaccurate. Inmate property and commissary funds are routinely recorded incorrectly.

Prison is already a miserable experience. Those trying to turn their lives around and engage in the rehabilitative process most prisons consider to be ancillary at best are being punished for trying by a system that is failing everyone who uses it or is affected by it.

Filed Under: acis, arizona, arizona department of corrections, early release, holly greene, joe profiri, prison management, software

Australian Cops Are Pre-Criming Students Too, Setting Minors Up For A Lifetime Of Harassment

from the procedural-crime-generation dept

It's not just American law enforcement agencies turning kids into criminals. They're doing it in Australia too. In Florida, the Pasco County Sheriff's Office uses software to mark kids as budding criminals, using questionable markers like D-grades, witnessing domestic violence, or being the victim of a crime. The spreadsheet adds it all up and gives deputies a thumbs up to start treating students like criminals, even if they've never committed a criminal act.

Over in Australia, the process seems to be a bit more rigorous, but the outcome is the same: non-criminals marked (possibly for life) as potential criminals who should be targeted with more law enforcement intervention.

Victorian police say a secretive data tool that tracked youths and predicted the risk they would commit crime is not being widely used, amid fears it leads to young people from culturally diverse backgrounds being disproportionately targeted.

The tool, which had been used in Dandenong and surrounding suburbs, was only revealed in interviews with police officers published earlier this year.

Between 2016 and 2018, police categorised young people as “youth network offenders” or “core youth network offenders”.

It takes a bit more to be added to this secret list -- one police have managed to keep hidden from the general public. Even the program's name remains a secret. This means parents are never informed when cops decide their kids are criminals-in-development. It also possibly means schools aren't aware the data they're feeding the police is being used this way.

According to the research paper detailing the program, Victoria police have classified 40-60 students as "core youth network offenders." Another 240 students were classified as "youth network offenders." To get placed on these exclusive lists, students must be charged dozens of times with "offenses," running from 20 for the 10-14-year-old group to over 60 for 18-year-olds. It's unclear from the context of the report whether this means criminal offenses or in-school discipline "offenses," but the latter seems more likely. Someone criminally charged over 60 times before they reached the age of 18 wouldn't need to be on a secret youth offender list to be on law enforcement's radar.

The Victoria police appear to believe the tech is actually magic.

“We can run that tool now and it will tell us – like the kid might be 15 – it tells how many crimes he is going to commit before he is 21 based on that, and it is a 95% accuracy,” one senior officer told [researchers]. “It has been tested.”

Actual pre-crime, stripped of all the obfuscating language that normally surrounds statements on profiling/predictive policing programs. This program can actually predict criminal acts… at least according to its proponents and users. Presumably the police aren't locking up listed students ahead of any wrongdoing, but they're certainly increasing their interactions and surveillance of students the tool said will commit [x] crimes over the next few years.

And, like every goddamn predictive policing program that exists anywhere, it focuses on minorities and other disadvantaged residents.

In Dandenong, 67% of households spoke a language other than English at home, more than three times the national average, according to the 2016 census. Almost 80% of all residents had parents who were both born overseas, more than double the national average.

The weekly household income was $412 less than the Australian median, and the unemployment rate of 13% was almost double the national figure.

Cheer up. The cops are here to take everything that sucks about life and make it worse. Rather than address the underlying problems, law enforcement appears content to throw a spreadsheet over it and divert resources towards subjecting certain people to a lifetime of harassment. Then, when things inevitably get worse, they can ask for more money to buy more "smart" policing tech garbage that ensures this hideous, regressive loop remains unbroken.

Filed Under: abuse, australia, harassment, police, pre-crime, software

Anti-Cheat Student Software Proctorio Issuing DMCA Takedowns Of Fair Use Critiques Over Its Code

from the fail dept

As we've discussed before, the COVID-19 pandemic has forced many educational institutions into remote learning and with it, remote test-taking. One of the issues in all of that is how to ensure students taking exams are doing so without cheating. Some institutions employ humans to watch students over video calls, to ensure they are not doing anything untoward. But many, many others are using software instead that is built to try to catch cheating by algorithmically spotting "clues" of cheating.

Proctorio is one of those anti-cheat platforms. The software has been the subject of some fairly intense criticism from students, many of whom allege both that the software seems to have trouble interpreting what darker-skinned students are doing on the screen and that it requires a ton of bandwidth, which many low-income students simply don't have access to. Erik Johnson, who is a student and security researcher, wanted to dig into Proctorio's workings. Given that it's a browser extension, he simply downloaded it and started digging through the readily available code. He then tweeted out his findings, along with links to Pastebin pages where he had shared the code he references in each tweet. Below are some of the tweets that you can reference for yourself.

It's important to note that these tweets are part of a regular string that Johnson has put out critiquing the way Proctorio functions. In other words, due to all the consternation over how Proctorio works among students, this is public criticism from a security researcher showing his work from source code that literally anyone can see if they download Proctorio. And, while you can see the tweets above currently, Proctorio initially had them taken down via DMCA takedown requests.

Those three tweets are no longer accessible on Twitter after Proctorio filed its takedown notices. The code shared on Pastebin is also no longer accessible, nor is a copy of the page available from the Internet Archive’s Wayback Machine, which said the web address had been “excluded.”

A spokesperson for Twitter told TechCrunch: “Per our copyright policy, we respond to valid copyright complaints sent to us by a copyright owner or their authorized representatives.”

Johnson provided TechCrunch a copy of the takedown notice sent by Twitter, which identified Proctorio’s marketing director John Devoy as the person who requested the takedown on behalf of Proctorio’s chief executive Mike Olsen, who is listed as the copyright owner.

When asked to comment at the time, Proctorio noted that just because anyone can see the code by downloading the software doesn't mean reproducing it is not a copyright violation. And that's true, although quite a stupid bit of copyright enforcement. What Proctorio didn't mention is that this sort of critique and use of copyrighted content in furtherance of that critique is precisely what Fair Use is meant to protect. That the company clearly did this as a method for getting some critical tweets taken down also went unmentioned.

“This is really a textbook example of fair use,” said EFF staff attorney Cara Gagliano. “What Erik did — posting excerpts of Proctorio’s code that showed the software features he was criticizing — is no different from quoting a book in a book review. That it’s code instead of literature doesn’t make the use any less fair.”

“Using DMCA notices to take down critical fair uses like Erik’s is absolutely inappropriate and an abuse of the takedown process,” said Gagliano. “DMCA notices should be lodged only when a copyright owner has a good faith belief that the challenged material infringes their copyrighted work — which requires the copyright owner to consider fair use before hitting send.

Which is probably why Twitter eventually reinstated Johnson's tweets in their entirety, although the message sent to him was that it did so because Proctorio's DMCA notice was "incomplete". Whatever the hell that means. You sort of have to wonder if the incomplete-ness of the notices would have been discovered if Johnson and the EFF hadn't kicked up a shitstorm about it.

Meanwhile, because of course, a lot more people know about the criticism of Proctorio thanks to its efforts to try to silence criticism. Isn't there a moniker for that?

Filed Under: anti-cheat, cheating, dmca, erik johnson, proctoring, remote learning, remote test taking, security research, software
Companies: proctorio, twitter

As We're All Living, Working, And Socializing Via The Internet... MIT Tech Review Says It Proves Silicon Valley Innovation Is A Myth

from the say-what-now? dept

I get that people are getting a bit of cabin fever and perhaps that's impacting people's outlook on the world, but a recent piece by David Rotman in the MIT Tech Review is truly bizarre. The title gets you straight to the premise: Covid-19 has blown apart the myth of Silicon Valley innovation. Of course, even the paragraph that explains the thesis seems almost like a modern updating of the famous "what have the Romans ever done for us?" scene from Monty Python's Life of Brian:

Silicon Valley and big tech in general have been lame in responding to the crisis. Sure, they have given us Zoom to keep the fortunate among us working and Netflix to keep us sane; Amazon is a savior these days for those avoiding stores; iPads are in hot demand and Instacart is helping to keep many self-isolating people fed. But the pandemic has also revealed the limitations and impotence of the world’s richest companies (and, we have been told, the most innovative place on earth) in the face of the public health crisis.

Wait, what? That doesn't seem "lame" at all. That kinda seems central to keeping much of the world safe, sane, and connected. And the next paragraph seems equally ridiculous:

Big tech doesn’t build anything. It’s not likely to give us vaccines or diagnostic tests. We don’t even seem to know how to make a cotton swab. Those hoping the US could turn its dominant tech industry into a dynamo of innovation against the pandemic will be disappointed.

Leaving aside the hilariously wrong "big tech doesn't build anything," this paragraph reads like "how dare pharmaceutical companies not build video conferencing software." Besides, tons of big tech companies are doing a lot (beyond the admitted list above) to help during the pandemic, including Google's and Apple's efforts to help with contact tracing, and then, of course, there are plenty of examples of the big tech companies of Silicon Valley trying to do more to help out in the pandemic as well. No matter what you think of Elon Musk, engineers at Tesla have been working on using a bunch of existing parts to build ventilators:

And that's already received praise (and some constructive suggestions) from healthcare professionals.

Basically, the entire premise of Rotman's article makes no sense at all, and he just keeps repeating it like if he says it enough, maybe people will believe him:

The pandemic has made clear this festering problem: the US is no longer very good at coming up with new ideas and technologies relevant to our most basic needs.

Except that we are -- as his own article makes clear. The fact that internet companies aren't magically creating vaccines isn't a condemnation of Silicon Valley innovation. I mean, at best, you could argue that it's a failure of big pharma innovation, but it seems a bit early to be saying that one way or another given that we're just a few months into this thing, and a bunch of innovations that are helping to rapidly create a vaccine, like genetic testing, have also developed with help from Silicon Valley.

The only way Rotman supports his premise is to argue that software/internet companies are producing software/internet products, rather than manufacturing physical goods. But, again, that's like saying "why doesn't Pfizer create videoconferencing software." It's not their business. And, perhaps Rotman should get out of Cambridge and come to Silicon Valley (well, post pandemic) to learn about how there'a a hardware renaissance happening in Silicon Valley, in part thanks to new innovations like 3D printing.

The whole article reads like Rotman had a premise, and then wrote the article despite the near total lack of any actual evidence to support the premise. It's a bad look for MIT's Tech Review, but what good has MIT ever brought the world anyway?

Filed Under: david rotman, hardware, innovation, pandemic, remote work, silicon valley, social distancing, software, technology

ACLU Sues ICE Over Its Deliberately-Broken Immigrant 'Risk Assessment' Software

from the can't-really-call-it-an-'option'-if-there-are-no-alternatives dept

A couple of years ago, a Reuters investigation uncovered another revamp of immigration policies under President Trump. ICE has a Risk Classification Assessment Tool that decides whether or not arrested immigrants can be released on bail or their own recognizance. The algorithm had apparently undergone a radical transformation under the new administration, drastically decreasing the number of detainees who could be granted release. The software now recommends detention in almost every case, no matter what mitigating factors are fed to the assessment tool.

ICE is now being sued for running software that declares nearly 100% of detained immigrants too risky to be released pending hearings. The ACLU's lawsuit [PDF] opens with some disturbing stats that show how ICE has rigged the system to keep as many people detained as possible.

According to data obtained by the New York Civil Liberties Union under the Freedom of Information Act, from 2013 to June 2017, approximately 47% of those deemed to be low risk by the government were granted release. From June 2017 to September 2019, that figure plummeted to 3%. This dramatic drop in the release rate comes at a time when exponentially more people are being arrested in the New York City area and immigration officials have expanded arrests of those not convicted of criminal offenses. The federal government’s sweeping detention dragnet means that people who pose no flight or safety risk are being jailed as a matter of course—in an unlawful trend that is getting worse.

Despite there being plenty of evidence that immigrants commit fewer criminal acts than natural-born citizens, the administration adopted a "No-Release Policy." That led directly to ICE tinkering with its software -- one that was supposed to assess risk factors when making detention determinations. ICE may as well just skip this step in the process since it's only going to give ICE (and the administration) the answer it wants: detention without bond. ICE agents can ask for a second opinion on detention from a supervisor, but the documents obtained by the ACLU show supervisors depart from detention recommendations less than 1% of the time.

The negative effects of this indefinite detention are real. The lawsuit points out zero-risk detainees can see their lives destroyed before they're allowed anything that resembles due process.

Once denied release under the new policy, people remain unnecessarily incarcerated in local jails for weeks or even months before they have a meaningful opportunity to seek release in a hearing before an Immigration Judge. While waiting for those hearings, those detained suffer under harsh conditions of confinement akin to criminal incarceration. While incarcerated, they are separated from families, friends, and communities, and they risk losing their children, their jobs, and their homes. Because of inadequate medical care and conditions in the jails, unmet medical and mental-health needs often lead to serious and at times irreversible consequences.

When they do finally get to see a judge, nearly 40% of them are released on bond. ICE treats nearly 100% of detained immigrants as dangerous. Judges -- judges employed by the DOJ and appointed by the Attorney General -- clearly don't agree with the agency's rigged assessment system.

There will always be those who say, "Well, don't break the law." These aren't criminal proceedings. These are civil proceedings where the detained are tossed into criminal facilities until they're able to see a judge. This steady stripping of options began under the Obama administration but accelerated under Trump and his no-release policy.

ICE began to alter its custody determinations process in 2015, modifying its risk-assessment tool so that it could no longer recommend individuals be given the opportunity for release on bond. In mid-2017, ICE then removed the tool’s ability to recommend release on recognizance. As a result, the assessment tool—on which ICE offices across the country rely— can only make one substantive recommendation: detention without bond.

The ACLU is hoping to have a class action lawsuit certified that would allow it to hold ICE responsible for violating rights en masse, including the Fifth Amendment's due process clause. Since ICE is no longer pretending to be targeting the "worst of the worst," the agency and its deliberately-broken risk assessment tool are locking up immigrants who have lived here for an average of sixteen years -- people who've added to their communities, held down jobs, and raised families. These are the people targeted by ICE and it is ensuring that it is these people who are thrown into prisons and jails until their hearings, tearing apart their lives and families while denying them the rights extended to them by our Constitution.

Filed Under: algorithms, bail, ice, immigrants, risk assessment, software
Companies: aclu

The End Of Ownership: Tesla Software Updates Giveth... And Tesla Software Updates Taketh Away...

from the you-don't-own-what-you've-bought dept

A few years back, we wrote about how Tesla automagically extended the range of Teslas in Florida as a hurricane was approaching. While this sounded good, we warned that this wasn't a good thing, when you realized it meant that what you bought could magically and secretly be changed without your permission or desire. In the Florida case, it was for a good purpose, but that wouldn't always be the case. So, it's little surprise that approximately half of all Techdirt readers decided to send me this story from Jalopnik of how Tesla remotely disabled its Autopilot feature on a 2nd hand Tesla Model S after it had been sold:

Tesla officially sold the car to the dealership on November 15, a date I’ve confirmed by seeing the car’s title. On November 18, Tesla seems to have conducted an “audit” of the car remotely. The result of that audit was that when the car’s software was updated to the latest version in December, the Enhanced Autopilot and Full Self Driving Capability (FSD) were removed from the car.

The Jalopnik story is very, very thorough. And, just to be clear, because this is important: Autopilot and Full Self Driving capabilities are not subscription services. It's a one-time payment and the car is supposed to have it for life.

This is all very puzzling. Alec bought the car from a dealer based on a set of features that the dealer understood the car to have when purchased at auction. If Alec saw that the car had Autopilot and FSD when he paid for it, how, exactly, did he not pay for those features?

Those features together are worth $8,000, but as they were already on the car when he bought it, it’s hard to understand how he somehow didn’t pay for them?

I realize that these are software features, but they act like any physical feature of a car. You don’t pay a subscription for FSD or Autopilot, you pay a one-time fee, just like you would for an electromechanical cruise control system on any other car.

If you buy, say, a used Ford Ecosport (not my first choice, but you do you) that has lane keeping assist and active cruise control, and Ford somehow thinks you didn’t pay for those particular features and sends over a service tech to physically remove them from your car, I think we’d all consider that pretty wrong. We might even consider that theft. I’m not clear how what Tesla did here is any different.

The article notes that the purchaser, Alec, then even tried to find out if Tesla would remove such a feature if he wanted a cheaper sale price on a used Tesla, and the company told him it would not. What's even worse is that Jalopnik points to other cases of this happening as well.

In an update to the original post, the dealer who sold the Tesla to Alec says that this isn't even the first time he's seen this kind of thing happen:

I sell dozens of Teslas a year, and sold my father in law a Model X P90D with ludicrous speed package. 60 days after the purchase of the car, Tesla removed his ludicrous speed package. Upon complaints to them they said he never paid for it. We have video evidence and multiple pictures of the vehicle with it. They even removed the line under the P90D. I am still shocked at these acts.

Tesla's only response at the time of writing this is that the car was "incorrectly configured." But, remember, Tesla itself sold the car to the dealer, who then resold it to Alec. And throughout this process, the car clearly showed that it had these features enabled. So, for Tesla to change that after the fact seems like it would dip into outright fraud. Indeed, I'm surprised lawsuits have not been filed.

On a related note, it also opens up a possibly sneaky business model for Tesla: if it takes back out of lease Teslas, or Teslas it's bought back, that had these expensive features enabled, and then disables them before resale, it could double sell these features to new owners who want them. That also seems pretty crappy.

But all of this just highlights how the very concept of ownership is eroding in a world where everything can be software updated automatically. While this has some potentially cool side effects (improvements on the fly!), it can also be used to remove features you paid for, without any obvious recourse. That should concern everyone.

Filed Under: autopilot, cars, elon musk, ownership, software, updates
Companies: tesla

Top Oracle Lawyer Attempting To Gaslight Entire Software Community: Insists APIs Are Executable

from the oh-come-on dept

Last week, the Solicitor General of the White House weighed in on Google's request for the Supreme Court to overturn the Federal Circuit's ridiculously confused ruling in the Oracle/Google case concerning the copyrightability of APIs (and whether or not repurposing them is fair use). Not surprisingly, as the Solicitor General has been siding with Oracle all along, it suggests that the Supreme Court not hear the case. Of course, it does so by completely misrepresenting what's at stake in the case -- pretending that this is about whether or not software source code is copyright-eligible:

This case concerns the copyrightability of computer code. To induce a computer to perform a function, a person must give the computer written instructions. Typically, those instructions are written in “source code,” which consists of words, numbers, and symbols in a particular “programming language,” which has its own syntax and semantics. The source code is then converted into binary “object code”—ones and zeros—that is readable by the computer.

It is both “firmly established” and undisputed in this case that computer code can be copyrightable as a “literary work[].” 1 Melville B. Nimmer & David Nimmer, Nimmer on Copyright § 2A.10[B] (2019). Section 101 defines a “computer program” as “a set of statements or instructions to be used directly or indirectly in a computer in order to bring about a certain result.” 17 U.S.C. 101. And various Copyright Act provisions recognize that a person may own a copyright in a “computer program.”

Except... that's not what this case is about. Even remotely. Literally no one denies that software source code is subject to copyright. The question is whether or not an Application Programming Interface -- an API -- is subject to copyright. As we've been saying from the beginning, the most frustrating thing about this entire case is that you have non-technically savvy lawyers and judges simply refusing to comprehend that an API is not software. It's not executable code. It's not "source code" for software. An API is a set of specifications for allowing the access of data, an application, or service. It's a "method of operation," which is simply not subject to copyright law. Indeed, back in 1996, the Supreme Court ruled in Lotus v. Borland that a user interface to a computer program is not subject to copyright under Section 102(b) as the interface is a "method of operation."

In the Solicitor General's brief, they wipe this away by insisting that the ruling in Lotus v. Borland is different because that was about an interface, whereas this case is about source code.

The Federal Circuit’s construction of Section 102(b) in this case does not conflict with those decisions. See 14-410 U.S. Br. 19-22. In Lotus, the First Circuit invoked Section 102(b) to find that the arrangement of menu commands presented to a software user was an uncopyrightable “‘method of operation’” for the software at issue. 49 F.3d at 815-818. The case did not address the copyrightability of computer code, and the First Circuit has subsequently acknowledged, consistent with the decision below, that Section 102(b) codifies the idea/expression dichotomy.

Right. But this case also does "not address the copyrightability of computer code." Because it's not about computer code.

While it's no surprise that the Solicitor General has now gotten this wrong, what was a little surprising was that Oracle's lead lawyer in this case, spent half the weekend acting like a common Twitter troll, gaslighting the entire software community on Twitter, making repeatedly false claims about APIs, and then attacking anyone who pointed out that she's flat out wrong by accusing them of being Google shills.

Annette Hurst, prior to this nonsense, was fairly widely respected intellectual property lawyer and a big time partner at Orrick, one of the largest law firms in the world. She's been involved in some big copyright cases in the past, such as the famed Mattel v. MGA case (she was on the right side of that one) and also in the important Kirtsaeng case in which she again represented the correct side.

However, when it comes to the Oracle case, she seems to jump in to argue things that are blatantly ignorant of how software actually works. You may recall, after the jury in the district court found that Google's use of the Java APIs were fair use, she laughably insisted that it would kill open source software because it meant software source code couldn't be opened up any more. Except, once again, she was totally confusing an API with executable software code.

Years on, and she's still not just confused, but actively misrepresenting things. Famed and well-respected litigator and law professor Mark Lemley called out the Solicitor General's "indefensible" statement that Lotus v. Borland does not conflict with this ruling, and Hurst responded dismissively:

But, again, she's focusing on the wrong thing. "Software is protected by copyright." Well, duh. No one disagrees. This case is not about that. It's about whether or not an API is protected by copyright. But Hurst keeps conflating executable software code and APIs. And while expert after expert called her out on this on Twitter, she just kept digging in deeper, variously calling any critic a Google shill or, perhaps worse, insisting that APIs are executable code.

This is not just wrong, it's head-slappingly, stupidly wrong. And every single reply to Hurst are people telling her it's wrong in so many different ways.

As more and more people called out this nonsense, literally her only claim was to argue that anyone taking the other side must have been funded by Google.

What's doubly ironic here is that the link she puts in that post, is to a shadowy non-profit whose only role in life is to write up laughingly misleading reports accusing tons of people of being Google shills based on shoddy (to downright incorrect) research. It has been forced to run multiple corrections to its bad reporting. And, the best part is: for an organization that claims its sole purpose is to shine a light on what it claims is Google's secret funding... the Google Transparency Project refuses to name a single one of its own donors. Though, there is one who has taken credit: Oracle. The very company which has probably paid Hurst's employer enough money for her to buy a few very nice homes just on this case alone.

Hurst may be a great copyright lawyer, but she doesn't know shit about what an API is, and, incredibly and unfortunately, has convinced the Federal Circuit that an API is no different than software. She may succeed in convincing the Supreme Court that as well, as she's apparently convinced the Solicitor General. None of that makes it right however. And her going around parading her ignorance and attacking those who actually know what the fuck they're talking about concerning the difference between an API and executable code is a disgrace.

This is not something that one can just say it's a difference of opinions over. We can disagree over whether or not APIs should be covered by copyright. That's an opinion. We can disagree over whether or not Google's copying of an API should be considered fair use. We can disagree over what we think the state of copyright should be. But what no one can deny is that an API is not executable code. And yet, Hurst continues to argue it and (ridiculously) has convinced some courts of this blatantly incorrect thing, which is helping her client get the opinions it wants on the other things above. And that's despicable.

Filed Under: annette hurst, apis, cafc, copyright, interfaces, methods of operation, software, solicitor general, source code, supreme court
Companies: google, oracle