Remember when Capitol Records sued Vimeo over copyright-violating videos? They just lost in court again, when an Appeals court overruled three lower court decisions. Slashdot reader NewYorkCountryLawyer shares the specifics of the Appeals court's findings: [T]he Copyright Office was dead wrong in concluding that pre-1972 sound recordings aren't covered by the DMCA... the judge was wrong to think that Vimeo employees' merely viewing infringing videos was sufficient evidence of "red flag knowledge"... a few sporadic instances of employees being cavalier about copyright law did not amount to a "policy of willful blindness" on the part of the company. "The decision once again affirms that the DMCA extends immunity to a service provider for the infringement of their customers if the service provider removes material at the request of the right holder," writes Ars Technica.

An anonymous reader writes from a report via EFF: The federal Government Accountability Office published a report on the FBI's face recognition capabilities that says the FBI has access to hundreds of millions of photos. According to the GAO report, the FBI's Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to the FBI's Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, but it also has access to the State Department's Visa and Passport databases, the Defense Department's biometric database, and the drivers license databases of at least 16 states. This totals 411.9 million images, most of which are Americans and foreigners who have committed no crimes. In May, it was reported that the FBI is keeping information contained in the NGI database private and unavailable. It argues in a proposal that the database should be exempt from the Privacy Act.

An anonymous reader writes "Let's Encrypt, the certificate authority best known for offering free SSL/TLS certificates, has reported that it accidentally disclosed thousands of user email addresses due to a bug with an automated emailing system." Executive Director Josh Aas posted this announcement: On June 11 2016 (UTC), we started sending an email to all active subscribers who provided an email address, informing them of an update to our subscriber agreement. This was done via an automated system which contained a bug that mistakenly prepended between 0 and 7,618 other email addresses to the body of the email... The problem was noticed and the system was stopped after 7,618 out of approximately 383,000 emails (1.9%) were sent. Each email mistakenly contained the email addresses from the emails sent prior to it, so earlier emails contained fewer addresses than later ones.

We take our relationship with our users very seriously and apologize for the error... If you received one of these emails we ask that you not post lists of email addresses publicly.

An anonymous reader writes: Google has announced in a blog post Friday their support for the controversial Trans-Pacific Trade Partnership (TPP). Recode reports: "The trade agreement includes key provisions about the global passage of digital data, intellectual property and copyright -- measures that have drawn criticism from both the political right and left, including several outspoken tech groups. Google's endorsement isn't exactly full-throated, but its stake clearly demonstrates another key area of support with the Obama administration, to which Google is close." Google's SVP and general counsel Kent Walker wrote: "The TPP is not perfect, and the trade negotiation process would certainly benefit from greater transparency. We will continue to advocate for process reforms, including the opportunity for all stakeholders to have a meaningful opportunity for input into trade negotiations." The company has already shown support of the TPP behind the Internet Association, which endorsed the trade agreement in March. Google joins a list of other tech titans, like Apple and Microsoft, who have shown their support as well. The Electronic Frontier Foundation calls the TPP a "secretive, multinational trade agreement" that will restrict IP laws and enforce digital policies that "benefit big corporations at the expense of the public." The TPP is still awaiting congressional approval after being signed in February.

An anonymous reader writes: Hundreds of internal NSA documents have been declassified and released to VICE in response to their FOIA lawsuit. They're now sharing them all online, calling it "an extraordinary behind-the-scenes look at the efforts by the NSA, the White House, and US Senator Dianne Feinstein to discredit Snowden [that] call into question aspects of the U.S. government's long-running narrative about Snowden's time at the NSA." The documents officially confirm that Snowden had also worked with the CIA, and show a vigorous internal discussion about how to respond to Snowden's leaks that apparently led the NSA to erroneously assert that Snowden hadn't voiced his objections about the surveillance of U.S. citizens within the NSA before going public.

Living in Russia now, Snowden himself refused to comment on the new releases, with his attorney saying Snowden "believes the NSA is still playing games with selective releases, and [he] therefore chooses not to participate in this effort. He doesn't trust that the intelligence community will operate in good faith."
The EFF is also marking the three-year anniversary of Snowden's leaks, saying they led directly to the first legislation curtailing the NSA's power in over 30 years and changed the way the world perceives government surveillance. Snowden was inspired in part by a desire to keep the internet free, saying in 2014 that "I remember what the Internet was like before it was being watched, and there's never been anything in the history of man that's like it."

An anonymous reader writes: One of the most frustrating things about the ongoing stream of stories about Windows 10 upgrades is that there seems to be no way to hold Microsoft to account. Or perhaps there is: a petition asking the Electronic Frontier Foundation to investigate has now been posted on Change.org.
The petition argues "people are being tricked or forced into upgrading to Windows 10 from their current, preferred version of Windows," and describes Microsoft's actions as "ignorantly unethical at best and malicious at worst."

An anonymous reader writes: According to an Electronic Frontier Foundation (EFF) investigation, the FBI is working to create software with government researchers that will allow law enforcement to sort and identify people based off their tattoos. The advanced tattoo recognition technology aims to determine "affiliation to gangs, sub-cultures, religious or ritualistic beliefs, or political ideology" and decipher tattoos that "contain intelligence, messages, meaning and motivation." Such research first originated at the National Institute for Standards and Technology (NIST) in 2014, and used a database of prisoner's tattoos. The technology developed by NIST would "map connections between people with similarly themed tattoos or make inferences about people from their tattoos," the EFF reports. What some may view as even more unnerving is that the EFF investigation claims the researchers disregarded basic ethical government research standards, especially those relating specifically to prisoners. The obtained documents reveal NIST researchers sought permission from supervisors only after they had conducted their initial research. The EFF argues that a database that sorts citizens based on their tattoos may or may not reflect their religious or political beliefs, social affiliations, or interests.

An anonymous reader writes: The Computer Fraud and Abuse Act is "vague, draconian, and notoriously out of touch with how we use computers today," warns the EFF. But instead of reforming it, two U.S. Senators "are on a mission to make things worse..." The senators' proposed Botnet Prevention Act of 2016 "could make criminals of paid researchers who test access in order to identify, disclose, and fix vulnerabilities," according to the EFF. And the bill would also make it a felony to damage "critical infrastructure," which may include software companies and ISPs (since they're apparently using the Department of Homeland Security's definition).

The harsher penalties would ultimately give prosecutors much more leverage for plea deals. But worst of all, the proposed bill even "empowers government officials to obtain court orders to force companies to hack computer users for a wide range of activity completely unrelated to botnets. What's worse is that the bill allows the government to do this without any requirement of notice to non-suspect or innocent customers or companies, including botnet victims... These changes would only increase -- not alleviate -- the CFAA's harshness, overbreadth, and confusion."
The CFAA was originally written in 1986, and was partly inspired by the 1983 movie "WarGames".

mi quotes a report from The Intercept: A provision snuck into the still-secret text of the Senate's annual intelligence authorization would give the FBI the ability to demand individuals' email data and possibly web-surfing history from their service providers using those beloved 'National Security Letters' -- without a warrant and in complete secrecy. [The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., who wrote in a statement that one of the bill's provisions "would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers." If passed, the change would expand the reach of the FBI's already highly controversial national security letters. The FBI is currently allowed to get certain types of information with NSLs -- most commonly, information about the name, address, and call data associated with a phone number or details about a bank account. The FBI's power to issue NSLs is actually derived from the Electronic Communications Privacy Act -- a 1986 law that Congress is currently working to update to incorporate more protections for electronic communications -- not fewer. The House unanimously passed the Email Privacy Act in late April, while the Senate is due to vote on its version this week. "NSLs have a sordid history. They've been abused in a number of ways, including targeting of journalists and use to collect an essentially unbounded amount of information," Andrew Crocker, staff attorney for the Electronic Frontier Foundation, wrote. One thing that makes them particularly easy to abuse is that recipients of NSLs are subject to a gag order that forbids them from revealing the letters' existence to anyone, much less the public.]

An anonymous reader quotes a report from Wired: [Computer scientists have created a way of letting law enforcement tap any camera that isn't password protected so they can determine where to send help or how to respond to a crime.] The system, which is just a proof of concept, alarms privacy advocates who worry that prudent surveillance could easily lead to government overreach, or worse, unauthorized use. It relies upon two tools developed independently at Purdue. The Visual Analytics Law Enforcement Toolkit superimposes the rate and location of crimes and the location of police surveillance cameras. CAM2 reveals the location and orientation of public network cameras, like the one outside your apartment. You could do the same thing with a search engine like Shodan, but CAM2 makes the job far easier, which is the scary part. Aggregating all these individual feeds makes it potentially much more invasive. [Purdue limits access to registered users, and the terms of service for CAM2 state "you agree not to use the platform to determine the identity of any specific individuals contained in any video or video stream." A reasonable step to ensure privacy, but difficult to enforce (though the team promises the system will have strict security if it ever goes online). Beyond the specter of universal government surveillance lies the risk of someone hacking the system.] EFF discovered that anyone could access more than 100 "secure" automated license plate readers last year.

The EFF debated delegates on WIPO's Standing Committee on Copyright this week, joking the whole week could be summarized as "proposals for a broadcasting treaty continue to edge forward, while rich countries remain at loggerheads with users and poorer countries about copyright exceptions for education and libraries."

An anonymous reader writes: The EFF continued to push for more rights for libraries, for example to preserve "orphaned" works and to lend works across national borders. But they also report that at an EFF-sponsored side-meeting, one independent recording artist made an interesting suggestion about Mycelia, an open and distributed "verified" database of music metadata that's blockchain-enabled. "Although it remains mostly a vision for now, the widespread adoption of Mycelia-enabled services could, in theory, provide better transparency to artists about how and where their works are being used, as well as enabling many new innovative uses of music, both free and paid." (One audience member even asked whether it could resurrect Napster's model of peer-to-peer music-sharing with a mechanism for artist micropayments.)
Meanwhile, the EFF characterized the music industry's stance as "Blaming online content platforms for the low returns that artists receive, and moves to target them with additional responsibilities or obligations." But they added, "As frustrating as the long-winded discussions at WIPO often are, our ability to participate in them is a key advantage that this multilateral forum has over the secretive, closed-door negotiations over copyright that take place in trade negotiations such as the Trans-Pacific Partnership."

Peter Eckersley, the staff technologist for the Electronic Frontier Foundation, writes: EFF has just launched Certbot, which is the next iteration of the Let's Encrypt client. It's a powerful tool for obtaining TLS/SSL certificates from Let's Encrypt, and (if you wish) automatically installing them to enable and tune HTTPS on your website. It's extensible, and supports a rapidly-growing range of server software.
As of last week more than three million certificates had been issued, according to EFF.org, and despite a new name and host, Certbot "will still get certificates from Let's Encrypt and automatically configure HTTPS on your webserver.... We expect OS packages to begin using the Certbot name in the next few weeks as well."

"A new system called 'video visitation' is replacing in-person jail visits with glitchy, expensive Skype-like video calls," reports Tech.Mic. "It's inhumane, dystopian and actually increases in-prison violence -- but god, it makes money."

Slashdot reader gurps_npc writes: In-person costs a lot to administer, while you can charge people to 'visit' via video conferencing. (Charge as in overcharge -- just like they charge up to $14 a minute for normal, audio only telephone calls). This is new, and the few studies that have been done show that doing this increases violence in the prison -- and it's believed to also increase recidivism. But the companies making a ton on it like that -- repeat customers and all. Of course, the service is horrible, often being full of static and dropped calls -- and the company doesn't help you fix the problem.
Meanwhile, the EFF reports that last year Facebook disabled 53 U.S prisoner and 74 U.K. prisoner accounts at the request of the government, and is urging people to report takedown requests for inmate social media to OnlineCensorship.org.

Long-time Slashdot reader robot5x writes: I'm a fan of online privacy and, where possible, don't automatically permit cookies and tend to set Ghostery to block all trackers in my browser. This rarely causes a problem -- I have lots of subscriptions to various sites which require me to login and have only rarely encountered minor issues. Recently I had a present of a Slate Plus membership. I really like their content and was keen on supporting it financially. Activating it from the email they sent required me to first register as a user. I clicked on the icon, and nothing happened. Ghostery picked up 7 trackers which I had blocked.

Assuming that one of these was the cause, I activated each in turn and reloaded. None of them made any difference, except a single tracker from JanRain. Accepting this tracker let everything work perfectly. Reading more about JanRain though -- and particularly its interaction with Adobe analytics (which it also tries to load) -- I discovered that they wanted to "create a holistic view of your business by collecting, analyzing and reporting all customer interactions. To derive the most actionable insights, you must link your customers' actions with who they are and what their interests are. Janrain bridges the gap by connecting demographic and psychographic data, collected through traditional and social login, with Adobe's behavioral data, so you understand the whole customer journey".

I do not want them to do any of this, and don't think I should have to. Interactions with Slate's 'support' were excruciating and -- while they at least didn't ask me to restart my computer -- they actually ended up saying that allowing these trackers is tied to their login process and I have to either accept or get a refund.
Robot 5x asks: Is it unacceptable to have to accept being tracked as a paying customer for new sites? "Or am I just being a big baby?"

An anonymous reader writes: Humble Bundle announced a special "pay what you want" sale for four ebooks from No Starch Press, with proceeds going to the Electronic Frontier Foundation (or to the charity of your choice). This "hacker edition" sale includes two relatively new titles from 2015 -- "Automate the Boring Stuff with Python" and Violet Blue's "Smart Girl's Guide to Privacy," as well as "Hacking the Xbox: An Introduction to Reverse Engineering" by Andrew "bunnie" Huang, and "The Linux Command Line".

Hackers who are willing to pay "more than the average" -- currently $14.87 -- can also unlock a set of five more books, which includes "The Maker's Guide to the Zombie Apocalypse: Defend Your Base with Simple Circuits, Arduino, and Raspberry Pi". (This level also includes "Bitcoin for the Befuddled" and "Designing BSD Rootkits: An Introduction to Kernel Hacking".) And at the $15 level -- just 13 cents more -- four additional books are unlocked. "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" is available at this level, as well as "Hacking: The Art of Exploitation" and "Black Hat Python."
Nice to see they've already sold 28,506 bundles, which are DRM-free and available in PDF, EPUB, and MOBI format. (I still remember Slashdot's 2012 interview with Make magazine's Andrew "bunnie" Huang, who Samzenpus described as "one of the most famous hardware and software hackers in the world.")

An anonymous reader quotes a report from Reuters: FBI Director James Comey said on Tuesday that his agency was still assessing whether a vulnerability used to unlock an iPhone linked to one of the San Bernardino killers would go through a government review to determine if it should be disclosed to Apple or the public. "We are in the midst of trying to sort that out," Comey said. "The threshold (for disclosure) is, are we aware of the vulnerability, or did we just buy a tool and don't have sufficient knowledge of the vulnerability to implicate the process?" The White House has a procedure for reviewing technology security flaws and deciding which ones should be made public. Although officials say the process leans toward disclosure, it is not set up to handle or reveal flaws that are discovered and owned by private companies, sources have told Reuters, raising questions about the effectiveness of the so-called Vulnerabilities Equities Process.

schwit1 quotes a report from Politico: In a just-released court opinion, a federal court judge overseeing government surveillance programs said he was "extremely concerned" about a series of incidents in which the Federal Bureau of Investigation and National Security Agency deviated from court-approved limits on their snooping activities. Foreign Intelligence Surveillance Court Judge Thomas Hogan sharply criticized the two agencies over the episodes, referred to by intelligence gatherers as "compliance incidents." He also raised concerns that the government had taken years to bring the NSA-related issues to the court's attention and he said that delay might have run afoul of the government's duty of candor to the court. Yesterday, the Electronic Frontier Foundation (EFF) has filed a lawsuit against the Department of Justice to reveal whether or not they ever forced a company to provide technical surveillance assistance in the Foreign Intelligence Surveillance Court.

An anonymous reader writes: TechCrunch reports the Electronic Frontier Foundation has filed a lawsuit against the Department of Justice to reveal documents that "show whether DOJ has ever forced a company like Google or Apple to provide technical surveillance assistance in the Foreign Intelligence Surveillance Court, a federal court that issues secret surveillance warrants in national security cases and has been criticized for rubber-stamping NSA overreach." The EFF has been rejected in its attempt to gain access to the documents under the Freedom of Information Act. "Even setting aside the existence of technical assistance orders, there's no question that other, significant FISC opinions remain hidden from the public," EFF senior staff attorney Mark Rumold said in a statement regarding the lawsuit. "The government's narrow interpretation of its transparency obligations under USA FREEDOM is inconsistent with the language of the statute and Congress' intent. Congress wanted to bring an end to secret surveillance law, so it required that all significant FISC opinions be declassified and released. Our lawsuit seeks to hold DOJ accountable to the law." The full lawsuit can be read here.

Alphabet-owned Nest recently announced that it will be turning off Revolv Hub next month. An anonymous reader shares an article on EFF, a privacy rights group: Nest Labs, a home automation company acquired by Google in 2014, will disable some of its customers' home automation control devices in May. This move is causing quite a stir among people who purchased the $300 Revolv Hub devices -- customers who reasonably expected that the promised "lifetime" of updates would enable the hardware they paid for to actually work, only to discover the manufacturer can turn their device into a useless brick when it so chooses. This is far from the first time that customers' software and electronics have been downgraded by manufacturers. Updates can disable features the customer paid for that have fallen out of favor with the vendor, as when Google disabled privacy settings on Android or Sony took away the ability to run GNU/Linux on a Playstation 3. Manufacturers can even render a device unusable until the customer "agrees" to new terms of use, as Nintendo did with the Wii U. Other software and devices, including some video games, are designed so they simply stop working when they can no longer dial home to a server run by the vendor.

An anonymous reader writes: T-Mobile is expanding its Binge On program. The wireless carrier on Thursday announced that it is adding YouTube and seven other video services including Discovery Go, Google Play Movies, and Red Bull TV to its program which allows subscribers to stream as much as they want without billing the usage against their data plan. The carrier says that its partners can now optimize the video as well, with YouTube being the first service to make use of the feature. From an Ars Technica report, "Binge On is enabled by default and affects nearly all video regardless of whether a video provider has joined the program. Binge On throttles video streams and downloads to about 1.5Mbps, forcing the video services to deliver lower quality, typically about 480p. Video services that meet some technical requirements also get their data "zero-rated" so that customers can watch shows without it counting against high-speed data limits." Many have raised concerns about Binge On and the way it handles internet traffic. Some strongly believe that T-Mobile's program violates Net Neutrality. Earlier this year, privacy rights group, EFF, also expressed its concerns, adding that Binge On was just "throttling of all data." Interestingly, YouTube was one of the key video platforms which hadn't joined Binge On when T-Mobile first introduced the program last year. At the time, the Google-owned video portal said, "Reducing data charges can be good for users, but it doesn't justify throttling all video services, especially without explicit user consent." Not sure what made YouTube change its heart.