courts – Page 4 – WindowsTechs.com

Suing Infrastructure Companies for Copyright Violations

Posted on October 13, 2021 by Bruce Schneier

It’s a matter of going after those with deep pockets. From Wired:

Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and sellers that alleged Cloudflare was guilty of contributory copyright infringement because it didn’t terminate services for websites that infringed on the dressmakers’ copyrighted designs….

[Judge] Chhabria noted that the dressmakers have been harmed “by the proliferation of counterfeit retailers that sell knock-off dresses using the plaintiffs’ copyrighted images” and that they have “gone after the infringers in a range of actions, but to no avail — every time a website is successfully shut down, a new one takes its place.” Chhabria continued, “In an effort to more effectively stamp out infringement, the plaintiffs now go after a service common to many of the infringers: Cloudflare. The plaintiffs claim that Cloudflare contributes to the underlying copyright infringement by providing infringers with caching, content delivery, and security services. Because a reasonable jury could not — at least on this record — conclude that Cloudflare materially contributes to the underlying copyright infringement, the plaintiffs’ motion for summary judgment is denied and Cloudflare’s motion for summary judgment is granted.”…

Continue reading Suing Infrastructure Companies for Copyright Violations→

ProtonMail Now Keeps IP Logs

Posted on September 10, 2021 by Bruce Schneier

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.”

EDITED TO ADD (9/14): This seems to be more complicated. ProtonMail is not yet saying that they keep logs. Their privacy policy still states that they do not keep logs except in certain circumstances, and outlines those circumstances. And ProtonMail’s warrant canary has an interesting list of data orders they have received from various authorities, whether they complied, and why or why not.

… Continue reading ProtonMail Now Keeps IP Logs→

Zoom Lied about End-to-End Encryption

Posted on August 5, 2021 by Bruce Schneier

The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent.

The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California. It came nine months after Zoom agreed to security improvements and a “prohibition on privacy and security misrepresentations” in a settlement with the Federal Trade Commission, but the FTC settlement didn’t include compensation for users…

Continue reading Zoom Lied about End-to-End Encryption→

Risks of Evidentiary Software

Posted on June 29, 2021 by Bruce Schneier

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example).

Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examine it.

The software engineers proposed a three-part test. First, the court should have access to the “Known Error Log,” which should be part of any professionally developed software project. Next the court should consider whether the evidence being presented could be materially affected by a software error. Ladkin and his co-authors noted that a chain of emails back and forth are unlikely to have such an error, but the …

Continue reading Risks of Evidentiary Software→

The Supreme Court Narrowed the CFAA

Posted on June 7, 2021 by Bruce Schneier

In a 6-3 ruling, the Supreme Court just narrowed the scope of the Computer Fraud and Abuse Act:

In a ruling delivered today, the court sided with Van Buren and overturned his 18-month conviction.

In a 37-page opinion written and delivered by Justice Amy Coney Barrett, the court explained that the “exceeds authorized access” language was, indeed, too broad.

Justice Barrett said the clause was effectively making criminals of most US citizens who ever used a work resource to perform unauthorized actions, such as updating a dating profile, checking sports scores, or paying bills at work…

Continue reading The Supreme Court Narrowed the CFAA→

The FBI Is Now Securing Networks Without Their Owners’ Permission

Posted on April 14, 2021 by Bruce Schneier

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed… Continue reading The FBI Is Now Securing Networks Without Their Owners’ Permission→

Virginia Data Privacy Law

Posted on February 18, 2021 by Bruce Schneier

Virginia is about to get a data privacy law, modeled on California’s law.
Continue reading Virginia Data Privacy Law→

The Legal Risks of Security Research

Posted on October 30, 2020 by Bruce Schneier

Sunoo Park and Kendra Albert have published “A Researcher’s Guide to Some Legal Risks of Security Research.”

From a summary:

Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions (DMCA §1201), electronic privacy law (ECPA), and cryptography export controls, as well as broader legal areas such as contract and trade secret law.

Our Guide gives the most comprehensive presentation to date of this landscape of legal risks, with an eye to both legal and technical nuance. Aimed at researchers, the public, and technology lawyers alike, its aims both to provide pragmatic guidance to those navigating today’s uncertain legal landscape, and to provoke public debate towards future reform…

Continue reading The Legal Risks of Security Research→

Reverse-Engineering the Redactions in the Ghislaine Maxwell Deposition

Posted on October 27, 2020 by Bruce Schneier

Slate magazine was able to cleverly read the Ghislaine Maxwell deposition and reverse-engineer many of the redacted names.
We’ve long known that redacting is hard in the modern age, but most of the failures to date have been a result of not reali… Continue reading Reverse-Engineering the Redactions in the Ghislaine Maxwell Deposition→

Adversarial Machine Learning and the CFAA

Posted on July 23, 2020 by Bruce Schneier

I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML sy… Continue reading Adversarial Machine Learning and the CFAA→