November 19
Class 13 ReadingsBy this point you should have read all of chapters 2, 3 and 4.
You should begin reading Baase Chapter 5 on Crime.Remember our discussion on app location information?
Based on the article below, I installed Muslim Pro on my android phone. This app is used by Muslims worldwide. When started, it said
The app needs your location to calculate accurate prayer times
Of course, that meant enabling location on the phone, and also granting that permission to the app. The app does have an option to work without location data, but it's definitely something one has to search for.
It turns out that someone is buying this location data from the app maker: the US military.
See https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x.
The developer, Bitsmedia, by default shares information with a company named Tutela, and a company named Quadrant. From the privacy policy:
Bitsmedia partners with Quadrant to collect and share precise location information via mobile SDKs. You can supposedly opt out of their reselling of the data.
But if you do not, Quadrant apparently sells your location data to a company named X-Mode, who in turn sells it to the US army.
Again, a big issue here is that Android does not support different levels of location data. There's a big difference between location data accurate enough to determine the approximate time of sunrise and location data accurate enough for a drone strike.
It's baack! See github.blog/2020-11-16-standing-up-for-developers-youtube-dl-is-back.
Section 1201 does not include language for immediate takedowns claims (that's in Section 512), but Github presumably wanted to play it safe. Github writes:
And our reinstatement, based on new information that showed the
project was not circumventing a technical protection measure (TPM),
was inline with our values of putting developers first.
Github's
conservative approach has severe problems. The Section 512 takedown
rules amount to a bypass of due process because dealing with the
hosting of infringing content is sort of an emergency. Whether or not
dealing with the hosting of circumvention technology is a similar
emergency, there is no law demanding the bypass of due process.
It is reasonable to hold that circumvention code should not be taken
down until after a full court hearing on the issue.
Also, Google
issued a takedown request to Github for the takedown of the
widevine-L3-decryptor. Widevine is Google's DRM for streaming video in
the browser, used by Netflix and everyone else. Level 3 is the weakest
level; a vulnerability was announced in early 2019. Level 3 is used by
most desktop viewers; it does not allow for HD content streaming.
See github.com/github/dmca/blob/master/2020/11/2020-11-09-Google.md.
This takedown may stick.
See slate.com/technology/2020/11/austria-facebook-eva-glawischnig-piesczek-censorship.html. Here's what's going on:
[The] Austrian Supreme Court ordered, pursuant to local defamation rules, that Facebook remove a post insulting a former Green Party leader, keep equivalent posts off its site, and do so on a global scale
The CJEU ruled a year ago that the EU's e-commerce directive, forbidding member states from creating content-monitoring requirements, did not prevent the Austrian action. That was a little weird, but as I understand it the point is that this is a specific post that must be taken down, not a general category.
The case is not entirely over, but is definitely part of a disturbing trend.
See #3 in youteam.io/blog/3-remote-productivity-hacks-we-wish-we-knew-from-day-one.
Essentially every software implementation idea is a straightforward application of standard software engineering. But software ideas can typically be patented: a new way to do something, or a feature nobody thought of before, is harder to write off as intrinsically straightforward.
Examples:
Many computer ideas are obvious once the appropriate context is created; for example, once browsers are commonplace, it is obvious that running applets within browsers is useful, given that running one program under control of another was already established (MS OLE, etc)
Here are the practical grounds for appealing someone else's patent
What about the XOR-mouse patent? KSR doesn't help here (though prior-art algorithms might). This example galvanized a lot of opposition to software patents, by software engineers who felt the use of XOR here was entirely obvious. Was it?
(The Patent Office often sets a very low bar for how innovative an application of an algorithm must be, so the XOR patent might win on that.)
What about the 1994 Eolas patent? Points 2, 4 and 5 don't apply. Point 3 is difficult, as there was no prior art for embedding applets in a browser. Browsers were very obscure until 1993. However, once you have a browser, and use it regularly, the idea of embedding other content is quite compelling.
One might argue that the Eolas patent was an obvious combination of the following prior-art ideas:
How about the Campana/NTP patent for wireless email? The KSR case was decided after NTP v RIM, but one could envision an argument that wireless email was obvious given
My guess is this would have been a tough sell, but it's certainly plausible. The NTP patents acknowledge both the above as prior art.
KSR v Teleflex / Bilski / Alice / Heartland v Kraft
Crime
Hacking was not always about crime.
Hacking and the CFAA
Citrin, Nosal, US v Van Buren
TJX, Target and PCI-DSS
Some felonies: