No Surprise: Judge Says US Government Can Take The Proceeds From Snowden's Book
Furnished content.
Back in the fall, we noted that, even if we thought it was silly, under existing law, it seemed highly likely that the DOJ would win its lawsuit against the publisher for Ed Snowden's memoir, Permanent Record. As I noted at the time, the government and the intelligence community in particular take the issue of "pre-publication review" incredibly seriously. Basically, if you take a job in the intel community, you sign a lifelong contract that says if you ever publish a book about anything regarding the intelligence community, you have to submit it for pre-publication review. Officially, this is to avoid classified information showing up in a book. Unofficially, it also gives the US government a sneak peek at all these books, and sometimes (it appears) allows them to hide stuff they'd rather not be public.As I noted when the lawsuit was filed, there is another ongoing lawsuit challenging pre-publication review requirements on 1st Amendment grounds -- but given the state of the law today, it seemed pretty clear that Snowden would lose this case. And, that's exactly what's happened. Judge Liam O'Grady (who seems to end up with all sorts of high profile cases) easily ruled in favor of the government last week. In short, the court says: an unambiguous contract is an unambiguous contract.The plain meaning of the contracts set forth above require prepublication review of a signatory's public disclosure which refer to, mention, or are based upon, classified information or intelligence activities or materials. The contractual language here is clear, and this Court is therefore legally barred from accepting extrinsic evidence of course of performance, course of dealing, and common trade practices. That was in response to Snowden's legal team from the ACLU trying to seek discovery to get more evidence to support his case before it went up for dismissal. No go. In the end, a contract is a contract:The terms of these Secrecy Agreements are clear, and provide that he is in breach of his contracts and the fiduciary duties identified therein if his public disclosures include the type of information and materials the contracts required to be submitted for prepublication review. Specifically, the CIA Secrecy Agreement requires prepublication review of "any writing... which contains any mention of intelligence data or activities, or contains any other information or material that might be based on" certain information, which was "received or obtained in the course of [CIA] employment... that is marked as classified or [known to be classified or known to be in the process of classification determination]."... Similarly, the NSA Secrecy Agreement require prepublication review of "all information or materials... prepared for public disclosure which contain or purport to contain, refer to, or are based upon protected information," which is "[i]nformation obtained as a result of [a] relationship with NSA which is classified or in the process of a classification determination," including but "not limited to, intelligence and intelligence-related information."... Because there is no genuine dispute of material fact that Snowden publicly disclosed the type of information and materials described above in Permanent Record and his speeches, the Government is entitled to summery judgment on both Counts. As Snowden pointed out when this happened, all this has really done is to draw more public attention to his book, of course. But, I can see from the DOJ's viewpoint that it may have felt that if it didn't go after Snowden and Macmillan for this, then others might question why they had to go through pre-publication review as well.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 24-Dec-2019
path: /Policy | permalink | edit (requires password)
Nearly 4,000 Ring Credentials Leaked, Including Users' Time Zones And Device Names
Furnished content.
The eternal flame that is Ring's dumpster fire of an existence continues to burn. In the past few months, the market leader in home surveillance products has partnered with over 600 law enforcement agencies to:The latest bad news for Ring -- via Caroline Haskins of BuzzFeed -- is another PR black eye inflicted on a company whose face that still hasn't healed from the last half-dozen black eyes.The log-in credentials for 3,672 Ring camera owners were compromised this week, exposing log-in emails, passwords, time zones, and the names people give to specific Ring cameras, which are often the same as camera locations, such as “bedroom” or “front door.” The compromised data plays right into the hands of the assholes who hang out in certain online forums solely for the purpose of hijacking people's Ring devices to hassle individuals who thought their homes would be more secure with the addition of an internet-connected camera.Ring says this leak of personal data isn't its fault. The company claims there's been no breach. Maybe so, but the information is out there and presumably being exploited.And it's kind of hard to take Ring's word for it. The company has been doing nothing but putting out PR fires ever since its law enforcement partnerships came to light earlier this year. And its explanation for where the sensitive data came from makes very little sense.“Ring has not had a data breach. Our security team has investigated these incidents and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” the spokesperson said. “It is not uncommon for bad actors to harvest data from other company's data breaches and create lists like this so that other bad actors can attempt to gain access to other services.” Ring's spokesperson did not specify which other "companies" it suspected of carelessly handling device names given to Ring devices by Ring users. The spokesperson also failed to explain why Ring took no interest in this sensitive Ring user info until after the security researcher who discovered the compromised credentials discussed his findings on Reddit. "Unable to assist" is not a proper response to notification of a possible breach, but that's exactly what Ring reps told the researcher when he first informed them of what he had found.Ring may have been quick to blame users for the commandeering of their cameras by a forum full of shitbirds, but the company does almost nothing to ensure users are protected from malicious activity. The only thing Ring does is recommend users utilize two-factor authentication and "strong passwords" (whatever that means). It does not alert users of attempted logins from unknown IP addresses or inform users how many users are logged in at any given time. Ring is doing less than the minimum to protect users but still seems to feel device hijackings are solely the fault of end users.This is a garbage company. There's no way around it. Ring has prioritized market growth and law enforcement partnerships over the millions of citizens/customers who own its products. Rather than provide a secure product that makes people safer, it's selling a domestic surveillance product that comes with law enforcement strings attached. It has shown it will bend over backwards for the government but is only willing to deliver the most hollow of "we care about our customers" statements in response to news cycle after news cycle showing it absolutely gives zero fucks about its end users.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 24-Dec-2019
path: /Policy | permalink | edit (requires password)
|
|