Slashdot Mirror

Leonovo will add $7.3 million into a $1M fund settling a class action lawsuit over their undisclosed pre-installation of Superfish's targeting adware on 28 different laptop models in 2014.

Within one year the U.S. Department of Homeland Security had warned that the adware made laptops vulnerable to SSL spoofing, allowing the reading of encrypted web traffic and the redirecting of traffic from official websites to spoofs, while according to Bloomberg the original software itself also "could access customer Social Security numbers, financial data, and sensitive heath information, the court said."

An anonymous reader quotes Softpedia: According to a "SuperFish Vulnerability" advisory published by Lenovo on their support website following the discovery of the pre-installed software by consumers, the VisualDiscovery comparison search engine software was designed to work in the background, intercepting HTTP(S) traffic with the help of a self-signed root certificate that allowed it to decrypt and monitor all traffic, encrypted or not.... "VisualDiscovery was installed on nearly 800,000 Lenovo laptops sold in the United States between September 1, 2014 and February 28, 2015," also states the settlement agreement. "On January 18, 2015, in response to mounting complaints about the effects of VisualDiscovery, Lenovo instructed Superfish to turn it off at the server level...."

Out of the 800,000 who bought the laptops that came with VisualDiscovery pre-installed, the 500,000 ones who registered their devices with Lenovo or bought them from retailers such as Best Buy and Amazon will be contacted directly by the Chinese company and informed about the settlement agreement. The rest of the customers who cannot be reached straightaway will be targeted by Lenovo using multiple online advertising platforms, from Google to Twitter and Facebook.
A separate settlement with the FTC in 2017 was criticized for its failure to fine Lenovo -- though it did require the company to get affirmative consent for any future adware programs, plus regular third-party audits of its bundled software for the next 20 years.

The New York Times Company on Thursday filed a lawsuit against the Federal Communications Commission (FCC) concerning records the newspaper alleges may shed light on possible Russian participation in a public comment period before the commission rolled back Obama-era net neutrality rules. Bloomberg reports: The plaintiffs, including Times reporter Nicholas Confessore and investigations editor Gabriel Dance, filed in the U.S. District Court for the Southern District of New York Sept. 20 under the Freedom of Information Act, seeking to compel the commission to hand over data. "The request at issue in this litigation involves records that will shed light on the extent to which Russian nationals and agents of the Russian government have interfered with the agency notice-and-comment process about a topic of extensive public interest: the government's decision to abandon 'net neutrality,'" the plaintiffs alleged.

The Trump administration said late Wednesday that it would not delay an Obama-era regulation on smog-forming pollutants from smokestacks and tailpipes (Editor's note: the link could be paywalled; alternative source), a move that environmental groups hailed as a victory. From a report: The Environmental Protection Agency decision came a day after 16 state attorneys general, all Democrats, filed a lawsuit challenging the delay with the United States Court of Appeals for the District of Columbia. It reversed a decision that Scott Pruitt, the E.P.A. administrator, made in June to put off an Oct. 1 deadline for designating which areas of the country met new ozone standards. In announcing the ozone policy change, the agency appeared to leave the door open to extending the deadline again. But, officials said, the agency will work with states to help them deliver the needed information.

New submitter matt.a.f writes "Rep. Darrell Issa (R-CA) has published a first-draft Internet Bill of Rights, and it's open for feedback. He wrote, 'While I do not have all the answers, the remarkable cooperation we witnessed in defense of an open Internet showed me three things. First, government is flying blind, interfering and regulating without understanding even the basics. Second, we have a rare opportunity to give government marching orders on how to treat the Internet, those who use it and the innovation it supports. And third, we must get to work immediately because our opponents are not giving up.' Given the value of taking an active approach agains prospective laws such as SOPA, PIPA, and ACTA, I think it's very important to try to spread awareness, participation, and encourage elected officials to support such things."

bricko writes "A federal appeals court says copyright-infringing downloaders can now be outed. If you use or have used P2P, this may interest you. From Wired: 'The RIAA detected what it claimed to be infringing activity on an IP address the university linked to the student. The unidentified student moved to quash a federal judge’s order that the university forward the student’s identity to the RIAA. The student asserted a First Amendment right of privacy on the Internet, in addition to a fair-use right to the six music tracks in question. The appeals court ruled in the RIAA’s favor (PDF) after balancing a constitutional right to remain anonymous against a copyright owner’s right to disclosure of the identity of a possible “trespasser of its intellectual property interest."'"

jjohn24680 passes along word that a federal judge has thrown out a local sheriff's lawsuit accusing the online classified group Craigslist of facilitating prostitution. We discussed the case when it was filed back in March. Here is the decision (PDF). "As was pretty clear at the time, Craigslist is the service provider and is quite obviously protected by Section 230 immunity. ... Even after all of this was clearly explained to Sheriff Dart, he still insisted that his lawsuit made sense. It looks like the court system, however, does not agree. As expected, the case has been dismissed on Section 230 grounds."

Hugh Pickens writes "Thomas O'Toole writes that President Obama's choice for Associate Supreme Court Justice, Sonia Sotomayor, authored several cyberlaw opinions regarding online contracting law, domain names, and computer privacy while on the Second Circuit. Judge Sotomayor wrote the court's 2002 opinion in Specht v. Netscape Communications Corp., an important online contracting case. In Specht, the Second Circuit declined to enforce contract terms (PDF) that were available behind a hyperlink that could only be seen by scrolling down on a Web page. 'We are not persuaded that a reasonably prudent offeree in these circumstances would have known of the existence of license terms,' wrote Sotomayor. Judge Sotomayor wrote an opinion in a domain name case, Storey v. Cello Holdings LLC in 2003 that held that an adverse outcome in an administrative proceeding under the Uniform Domain Name Dispute Resolution Policy did not preclude a later-initiated federal suit (PDF) brought under the Anticybersquatting Consumer Protection Act (ACPA). In Leventhal v. Knapek, a privacy case, Judge Sotomayor wrote for the Second Circuit that New York state agency officials and investigators did not violate a state employee's Fourth Amendment rights when they searched the contents of his office computer (PDF) for evidence of unauthorized use of state equipment. While none of these cases may mean much as far as what Judge Sotomayor will do as an Associate Supreme Court Justice 'if confirmed, she will be the first justice who has written cyberlaw-related opinions before joining the court,' writes O'Toole."

Hugh Pickens writes "Thomas O'Toole writes that President Obama's choice for Associate Supreme Court Justice, Sonia Sotomayor, authored several cyberlaw opinions regarding online contracting law, domain names, and computer privacy while on the Second Circuit. Judge Sotomayor wrote the court's 2002 opinion in Specht v. Netscape Communications Corp., an important online contracting case. In Specht, the Second Circuit declined to enforce contract terms (PDF) that were available behind a hyperlink that could only be seen by scrolling down on a Web page. 'We are not persuaded that a reasonably prudent offeree in these circumstances would have known of the existence of license terms,' wrote Sotomayor. Judge Sotomayor wrote an opinion in a domain name case, Storey v. Cello Holdings LLC in 2003 that held that an adverse outcome in an administrative proceeding under the Uniform Domain Name Dispute Resolution Policy did not preclude a later-initiated federal suit (PDF) brought under the Anticybersquatting Consumer Protection Act (ACPA). In Leventhal v. Knapek, a privacy case, Judge Sotomayor wrote for the Second Circuit that New York state agency officials and investigators did not violate a state employee's Fourth Amendment rights when they searched the contents of his office computer (PDF) for evidence of unauthorized use of state equipment. While none of these cases may mean much as far as what Judge Sotomayor will do as an Associate Supreme Court Justice 'if confirmed, she will be the first justice who has written cyberlaw-related opinions before joining the court,' writes O'Toole."

Hugh Pickens writes "Thomas O'Toole writes that President Obama's choice for Associate Supreme Court Justice, Sonia Sotomayor, authored several cyberlaw opinions regarding online contracting law, domain names, and computer privacy while on the Second Circuit. Judge Sotomayor wrote the court's 2002 opinion in Specht v. Netscape Communications Corp., an important online contracting case. In Specht, the Second Circuit declined to enforce contract terms (PDF) that were available behind a hyperlink that could only be seen by scrolling down on a Web page. 'We are not persuaded that a reasonably prudent offeree in these circumstances would have known of the existence of license terms,' wrote Sotomayor. Judge Sotomayor wrote an opinion in a domain name case, Storey v. Cello Holdings LLC in 2003 that held that an adverse outcome in an administrative proceeding under the Uniform Domain Name Dispute Resolution Policy did not preclude a later-initiated federal suit (PDF) brought under the Anticybersquatting Consumer Protection Act (ACPA). In Leventhal v. Knapek, a privacy case, Judge Sotomayor wrote for the Second Circuit that New York state agency officials and investigators did not violate a state employee's Fourth Amendment rights when they searched the contents of his office computer (PDF) for evidence of unauthorized use of state equipment. While none of these cases may mean much as far as what Judge Sotomayor will do as an Associate Supreme Court Justice 'if confirmed, she will be the first justice who has written cyberlaw-related opinions before joining the court,' writes O'Toole."

Hugh Pickens writes "The Fourth Circuit Court of Appeals has issued an opinion affirming a ruling that will be cheered by digital fair use proponents for allowing a fair use of students' work when their teachers electronically file students' written work with the turnitin.com Web site so that newly submitted work can be compared against Turnitin's database of existing student work to assess whether the new work is the result of plagiarism. The court stepped through the fair use analysis, dropping positive notes that affirm commercial uses can be fair uses, that a use can be transformative 'in function or purpose without altering or actually adding to the original work,' and that the entirety of a work can be used without precluding a finding of fair use. Techdirt suggests that all of these points could have been helpful to Google in defending its book scanning efforts, 'since it could make pretty much the identical arguments on all points.' Unfortunately Google caved in that lawsuit and settled, 'denying a strong fair use precedent and making Google look like an easy place for struggling industries to demand cash.'"

RZG writes "The U.S. Court of Appeals for the Ninth Circuit ruled on July 18th that contracts posted online cannot be updated without notifying users (PDF of ruling). 'Parties to a contract have no obligation to check the terms on a periodic basis to learn whether they have been changed by the other side,' the court wrote. This ruling has consequences for many online businesses, which took for granted their right to do this (see for example item 19 in Google's Terms of Service)."

NewYorkCountryLawyer writes "In a decision that could have far-reaching implications, a federal court in Pennsylvania has held that the California arbitration clause in the 'take it or leave it' clickwrap agreement on the Second Life website is unconscionable, and therefore unenforceable. In its decision (pdf) in Bragg v. Linden Research, Inc., No. 06-4925 (E.D. Pa. May 30, 2007), the Court concluded that the Second Life 'terms of service' seek to impose a one-sided dispute resolution scheme that tilts unfairly, 'in almost all situations,' in Second Life's favor. As a result, the case will stay in Pennsylvania federal court, instead of being transferred to an arbitration forum in California."

NewYorkCountryLawyer writes "In a decision that could have far-reaching implications, a federal court in Pennsylvania has held that the California arbitration clause in the 'take it or leave it' clickwrap agreement on the Second Life website is unconscionable, and therefore unenforceable. In its decision (pdf) in Bragg v. Linden Research, Inc., No. 06-4925 (E.D. Pa. May 30, 2007), the Court concluded that the Second Life 'terms of service' seek to impose a one-sided dispute resolution scheme that tilts unfairly, 'in almost all situations,' in Second Life's favor. As a result, the case will stay in Pennsylvania federal court, instead of being transferred to an arbitration forum in California."

carre4 writes "Lawyers in California have filed a class-action lawsuit against Sony and a second one may be filed today in New York. The lawsuit was filed Nov. 1 in Superior Court for the County of Los Angeles by Vernon, CA attorney Alan Himmelfarb. It asks the court to prevent Sony from selling additional CDs protected by the anti-piracy software, and seeks monetary damages for California consumers who purchased them. The suit alleges that Sony's software violates at least three California statutes, including the "Consumer Legal Remedies Act," which governs unfair and/or deceptive trade acts; and the "Consumer Protection against Computer Spyware Act," which prohibits -- among other things -- software that takes control over the user's computer or misrepresents the user's ability or right to uninstall the program. The suit also alleges that Sony's actions violate the California Unfair Competition law, which allows public prosecutors and private citizens to file lawsuits to protect businesses and consumers from unfair business practices. EFF has released a list of rootkit affected CD's and Slashdot user xtracto also has a list."

Anonymous Coward writes: "The Journal of Technology Law and Policy has a good article on computer security and privacy. If you ignore the more metaphorical crap at the beginning of the article, the author marches through some laws that apply to the Internet and shows how they apply and why his way of deciding what kind of access to a computer breaks the law and what kinds don't is better. (Its based on property and expectations of privacy.) It's interesting to see the computer security from a lawyer's point of view. Especially interesting are his claims that using nmap is illegal, despite the VC3 v. Moulton case. I'm not sure I agree with him, but he definitely makes a pretty sobering case." Actually, I think the metaphors throughout this piece (not just at the beginning) are what make it interesting, and a big component of law is dealing with metaphors. This piece also collects in one place a lot of the cases dealing with computer law.

alkali writes "The New Republic has a short essay by Brendan Koerner which explains some of the legal history behind UCITA. If you've never heard of Mortenson v. Timberline before, you need to read this." Pretty good review of the the concept of liability for defective software.

Hugh D. Hyatt writes: "Paraphrasing BNA Internet Law News: The appeal by several people posting mirrored versions of the Cyberpatrol hack has been rejected due to a lack of standing. The case had the potential to provide insight into free speech and copyright issues on the Internet with several high profile briefs filed as part of the case. So far there's been no media coverage but the case itself can be found here". Keep in mind that this appeal was filed by people not involved in the original case against Skala and Jansson, and this is a technicality judgment rather than an examination of the merits of the case. The court makes clear that the appellants were NOT affected by the original judgment and hence cannot be considered to be bound by it (or appeal it) - similar reasoning would also be applied in other cases such as the DeCSS suits, so this is a good look at what standing those mass-mailings of MPAA threat letters really have in law.

"The coin, however, has a flip side. A nonparty who has acted independently of the enjoined defendant will not be bound by the injunction, and, if she has had no opportunity to contest its validity, cannot be found in contempt without a separate adjudication. See id.; see also Alemite, 42 F.2d at 832 (declaring that a decree which purports to enjoin nonparties who are neither abettors nor legally identified with the defendant "is pro tanto brutum fulmen," and may safely be ignored). This tried and true dichotomy safeguards the rights of those who truly are strangers to an injunctive decree. It does not offend due process."

My Latin is a little rusty, but "pro tanto brutum fulmen" seems to mean something like "the court's heavy thunderbolt only reaches to a limited extent".

EraseMe writes "Sucks. A quick whois shows that a whole slew of offensive domain names are owned by the Central District of California US District Court. Is this an attempt at using our tax dollars towards lucrative purchases, or simply a censorship of our global freedom?" The second, but not in the way that you think. The court holds the domains because there's an ongoing suit which is challenging Network Solutions' refusal to register domains based on the Pacifica "seven dirty words" case. It was covered a few months ago in various news outlets.

Even more interesting is NSI's practice of refusing registrations to some registrants but granting them to others. Various registrants tried to register "nigger.com", and were refused, before NSI permitted the NAACP to register it (although why the NAACP wants to be associated with nigger.com is hard for me to grasp). Why do some organizations get special treatment for registering domain names?