STERIS Corporation, a company that makes sterilization and other medical equipment, sent a letter to iFixit claiming their online database of repair manuals for ventilators and medical equipment violates their copyrights. Motherboard reports: "It has come to my attention that you have been reproducing certain installation and maintenance manuals relating to our products, documentation which is protected by copyright law," the letter said. The letter then went on to tell [Kyle Wiens, CEO of iFixit] to remove all Steris copyrighted material from the iFixit website within 10 days of the letter. As Motherboard reported in March, major manufacturers of medical devices have long made it difficult for their devices to be repaired through third party repair professionals. Manufacturers have often lobbied against right to repair legislation and many medical devices are controlled by artificial "software locks" that allow only those with authorization to make modifications.

"I'm disappointed that Steris is resorting to legal threats to stop hospitals from having access to information about how to maintain critical sterilization equipment during a pandemic," Wiens told Motherboard in an email. "No manufacturer should be stopping hospitals from repairing their equipment," Wiens said. "The best way to ensure patient safety is to make sure that equipment is being maintained regularly using the manufacturer's recommended procedures. The only way to do that is if hospitals have up to date manuals." With regards to the letter sent by Steris, Wiens said iFixit has not removed any material from its website. "We explained to Steris that what we did is a lawful and protected fair use under the U.S. Copyright act," Wiens said. "iFixit is protected by Section 512 of the Digital Millennium Copyright Act, which allows online platforms to host content contributed by users provided they comply with the Act's requirements, which iFixit does," a letter to Steris from the Electronic Frontier Foundation on behalf of iFixit said.

Mozilla, Electronic Frontier Foundation (EFF), and more than 19,000 internet users today urged Zoom CEO Eric Yuan to reverse his decision to deny end-to-end encryption to users of its free service end-to-end encryption, saying it puts activists and other marginalized groups at risk. Earlier this month, Zoom announced it will offer end-to-end encryption, but only to those who pay. From a statement: The pressure to reverse the decision comes as racial justice activists are using tools like Zoom to organize protests. Without end-to-end encryption, information shared in their online meetings could be intercepted -- a concern that has been legitimized by both recent actions by law enforcement and a long-term history of discriminatory policing. Mozilla and EFF today are presenting an open letter to Yuan, co-signed by 19,000 people, maintaining that privacy and best-in-class security should be the default, not something that only the wealthy or businesses can afford.

Detections rates for stalkerware applications on Android and Windows devices are slowly improving, according to the findings of a seven-month research project carried out by independent antivirus testing lab AV-Comparatives and the Electronic Frontier Foundation. From a report: The study, published earlier this week, took place in two phases, with the first in November 2019, and the second in May 2020. Researchers looked at how 10 Android mobile antivirus apps and 10 Windows antivirus products detected some of today's most prevalent stalkerware strains. The stalkerware strains, 20 on Android and 10 on Windows, were chosen by AV-Comparatives together with the Electronic Frontier Foundation (EFF), based on their popularity in the US. The study discovered that many antivirus companies have improved their detection rates between the November 2019 scan and May 2020.

An anonymous reader quotes a report from the Electronic Frontier Foundation: A core part of EFF's mission is transparency and access to information, because we know that in a nation bound by the rule of law, the public must have the ability to know the law and how it is being applied. That's why the default rule is that the public must have full access to court records -- even if those records contain unsavory details. Any departure from that rule must be narrow and well-justified. But litigants and judges aren't always rigorous in upholding that principle. For example, when Brian Fargo sued Jennifer Tejas for allegedly defamatory Instagram posts, he asked that the court seal portions of his filings that contained those posts, references to other people and private medical information. The court granted Fargo's request, with little explanation or apparent care.

That approach set a dangerous precedent for others. The public has a right to know what courts consider defamatory. So, with help from the First Amendment Clinic at UCLA School of Law, EFF and the First Amendment Coalition moved to unseal the records containing the Instagram posts and references to other people. The judge denied that request. Undeterred, we appealed -- and won (PDF download). The appeals court chided the trial court for its failure to adequately justify its sealing order, and its equal failure to make sure the order was narrowly tailored so that as little as possible would be hidden from the public. While it did allow some information to remain sealed -- information related to private medical records can be kept from the public, and pseudonyms should be used in some exhibits to protect the privacy of third parties -- it ordered the rest released.

Charlotte Web shares a report from The Register: ICANN has halted the proposed $1.1 billion sale of the .org registry to an unknown private equity firm, claiming this was "the right thing to do." The DNS overseer has been under growing pressure to use its authority to refuse the planned transfer of the top-level domain from the Internet Society to Ethos Capital, most recently from the California Attorney General who said the deal "puts profits above the public interest." ICANN ultimately bowed to the US state's top lawyer when it concluded today it "finds the public interest is better served in withholding consent."

It gave several factors, all of which were highlighted by Attorney General Xavier Becerra as reasons to reject it: the fact that the sale would see the registry -- which has long served non-profit organizations -- turn from a non-profit itself into a for-profit vehicle; that Ethos Capital was a "wholly different form of entity" to the Internet Society; that the $360m in debt that was being used to finance the deal "raises further question about how the .org registrants will be protected"; and that the measures that Ethos Capital had put in place following an outcry were "untested." The decision will likely spark a mixture of relief and celebration from millions of .org domain holders, including some of the world's largest non-profit organizations, many of which were certain that their long-standing online addresses were going to be milked for profit by an organization that never fully revealed who its directors or investors were.

ICANN has again delayed a decision on the sale of the .org registry, pushing the issue off for another month. The Register reports: The organization's board of directors was due to decide today on whether to approve the $1.13 billion sale of the .org domain from the Internet Society to private equity firm Ethos Capital, but a last-minute letter from California's attorney general Xavier Becerra appears to have upended the plan. Rather than take a vote, the ICANN board debated the issue and ultimately decided to put off a decision until May 4 -- the fourth such delay. The organization formally acknowledged the decision late on Thursday evening local time.

"We have agreed to extend the review period to May 4, 2020, to permit additional time to complete our review," it said. The attorney general's letter [PDF] arrived just hours before the meeting and told the non-profit organization in stark terms that it should not approve the sale as it "raises serious concerns that cannot be overlooked." "Empowering a for-profit entity that could undermine the accessibility and affordability of the .org domain, which serves nonprofits, should concern all of us," the California AG's office told The Reg. "We're urging ICANN to deny the request to transfer control of the .org domain to a for-profit private equity firm. In California, we're committed to an Internet that serves everyone and we're simply concerned that this transfer puts profits above the public interest."

"If, as proposed, Ethos Capital is permitted to purchase PIR, it will no longer have the unique characteristics that ICANN valued at the time that it selected PIR as the nonprofit to be responsible for the .ORG registry," Becerra's letter notes. "In effect, what is at stake is the transfer of the world's second largest registry to a for-profit private equity firm that, by design, exists to profit from millions of nonprofit and non-commercial organizations." "Little is known about Ethos Capital and its multiple proposed subsidiaries," the letter states. "Even less is known about how these for-profit corporate entities and private investors will operate their businesses... Given the lack of transparency regarding Ethos' future plans, approval of the transfer may place at risk the operational stability of the .ORG registry."

The EFF's staff technologist -- also an engineer on Privacy Badger and HTTPS Everywhere, writes: Twitter greeted its users with a confusing notification this week. "The control you have over what information Twitter shares with its business partners has changed," it said. The changes will "help Twitter continue operating as a free service," it assured. But at what cost?

Twitter has changed what happens when users opt out of the "Allow additional information sharing with business partners" setting in the "Personalization and Data" part of its site. The changes affect two types of data sharing that Twitter does... Previously, anyone in the world could opt out of Twitter's conversion tracking (type 1), and people in GDPR-compliant regions had to opt in. Now, people outside of Europe have lost that option. Instead, users in the U.S. and most of the rest of the world can only opt out of Twitter sharing data with Google and Facebook (type 2).
The article explains how last August Twitter discovered that its option for opting out of device-level targeting and conversion tracking "did not actually opt users out." But after fixing that bug, "advertisers were unhappy. And Twitter announced a substantial hit to its revenue... Now, Twitter has removed the ability to opt out of conversion tracking altogether."

While users in Europe are protected by GDPR, "users in the United States and everywhere else, who don't have the protection of a comprehensive privacy law, are only protected by companies' self-interest..." BoingBoing argues that Twitter "has just unilaterally obliterated all its users' privacy choices, announcing the change with a dialog box whose only button is 'OK.'"

"White House officials are asking tech companies for more insight into our social networks and travel patterns," reports Wired, noting that Facebook even "created a disease mapping tool that tracks the spread of disease by aggregating user travel patterns." And Clearview AI "says it is in talks with public officials to use its software to identify anyone in contact with people who are infected." Such efforts clash with people's expectations of privacy. Now, there's a compelling reason to collect and share the data; surveillance may save lives. But it will be difficult to draw boundaries around what data is collected, who gets to use it, and how long the collection will continue...

"What's really important is for the government to be really clear in articulating what specific public health goals it's seeking to accomplish," said Kelsey Finch, senior counsel at the Future of Privacy Forum, an industry-backed group focused on tech policy. "And how it's limiting the collection of personal data to what's necessary to achieve those very specific goals, and then making sure that there are appropriate privacy safeguards put in place before data starts to change hands...."

Some privacy scholars question whether enhanced surveillance in the name of fighting disease can be dialed back once the danger has passed. "I'm not sure that we should be making longer-term judgments, in an emergency situation, about what the right balance is right now," said Jennifer Daskal, faculty director of the Tech, Law, and Security program at American University and a former national security official in the Department of Justice. "That often doesn't work out so well." Pointing back to 9/11, when Congress granted immense surveillance powers to the federal government, Daskal said decisions made during emergency situations tend to lead to overreach...

The rapid spread of the disease has prompted even some traditional defenders of personal privacy to acknowledge the potential benefits of digital tracking. "Public policy must reflect a balance between collective good and civil liberties in order to protect the health and safety of our society from communicable disease outbreaks," the Electronic Frontier Foundation wrote in a blog post earlier this month. But, the group continued, any data collection "must be scientifically justified and ⦠proportionate to the need."

America's Supreme Court will soon decide whether Google infringed on a copyright that Oracle says it holds on the APIs of Java. But this week Oracle's executive vice president also wrote a blog post arguing that Google "sought the support of outside groups to bolster its position" by using friend-of-the-court briefs to "create the impression that this case is of great import and controversy, and a ruling in Oracle's favor will impede innovation."

"Upon closer inspection, what these briefs reveal is a significantly different picture, one where Google is the outlier, with very little meaningful support outside the purview of its financial fingerprints." As we discussed in a previous post, this case is not about innovation, it is about theft. Google copied verbatim more than 11,000 lines of software code, and now attempts post hoc to change the rules in order to excuse its conduct... As those of us that have watched Google over the past few decades know, Google's view boils down to the self-absorbed position that the work it is doing is of such consequence that the rules shouldn't apply to them. The problem for Google is that very few outside of its self-generated atmosphere agree.

Let's be clear, it is not commonplace or foundational in the software industry to steal other developer's software code. Rather, what is commonplace is a confluence of interests where code is licensed to facilitate its widespread deployment, with the owner choosing the terms... Java embraced choice, with three different licensing alternatives, including a freely deployed open source license, and a commercial license designed to maintain interoperability. And it turns out that nobody except Google found it necessary to steal despite Java's enormous popularity. It is not in dispute in this matter that Google destroyed Java interoperability so it is unbelievable that many of its amici take the position that Google needs to prevail in order to protect interoperability...

Out of 26 briefs, we found:

- 7 briefs representing 13 entities that received "substantial contributions" from Google;

- 8 briefs filed by entities or individuals that have financial ties to Google through grants, dues, cy pres settlement proceeds or employment of individual amici;

- 2 briefs filed by companies with a clear commercial interest in Google prevailing;

- 1 brief filed by several former U.S. government employees all of whom worked for a small government agency run by a former Google executive, despite the U.S. government itself filing a brief in favor of Oracle;

- 4 separate briefs representing a total of 7 individuals;

- A few other briefs where Google financial ties are likely;

- 1 brief submitted by a serial copyright infringer repeatedly sanctioned by the Courts;

What masqueraded as a mass show of support for Google, may not be much more than an exercise in transactional interests.
The groups Oracle is criticizing include the American Library Association, EFF, and the Python Software Foundation, as well as a brief by 83 computer scientists which included Doug Lea, a former memeber of the executive committee of the Java Community Process. Oracle's blog post also makes the argument that besides Microsoft and IBM, "not a single brief from the other 98 of the Top 100 tech companies was filed."

There was a response on Twitter from Joshua Bloch, who worked on the Java platform at Sun before leaving in 2004 to become Google's chief Java architect for the next 8 years. He called Oracle's blog post "nonsense." For example, Doug Lea -- who is in no small measure responsible for Java's success -- accepted one small grant from Google fourteen years ago, and promptly doled it out to deserving undergrads who were testing java.util.concurrent. Have you no shame, Oracle?

We are not Google shills. We are scientists and engineers. Some of us laid the theoretical groundwork for the profession, some designed the computers you grew up on, and some wrote the software you use every day.

We depend on the right to reimplement each others' APIs, and we are truly afraid that your irresponsible lawsuit may deprive us of that right, which we've enjoyed throughout our long careers.

An anonymous reader quotes a report from Ars Technica: Comcast mistakenly published the names, phone numbers, and addresses of nearly 200,000 customers who paid monthly fees to make their numbers unlisted. The names and numbers were made available on Ecolisting, a directory run by Comcast, and picked up by third-party directories. After discovering the mistake, Comcast shut Ecolisting down, gave $100 credits to affected customers, and advised them that they can change their phone numbers at no charge. This is similar to a mistake in the early 2010s that resulted in Comcast paying a $33 million settlement in 2015.

The Denver Post reported last week: "For years, customers have had the ability to pay a small sum per month to ensure their phone numbers and personal information remain off of telephone and online directories. But in January and February, thousands of people across the country received letters from Xfinity telling them the company had inadvertently published personal information on Comcast's online directory, Ecolisting.com. The issue affected 2 percent of Comcast's 9.9 million voice customers, the company said." In a statement to Ars, Comcast said, "We have corrected this issue for our identified customers, apologized to them for this error, and given them an additional $100 credit. We are working with our customers directly to address this issue and help make it right, and are taking steps to prevent this from happening again."

Comcast also warned that "this information could be available on online directories or through other public sources that Comcast does not control." If that's the case, the company advises contacting those online directories directly and/or changing your Xfinity Voice telephone number.

In a scathing editorial, EFF continues to oppose Ethos Capital's plan to buy the PIR's .org domain registry for $1.1 billion, arguing that "the current system is stable and functional, and changing it threatens to introduce instability and dysfunction with no countervailing benefit to the community..."

"[W]hile there is nothing currently wrong with .ORG, there is a lot that could go wrong if this deal moves forward." Ethos and PIR have repeatedly defended the proposed deal by arguing that converting PIR to a privately owned, for-profit enterprise will allow it to offer "new products and services," but without explaining what those new offerings might be. On Thursday, they finally admitted that they actually don't know what additional products and services .ORG registrants want or need, citing a lack of market research...

The for-profit PIR that Ethos envisions would be a fundamentally different organization than today's PIR, and we have serious concerns about its business model and financial stability. Nothing we've heard from PIR and Ethos has convinced us that PIR should be transformed from something that we all know works to something that's unproven. To the contrary, the Ethos deal raises concrete dangers of censorship, financial and technical instability, and price-gouging of non-commercial .ORG registrants. And despite making their case for months, proponents of the deal haven't identified any specific benefits it would impart to .ORG users.

ICANN can, and should, reject this change to the .ORG registry. But that time is running out; ICANN's current deadline to make a decision is Friday, March 20. You can still speak out: the ICANN Board is holding a public forum next week, Monday March 9 at 10am-11:30am Eastern Daylight Time. Anyone can join by videoconference and address the Board.

America's Justice Department "has filed a brief in support of Oracle in its Supreme Court battle against Google over whether Java should have copyright protection," reports ZDNet: The Justice Department filed its amicus brief to the Supreme Court this week, joining a mighty list of briefs from major tech companies and industry luminaries — including Scott McNealy, co-founder of Sun, which Oracle bought in 2010, acquiring Sun-built Java in the process. While Microsoft, IBM and others have backed Google's arguments in the decade-long battle, McNealy, like the Justice Department, is opposing Google. McNealy called Google's description of how it uses Java packages a "woeful mischaracterization of the artful design of the Java packages" and "an insult to the hard-working developers at Sun who made Java such a success...."

Joe Tucci, former CEO of now Dell-owned enterprise storage giant EMC, threw in his two cents against Google. "Accepting Google's invitation to upend that system by eliminating copyright protection for creative and original computer software code would not make the system better — it would instead have sweeping and harmful effects throughout the software industry," Tucci's brief reads.
Oracle is also questioning the motives of Google's allies, reports The Verge: After filing a Supreme Court statement last week, Oracle VP Ken Glueck posted a statement over the weekend assailing the motives of Microsoft, IBM, and the CCIA industry group, all of which have publicly supported Google. Glueck's post comes shortly after two groups — an interdisciplinary panel of academics and the American Conservative Union Foundation — submitted legal briefs supporting Oracle. Both groups argued that Google should be liable for copying code from the Java language for the Android operating system. The ACUF argued that protecting Oracle's code "is fundamental to a well-ordered system of private property rights and indeed the rule of law itself...."

Earlier this year, Google garnered around two dozen briefs supporting its position. But Oracle claims that in reality, "Google appears to be virtually alone — at least among the technology community." Glueck says Google's most prominent backers had ulterior motives or "parochial agendas"; either they were working closely with Google, or they had their own designs on Java...

Even if you accept Oracle's arguments wholeheartedly, there's a long list of other Google backers from the tech community. Advocacy groups like the Electronic Frontier Foundation and the Center for Democracy and Technology signed on to amicus briefs last month, as did several prominent tech pioneers, including Linux creator Linus Torvalds and Apple cofounder Steve Wozniak. The CCIA brief was signed by the Internet Association, a trade group representing many of the biggest companies in Silicon Valley. Patreon, Reddit, Etsy, the Mozilla Corporation, and other midsized tech companies also backed a brief raising "fundamental concerns" about Oracle's assertions.

Amazon's Ring doorbell cameras just added two new privacy and security features "amid rising scrutiny on the company," reports The Hill, including "a second layer of authentication by requiring users to enter a one-time code shared via email or SMS when they try to log in to see the feed from their cameras starting this week...

"Until recently the company did not notify users when their accounts had been logged in to, meaning that hackers could have accessed camera feeds without owners being aware."

But CBS News reports that the changes appeared "two weeks after a study showed the company shares customers' personal information with Facebook, Google and other parties without users' consent." In late January, an Electronic Frontier Foundation (EFF) study found the company regularly shares user data with Facebook, including that of Ring users who don't have accounts on the social media platform... EFF claims the company shares a lot of other user data, including people's names, email addresses, when the doorbell app was being used, the number of devices a user has, model numbers of devices, user's unique internet addresses and more. Such information could allow third parties to know when Ring users are at home or away, and potentially target them with advertising for services based on that info...

The change will let Ring users block the company from sharing most, but not all, of their data. A company spokesperson said people will be able to opt out of those sharing agreements "where applicable." The spokesperson declined to clarify what "where applicable" might mean.
Evan Greer, deputy director of digital rights organization Fight for the Future, shared a skeptical response with The Hill.

"No amount of security updates will change the fact that these devices are enabling a nationwide, for-profit, surveillance empire. Amazon Ring is fundamentally incompatible with democracy and human rights."

Science-fiction writer, journalist and longtime Slashdot reader, Cory Doctorow, a.k.a. mouthbeef, writes: The Electronic Frontier Foundation (EFF) just published the latest installment in my case histories of "adversarial interoperability" -- once the main force that kept tech competitive. Today, I tell the story of Gopher, the web's immediate predecessor, which burrowed under the mainframe systems' guardians and created a menu-driven interface to campus resources, then the whole internet. Gopher ruled until browser vendors swallowed Gopherspace whole, incorporating it by turning gopher:// into a way to access anything on any Gopher server. Gopher served as the booster rocket that helped the web attain a stable orbit. But the tools that Gopher used to crack open the silos, and the moves that the web pulled to crack open Gopher, are radioactively illegal today.

If you wanted do to Facebook what Gopher did to the mainframes, you would be pulverized by the relentless grinding of software patents, terms of service, anticircumvention law, bullshit theories about APIs being copyrightable. Big Tech blames "network effects" for its monopolies -- but that's a counsel of despair. If impersonal forces (and not anticompetitive bullying) are what keeps tech big then there's no point in trying to make it small. Big Tech's critics swallow this line, demanding that Big Tech be given state-like duties to police user conduct -- duties that require billions and total control to perform, guaranteeing tech monopolists perpetual dominance. But the lesson of Gopher is that adversarial interoperability is judo for network effects.

Mike Godwin, the first staff counsel of the Electronic Frontier Foundation, writes in a column: Another thing we clearly got wrong is how large platforms would rise to dominate their markets -- even though they never received the kind of bespoke regulated-monopoly partnership with governments that, generations before, the telephone companies had received. In most of today's democracies, Google dominates search and Facebook dominates social media. In less-democratic nations, counterpart platforms -- like Baidu and Weibo in China or VK in Russia -- dominate their respective markets, but their relationships with the relevant governments are cozier, so their market-dominant status isn't surprising. We didn't see these monopolies and market-dominant players coming, although we should have. Back in the 1990s, we thought that a thousand website flowers would bloom and no single company would be dominant. We know better now, particularly because of the way social media and search engines can built large ecosystems that contain smaller communities -- Facebook's Groups is only the most prominent example. Market-dominant players face temptations that a gaggle of hungry, competitive startups and "long tail" services don't, and we'd have done better in the 1990s if we'd anticipated this kind of consolidation and thought about how we might respond to it as a matter of public policy. We should have -- the concern about monopolies, unfair competition, and market concentration is an old one in most developed countries -- but I have no reflexive reaction either for or against antitrust or other market-regulatory approaches to address this concern, so long as the remedies don't create more problems than they solve.

What's new and more troubling is the revival of the idea, after more than half a century of growing freedom-of-expression protections, that maybe there's just too much free speech. There's a lot to unpack here. In the 1990s, social conservatives wanted more censorship, particularly of sexual content. Progressive activists back then generally wanted less. Today, progressives frequently argue that social media platforms are too tolerant of vile, offensive, hurtful speech, while conservatives commonly insist that the platforms censor too much (or at least censor them too much). Both sides miss obvious points. Those who think there needs to be more top-down censorship from the tech companies imagine that when censorship efforts fail, it means the companies aren't trying hard enough to enforce their content policies. But the reality is that no matter how much money and manpower (plus less-than-perfect "artificial intelligence") Facebook throws at curating hateful or illegal content on its services, and no matter how well-meaning Facebook's intentions are, a user base edging toward 3 billion people is always going to generate hundreds of thousands, and perhaps millions, of false positives every year. On the flip side, those who want to restrict companies' ability to censor content haven't given adequate thought to the consequences of their demands. If Facebook or Twitter became what Sen. Ted Cruz calls a "neutral public forum," for example, they might become 8chan writ large. That's not very likely to make anyone happier with social media.

Jacob Hoffman-Andrews, writing for EFF: If you follow security on the Internet, you may have seen articles warning you to "beware of public Wi-Fi networks" in cafes, airports, hotels, and other public places. But now, due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was. The advice stems from the early days of the Internet, when most communication was not encrypted. At that time, if someone could snoop on your network communications -- for instance by sniffing packets from unencrypted Wi-Fi or by being the NSA -- they could read your email. Starting in 2010 that all changed. Eric Butler released Firesheep, an easy-to-use demonstration of "sniffing" insecure HTTP to take over people's accounts. Site owners started to take note and realized they needed to implement HTTPS (the more secure, encrypted version of HTTP) for every page on their site. The timing was good: earlier that year, Google had turned on HTTPS by default for all Gmail users and reported that the costs to do so were quite low. Hardware and software had advanced to the point where encrypting web browsing was easy and cheap.

However, practical deployment of HTTPS across the whole web took a long time. One big obstacle was the difficulty for webmasters and site administrators of buying and installing a certificate (a small file required in order to set up HTTPS). EFF helped launch Let's Encrypt, which makes certificates available for free, and we wrote Certbot, the easiest way to get a free certificate from Let's Encrypt and install it. Meanwhile, lots of site owners were changing their software and HTML in order to make the switch to HTTPS. There's been tremendous progress, and now 92% of web page loads from the United States use HTTPS. In other countries the percentage is somewhat lower -- 80% in India, for example -- but HTTPS still protects the large majority of pages visited. [...] What about the risk of governments scooping up signals from "open" public Wi-Fi that has no password? Governments that surveill people on the Internet often do it by listening in on upstream data, at the core routers of broadband providers and mobile phone companies. If that's the case, it means the same information is commonly visible to the government whether they sniff it from the air or from the wires.

Ring isn't just a product that allows users to surveil their neighbors. The company also uses it to surveil its customers. An investigation by EFF of the Ring doorbell app for Android found it to be packed with third-party trackers sending out a plethora of customers' personally identifiable information (PII). From the report, shared by reader AmiMoJo: Four main analytics and marketing companies were discovered to be receiving information such as the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers. The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user's device. This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a user is doing in their digital lives and when they are doing it.

All this takes place without meaningful user notification or consent and, in most cases, no way to mitigate the damage done. Even when this information is not misused and employed for precisely its stated purpose (in most cases marketing), this can lead to a whole host of social ills. Ring has exhibited a pattern of behavior that attempts to mitigate exposure to criticism and scrutiny while benefiting from the wide array of customer data available to them. It has been able to do so by leveraging an image of the secure home, while profiting from a surveillance network which facilitates police departments' unprecedented access into the private lives of citizens, as we have previously covered. For consumers, this image has cultivated a sense of trust in Ring that should be shaken by the reality of how the app functions: not only does Ring mismanage consumer data, but it also intentionally hands over that data to trackers and data miners.

Bruce Perens (Slashdot reader #3872) co-founded the Open Source Initiative with Eric Raymond in 1998. (And then left it this January 2nd.)

But in 2017 Perens was also sued partly over comments made in a Slashdot discussion. He's just shared a video from the 9th Circuit Appeals Court hearing -- along with this update: Open Source Security Inc. and their CEO, Mr. Bradley Spengler, sued me for 3 Million dollars for defamation, because I wrote this blog post, in which I explained why I thought they were in violation of the GPL. They lost in the lower court, and had to file this $300,000 bond to pay for my defense, which will be awarded to my attorneys if the appeals court upholds the lower court's finding.

Because OSS/Spengler are in Pensylvania and I am in California, this was tried before a Magistrate in Federal court, with the laws of California and the evidentiary rules of the Federal Court. Thus, I am now in the 9th Circuit for appeal.

The first attorney to appear is for OSS/Spengler. The second works for EFF, and the third for O'Melveny. In my opinion EFF and O'Melveny did a great job.

If you are interested in the case, I have a partial archive of the case documents from PACER, and a link to PACER where the rest can be found, here.

Science fiction writer, journalist and longtime Slashdot reader, Cory Doctorow, a.k.a. mouthbeef, writes: My novella "Unauthorized Bread" -- originally published last year in Radicalized from Tor Books -- has just been published on Ars Technica: it's an epic tale of jailbreaking refugees versus the disobedient IoT appliances they're forced to use, and it's being turned into a TV show by The Intercept's parent company and a graphic novel by First Second with help from Jennifer Doyle. Making the story open access was in honor of the book being shortlisted for Canada Reads, Canada's national book award. The story builds on the work I've done with EFF to legalize jailbreaking, including our lawsuit to overturn parts of the DMCA. The story is part of a lineage with a long history of /. interest, starting with my 2002 Salon story 0wnz0red, and it only seemed fitting that I let you know about it!

Areyoukiddingme writes: EFF has filed an amicus brief with the U.S. Supreme Court in Google v. Oracle, arguing that APIs are not copyrightable. From the press release: "The Electronic Frontier Foundation (EFF) today asked the U.S. Supreme Court to rule that functional aspects of Oracle's Java programming language are not copyrightable, and even if they were, employing them to create new computer code falls under fair use protections. The court is reviewing a long-running lawsuit Oracle filed against Google, which claimed that Google's use of certain Java application programming interfaces (APIs) in its Android operating system violated Oracle's copyrights. The case has far-reaching implications for innovation in software development, competition, and interoperability.

In a brief filed today, EFF argues that the Federal Circuit, in ruling APIs were copyrightable, ignored clear and specific language in the copyright statute that excludes copyright protection for procedures, processes, and methods of operation. 'Instead of following the law, the Federal Circuit decided to rewrite it to eliminate almost all the exclusions from copyright protection that Congress put in the statute,' said EFF Legal Director Corynne McSherry. 'APIs are not copyrightable. The Federal Circuit's ruling has created a dangerous precedent that will encourage more lawsuits and make innovative software development prohibitively expensive. Fortunately, the Supreme Court can and should fix this mess.'" Oral arguments before the U.S. Supreme Court are scheduled for March 2020, and a decision by June.