The End of the NSA’s ‘About’ Searches Is Just the Beginning (Electronic Frontier Foundation)

The NSA is stopping its use of one controversial surveillance technique that impacts Americans' privacy.

Make no mistake. This is good news for anyone who wants government surveillance to follow the law. But there’s much more to be done to rein in unconstitutional spying.

Initially reported by The New York Times today and confirmed by the agency itself, the NSA will no longer conduct “about” searches of the full content of Internet communications, including to and from innocent Americans, that are "about" -- or mention -- a foreign intelligence target’s email address or other identifier. The NSA said the changes were a result of “inadvertent compliance incidents,” or violations of court-imposed restrictions.

These searches happen as part of the NSA’s Upstream program, through which the agency taps directly into the Internet backbone to seize and search Internet traffic. The U.S. government has claimed these warrantless searches of Americans’ email are allowed under Section 702, enacted as part of the FISA Amendments Act, which is set to expire at the end of the year.

In the NSA’s own words:

“NSA will no longer collect certain internet communications that merely mention a foreign intelligence target. … Instead, NSA will limit such collection to internet communications that are sent directly to or from a foreign target.

Even though NSA does not have the ability at this time to stop collecting ‘about’ information without losing some other important data, the Agency will stop the practice to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target.

Finally, even though the Agency was legally allowed to retain such ‘about’ information previously collected under Section 702, the NSA will delete the vast majority of its upstream Internet data to further protect the privacy of U.S. person communications.”

For nearly a decade, EFF has argued in court that these and other warrantless searches and seizures through Upstream are unconstitutional. Although today's announcement is a welcome one, the NSA has demonstrated, time and time again, that it will only institute meaningful reforms after it gets caught in serious and repeated violation of the law.

We demand better from our country’s intelligence community. With the looming sunset of Section 702, Congress is in the perfect position to demand more too, starting with a full and public explanation the scope of Section 702 surveillance, including the long-overdue accounting for how many Americans have been impacted by NSA surveillance.

When it comes to reforms, Congress should codify the changes the NSA announced today. If “about” searches are so privacy-invasive for innocent Americans, they should be explicitly prohibited by law.

But that’s not the only way Congress can work to reduce the risk of collecting information about innocent people. Lawmakers should also curtail surveillance programs under Section 702 including by limiting collection to information about true national security concerns instead of allowing the programs to collect the much broader category of “foreign intelligence information.” Lawmakers should also work to reduce “incidental collection,” or the collection of communications to and from Americans who interact with individuals located outside of the United States.

And that’s just on the intelligence collection side. Congress should limit what the intelligence community can do with information that has been collected under Section 702. One obvious move would be to close the “backdoor search loophole,” or the gap in privacy protections that allows the FBI to search for information about Americans in databases containing information collected under Section 702 without getting a warrant. Efforts to close this loophole have been widely supported on the Hill in the past and should be included in any reform package Congress considers this year.

Outside of what information is collected and how it’s used, lawmakers should push for increased transparency into and oversight of the intelligence community’s use of Section 702. That includes things like declassifying more information about the NSA’s surveillance programs, letting companies publish more specific information about the government requests they receive for customer data, and making it easier for Americans to bring lawsuits against the U.S. government if they feel their constitutional privacy protections have been violated.

The NSA’s announcement today is a win for constitutional privacy protections, for those of us fighting unlawful surveillance in the courts, and for anyone who pushed for surveillance reform by signing a petition, contacting their lawmakers, or otherwise voicing their concerns about warrantless spying on innocent Americans.

With the 702 reauthorization debate set to unfold in the coming weeks and months, we need to tell Congress to keep fighting to rein in this warrantless spying.

Take ActionTell Congress: Pull the Plug on Internet Spying Programs.

Posted in Uncategorized Tagged

Stupid Patents of the Month: Taxi Dispatch Tech (Electronic Frontier Foundation)

With all the attention ride-sharing has been getting lately, some might think Uber and Lyft were highly inventive apps. But according to at least one company, the apps are just highly infringing. Who’s right? Probably neither.

Hailo Technologies, LLC (“Hailo”) has recently sued both Uber and Lyft, alleging they infringed Hailo’s taxi dispatch patent, U.S. Patent No. 5,973,619 (“the ’619 patent”). The patent claims a method for a “computer system” that: (1) displays a list of transportation options; (2) asks the customer for a number of passengers; (3) shows destinations graphically; (4) displays the approximate fare; (5) calls a selected taxi company up for a ride; and (6) gives an estimated arrival time.  A few months ago, Hailo also sued a few other companies for infringing a different patent, U.S. Patent No. 6,756,913 (“the ’913 patent”), which claims a method for keeping track of available taxis on the road. More specifically, it claims a method where a computer (1) determines if a taxi is free (i.e. currently has no rider); and if free (2) sends the current location of the taxi to the taxi dispatch server.

Figure 3B from the '619 Patent

Both of Hailo’s patents date to the late 1990s. That is, the patents claim these inventions didn’t exist (or weren’t obvious) at that time. Except a brief Internet search shows that similar taxi dispatch technology not only existed, but was widely used. Two reports from the Department of Transportation from 1991 and 1992 describe the state of “computer dispatch” technology at that time, and show many of the claimed features of the ’619 and ’913 patents. Another report, from 1995, has even more detail about various taxi dispatch technologies. For example, on page 115 the report details a product called “MT GU,” an automated call box that allows customers to order “one or several taxis”, specify “the taxi desired” (including getting a larger van), and provides the waiting time. The MT GU system seems to describe many, if not all, of the features in the system claimed in the ’619 patent, and predates it by several years.

So there’s good reason to think that the inventions claimed in the two patents were not actually novel or nonobvious when the patent applications were filed. But will any of that matter? Patents, once issued, are presumed valid. In order for a patent to be declared invalid in court, a challenger must show “clear and convincing evidence” of invalidity. When the argument for invalidity is based on prior art, this can be an expensive and time consuming process, often costing in the hundreds of thousands, if not millions, of dollars. Thus even if these patents are in fact invalid and never should have issued, due to the cost of litigation courts often never decide the issue.

An alternative to court exists in the form of inter partes review at the Patent Office. This allows the Patent Office to take a second look at claims in a patent, and declare them unpatentable under a more lenient “preponderance of the evidence” standard. But this procedure, although cheaper than court, is still relatively expensive. One study estimated costs through appeal at $350,000.

Given the costs of litigation in court or at the Patent Office, a patent owner can sue on a “presumed valid” patent and use the threat of fees and costs to get an undeserved settlement. When a company does nothing else (meaning, it doesn’t have a real business other than litigation) we call those companies “patent trolls.”

Hailo strikes us as pretty trollish. As noted, the patents in questions seem weak at best, and Hailo doesn’t seem to be seriously using the “inventions” in any event.  In its complaint against Uber, Hailo states that it is an app maker. But its website, www.bring.bikes, was registered only 10 days before it sued Uber and Lyft. Confusingly enough, there is another company named “Hailo” that actually does make a taxi hailing app.  Even more confusing: “Hailo” the patent owner says it does business under the name “Bring,” but does not appear to be associated with another company called Bring that’s actually involved in transportation.

This “Hailo” by contrast, seems focused on litigation. A recently filed document attaches the agreement assigning the ’913 patent from its original owner to Hailo. The contract is replete with references to patent enforcement and litigation. And in an earlier complaint, Hailo listed its business address as that of a law firm, and one of its members, 2S Ventures, has been associated with at least one entity that has filed over 20 lawsuits (login req.), a typical litigation pattern for a patent troll.  

Whether or not Hailo is a practicing company, these are weak patents that deserve serious challenge. Sadly, that’s unlikely to happen – which is why stupid patents like these should never issue.

Posted in Uncategorized Tagged

The Apache News Round-up: week ending 28 April 2017 (Apache Software Foundation Blogs)

April is coming to a close with the following activities from the Apache community:

Support Apache –billions of people benefit from Apache software. We are grateful to those who support the ASF by making a donation, no matter the size. Every dollar counts. http://apache.org/foundation/contributing.html

ASF Board –management and oversight of the business and affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 17 May 2017. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ASF Infrastructure –our distributed team on four continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield lyte performance at 99.92% uptime http://status.apache.org/

ApacheCon™ –Tomorrow's Technology Today: Big Data, Cloud, Flex, IoT, Tomcat, and dozens of Apache projects across 200+ sessions, 150+ speakers, 4 subconferences, BarCampApache and more. http://apachecon.com/ Register today!
 - PREVIEWS exclusively on Feathercast https://feathercast.apache.org/
 - Support your favorite Apache projects and communities at ApacheCon by becoming an Apache Community and/or BarCamp Sponsor http://events.linuxfoundation.org/events/apachecon-north-america/sponsors/community-sponsor

Apache Attic™ –provides process and solutions to make it clear when an Apache project has reached its end of life.
 - Apache Wink retired http://mail-archives.apache.org/mod_mbox/www-announce/201704.mbox/%3CF9AFF103-D166-4E0A-BAA6-30341D780FB8%40apache.org%3E

Apache Apex™ –a unified platform for Big Data stream and batch processing.
 - Reflections on the One Year Anniversary of Apache Apex http://www.atrato.io/blog/2017/04/25/one-year-apex/

Apache cTAKES™ –Widely adopted Open Source biomedical data extraction, annotation, and clinical information management platform now faster and easier to use.
 - The Apache Software Foundation Announces Apache® cTAKES™ v4.0 https://s.apache.org/OJJw

Apache Fineract™ –Open Source FinTech system for core banking platform enables financial services for billions of unbanked and underbanked individuals worldwide.
 - The Apache Software Foundation Announces Apache® Fineract™ as a Top-Level Project https://s.apache.org/QvFR

Apache Groovy™ –a powerful, optionally typed and dynamic language, with static-typing and static compilation capabilities, for the Java platform aimed at improving developer productivity thanks to a concise, familiar and easy to learn syntax.
 - Apache Groovy 2.4.11 released http://www.groovy-lang.org/download.html

Apache MINA™ FtpServer –a network application framework which helps users develop high performance and high scalability network applications easily.
 - Apache FtpServer 1.1.1 released http://mina.apache.org/ftpserver/downloads.html

Apache Kafka™ –a distributed, fault tolerant, publish-subscribe messaging.
 - Apache Kafka 0.10.2.1 released https://www.apache.org/dyn/closer.cgi?path=/kafka/0.10.2.1/kafka-0.10.2.1-src.tgz

Apache Libcloud™ –a Python library that abstracts away the differences among multiple Cloud provider APIs.
 - Apache Libcloud 2.0.0 release http://libcloud.apache.org/downloads.html

Apache Lucene™ –a high-performance, full-featured text search engine library written entirely in Java.
 - Apache Lucene 6.5.1 released http://www.apache.org/dyn/closer.lua/lucene/java/6.5.1
 - Apache Solr 6.5.1 released http://www.apache.org/dyn/closer.lua/lucene/solr/6.5.1

Apache Metron ™ –Open Source Cyber Security Data Analytics Platform used for rapid detection and response to threats at massive scale.
 - The Apache Software Foundation Announces Apache® Metron™ as a Top-Level Project https://s.apache.org/e4Uh

Apache Open Climate Workbench™ –a comprehensive suite of algorithms, libraries, and interfaces designed to standardize and streamline the process of interacting with large quantities of observational data and conducting regional climate model evaluations.
 - Apache Open Climate 1.2.0 released http://climate.apache.org/downloads.html

Apache PredictionIO (incubating) –an Open Source Machine Learning Serverbuilt on top of state-of-the-art open source stack, that enables developers to manage and deploy production-ready predictive services for various kinds of machine learning tasks.
 - Apache PredictionIO 0.11.0-incubating released https://dist.apache.org/repos/dist/release/incubator/predictionio/0.11.0-incubating/

Apache Qpid™ –newer JMS client supporting the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464, http://www.amqp.org), based around the Apache Qpid Proton protocol engine and implementing the AMQP JMS Mapping as it evolves at OASIS.
 - Apache Qpid JMS 0.22.0 released http://qpid.apache.org/download.html


Did You Know?

 - Did you know that shopping24.de uses Apache Solr for eCommerce search? http://solr.apache.org/

 - Did you know that Capital One uses Apache JMeter, Apache Kafka, Apache Metron, and Apache NiFi in its security intelligence framework? http://jmeter.apache.org/ http://kafka.apache.org/ http://metron.apache.org/ http://nifi.apache.org/

 - Did you know that Catalyst uses Apache JMeter as a load testing tool? http://jmeter.apache.org/


Apache Community Notices:

 - "Success at Apache" is a new monthly blog series that focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk 4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM

 - Introducing the new Apache Community Newsletter https://blogs.apache.org/comdev/entry/community-development-news-march-2017 Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity . Do friend and follow us.

 - ASF Operations Summary - Q3 FY2017 https://s.apache.org/NKFz

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - ApacheCon North America + Apache: BigData, CloudStack Collaboration Conference, FlexJS Summit, Apache: IoT, and TomcatCon will be held 16-18 May 2017 in Miami http://apachecon.com/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

You’re probably confused about your media usage rights, and media companies are ok with that (Defective by Design blogs)

A discussion panel at the event. Six men in suits sit at a long table in front of a projector screen. In the foreground, the author's name plaque is visible on a table.

Perzanowski (far right) answers skeptical comments from industry representatives.

When people buy an ebook, do they expect to be able to read it for the rest of their lives? How about the ability to make a backup copy of a movie before their hard drive breaks? For most digital media purchases, these reasonable activities are prevented by DRM (Digital Restrictions Management), but it appears the vast majority of customers don't know it.

This is the key finding of Aaron Perzanowski and Chris Jay Hoofnagle's academic study "What We Buy When We Buy Now," which I watched Perzanowski present last Tuesday at a US Patent and Trademark Office event titled "Consumer Messaging in Connection with Online Transactions Involving Copyrighted Works."

Though we at Defective by Design set our sights on a future without any DRM and urge everyone to buy DRM-free media, we agree with Perzanowski and Hoofnagle that as long as people do buy DRM-encumbered products, they should know what they are getting. That is why we support the Electronic Frontier Foundation's effort to create new US regulations requiring the labeling of products with DRM. Making sure that customers understand their rights before they buy is not a radical notion; it aligns with regulatory precedent, economic theory, and common sense.

But many of the speakers following Perzanowski were not so sure. On panel discussions, lobbyists and lawyers representing publishing, music, and film industry associations unveiled arguments designed to cast doubt on the findings of the study and avoid a conversation about the ways they describe DRM-encumbered media products to customers. Perhaps the most creative argument was that clearly communicating the limits of DRM-encumbered media to customers would make them more confused than burying these details in legal fine print.

Though the media industry representatives were frustrating, their opinion was counterbalanced by a handful of academics and public interest advocates. John Bergmayer of Public Knowledge called for clear, simple, communication of usage rights before money changes hands. His brief talk outlined a variety of methods for communicating rights to customers, including a legal concept known as "various clauses" which would encourage or require media sellers to express rights and restrictions in standardized, discrete terms, similarly to the Creative Commons family of licenses. Representatives of the Department of Commerce's Internet Policy Task Force also nodded towards the possibility of improved labeling practices, though they were reluctant to suggest any government action to bring this about.

Events like this one are not enough to create the change we truly need in digital media markets: massive uptake of free licenses, replacement of proprietary reading and viewing software with free programs, and the total abolishment of DRM. Nevertheless, it is a good sign that a lively debate exists within the halls of the US Patent and Trademark Office. Even if groups like Defective by Design currently have an uphill battle to fight, the free software and free culture movements are as strong as ever, and our activism, entrepreneurship and creativity may yet shift the political winds towards a more just, participatory media future.

Image copyright 2017 Free Software Foundation, licensed under Creative Commons Attribution 4.0.

Posted in Uncategorized Tagged