TechDirt 🕸

We've already talked about the many problems with the EARN IT Act, how the defenders of the bill are confused about many basic concepts, how the bill will making children less safe and how the bill is significantly worse than FOSTA. I'm working on most posts about other problems with the bill, but it really appears that many in the Senate simply don't care.

Tomorrow they'll be doing a markup of the bill where it will almost certainly pass out of the Judiciary Committee, at which point it could be put up for a floor vote at any time. Why the Judiciary Committee is going straight to a markup, rather than holding hearings with actual experts, I cannot explain, but that's the process.

But for now at least over 60 human rights and public interest groups have signed onto a detailed letter from CDT outlining many of the problems in the bill, and asking the Senate to take a step back before rushing through such a dangerous bill.

It also discusses the attacks on encryption hidden deep within the bill.

There's a lot more in the letter, and the Copia Institute is proud to be one of the dozens of signatories, along with the ACLU, EFF, Wikimedia, Mozilla, Human Rights Campaign, PEN America and many, many more organizations.

In June 2020, in Brattleboro, Vermont, something extremely ordinary happened. Two residents of the community interacted on Facebook. It was not a friendly interaction, which made it perhaps even more ordinary.

Here's the ordinariness in all of its mundane detail, as recounted in Brattleboro resident Isabel Vinson's lawsuit [PDF] seeking to have one of the state's laws found unconstitutional.

In June 2020, Christian Antoniello, a Brattleboro resident and the owner of a local business called the Harmony Underground, criticized the Black Lives Matter movement on his personal Facebook page, stating, “How about all lives matter. Not black lives, not white lives. Get over yourself no one’s life is more important than the next. Put your race card away and grow up.”

On June 6, Ms. Vinson posted on her own Facebook page and tagged the Harmony Underground’s business page. Ms. Vinson’s post stated: “Disgusting. The owner of the Harmony Underground here in Brattleboro thinks this is okay and no matter how many people try and tell him it’s wrong he doesn’t seem to care.” In the comments on her post, Ms. Vinson recommended that everyone “leave a review on his page so [Antoniello] can never forget to be honest,” and also tagged a Facebook group called “Exposing Every Racist.”

In response to Ms. Vinson’s Facebook post, a conversation thread ensued among several people, including Ms. Vinson, about her post, Mr. Antoniello, and other complaints about the business.

That's when things stopped being normal, and started becoming increasingly more bizarre.

Several weeks later, Antoniello and his wife reported to the Brattleboro Police Department that they were being harassed on Facebook and that Ms. Vinson’s Facebook activity caused them to fear for their safety.

This is kind of a normal reaction. Kind of. Not everyone subjected to online pitchforks will choose to make it a police matter, but this couple did.

If you're wondering where the criminal activity is, the Brattleboro police department has an answer for you.

On July 7, the Brattleboro Police Department cited Ms. Vinson under § 1027 based on her Facebook activity.

Here's what the state law (Section 1027) says:

A person who, with intent to terrify, intimidate, threaten, harass, or annoy makes contact by means of a telephonic or other electronic communication with another and makes any request, suggestion, or proposal that is obscene, lewd, lascivious, or indecent; threatens to inflict injury or physical harm to the person or property of any person; or disturbs, or attempts to disturb, by repeated telephone calls or other electronic communications, whether or not conversation ensues, the peace, quiet, or right of privacy of any person at the place where the communication or communications are received shall be fined not more than $250.00 or be imprisoned not more than three months, or both.

It's an amazingly broad law that criminalizes all sorts of speech since it can be stretched to fit nearly any speech a complainant doesn't care for. "Harass" is a pretty non-specific term. "Annoy" is even more vague.

That's the law being challenged by Vinson and the ACLU. It's a vague, unconstitutional law. And it's a law the PD obviously didn't sincerely believe applied to Vinson's Facebook post because it ditched everything about this highly questionable case the moment questions started being asked.

Two weeks later -- following an ACLU public records request for all documents related to Vinson's charge and prosecution -- the Brattleboro PD approached Vinson and offered to drop the charges in exchange for her entering a diversion program that could be completed in lieu of criminal charges. Vinson refused to enter the diversion program and said she was seeking legal representation. Here's what happened next:

Two days later, the Brattleboro police informed Ms. Vinson that she would not be charged.

All's well that ends abruptly in the face of the slightest resistance. But the law is still on the books. If the Brattleboro cops may decide not to take a second swing at Isabel Vinson with this law, law enforcement officers in the state are still free to misuse the law to punish people for saying things other people didn't like. And, needless to say, the vague law presents a perfect crime of opportunity for cops if a state resident says something cops don't like. That's why the state is being sued and the Vermont federal court being asked to declare the law unconstitutional. As it stands, the law presents an existential threat to free speech in the state. And Isabel Vinson's experience in Brattleboro shows what can happen when the threat goes from theoretical to fully-realized.

If capturing a bird's eye view of your favorite places is a fun way for you to unwind when you have some time, then the Vivitar VTI Phoenix Foldable Camera Drone (certified refurbished) is a great choice for updating your hobby's capabilities. All the pieces come secured in the sided carrying case, which helps protect them from damage as well as keeps them neatly organized. The two included batteries allow for a combined flight time of over 32 minutes, so you can get the most out of your drone's 1152p video camera video imaging. With a range of 2000 feet, Follow Me technology, GPS location locking, and Wi-Fi transmission capability, this drone has all the bells and whistles you need. It's on sale for $159.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

AT&T got a lot wrong (and still really can't admit it) with the company's $86 billion acquisition of Time Warner. There were endless layoffs, a steady dismantling of beloved brands (DC's Vertigo imprint, Mad Magazine), all for the company to lose pay TV subscribers in the end.

But the one thing the company did get right, with a little help from COVID, was its attacks on the dated, pointless, and often punitive Hollywood release window. Typically, this has involved a 90 day gap between the time a move appears in theaters and its streaming or DVD release (in France this window is even more ridiculous at three years). Generally, this is done to protect the "sanctity of the movie going experience," as if for thirty years the "sanctity of the movie going experience" hasn't involved sticky floors, over priced popcorn, big crowds and mass shootings.

During COVID, big streamers like AT&T and Comcast shifted a lot of their tentpole films (like Dune) directly to streaming, which technically saved human lives, but resulted in no limit of raised eyebrows and scorn among the "Loews at the mall is a sacred space you can't criticize" segment of Hollywood. You might recall that AMC Theaters was positively apoplectic when Comcast showed that release windows were a dated relic, declaring it would never again show a Comcast NBC Universal picture anywhere in the world if Comcast kept threatening the sacred release window (the threat lasted about a week).

WarnerMedia (in the process of being spun off by AT&T) has faced similar whining from the industry. This week the company was hit with a lawsuit (pdf) by Village Roadshow Films, which claims the company "rushed" the release of The Matrix Resurrections from 2022 to 2021 as part of an (gasp) effort to boost streaming's popularity. All through 2021, AT&T/Time Warner released films simultaneously in theaters and on streaming to boost HBO Max subscriptions. And people liked it.

Unsurprisingly, Village Roadshow Films did not, claiming the effort (dubbed "Project Popcorn") was a "clandestine plan to materially reduce box office and correlated ancillary revenue generated from tent pole films that Village Roadshow and others would be entitled to receive in exchange for driving subscription revenue for the new HBO Max service." HBO Max and AT&T telegraphed this intention, so it seems hard to argue this was somehow clandestine. The suit also accuses WarnerMedia of ignoring the fact that piracy would have hurt the overall profits to be made from the film, though, again, metrics proving clear financial harm appear lacking.

But just as unsurprisingly, Warner Brothers thinks Village Roadshow Films is just annoyed by reality and shifting markets:

Again, while it's true that AT&T attacked the sacred old release window to goose streaming subscriptions, this was something that happened during an historic plague in which indoor transmission of a deadly virus could kill or disable you. It's also almost an afterthought that in the advanced home theater and mall shooting era, this is something consumers desperately wanted. For all its downsides, COVID had a strong tendency to painfully highlight shortcomings (see: broadband, the U.S. healthcare system) and dated antiquities (like release windows or a disdain for telecommuting) that no longer served us.

While there's a shrinking sect of Hollywood folks like Spielberg who still think in-person theaters and release windows are sacred and above reproach, COVID laid bare the fact that not that many people agree with them. And while that certainly disadvantaged folks financially dependent on older models (like theater owners and studios heavily vested in release windows), the reality is what it is, and a popular change was accelerated all the same.

The endless parade of bad news for Israeli malware merchant NSO Group continues. While it appears someone might be willing to bail out the beleaguered company, it still has to do business as the poster boy for the furtherance of human rights violations around the world. That the Israeli government may have played a significant part in NSO's sales to known human rights violators may ultimately be mitigating, but for now, NSO is stuck playing defense with each passing news cycle.

Late last month, the New York Times revealed some very interesting things about NSO Group. First, it revealed the company was able to undo its built-in ban on searching US phone numbers… provided it was asked to by a US government agency. The FBI took NSO's powerful Pegasus malware for a spin in 2019, but under an assumed name: Phantom. With the permission of NSO and the Israeli government, the malware was able to target US numbers, albeit ones linked to dummy phones purchased by the FBI.

The report noted the FBI liked what it saw, but found the zero-click exploit provided by NSO's bespoke "Phantom" (Pegasus, but able to target US numbers) might pose constitutional problems the agency couldn't surmount. So, it walked away from NSO. But not before running some attack attempts through US servers -- something that was inadvertently exposed by Facebook and WhatsApp in their lawsuit against NSO over the targeting of WhatsApp users. An exhibit declared NSO was using US servers to deliver malware, something that suggested NSO didn't care about its self-imposed restrictions on US targeting. In reality, it was the FBI and NSO running some tests on local applications of zero-click malware that happened to be caught by Facebook techies.

But there's more. Recent reports building on the NYT article contain statements that claim NSO approached service providers with (well, let's just say it) bribes to allow access to targets at a higher level that might mitigate some of the defensive efforts deployed by Facebook, Google, and Apple.

Here's what's been alleged in newer reports, like this one by Craig Timberg of the Washington Post:

The surveillance company NSO Group offered to give representatives of an American mobile-security firm “bags of cash” in exchange for access to global cellular networks, according to a whistleblower who has described the encounter in confidential disclosures to the Justice Department that have been reviewed by The Washington Post.

The mobile-phone security expert Gary Miller alleges that the offer came during a conference call in August 2017 between NSO Group officials and representatives of his employer at the time, Mobileum, a California-based company that provides security services to cellular companies worldwide. The NSO officials specifically were seeking access to what is called the SS7 network, which helps cellular companies route calls and services as their users roam the world, according to Miller.

Mobileum execs were (understandably) unsure how any of this was supposed to work in the unlikely event they were amenable to a foreign entity's requests for elevated access to US cellular networks. Fortunately, the NSO rep made it extremely clear how this was going to work, according to the whistleblower:

In Miller’s account to the Justice Department, when one of Mobileum’s representatives pointed out that security companies do not ordinarily offer services to surveillance companies and asked how such an arrangement would work, NSO co-founder Omri Lavie allegedly said, “We drop bags of cash at your office."

Simple enough. Except -- to quote C. Montgomery Burns -- at the end of the proposed transaction "the money and the very stupid man were still there." Mobileum execs say no such bribery took place -- not because NSO didn't offer it but because the company refused to accept the generous offer of extremely shady "bags of cash" from the Israeli malware maker.

NSO has its own explanation for these events, which is, basically: "It was a joke, probably."

In a statement through a spokesperson, Lavie said he did not believe he had made the remark. “No business was undertaken with Mobileum,” the statement said. “Mr Lavie has no recollection of using the phrase ‘bags of cash’, and believes he did not do so. However if those words were used they will have been entirely in jest.”

Hahahahahaaaa… here at the home of the zero-click exploit marketed to human rights violators we often joke about bribing tech companies to allow us more access to networks. Oh, our sides ache from the fun we have jesting about subverting networks to compromise targets of evil empires. Ell oh fucking ell.

Mobileum, on the other hand, says it has never done business with NSO and reported this proposed cash drop to the FBI in 2017 but never heard anything back from the agency. Two years later, the FBI was experimenting with NSO malware and trying to gauge the political and constitutional fallout of deploying unregulated malware against US citizens.

Even if NSO is to be believed, there's nothing good awaiting it on the US side of things. The Commerce Department has already blacklisted the company, destroying its ability to purchase US tech for the purpose of compromising it. And the Department of Justice has opened its own investigation into NSO, adding to its list of US-related woes.

NSO could have avoided all of this international attention by being more selective about who it sold to, and stripping customers of their licenses at the first hint of malfeasance. It didn't. And the fact that it may have been pressed into service as a malware-laden extension of the Israeli government's Middle East charm offensive isn't going to save it. NSO has to save itself but it lacks the tools to do so. Whatever it claims in defense of every reported allegation is presumed to be suspect, if not completely false. The reputation it has now is mostly earned. It made millions helping sketchy governments inflict further misery on citizens, dissidents, journalists, and political opponents. The company's honor is no longer presumed if, indeed, it ever was.

When it comes to silly trademark disputes, Apple has come up for discussion many, many times. The mega-corporation is a jealous defender of all of its IP, but most of our stories have focused on its disputes with companies that created logos that involve any sort of apple or other fruit. Sometimes it's not even companies that Apple is fighting with, but entire foreign political parties. The idea here is that when it comes to logos or trade dress, Apple appears to think that it owns all the apples.

But what about the word itself? Well, the company can get absurd at that level, too. For instance, Apple recently opposed the trademark application for a Ukrainian filmmaker's indie opus, entitled Apple-Man.

Apple in December filed an opposition with the U.S. Patent and Trademark Office seeking to block Ukrainian director Vasyl Moskalenko’s trademark application for his indie project. The world’s most valuable company argues that viewers will mistakenly believe Apple-Man is associated with Apple and that the movie will dilute its brand.

“The Apple Marks are so famous and instantly recognizable that the similarities in Applicant’s Mark will overshadow any minor differences and cause the ordinary consumer to believe that Applicant is related to, affiliated with, or endorsed by Apple,” states the filing, which is embedded below. “Consumers are likely to assume, erroneously, that Applicant’s Mark is a further extension of the famous Apple brand.”

Alright, so let's stipulate the following right up front: Apple's trademark on its name is no doubt famous. That affords the company far more protection on that mark than your normal everyday trademark. One of the main differences, however, is that Apple can enforce the mark not only for customer confusion, but for things like tarnishment, if someone used the term in a way that could be seen as disparaging to Apple.

In the quote above, Apple is going the traditional confusion route in its opposition. But that's unbelievably silly. This is an indie film that nobody is going to associate with Apple. It's also, because it's a film, entitled to First Amendment protections that are almost certain to override any trademark concerns, particularly those as flimsy as Apple's.

Elsewhere, Apple argues for dilution.

Apple also argues the trademark, if granted, will “cause dilution of the distinctiveness of the famous Apple Marks by eroding consumers’ exclusive identification of the Apple Marks with Apple.”

But consumers don't have an exclusive identification of the Apple Marks with Apple. That should be obvious on its face. Lots of companies, for instance, use the term "Apple" in branding for... you know... apples. There have also been other films, more specifically, that make use of the word "apple" in their names. There is one called The Apple. And another called Apples. So what does Apple's lawyers see as the difference between those films use and Apple-Man? ¯\_(ツ)_/¯

Jeremy Eche of JPG Legal, who represents Moskalenko, argues “apple” isn’t a proprietary word and viewers won’t be misled by the movie.

“This is ridiculous,” he tells The Hollywood Reporter. “They really want to own the word ‘Apple’ in every industry.”

Eche contends Apple is a “trademark bully” exploiting the system.

Of that there can be little doubt. So why is Apple even bothering with any of this? Well, outside council is involved, so the term "billable hours" immediately leaps to mind. But Apple's history of trademark bullying also doesn't exactly preclude a haphazard and capricious enforcement of its trademarks. The lawyers saw this one, so they went after it.

And before anyone wants to jump in the comments and point out that Apple makes and provides film content via AppleTV and iTunes... don't. Doing so does not suddenly mean the company can keep a filmmaker from making a film that uses the word in its title, nor for trademarking the name of that film.

As you hopefully know, there are two main parts to the DMCA law that was passed in 1998. There's DMCA 512, which is what you hear about most of the time. That's the part that includes the rules for notice and takedown regimes for user uploaded content (among other things). It's got problems, but in its current form has also enabled many important services to exist. The other part, which is much more problematic, is DMCA 1201, which is the anti-circumvention rules -- or you could call it the "DRM" part of the law. This has no redeeming value whatsoever. Under 1201 basically any attempt to circumvent a "technological" protection measure, can be deemed infringing even if the underlying content is never infringed upon. This part of the law is not only not necessary, but it's drafted in a manner that has been regularly abused -- enabling everyone from printer manufacturers to garage door opener companies to argue that simple reverse engineering to create competition is "infringement."

In fact, everyone -- even the drafters of the DMCA -- knew that 1201 went too far and would lead to massive collateral damage. Rather than not passing such a bill, Congress came up with its "escape valve" which is the triennial review process, whereby every three years, the Librarian of Congress can magically declare which things are exempt from 1201. This has exempted a few classes of important use cases, but just the fact that (1) these uses need to be renewed every three years, and (2) that you have to ask for permission that can only be granted every 3 years for things that should be perfectly legal... is a problem.

Way back in 2016, EFF brought a case challenging the constitutionality of 1201 on behalf of computer security researcher/professor Matthew Green and hardware hacker Bunnie Huang, arguing that the DMCA 1201 liability suppressed their speech by stopping security research and beneficial hacking efforts. In 2019, a court dismissed much of the constitutional challenge, while allowing other parts of the case to move forward.

However, those constitutional questions are now on appeal and the EFF recently filed its opening brief. It's worth reading.

Some useful and worth reading amicus briefs have also been filed in the case. Copyright scholars Pam Samuelson and Rebecca Tushnet filed a fantastic brief:

The Tech Law & Policy clinic at Colorado Law highlighted how much damage 1201 and the triennial review process has done to accessibility, security, and right to repair:

And then there's an amicus brief from documentary film makers talking about how damaging 1201 has been to their own expression:

This isn't just an issue for big companies. This is about fundamental fair use rights of the public -- which Congress tossed away decades ago, and tried to pave over by insisting the Librarian of Congress could swoop in every 3 years and stop the most egregious attacks on free speech. But that's not how the 1st Amendment works.

Hopefully the court agrees.

We talk a lot about free speech in different countries, and about the history of free speech in the US — but what about the global history of this fundamental concept? A new book released today, Free Speech: A History from Socrates to Social Media by Jacob Mchangama, tackles exactly this subject in great and insightful detail. This week, Jacob joins us on the podcast to discuss the sweeping story of free speech throughout the ages and around the world.

Follow the Techdirt Podcast on Soundcloud, subscribe via Apple Podcasts, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.

While Google's Stadia game streaming service arrived with a lot of promise, it generally landed with a disappointing thud. A limited catalog, deployment issues, and a quality that couldn't match current gen game consoles meant the service just never saw the kind of traction Google (or a lot of other people) originally envisioned. In the years since, developers have been consistently abandoning the platform, and Google has consistently sidelined the service, even shutting down its own development efforts as a parade of executives headed for the exists.

Now, Google is basically just selling the technology off to other companies eager to give video game streaming a go and succeed where Google couldn't.

In the last few months, Google executives have apparently been working on a plan to salvage some aspect of the project by selling Google Stadia tech to companies like Bungie and Peleton. In short, these companies will license the Google tech (now creatively named "Google Stream") for use in their own game streaming services called something entirely different. Google's first party Google Stadia service still exists for now, but it has been "deprioritized" within the company on the way to an inevitable, untimely death:

Unfortunately (for Google) Sony just bought Bungie for $3.6 billion, and already has its own streaming technologies and platforms that Bungie will likely use (Sony also leans on Microsoft's cloud technology). And while Google also has been working on a game streaming deal with AT&T, such "me too" type efforts from the telecom sector never quite amount to much. That leaves Peloton, which is being rumored as an acquisition target by Amazon, and isn't doing gaming so much as it's doing the gamification of exercise.

Somebody will dominate the game streaming space, but it's not going to be Google. While the Google technology certainly works well, the business plan was an unmitigated failure by any measure. And much like Google Fiber (which Google eventually got bored with and froze without ever really admitting to anybody that's what happened), Stadia will die without being formally declared as dead, having never seen even a fraction of its originally envisioned potential.

The UK's internet censorship bill rebranded from "Online Harms" to "Online Safety" last spring. The name change did nothing to limit the breadth of the bill, despite supposedly shifting the focus from "harm" to "safety." Whatever the name, it's still being touted by supporters as a fix for anything anyone doesn't like about the internet.

Speech will be policed. Lots of it. Everyone from megalithic Meta to the person running a niche message board will be subject to the new rules, which shifts liability from the posters of unwanted or illegal content to the third parties hosting it.

In order to find and remove content found on the ever-lengthening list of "bad" content (which, let's highlight again, includes legal content), platforms and services will have to perform more internal policing of content. This means that, in many cases, encryption for content and communications will no longer be a viable option. To comply with the law -- one that carries potential fines of up to 10% of a company's global revenues -- providers will have to remove end-to-end encryption so they can monitor communications between users.

The UK government isn't honest enough to call for the end of encryption. But it's willing to let attrition do its dirty work for it. The anti-encryption agitating continues, despite the UK government's Information Commissioner's Office telling the rest of the government that weakening or eliminating encryption will harm more children than it saves.

The bill marches forward, gathering even more speech-harming detritus. As CNBC reports, another round of UK government inquiries has resulted in the proposed law being made even worse.

The government said Friday that the bill will now include extra-priority provisions outlawing content that features revenge porn, drug and weapons dealing, suicide promotion and people smuggling, among other offences.

It will also target individuals who send online abuse and threats, with criminal sentences ranging up to five years.

Stuff that was already on the ban list has been given greater priority, aligning self-harm and drug dealing with the big baddies of "terroristic content" and child sexual abuse material. Online threats and "abuse" will get stiffer legal penalties.

But that's not all: there's more to add to the UK government's list of content it would like to treat as criminal acts.

The government said it is considering further recommendations, including specific offences such as sending unsolicited sexual images and trolling epilepsy sufferers, tackling paid-for scam advertising, and bringing forward criminal liability for senior company executives at the tech firms.

Every addition adds to the list of content that platforms and services must proactively monitor and remove. The addition of criminal liability for tech execs may seem like a crowd pleasing Guillotine 2.0, but in reality, it just means jailing people because their companies failed to achieve the impossible tasks the UK government has asked of them.

A lot of what's being added won't be easily detected by AI or human moderators -- certainly not proactively. Context matters but proactive monitoring means context will be ignored. The difference between revenge porn and regular porn isn't immediately and obviously clear. Pictures of guns or drugs are not necessarily promotional. And there are going to be some people in desperate need of help getting caught in the friction between talking about suicide and "suicide promotion."

It all sounds good when it's still on paper and reads like a blueprint for a trouble-free online existence. But it falls apart the moment you start asking questions about how this can be implemented without massively altering the contours of free speech in the UK and generating an incredible amount of collateral damage that may, in many cases, negatively affect the same vulnerable people the government believes this bill will protect.

Easily get the feedback you need. Get started quickly using one of SurveyRock's many predefined templates (customer satisfaction, employee feedback, college course reviews, etc.) or if you already know what you want to say, just start adding questions. Choose from numerous question types and survey themes that fit your needs. You can distribute surveys through URL, Facebook, Twitter, QR code or embedded HTML. Once you have your results, you can export your survey data to spreadsheet (.xls, .csv) or SPSS (.sav) for further analysis. SurveyRock Premium Plan is on sale for $50.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

At the same time car companies are fighting the right to repair movement (and the state and federal legislation popping up everywhere), they're continuing the quest to turn everyday features -- like heated seats -- into something users have to pay a recurring fee for.

In 2019, BMW had to abandon a plan to charge $80 per year for Apple CarPlay. The company, having learned nothing, began floating the idea of charging a subscription for features back in 2020, when it proposed making heated seats and heated steering wheels something you pay a permanent monthly fee for. Last December, Toyota proposed imposing a monthly fee for customers who wanted to be able to remotely start their vehicles.

Each and every time these proposals come forward the consumer response is swift and overwhelmingly negative. But with $20 billion in annual additional potential revenue on the table between now and 2030, the industry seems poised to ignore consumers:

Keep in mind these are decisions being made during a pandemic when most households continue to struggle.

This sort of nickel-and-diming works well in the telecom sector where captive subscribers often can't switch to a different competitor. But in the auto space, companies risk opening the door to competitors gaining inroads by... not being nickel-and-diming assholes. Many companies may also be overestimating their own product quality; one JD Power survey found that 58% of people who use an automaker's smartphone app wouldn't be willing to pay for it. At the same time, as with gaming microtransactions, if enough people are willing to pay to make it worth it, it may not matter what the majority of car consumers think.

More troubling developments for both NSO Group and the country it calls home.

Less than a month ago, both entities found themselves in midst of another turbulent news cycle, thanks to reporting from Calcalist that showed Israel police were using NSO spyware to engage in domestic surveillance. Worse, the people targeted weren't just dangerous criminals or suspected terrorists.

Instead, like everywhere else NSO malware has been abused, Israeli police forces targeted activists protesting then-Prime Minister Benjamin Netanyahu's CVOID restrictions, as well as mayors of Israeli cities. Also included on the list of hacking targets were former government employees and "a person close" to a senior politician. In some cases, the police used the malware to phish for information from targets' phones, all without any reasonable suspicion these targets may have committed criminal acts.

On top of all that, the police deployed the malware without direct or judicial oversight. Utilizing a loophole in the law, investigators avoided seeking court authorization for these hacking attempts.

There's more of that being discovered. The Israeli government is conducting its own investigation of NSO and the use of its spyware. That has resulted in the discovery of more questionable hacking.

Israel police used spyware to access data in the phone of an individual involved in the trial of former Prime Minister Benjamin Netanyahu, a report said on Wednesday.

The hack, reported on Channel 13 News, was discovered by the Justice Ministry during its review of the police's use of the spyware.

This hacking -- like much of what was reported by Calcalist -- was also likely illegal.

The police reportedly claimed that the investigators never received the data, which was gathered against the police's procedures.

A failure to collect data is not the same thing as never engaging in illegal hacking at all, no matter how the police might try to spin this. The target of this attack still has yet to be identified, but the report contains a statement from the attorney representing Shaul and Iris Elovich, a couple accused of bribing Netanyahu.

There's also this tantalizing detail, which shows the police may have been lying in its earlier statement to Calcalist about every use of NSO malware being legal and authorized by the proper court paperwork.

In a brief statement that doesn't go into any specific cases, the police said “additional findings” from its internal probe “change in some ways” an earlier statement last month that ruled out any wrongdoing.

Hmm. Maybe don't offer up blanket statements when you have no other evidence but knee-jerk defensiveness when you've been caught with your hand in the domestic surveillance cookie jar. The only "way" the earlier statement could "change" at this point is to contain admissions of wrongdoing and illegal searches. That correction -- whenever it arrives -- is going to leave deep, self-inflicted bruises on the Israel Police.

We've been talking a bit about industry consolidation through mergers and acquisitions (M&As) in the video game industry as of late. The impetus for that discussion has been a series of high-profile acquisitions for several notable companies, namely Microsoft and Sony. Microsoft acquired Zenimax for $7 billion and Activision Blizzard King for a bonkers $69 billion recently, while Sony jumped into the game by acquiring Bungie for $3.6 billion. Of interest for these pages is the different approaches these companies have taken with these acquisitions. Microsoft hemmed and hawed about whether it would start building Microsoft exclusivity for products from its acquisitions, eventually landing on very much embracing exclusivity, while Sony took a much more hands-off approach and stated plainly that Bungie games would still be cross-platform. For those of us interested in digital and technology economies and business models, this is interesting stuff.

But there is a name missing here. The traditional "Big 3" in gaming has long been Microsoft, Sony, and Nintendo. Well, if you like real-world experiments when it comes to business strategies, this looks like it's going to get even more fascinating, as Nintendo is making noises about going an entirely different route.

While Xbox and Sony are entering an acquisition arms race, Nintendo isn’t so eager to snap up a slew of game studios. In a recent investors’ meeting, Nintendo president Shuntaro Furukawa was asked about acquiring game companies—a timely question, that’s for sure.

“Our brand was built upon products crafted with dedication by our employees, and having a large number of people who don’t possess Nintendo DNA in our group would not be a plus,” Furukawa replied, as reported by Bloomberg and Reuters.

Now, this shouldn't exactly come as a shock to anyone who knows the industry and how Nintendo operates. Whatever I might want to say in my series of posts about how "Nintendo hates you", the company has also built a successful business in the space that relies on first-party game titles and franchises compared with Sony and Microsoft. Whatever success those others have had, for instance, Microsoft and Sony simply don't have a version of the Super Mario Bros. franchise. Nintendo has several of these: Super Mario Bros., Zelda/Link, Star Fox, etc. So Nintendo has always been less reliant on 3rd party titles compared with its competitors.

But the open question is whether this more insular focus will work in the post-pandemic period where industry consolidation is not just for the video game industry, but for many others. The Harvard Business Review had a study released in 2021 that predicted what many others have as well: the mid- and post-pandemic economic space will be one that heavily incentivizes mergers and acquisitions. Consolidation is the order of the day/year.

So now we have three distinct strategies from the Big 3 of the video game industry: Microsoft will do M&As and try the exclusivity route, Sony will do M&As and be more open and permissive or cross-platform releases, and Nintendo will simply choose largely to not play this game at all.

At its core, Nintendo is not an enterprise built on corporate consolidation. It’s a company that makes hardware and games for said hardware. That is etched in its DNA.

And now we get to sit back and see how that works in a post-pandemic world.

Throughout the Trump administration, a lot of folks had absolutely no problem with the mindless rubber-stamps appointed to key regulatory positions. Ajit Pai, for example, couldn't have demonstrated regulatory capture any more clearly, rubber-stamping every idiotic whim of telecom monopolies at every conceivable opportunity (often with the help of fabricated data and fraud). Revolving door regulation and unqualified industry lackey appointments hit a fevered pitch not seen at any point in U.S. history, and at every step a long list of organizations and individuals made it abundantly clear they were fine with all of it.

Fast forward to Biden's efforts to replace some of these folks, and a lot of these same organizations and individuals that turned a blind eye to the worst aspects of Trumpism are now fanning their face about perceived conflicts of interest, "partisan politics," and all manner of hypocritical injustices.

See the intentionally gridlocked nomination of new FCC Commissioner Gigi Sohn, for example. Sohn is popular across both sides of the aisle and, whatever you think of her positions and politics, highly competent. Yet her nomination has been stuck in congressional purgatory for months thanks to completely false claims ranging from she wants to "censor conservatives," to laughable claims from revolving door cable lobbyists that her history as an expert on consumer advocacy means she can't regulate telecom fairly. All coming from industry folks who don't actually believe anything they're saying.

The same gamesmanship is also imperiling the nomination of Alvaro Bedoya to the FTC. Bedoya is a professor and founding Director of Georgetown Law’s Center on Privacy & Technology and is widely respected. Whatever one thinks of Bedoya's politics and positions, there's no real doubt that he's competent and qualified for the role. But companies that don't really want competent, objective regulators have been working overtime to smear Bedoya in the same way they're working to smear Sohn. Usually through proxy groups and think tanks they funnel money, and then flimsy arguments, to.

For example the "American Consumer Institute Center for Citizen Research" is not really a consumer group. It's one of countless 501(c)(3) nonprofits corporations covertly fund, and use to create the illusion of broad support (or opposition) for/to things big companies want. For example the American Consumer Institute was paid by telecom to scuttle FCC oversight of telecom monopolies, yet pretended to just be an objective organization giving an honest, objective opinion.

The group is also popping up in the attacks against Bedoya, attempting to frame him as some kind of radical. Usually, because he's (gasp) levied accurate criticisms at the actually radical modern Trump GOP:

Believing that Donald Trump is racist and terrible is not a disqualifying character flaw. And, of course, groups like the American Consumer Institute don't really care about "hyper-partisanship," "extreme advocacy," or anybody being called out for racism. They're trying to squash Bedoya's nomination because the companies they're aligned with don't want the FTC or FCC ramping up consumer protection and antitrust reform. If they can't scuttle the nominations, they hope to delay both the FCC and FTC from having working voting majorities for as long as possible.

It's not serious policy opinion, it's the kind of bad faith, theatrical proxy, rat fuckery that's been the norm in DC for more than 20 years. Despite this, the press still can't really help itself and will also quote and amplify groups like this as if they're actually objective, well-intentioned observers, and not, say, rat fucking propagandists for hire.

The European Union's data privacy law, the GDPR (General Data Protection Regulation), has caused all sorts of problems since its debut. Its debut was itself a mess, something that immediately resulted in a whole lot of websites simply refusing to allow European users to connect with them.

Since it was unclear how to avoid running afoul of the law, it was easier to avoid potential fines by simply cutting European users out of the equation. For everyone else, it was being greeted with a new warning about cookies at nearly every website they visited -- a small hassle to be sure, but a hassle nonetheless.

Then there were the truly unexpected consequences of the new law that imposed data-gathering and data-sharing restrictions on any business, whether they were internet-based or not. In some areas, GDPR was read as requiring retailers to notify purchasers of items when the items were returned -- something that would make the exchange of unwanted Christmas gifts extremely awkward.

In another weird case, post offices in Ireland removed waste bins from their facilities because customers were throwing out unwanted mail and receipts, resulting the offices' unintentional collection of personal data. When the waste bins went missing, customers resorted to throwing their trash on post office counters and floors, leaving it even more unregulated than it was when the waste bins were still in place.

Yet another side effect no one saw coming: the use of Google's Font API was enough to get a website fined by a German court. (via Slashdot)

Earlier this month, a German court fined an unidentified website €100 ($110, £84) for violating EU privacy law by importing a Google-hosted web font.

The decision, by Landgericht München's third civil chamber in Munich, found that the website, by including Google-Fonts-hosted font on its pages, passed the unidentified plaintiff's IP address to Google without authorization and without a legitimate reason for doing so. And that violates Europe's General Data Protection Regulation (GDPR).

The court says whether or not Google did anything with the forwarded IP address is beside the point. The fact is the website engaged in the unauthorized transmission of this IP address to Google by using its font API to access a font to render the text on the site. The court's decision points out this can be avoided by self-hosting the font and notes that the website operator has chosen to do this going forward. That being said, the court still feels a fine is the only way to ensure future compliance with GDPR.

Risk of repetition is to be affirmed. It is undisputed that the plaintiff's IP address was forwarded to Google when the plaintiff visited the defendant's website. Previous unlawful impairments justify an actual assumption of the risk of repetition, which was not refuted by the defendant. The risk of repetition is not eliminated by the fact that the defendant now uses Google Fonts in such a way that the IP address of the website visitor is no longer disclosed to Google. The risk of repetition can only be eliminated by a declaration of discontinuance with a penalty.

The fine here may have been minimal, but the law allows a penalty of €250,000 ($286,000) per violation, which the court warns the website operator is not only possible, but probable, if the problem doesn't go away. There's also the (very slim) chance the improper use of Google Fonts could result in prison time, because that's also a potential GDPR violation penalty.

While the solution here appears to be simple enough -- self-host fonts -- the reality of the situation is that this decision will lead to yet another pop-up asking for consent that will stand between site users and the content they're trying to access, and that no one will read before clicking "accept." It won't make the web a better place and it won't do much to limit the sharing of personal data with off-site entities. It will just make everything a little more annoying.

Last month, we wrote about how the IRS and other federal agencies were starting to require the use of private facial recognition from a somewhat sketchy private company, for people to access their own government's services. The main company in question, ID.me, had made some... questionable decisions that raised serious questions about why the government was forcing people to make use of such a private service.

Earlier this morning, Senator Ron Wyden sent a letter to the Treasury Department calling on them to drop the facial recognition requirement, and within hours the Treasury Department told Wyden it would be "moving away" from that plan, and then the IRS put up a more official statement:

Last week the Treasury Department had said it was "reviewing" the matter, but today's announcement is a big deal. It's rare to see a government agency move this fast, so kudos to Treasury/IRS for acting quickly (though, it can be argued that it never should have gotten this far in the first place). But also kudos to Wyden for helping make this happen as well.

Over a decade ago, we wrote about how Google had to edit out the Australian Aboriginal flag from a logo because of copyright concerns. An 11-year-old girl had won a contest to design a Google logo for Australia Day, and her logo included a simple drawing of the popular Aboriginal flag. Harold Thomas created a (fairly simple) flag design "as a symbol of unity and national identity" for the Aboriginal people in Australia. The flag became quite popular... and then Thomas basically became a copyright landlord, demanding payment for pretty much any usage.

In 2019, Thomas did a big licensing deal with a clothing company and proceeded to send out a bunch of cease-and-desist letters to others. It got so bad that the Australian Senate sought to have the government figure out a way to make sure the public could use the flag.

Apparently it took over two years, but the "deal" has been worked out -- and it involves the Australian government paying over $20 million to basically buy out the copyright and the former licensing deals, but that still doesn't mean the flag is truly in the public domain:

So, given that he retains the moral rights, that suggests he will still have the power to stop anyone from using the flag in a way that he, personally, disapproves of. And the fact that there's still a license for commercial use, means that the government is still effectively enforcing the copyright.

So, in the end this was $20 million of taxpayer money... to basically pledge not to go after people for personal use.

With a whole bunch of caveats. If it's used in a manner that someone disapproves of, you better believe that it won't be seen as "free" for use. Hell, even the Google example from a decade ago probably wouldn't work, because I would bet the Australian government would argue that was a "commercial" use.

Seems just slightly ironic for a landlord who claimed ownership of a concept and then locked people out would call that a representative sample of "the timeless history of our land."

The Z2 headphones earned their name because they feature twice the sound, twice the battery life, and twice the convenience of competing headphones. This updated version of the original Z2s comes with a new all-black design and Bluetooth 5.0. Packed with TREBLAB's most advanced Sound2.0 technology with aptX and T-Quiet active noise-cancellation, these headphones deliver goose bump-inducing audio while drowning out unwanted background noise. These headphones are on sale for $79.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

This case -- sent to us by Eric Goldman -- touches on a lot of subject matter covered frequently at Techdirt: dead dogs, police officers, the First Amendment, and qualified immunity. Yet the narrative isn't quite what's expected given the elements. And the court's conclusions, while disappointing, are likely the correct application of the law.

Here's the background to the case, as recounted in the federal court decision [PDF]:

Plaintiffs John and Brittany Knudsen, a married couple, reside in Spring Hill, Kansas. Plaintiffs owned a Great Dane dog named Nala. On March 29, 2020, Nala got out of plaintiffs’ house. Defendant Mark Cantrell and his wife, Jessica, were walking their dogs near plaintiffs’ house and Nala approached them. Defendant Cantrell shot Nala with a firearm. Nala loped, grievously wounded, toward plaintiffs’ property, and John Knudsen saw that Nala had sustained a gunshot wound. John Knudsen took Nala to the emergency veterinarian, where plaintiffs chose to have Nala humanely euthanized.

Not everyone walking their dog would carry a gun and/or be willing to shoot another dog just because the dog approached them. There's a reason Mark Cantrell might have deployed "shoot first" tactics: he was an Olathe, Kansas police officer.

The shooting was reported to the Spring Hill Police Department by the Knudsens. Officer Shaun Whitesell handled the call and took the Knudsens' statements. The original report listed the Knudsens as the victim of a potential crime (the shooting of their dog) and Officer Cantrell (who was off-duty at the time) as the suspect. Later, Officer Whitesell "changed the report to reflect that Cantrell was the victim."

Over the next couple of weeks, the Knudsens tried to obtain copies of the reports and witness statements. The Spring Hill PD refused to hand them over. Officer Whitesell informed the couple that "Cantrell would likely not be charged."

The Knudsens took their complaints to social media.

Plaintiffs posted information about the incident publicly on Facebook on April 15, 2020. “The Facebook post described the events[,] . . . identified Cantrell as the shooter, and identified that he was a police officer for the Olathe, Kansas Police Department[.]” The Facebook post went viral.

Soon after this, Cantrell called the Spring Hill PD to complain about the post, stating that he had received a "threat from a person unrelated to the Plaintiffs." This led to another set of unfortunate statements and events.

Defendant Whitesell responded to defendant Cantrell’s call and met with defendant Cantrell and his wife. The Cantrells wanted plaintiffs charged. Whitesell told the Cantrells that plaintiffs “would be ticketed for harassment and/or witness intimidation.” Later, Whitesell visited plaintiffs’ home and discussed the Facebook post with plaintiff Brittany Knudsen. Whitesell told Brittany Knudsen the post was “causing problems, and told her it should be taken down.”

Every action here was wrong. If threats had been made against Cantrell, the only criminal suspect would be the person making the threats. Officer Whitesell could have simply informed the Knudsens that their post had resulted in threats being made against Cantrell and allowed them to make a decision about taking the post down. What he shouldn't have done is tell another officer he would attempt to issue a criminal citation and definitely should not have instructed the couple to take the post down.

That led to this lawsuit, which alleges First Amendment violations by Officer Whitesell and brings some state law claims (conversion, assault) against the off-duty officer who shot the couple's dog. The court says it only has jurisdiction over the First Amendment allegations against Officer Whitesell.

Whitesell argued he should be awarded qualified immunity because it was not clearly established that demanding someone take down a social media post violated rights. The court, after much discussion, agrees with Officer Whitesell.

While it should be fairly obvious police interactions over social media posts contain a multitude of First Amendment implications, the speech targeted by Officer Whitesell's actions did not actually target him. It discussed the actions of another police officer, one who was off-duty at the time he shot the Knudsens' dog.

[P]laintiffs try to characterize their speech as criticism “of both the City of Spring Hill as well as Defendant Cantrell, an officer for the Olathe, Kansas police department.” Plaintiffs assert that “[s]peech, challenge, and criticism directed at police is . . . [a] clearly established” right. (citing Hill, 482 U.S. at 461). But this characterization doesn’t match the circumstances of this case. Plaintiffs don’t allege that they criticized the police in their Facebook post. Instead, plaintiffs’ post criticized defendant Cantrell for off-duty actions unrelated to his employment with the Olathe Police Department. Critically, the post doesn’t criticize the alleged retaliator: defendant Whitesell. [...] Even if one construes plaintiffs’ post as criticism of defendant Cantrell’s actions as a police officer, the alleged retaliation is several degrees removed from that criticism.

The court also notes that the Knudsens seemingly had no complaint about Officer Whitesell or the Spring Hill Police Department, directly quoting a statement made by the couple about their local PD:

“Responding Spring Hill Officers and the entire Spring Hill PD have been nothing but amazing during this whole situation. They have been sympathetic to our loss, and have continually checked in on us to be sure we are holding up. This is how a police department should be, and I am proud to have these officers protecting our community. But unfortunately their hands are tied[.]”

That mismatch between public and private action means Officer Whitesell can't be sued for handling this poorly.

Here, plaintiffs spoke about Cantrell in his capacity as a private citizen, then that speech resulted in a complaint by Cantrell, and then the Spring Hill police department dispatched defendant Whitesell to plaintiffs’ home, where the alleged retaliation took place. Yet, plaintiffs rely on cases where the police retaliated against plaintiffs for speech directed at police officers. [...] These cases don’t match plaintiffs’ allegations. Plaintiffs allege that their speech was directed at another police officer and defendant Whitesell responded to a complaint from that police officer, not the speech itself.

That's the correct call in this case. Officer Whitesell probably shouldn't have told the couple to take down the post, but he was responding to a reported threat allegedly related to the post, rather than discussing the contents of the post itself. Whether Officer Whitesell would have performed these actions in response to a reported threat from a regular resident (rather than another police officer) can be debated, but it likely can't be proven one way or the other. And, in either case, it wouldn't change the outcome of this case.

That just leaves the state law claims against the off-duty officer and I would imagine those are just as unlikely to succeed. It's one thing when someone enters another person's property and assaults their pet. It's quite another when the pet is loose and is approaching someone in a public area like a sidewalk. Chances are, the state court will find no violation of law in Cantrell's actions, even if they appear to be an overreaction to the perceived threat -- which at this time was nothing more than an unchained dog (albeit a large one).

This sucks for the Knudsens but sometimes bad things happen and there's no one that can be held legally responsible for an unfortunate series of events.