A.G. William Barr Wants Tech Companies to Fight Child Sexual Abuse

· Andrew Orr · Link

Attorney General William Barr wants tech companies like Apple to fight online child sexual abuse even more with “voluntary standards.”

These voluntary principles are built on existing industry efforts to combat these crimes.  Some leading companies have dedicated significant resources to develop and deploy tools in the fight to protect children online and to detect, disrupt and identify offenders.  Although significant progress has been made, there is much more to be done to strengthen existing efforts and enhance collective action.

First, as I discovered last year Apple started to scan online iCloud content for child sexual abuse material (CSAM). Many other companies do the same. Second, although encryption wasn’t explicitly mentioned, this is undoubtedly (in my opinion) a new development in the war on encryption. Child predators are one of the scary boogeymen used by the government to erode our privacy even further. I of course do support Apple scanning for this content, but it’s not a black and white issue.

Programmers Create Every Possible Melody to Stop Lawsuits

· Andrew Orr · Link

Two programmers have created every possible melody in MIDI to help creators stifled by lawsuits.

Two programmer-musicians wrote every possible MIDI melody in existence to a hard drive, copyrighted the whole thing, and then released it all to the public in an attempt to stop musicians from getting sued.

Often in copyright cases for song melodies, if the artist being sued for infringement could have possibly had access to the music they’re accused of copying—even if it was something they listened to once—they can be accused of “subconsciously” infringing on the original content.

Sounds like a clever attempt to hack the system. I’m not sure if that will actually hold up in court but it’s creative.

AT&T’s Mandatory Arbitration Clause Deemed Illegal

· Andrew Orr · Link

AT&T logo

A panel of judges in the U.S. Court of Appeals for the Ninth Circuit ruled that AT&T’s mandatory arbitration clause is unenforceable.

AT&T appealed that ruling to the US Court of Appeals for the Ninth Circuit, but a three-judge panel at that court rejected AT&T’s appeal in a ruling issued Tuesday. Judges said they must follow the California Supreme Court decision—known as the McGill rule—”which held that an agreement, like AT&T’s, that waives public injunctive relief in any forum is contrary to California public policy and unenforceable.”

The ruling can be found here [PDF].

IRS Sues Facebook for $9 Billion Over Offshore Profits

· Andrew Orr · Link

The IRS is suing Facebook for US$9 billion, saying the company kept profits in subsidiaries based in Ireland.

The IRS argues that Facebook understated the value of the intellectual property it sold to an Irish subsidiary in 2010 while building out global operations, a move common among U.S. multinationals…Under the arrangement, Facebook’s subsidiaries pay royalties to the U.S.-based parent for access to its trademark, users and platform technologies. From 2010 to 2016, Facebook Ireland paid Facebook U.S. more than $14 billion in royalties and cost-sharing payments, according to the court filing.

If the IRS succeeds this would be one of Facebook’s biggest fines.

Clearview AI Faces Class Action Lawsuit Similar to Facebook

· Andrew Orr · Link

Image of judge’s gavel

Two weeks ago Facebook settled a lawsuit alleging that it violated Illinois privacy laws. Now, Clearview AI is also facing a class action lawsuit in the state.

The lawsuit, filed yesterday on behalf of several Illinois citizens and first reported by Buzzfeed News, alleges that Clearview “actively collected, stored and used Plaintiffs’ biometrics — and the biometrics of most of the residents of Illinois — without providing notice, obtaining informed written consent or publishing data retention policies.”

Not only that, but this biometric data has been licensed to many law enforcement agencies, including within Illinois itself.

All this is allegedly in violation of the Biometric Information Privacy Act, a 2008 law that has proven to be remarkably long-sighted and resistant to attempts by industry (including, apparently, by Facebook while it fought its own court battle) to water it down.

Man Who Refused to Decrypt Hard Drives Free After Four Years

· Andrew Orr · Link

Four years ago a federal judge held Francis Rawls in contempt when he refused to decrypt hard drives for police.

The practical result is that, at least in federal court, someone can only be imprisoned for 18 months for refusing to open an encrypted device. That’s probably a harsh-enough penalty to induce most people to comply with decryption orders. But suspects in child-pornography cases might be tempted to “forget” the passwords on their encrypted device if doing so could save them from a conviction and a much longer prison term.

What an interesting case, and I remember reading about it four years ago. I wonder if the court was trying to set a precedent for passwords and the Fifth Amendment.

More Cities, States Say No to Cashless Businesses

· Andrew Orr · Link

Last month New York City passed a bill to ban businesses from rejecting cash. On February 13 a similar resolution will be heard in Washington, D.C.

Excluding people from paying with cash means “essentially discriminating against people who are low-income, people who are homeless, also undocumented,” she said.

Getting a credit or debit card often requires a form of ID, a utility or another bill, money to deposit and a financial history. Mitchell said that in Washington, D.C., nearly a third of residents rely on cash every day because they don’t have a card or even a bank account.

Lindsey Graham’s Draft Bill Punishes Companies Using End-to-End Encryption

· Andrew Orr · Link

Senator Lindsey Graham is drafting a bill [PDF] that could penalize companies using end-to-end encryption.

Although the measure doesn’t directly mention encryption, it would require that companies work with law enforcement to identify, remove, report and preserve evidence related to child exploitation — which critics said would be impossible to do for services such as WhatsApp that are encrypted from end-to-end.

If technology companies don’t certify that they are following the best practices set by the 15-member commission, they would lose the legal immunity they currently enjoy under Section 230 relating to child exploitation and abuse laws. That would open the door to lawsuits for “reckless” violations of those laws, a lower standard than contained in current statutes.

Of all the dumb things this administration has done, attacking encryption is a doozy. It’s not clear how much this would impact Apple, since the company does in fact scan for child abuse images. But iMessage and a few other services are end-to-end encrypted.

Robocall Fines Rise to $10,000 Per Call

· Andrew Orr · Link

Congress approved a bill on Thursday that raises the fine for robocall eras up to US$10,000 per call. It’s called the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED).

Once TRACED is enacted, the Federal Communications Commission could fine robocallers up to $10,000 per call. It also would require major carriers like AT&T, Verizon, and T-Mobile to deploy a new technology called STIR/SHAKEN into their networks, which will make it easier for consumers to know if they’re receiving a call from a spoofed number.

Speaking of spoofed numbers, the trick many robocallers use nowadays is to make it appear as if the number they’re calling from is one in your area. Different one each time, making it harder to trace.

EU Rules Selling Secondhand eBooks Infringes Copyright

· Andrew Orr · Link

Apple Books logo

A European court recently ruled that the unauthorized sale of secondhand eBooks infringes upon the owner’s copyrights.

“The decision is not only important for the book sector, but also for the music and film industry, because now also for music and film, downloaded copies may not be resold. The GAU / Media Federation is happy that after many years there is finally clarity about the application of copyright to e-books.

I’m not sure how you would tell the difference between a “used” eBook and new one, unless a proof of purchase was provided. But it’s unfortunate to me that, unlike physical goods, you can’t sell used digital goods.