Newly-elected mayor to the police department: "And you have to start showing, more than you do, the respect and support that the communities you serve deserve―and if you don’t give that support and respect, you might find yourselves without the jobs you enjoy. The voters have had it up to here with the police acting like the Pinkerton Agency and being more of a threat than the criminals are, and dealing with the problem the way the Pinkerton Agency was dealt with is one of the options on the table."
Because declining to give consent for a search can be used as grounds to suspect you have a reason not to want to be subject to a search. Now they have what they need to extend the stop until a K-9 unit gets there to perform on demand.
Also individuals. My domain registrations date back to when .com was businesses-only and .org was the only TLD an individual could register a domain in (.us wasn't open for public registrations at the time). Sure I could register other domains, but that doesn't change the fact that I've got literally hundreds of accounts that're tied to email addresses in my .org domain and changing all of them on short notice would be a nightmare.
An API would be more like the convention that turning the steering wheel counter-clockwise makes the car turn left and turning it clockwise makes the car turn right. Oracle is arguing that since they made one kind of steering mechanism that responds to the steering wheel that way, any steering mechanism that responds to a steering wheel the same way automatically infringes on Oracle's mechanism.
Conclusion: same advice as for software vulnerability reports, avoid official channels and do an anonymous dump of everything including supporting evidence somewhere that'll get it as much public attention as possible. And don't discuss the matter with anyone unless they have more to lose than you do if your role becomes public.
Removing that provision wouldn't make it any more legal to copy the protected work than it already was. If someone cracked the protection on your code and started using it in their product, you could sue them for that regardless of Section 1201. You just couldn't sue them merely for cracking the protection if what they did with the code was something that would've been legal absent the protection (eg. analyzing the code for exploitable vulnerabilities and reporting them (which I understand some companies don't like, but as a professional software engineer myself I have to say "Tough shit, fix your damned code.")).
Providing the data via an API while keeping it private in the sense the law uses seems to me to be fairly straightforward: the API is authenticated via application-specific tokens that the user can generate and give to third parties to use on their behalf. See Github's personal access tokens for an example. OAuth can also be used to do this.
I'm cynical, AFAIK the only ways to get disbarred are to stiff another lawyer on his bill, set up another lawyer to take the fall for your mistakes, or (occasionally) get convicted of a particularly nasty felony offense.
Retaliation against someone complaining of actual bad behavior? That's what prompted my suggestion in the first place.
We've tried it where people can report bad behavior privately. We get guys abusing that to retaliate against the women who don't put up with their crap. The women would still do what they're doing now: ignore the guy and don't go on another date with him. They wouldn't have to do any more publicly than they're already doing. The guy, OTOH, couldn't get her account banned without giving her a clue who'd done it. He'd have to accuse her in public where she and everyone could see the accusation and she could respond to it. Few of these guys have the balls to do that.
Oh, I can think of a lot of ways it can go wrong, usually for the person behaving badly or someone trying to make a bogus complaint. Personally I don't have a lot of sympathy for them in that situation.
Retaliation against someone complaining of actual bad behavior? That's what prompted my suggestion in the first place.
Keeping quiet about bad behavior hasn't made bad behavior go away, and it's made things worse for women. I tend to side with #MeToo and favor women making bad behavior public to warn others away from the problematic guy and of having a clear record you can point to when the problematic guy complains that you aren't letting him get away with it.
Maybe it's time to go back to how BBS networks handled the equivalent of reporting someone. These days it's all done in secret. Back when, all complaints about behavior had to be made publicly and all handling of complaints was public. Not in-channel, of course, there was a separate channel whose sole purpose was making and handling complaints. If you wanted to see how the admins handled complaints, you could look at that channel and see how they handled them. The complaint itself, the supporting claims and quotes (the equivalent of screenshots), the response from the accused, questions and responses from the admins, it was all open for inspection. If the admins were biased or unreasonable, it was clearly obvious. If the complainant was being unreasonable or trying to abuse the process, it was clearly obvious. And if the admins banned a complainant for repeated abuse, they could refer directly to his own complaints to back up their decision. If the complainant complained that the admins were being unfair, anybody listening to him could check out the justification and decide for themselves whether the admins were justified or not.
The nice thing was that knowing that everything would be publicly visible made the would-be abusers unlikely to try filing bogus complaints. All they'd do is make themselves look dumb and they knew it, and while they'd still whinge they'd do it off-line where it didn't bother anyboty.
Not quite. The testimonial part is where the production of a fingerprint that can unlock the device shows that the person who produced it owns the device when the government can't prove that already. What the court is saying is that the government has to already be able to prove that this person owns the device before it can demand they produce their fingerprint, at which point any testimonial value of the production is already moot. An analogous situation would be keys to a locked cabinet in a home. In general the police can't demand that everybody cough up their key rings, but if they can identify people who live there then the courts are probably going to let the police make all of those people give up their key rings so the police can try the keys on the lock. And it remains analogous because the police still have to prove it's your key ring that had the key that opened the cabinet, although usually that's simple enough that nobody contests it in court (it's the only key ring you have and you can't/won't identify whose it is and you aren't disclaiming any ownership of it).
Re: Re: 'We never considered criminals might not ask...'
Yeah, I'd be certain to have not just the contract but a letter on official letterhead signed by someone with authority at the client that stated specifically that "bypass of physical security to gain surreptitious access to the premises outside of normal business hours" was explicitly authorized, and also that "no prior notification be given to site security, in order to insure that the test is of normal site security". If you're doing stuff like this, you make sure it's all spelled out in such a way the client can't claim to not know exactly what was going to happen or not have agreed to it.
I suspect nobody remembered the IBM fiasco because everybody at Twitter involved with this was in grade school at the time (or no later than high school) and so wasn't paying any attention to the news reports. It's not quite far enough back to say nobody at Twitter was alive then, but it's getting close.
I think the problem is the "unless otherwise authorized by law" proviso in the consent checkbox. They never say anywhere exactly what disclosures are authorized by law. If the law authorizes the DMV to sell information to credit reporting agencies, does that count and mean that your information may be sold even if you check the NO box?
IMO the rule should be that government agencies that collect personal data SHALL NOT disclose that data to any other party except to:
comply with a lawful court order.
comply with a legal requirement to disclose, in which case they shall at the time of collection or imposition of the requirement inform the person of the information that may be disclosed, the parties to whom it may be disclosed and the exact citation to the law requiring such disclosure.
complete the performance of their lawful duties and render any service the person has requested, in which case they shall at the time of collection inform the person of the information to be disclosed, the parties to whom it may be disclosed and the exact purpose of the disclosure.
It might be an interesting argument to make, though, especially if the router was leased from the ISP and thus was the ISP's property and controlled by it the whole time. If one takes the decision's statement as it's worded, then one should look on the computer for the IP address the ISP assigned to it which is almost certainly in the 192.168/16 netblock. That's also almost certainly not the IP address listed as the source of the download of the illegal material (which would belong to the router belonging to the ISP, not the computer belonging to the user). Given that, by the government's own evidence, the ISP they're looking for was not the one assigned to any computer belonging to the user by their ISP, what basis does the government have for the charges?
The systems aren't the best the Federal court system can do. They're the best the minimum-wage coders in the off-shore body shops the Tier 1 contractors the Federal court system contracted with to design and build the systems could do. And those systems did their job, after all those contractors got paid didn't they?
I'd be sorely tempted to send the information return-receipt-requested with a cashier's check for $6, just to make sure I had hardcopy evidence I could present in court that I did in fact have a registration as required by the law regardless of what the Registrar might say.
"If the facts are against you, argue the law. If the law is against you, argue the facts. If the law and the facts are against you, pound the table and yell like hell." -- Carl Sandburg
On the post: Attorney General To Law Enforcement Critics: Good Luck Getting A Cop When You Need One
Newly-elected mayor to the police department: "And you have to start showing, more than you do, the respect and support that the communities you serve deserve―and if you don’t give that support and respect, you might find yourselves without the jobs you enjoy. The voters have had it up to here with the police acting like the Pinkerton Agency and being more of a threat than the criminals are, and dealing with the problem the way the Pinkerton Agency was dealt with is one of the options on the table."
On the post: Oregon Supreme Court Shuts Down Pretextual Traffic Stops; Says Cops Can't Ask Questions Unrelated To The Violation
Re: No I don't, and no I don't
Because declining to give consent for a search can be used as grounds to suspect you have a reason not to want to be subject to a search. Now they have what they need to extend the stop until a K-9 unit gets there to perform on demand.
On the post: The Sketchy, Sketchy Case Of ICANN Execs And Self-Dealing Regarding The .Org Domain
Re: Re: Good lord, this is bad news!
Also individuals. My domain registrations date back to when .com was businesses-only and .org was the only TLD an individual could register a domain in (.us wasn't open for public registrations at the time). Sure I could register other domains, but that doesn't change the fact that I've got literally hundreds of accounts that're tied to email addresses in my .org domain and changing all of them on short notice would be a nightmare.
On the post: Big News: Supreme Court To Hear Google v. Oracle Case About API And Copyright
Re: Re:
An API would be more like the convention that turning the steering wheel counter-clockwise makes the car turn left and turning it clockwise makes the car turn right. Oracle is arguing that since they made one kind of steering mechanism that responds to the steering wheel that way, any steering mechanism that responds to a steering wheel the same way automatically infringes on Oracle's mechanism.
On the post: VA's Whistleblower Office Retaliated Against Whistleblowers And Buried Complaints
Conclusion: same advice as for software vulnerability reports, avoid official channels and do an anonymous dump of everything including supporting evidence somewhere that'll get it as much public attention as possible. And don't discuss the matter with anyone unless they have more to lose than you do if your role becomes public.
On the post: The Good And The Bad Of The ACCESS Act To Force Open APIs On Big Social Media
Re: Just a clarifictation, if you would.....
Removing that provision wouldn't make it any more legal to copy the protected work than it already was. If someone cracked the protection on your code and started using it in their product, you could sue them for that regardless of Section 1201. You just couldn't sue them merely for cracking the protection if what they did with the code was something that would've been legal absent the protection (eg. analyzing the code for exploitable vulnerabilities and reporting them (which I understand some companies don't like, but as a professional software engineer myself I have to say "Tough shit, fix your damned code.")).
On the post: The Good And The Bad Of The ACCESS Act To Force Open APIs On Big Social Media
Providing the data via an API while keeping it private in the sense the law uses seems to me to be fairly straightforward: the API is authenticated via application-specific tokens that the user can generate and give to third parties to use on their behalf. See Github's personal access tokens for an example. OAuth can also be used to do this.
On the post: Copyright Troll Attorney Again Hit With Sanctions For Being A Shitty Lawyer
Re:
I'm cynical, AFAIK the only ways to get disbarred are to stiff another lawyer on his bill, set up another lawyer to take the fall for your mistakes, or (occasionally) get convicted of a particularly nasty felony offense.
On the post: Jerks 'Reporting' Women Who Swipe Left On Them In Tinder, Once Again Highlighting How Content Moderation Gets Abused
Re: Re: Re: Re:
Let me quote the bit of my message you didn't:
We've tried it where people can report bad behavior privately. We get guys abusing that to retaliate against the women who don't put up with their crap. The women would still do what they're doing now: ignore the guy and don't go on another date with him. They wouldn't have to do any more publicly than they're already doing. The guy, OTOH, couldn't get her account banned without giving her a clue who'd done it. He'd have to accuse her in public where she and everyone could see the accusation and she could respond to it. Few of these guys have the balls to do that.
On the post: Jerks 'Reporting' Women Who Swipe Left On Them In Tinder, Once Again Highlighting How Content Moderation Gets Abused
Re: Re:
Oh, I can think of a lot of ways it can go wrong, usually for the person behaving badly or someone trying to make a bogus complaint. Personally I don't have a lot of sympathy for them in that situation.
Retaliation against someone complaining of actual bad behavior? That's what prompted my suggestion in the first place.
Keeping quiet about bad behavior hasn't made bad behavior go away, and it's made things worse for women. I tend to side with #MeToo and favor women making bad behavior public to warn others away from the problematic guy and of having a clear record you can point to when the problematic guy complains that you aren't letting him get away with it.
On the post: Jerks 'Reporting' Women Who Swipe Left On Them In Tinder, Once Again Highlighting How Content Moderation Gets Abused
Maybe it's time to go back to how BBS networks handled the equivalent of reporting someone. These days it's all done in secret. Back when, all complaints about behavior had to be made publicly and all handling of complaints was public. Not in-channel, of course, there was a separate channel whose sole purpose was making and handling complaints. If you wanted to see how the admins handled complaints, you could look at that channel and see how they handled them. The complaint itself, the supporting claims and quotes (the equivalent of screenshots), the response from the accused, questions and responses from the admins, it was all open for inspection. If the admins were biased or unreasonable, it was clearly obvious. If the complainant was being unreasonable or trying to abuse the process, it was clearly obvious. And if the admins banned a complainant for repeated abuse, they could refer directly to his own complaints to back up their decision. If the complainant complained that the admins were being unfair, anybody listening to him could check out the justification and decide for themselves whether the admins were justified or not.
The nice thing was that knowing that everything would be publicly visible made the would-be abusers unlikely to try filing bogus complaints. All they'd do is make themselves look dumb and they knew it, and while they'd still whinge they'd do it off-line where it didn't bother anyboty.
On the post: Court Says Compelled Production Violates Fifth Amendment... Unless The Gov't Takes Certain Steps First
Re: So very close...
Not quite. The testimonial part is where the production of a fingerprint that can unlock the device shows that the person who produced it owns the device when the government can't prove that already. What the court is saying is that the government has to already be able to prove that this person owns the device before it can demand they produce their fingerprint, at which point any testimonial value of the production is already moot. An analogous situation would be keys to a locked cabinet in a home. In general the police can't demand that everybody cough up their key rings, but if they can identify people who live there then the courts are probably going to let the police make all of those people give up their key rings so the police can try the keys on the lock. And it remains analogous because the police still have to prove it's your key ring that had the key that opened the cabinet, although usually that's simple enough that nobody contests it in court (it's the only key ring you have and you can't/won't identify whose it is and you aren't disclaiming any ownership of it).
On the post: Security Researchers Whose 'Penetration Test' Involved Breaking And Entering Now Facing Criminal Charges
Re: Re: 'We never considered criminals might not ask...'
Yeah, I'd be certain to have not just the contract but a letter on official letterhead signed by someone with authority at the client that stated specifically that "bypass of physical security to gain surreptitious access to the premises outside of normal business hours" was explicitly authorized, and also that "no prior notification be given to site security, in order to insure that the test is of normal site security". If you're doing stuff like this, you make sure it's all spelled out in such a way the client can't claim to not know exactly what was going to happen or not have agreed to it.
On the post: History Repeats Itself: Twitter Launches Illegal SF Street Stencil Campaign Just As IBM DId Decades Ago
I suspect nobody remembered the IBM fiasco because everybody at Twitter involved with this was in grade school at the time (or no later than high school) and so wasn't paying any attention to the news reports. It's not quite far enough back to say nobody at Twitter was alive then, but it's getting close.
On the post: Hotel Owner Files Libel Suit Against Reviewer For Calling Nazis Nazis, Gets Support From Austrian Court
Re: Re:
I think it'll be a long conversation, and he'll learn a lot about how to curse someone out properly.
On the post: The DMV Is Selling Your Data To Vast Array Of Third Parties
Re: Rhode Island informs us...
I think the problem is the "unless otherwise authorized by law" proviso in the consent checkbox. They never say anywhere exactly what disclosures are authorized by law. If the law authorizes the DMV to sell information to credit reporting agencies, does that count and mean that your information may be sold even if you check the NO box?
IMO the rule should be that government agencies that collect personal data SHALL NOT disclose that data to any other party except to:
On the post: Appeals Court Says An IP Address Is 'Tantamount To A Computer's Name' While Handing The FBI Another NIT Win
Re:
It might be an interesting argument to make, though, especially if the router was leased from the ISP and thus was the ISP's property and controlled by it the whole time. If one takes the decision's statement as it's worded, then one should look on the computer for the IP address the ISP assigned to it which is almost certainly in the 192.168/16 netblock. That's also almost certainly not the IP address listed as the source of the download of the illegal material (which would belong to the router belonging to the ISP, not the computer belonging to the user). Given that, by the government's own evidence, the ISP they're looking for was not the one assigned to any computer belonging to the user by their ISP, what basis does the government have for the charges?
On the post: Power Outage For Federal Court Computer System Screws Up Three Months Worth Of Job Applications?!?
The systems aren't the best the Federal court system can do. They're the best the minimum-wage coders in the off-shore body shops the Tier 1 contractors the Federal court system contracted with to design and build the systems could do. And those systems did their job, after all those contractors got paid didn't they?
On the post: Three Years Later And The Copyright Office Still Can't Build A Functioning Website For DMCA Agents, But Demands Everyone Re-Register
I'd be sorely tempted to send the information return-receipt-requested with a cashier's check for $6, just to make sure I had hardcopy evidence I could present in court that I did in fact have a registration as required by the law regardless of what the Registrar might say.
On the post: Russian Troll Farm Tries Again To Sue Facebook, Despite Having Its Original Complaint Dismissed On 230 Grounds
Re: Re: Makes sense
"If the facts are against you, argue the law. If the law is against you, argue the facts. If the law and the facts are against you, pound the table and yell like hell." -- Carl Sandburg
Next >>