The Courts

Let Consumers Sue Companies (nytimes.com) 69

Richard Cordray, the director of the Consumer Financial Protection Bureau, writes: When a data breach at Home Depot in 2014 led to losses for banks nationwide, a group of banks filed a class-action lawsuit seeking compensation. Companies have the choice of taking legal action together. Yet consumers are frequently blocked from exercising the same legal right when they believe that companies have wronged them. That's because many contracts for products like credit cards and bank accounts have mandatory arbitration clauses that prevent consumers from joining group lawsuits, forcing them to go it alone. For example, a group lawsuit against Wells Fargo for secretly opening phony bank accounts was blocked by arbitration clauses that pushed individual consumers into closed-door proceedings. In 2010, the Consumer Financial Protection Bureau was authorized to study mandatory arbitration and write rules consistent with the study. After five years of work, we recently finalized a rule to stop companies from denying groups of consumers the option of going to court when they are treated unfairly. Opponents have unleashed attacks to overturn the rule, and the House just passed legislation to that end. Before the Senate decides whether to protect companies or consumers, it's worth correcting the record. First, opponents claim that plaintiffs are better served by acting individually than by joining a group lawsuit. This claim is not supported by facts or common sense. Our study contained revealing data on the results of group lawsuits and individual actions. We found that group lawsuits get more money back to more people. In five years of group lawsuits, we tallied an average of $220 million paid to 6.8 million consumers per year. Yet in the arbitration cases we studied, on average, 16 people per year recovered less than $100,000 total. It is true that the average payouts are higher in individual suits. But that is because very few people go through arbitration, and they generally do so only when thousands of dollars are at stake, whereas the typical group lawsuit seeks to recover small amounts for many people. Almost nobody spends time or money fighting a small fee on their own. As one judge noted, "only a lunatic or a fanatic sues for $30."
Google

Supreme Court Asked To Nullify the Google Trademark (arstechnica.com) 190

Is the term "google" too generic and therefore unworthy of its trademark protection? That's the question before the US Supreme Court. From a report: What's before the Supreme Court is a trademark lawsuit that Google already defeated in a lower court. The lawsuit claims that Google should no longer be trademarked because the word "google" is synonymous to the public with the term "search the Internet." "There is no single word other than google that conveys the action of searching the Internet using any search engine," according to the petition to the Supreme Court. It's perhaps one of the most consequential trademark case before the justices since they ruled in June that offensive trademarks must be allowed. The Google trademark dispute dates to 2012 when a man named Chris Gillespie registered 763 domain names that combined "google" with other words and phrase, including "googledonaldtrump.com."
Security

UK.gov To Treat Online Abuse as Seriously as Hate Crime in Real Life (theregister.co.uk) 284

The UK's Crown Prosecution Service has pledged to tackle online abuse with the same seriousness as it does hate crimes committed in the flesh. From a report: Following public concern about the increasing amount of racist, anti-religious, homophobic and transphobic attacks on social media, the CPS has today published a new set of policy documents on hate crime. This includes revised legal guidance for prosecutors on how they should make decisions on criminal charges and handle cases in court. The rules officially put online abuse on the same level as offline hate crimes -- defined as an action motivated by hostility or prejudice -- like shouting abuse at someone face-to-face. They commit the CPS to prosecuting complaints about online material "with the same robust and proactive approach used with online offending." Prosecutors are told to consider the effect on the wider community and whether to identify both the originators and the "amplifiers or disseminators."
Businesses

A 'Netflix Tax'? Yes, and It's Already a Thing in Some States (usatoday.com) 131

An anonymous reader shares a report: Your monthly bill for Netflix, Amazon, Hulu and other streaming entertainment services could go up soon as states such as Illinois try to find ways to offset declining sales taxes and other revenue shortfalls. Chicago, Pennsylvania and Florida have already passed a so-called Netflix tax, and cities such as Pasadena, Calif. have broached the issue. These taxes can translate to additional fees of less than $1 each month to consumers. But over the months -- and tacked onto multiple streaming subscriptions -- they might add up to $50 or more each year. Netflix, consumer tax groups and tech trade organizations have voiced their opposition to such taxes, warning they can be unfair and deter innovation. Some opponents have initiated legal challenges, and at least one state has shelved plans after a court decision. But state and local governments aren't likely to halt fresh efforts as falling pay-TV subscriptions and video rentals mean there's less opportunity to tax cable bills or charge sales tax at the cash register.
AT&T

Judge Dismisses AT&T's Attempt To Stall Google Fiber Construction In Louisville (arstechnica.com) 68

An anonymous reader quotes a report from Ars Technica: AT&T has lost a court case in which it tried to stall construction by Google Fiber in Louisville, Kentucky. AT&T sued the local government in Louisville and Jefferson County in February 2016 to stop a One Touch Make Ready Ordinance designed to give Google Fiber and other new ISPs quicker access to utility poles. But yesterday, U.S. District Court Judge David Hale dismissed the lawsuit with prejudice, saying AT&T's claims that the ordinance is invalid are false. "We are currently reviewing the decision and our next steps," AT&T said when contacted by Ars today. One Touch Make Ready rules let ISPs make all of the necessary wire adjustments on utility poles themselves instead of having to wait for other providers like AT&T to send work crews to move their own wires. Without One Touch Make Ready rules, the pole attachment process can cause delays of months before new ISPs can install service to homes. Google Fiber has continued construction in Louisville despite the lawsuit and staff cuts that affected deployments in other cities.
Social Networks

Thai Activist Jailed For the Crime of Sharing an Article on Facebook (eff.org) 119

An anonymous reader shares a report: Thai activist Jatuphat "Pai" Boonpattaraksa was sentenced this week to two and a half years in prison -- for the crime of sharing a BBC article on Facebook. The Thai-language article profiled Thailand's new king and, while thousands of users shared it, only Jutaphat was found to violate Thailand's strict lese majeste laws against insulting, defaming, or threatening the monarchy. The sentence comes after Jatuphat has already spent eight months in detention without bail. During this time, Jatuphat has fought additional charges for violating the Thai military junta's ban on political gatherings and for other activism with Dao Din, an anti-coup group. While in trial in military court, Jatuphat also accepted the Gwangzu Prize for Human Rights. When he was arrested last December, Jatuphat was the first person to be charged with lese majeste since the former King Bhumibol passed away and his son Vajiralongkorn took the throne. (He was not, however, the first to receive a sentence -- this past June saw one of the harshest rulings to date, with one man waiting over a year in jail to be sentenced to 35 years for Facebook posts critical of the royal family.) The conviction, which appears to have singled Jatuphat out among thousands of other Facebook users who shared the article, sends a strong message to other activists and netizens: overbroad laws like lese majeste can and will be used to target those who oppose military rule in Thailand.
Piracy

Roku Gets Tough On Pirate Channels, Warns Users (torrentfreak.com) 77

An anonymous reader quotes a report from TorrentFreak: Earlier this year Roku was harshly confronted with this new piracy crackdown when a Mexican court ordered local retailers to take its media player off the shelves. While this legal battle isn't over yet, it was clear to Roku that misuse of its platform wasn't without consequences. While Roku never permitted any infringing content, it appears that the company has recently made some adjustments to better deal with the problem, or at least clarify its stance. Pirate content generally doesn't show up in the official Roku Channel Store but is directly loaded onto the device through third-party "private" channels. A few weeks ago, Roku renamed these "private" channels to "non-certified" channels, while making it very clear that copyright infringement is not allowed. A "WARNING!" message that pops up during the installation of these third-party channels stresses that Roku has no control over the content. In addition, the company notes that these channels may be removed if it links to copyright infringing content.

"By continuing, you acknowledge you are accessing a non-certified channel that may include content that is offensive or inappropriate for some audiences," Roku's warning reads. "Moreover, if Roku determines that this channel violates copyright, contains illegal content, or otherwise violates Roku's terms and conditions, then ROKU MAY REMOVE THIS CHANNEL WITHOUT PRIOR NOTICE."

Microsoft

The Docx Games: Three Days At the Microsoft Office World Championship (theverge.com) 57

An anonymous reader shares a report: On a Sunday night two weeks back, in the Rose Court Garden of the Disneyland Hotel in Anaheim, California, 150 antsy competitors between the ages of 13 and 22 milled around eating miniature whoopie pies by the light of the Moon, sizing up their global rivals in the efficient use of Excel, PowerPoint, and Word. It was as if the Olympics opening ceremony was replaced by a networking event: teens were decked out in national T-shirts, while others handed out business cards specially made for the event. At one table off by the bar, two chaperones nudged their folding chairs closer together and taught each other how to say hello ("Yassas," "Ciao") in their respective mother tongues. In the distance, through the palms, the tiki torches of Trader Sam's, the hotel's poolside lounge, were flickering into the black sky. This marked the first night of the 16th Microsoft Office Specialist (MOS) World Championship, in which teens and young 20-somethings compete for the title of World Champion in their chosen professional application. It's an event put on annually by Certiport, a Utah-based subsidiary of standardized testing giant Pearson VUE. It's also a marketing stunt, pure and simple, devised to promote Certiport's line of Microsoft Office certifications. This allows the certified to confirm the line on their resume that claims "proficiency in MS Office" is backed up by some solid knowledge of deep formatting and presentation design.
Businesses

No Cash For Hate, Say Mainstream Crowdfunding Firms (reuters.com) 396

An anonymous reader shares a report: Online fund-raising sites are turning their backs on activists looking to offer financial support for James Fields, the man accused of driving his car into counter-protesters at a white-nationalist rally in Charlottesville, Virginia on Saturday. GoFundMe, Kickstarter and other mainstream crowdfunding firms have policies that prohibit hate speech or abuse, the latest example of technology firms making it harder for far-right groups to organize online. Fields is accused of killing one woman and injuring 19 others on Saturday after the rally in Charlottesville turned violent. Supporters of Fields, who was denied bail at a court hearing in Virginia on Monday, have turned to the internet to raise money for his legal defense. GoFundMe, one of the two leading crowdfunding firms, said on Monday it has removed multiple fundraising campaigns for Fields, because the company prohibits the promotion of hate speech and violence.
Communications

Tech Companies Urge Supreme Court To Boost Cellphone Privacy (reuters.com) 29

More than a dozen high technology companies and the biggest wireless operator in the United States, Verizon, have called on the U.S. Supreme Court to make it harder for government officials to access individuals' sensitive cellphone data. From a report: The companies filed a 44-page brief with the court on Monday night in a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cellphone user's whereabouts. Signed by some of Silicon Valley's biggest names, including Apple, Facebook, Twitter, Snap and Alphabet's Google, the brief said that as individuals' data is increasingly collected through digital devices, greater privacy protections are needed under the law. "That users rely on technology companies to process their data for limited purposes does not mean that they expect their intimate data to be monitored by the government without a warrant," the brief said.
Government

Justice Department Demands 1.3 Million IP Addresses Related To Anti-Trump Website (theverge.com) 392

An anonymous reader quotes a report from The Verge: In a blog post today, online web hosting provider DreamHost disclosed that it has been involved in a months-long legal battle with the Justice Department over records on visitors to an anti-Trump website. The dispute focuses on a Justice Department demand for information on data related to disruptj20.org, which describes itself as a group of activists "building the framework needed for mass protests to shut down the inauguration of Donald Trump and planning widespread direct actions to make that happen." DreamHost is taking issue with a warrant issued by the department for "all files" related to the website, which DreamHost says would compel them to turn over electronic data like visitor logs. That would include IP addresses and other information that could be used to identify anyone who visited the site. "The request from the DOJ demands that DreamHost hand over 1.3 million visitor IP addresses -- in addition to contact information, email content, and photos of thousands of people -- in an effort to determine who simply visited the website," the company said in its blog post. The warrant, DreamHost argues, would also require it to hand over any communications that are even tangentially related to the website.

"In essence, the Search Warrant not only aims to identify the political dissidents of the current administration, but attempts to identify and understand what content each of these dissidents viewed on the website," the company said in a legal filing arguing against the warrant. A hearing on the situation is set for Friday in Washington, DC Superior Court.

The Courts

Judge Says LinkedIn Cannot Block Startup From Public Profile Data (reuters.com) 165

A U.S. federal judge on Monday ruled that LinkedIn cannot prevent a startup from accessing public profile data, in a test of how much control a social media site can wield over information its users have deemed to be public. Reuters reports: U.S. District Judge Edward Chen in San Francisco granted a preliminary injunction request brought by hiQ Labs, and ordered LinkedIn to remove within 24 hours any technology preventing hiQ from accessing public profiles. The dispute between the two tech companies has been going on since May, when LinkedIn issued a letter to hiQ Labs instructing the startup to stop scraping data from its service. HiQ Labs responded by filing a suit against LinkedIn in June, alleging that the Microsoft-owned social network was in violation of antitrust laws. HiQ Labs uses the LinkedIn data to build algorithms capable of predicting employee behaviors, such as when they might quit. "To the extent LinkedIn has already put in place technology to prevent hiQ from accessing these public profiles, it is ordered to remove any such barriers," Chen's order reads. Meanwhile, LinkedIn said in a statement: "We're disappointed in the court's ruling. This case is not over. We will continue to fight to protect our members' ability to control the information they make available on LinkedIn."
Google

Google Pays Apple $3 Billion Per Year To Remain On the iPhone, Analyst Says (cnbc.com) 101

In a note to investors on Monday, Bernstein analyst A.M. Sacconaghi Jr. said Google is paying Apple billions of dollars per year to remain the default search engine on iPhones and iPads. "The firm believes that Google will pay Apple about $3 billion this year, up from $1 billion just three years ago, and that Google's licensing fees make up a large bulk of Apple's services business," reports CNBC. From the report: "Court documents indicate that Google paid Apple $1 billion in 2014, and we estimate that total Google payments to Apple in FY 17 may approach $3 billion," Bernstein analyst A.M. Sacconaghi Jr. said. "Given that Google payments are nearly all profit for Apple, Google alone may account for 5% of Apple's total operating profits this year, and may account for 25% of total company OP growth over the last two years."

The Courts

Silicon Valley Billionaire Fails To Prevent Access To Public Beach (theguardian.com) 283

Robotron23 writes: Vinod Khosla, a Silicon Valley venture capitalist, has lost his appeal to privatize Martins Beach -- a publicly-owned strip of coastline in California. Having previously fenced off the land in a bid to render the area private, Khosla has been ordered to restore access by a California court. Khosla had previously demanded the government pay him $30 million to reopen the gate to the beachfront. The law of California states that all beaches should be open to the public up to the "mean high tide line." "The decision this week, affirming a lower court ruling, stems from a lawsuit filed by the Surfrider Foundation, a not-for-profit group that says the case could have broader implications for beach access across the U.S.," reports The Guardian.
Transportation

VC Firm Benchmark Capital, An Early Investor In Uber, Sues Travis Kalanick For Fraud (axios.com) 21

Dan Primack, reporting for Axios: The battle between Benchmark Capital and Travis Kalanick just went nuclear, with the venture capital firm suing the former Uber CEO for fraud, breach of contract and breach of fiduciary duty. The complaint was filed earlier today in Delaware Chancery Court. Key graph, per the suit: "Kalanick, the former CEO of Uber, to entrench himself on Uber's Board of Directors and increase his power over Uber for his own selfish ends. Kalanick's overarching objective is to pack Uber's Board with loyal allies in an effort to insulate his prior conduct from scrutiny and clear the path for his eventual return as CEO -- all to the detriment of Uber's stockholders, employees, driver-partners, and customers." Why it matters: If Benchmark's suit is successful, Kalanick would be kicked off Uber's board of directors -- thus eliminating any faint hopes of him returning to the company in a substantial role.
Privacy

Disney Sued For Allegedly Spying On Children Through 42 Gaming Apps (washingtonpost.com) 40

schwit1 shares a report from The Washington Post (Warning: may be paywalled; alternative source): The Walt Disney Co. secretly collects personal information on some of their youngest customers and shares that data illegally with advertisers without parental consent, according to a federal lawsuit filed late last week in California. The class-action suit targets Disney and three other software companies -- Upsight, Unity and Kochava -- alleging that the mobile apps they built together violate the law by gathering insights about app users across the Internet, including those under the age of 13, in ways that facilitate "commercial exploitation."

The plaintiffs argue that Disney and its partners violated COPPA, the Children's Online Privacy Protection Act, a federal law designed to protect the privacy of children on the Web. The lawsuit, filed in U.S. District Court for the District of Northern California, seeks an injunction barring the companies from collecting and disclosing the data without parental consent, as well as punitive damages and legal fees. The lawsuit alleges that Disney allowed the software companies to embed trackers in apps such as "Disney Princess Palace Pets" and "Where's My Water? 2." Once installed, tracking software can then "exfiltrate that information off the smart device for advertising and other commercial purposes," according to the suit. Disney should not be using those software development companies, said Jeffrey Chester, the executive director of the Center for Digital Democracy. "These are heavy-duty technologies, industrial-strength data and analytic companies whose role is to track and monetize individuals," Chester said. "These should not be in little children's apps."
Disney responded to the lawsuit, saying: "Disney has a robust COPPA compliance program, and we maintain strict data collection and use policies for Disney apps created for children and families. The complaint is based on a fundamental misunderstanding of COPPA principles, and we look forward to defending this action in court."
Privacy

Prison Time For Manager Who Hacked Ex-Employer's FTP Server, Email Account (bleepingcomputer.com) 37

Catalin Cimpanu, writing for BleepingComputer: Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company's FTP server and the email account of one of his former colleagues. Needham did all the hacking after he left his former employer, Allen & Hoshall (A&H), a design and engineering firm for which he worked until 2013. Needham left to create his own company named HNA Engineering together with a business partner. HNA is also a design and engineering firm. According to court documents obtained by Bleeping Computer, between May 2014 and March 2016, Needham hacked into the email account of one of his former co-workers. From this account, the FBI says Needham took sensitive business information, company fee structures, marketing plans, project proposals, and lists of credentials for A&H's FTP server. A&H rotated its FTP credentials every six months, but Needham acquired new logins from his former colleague's email account.
Patents

'Podcasting Patent' Is Totally Dead, Appeals Court Rules (arstechnica.com) 30

A federal appeals court affirmed the April 2015 inter partes review (IPR) ruling -- a process that allows anyone to challenge a patent's validity at the U.S. Patent and Trademark Office -- that invalidated the so-called "podcasting patent." "That process was held by a company called Personal Audio, which had threatened numerous podcasts with lawsuits in recent years," reports Ars Technica. From the report: Back in 2013, Personal Audio began sending legal demand letters to numerous podcasters and companies, like Samsung, in an apparent attempt to cajole them into a licensing deal, lest they be slapped with a lawsuit. Some of those efforts were successful: in August 2014, Adam Carolla paid about $500,000. As Personal Audio began to gain more public attention, the Electronic Frontier Foundation, however, stepped in and said that it would challenge Personal Audio's US Patent No. 8,112,504, which describes a "system for disseminating media content representing episodes in a serialized sequence." In the end, EFF raised over $76,000, more than double its initial target.

[T]he history of Personal Audio dates to the late 1990s, when founder Jim Logan created a company seeking to create a kind of proto-iPod digital music player. But his company flopped. Years later, Logan turned to lawsuits to collect money from those investments. He sued companies over both the "episodic content" patent, as well as a separate patent, which Logan and his lawyers said covered playlists. He and his lawyers wrung verdicts or settlements from Samsung and Apple.

The Courts

Who's Profiting From The WannaCry Ransoms? (cnn.com) 31

CNN reports: For months, the ransom money from the massive WannaCry cyberattack sat untouched in online accounts. Now, someone has moved it. More than $140,000 worth of digital currency bitcoin has been drained from three accounts linked to the ransomware virus that hit hundreds of thousands of computers around the world in May.
Meanwhile, a Ukrainian law firm wants NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, said to be the point of origin of the NotPetya ransomware outbreak. An anonymous reader quotes BleepingComputer: The NotPetya ransomware spread via a trojanized M.E.Doc update, according to Microsoft, Bitdefender, Kaspersky, Cisco, ESET, and Ukrainian Cyber Police. A subsequent investigation revealed that Intellect-Service had grossly mismanaged the hacked servers, which were left without updates since 2013 and were backdoored on three different occasions... The Juscutum Attorneys Association says that on Tuesday, Ukrainian Cyber Police confirmed that M.E.Doc servers were backdoor on three different occasions in an official document. The company is now using this document as the primary driving force behind its legal action.
The law firm says victims must pay all of the court fees -- and give them 30% of any awarded damages.
Open Source

Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk) 307

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

Slashdot Top Deals