Slashdot Mirror

Dream Market, today's top dark web marketplace, today announced plans to shut down on April 30. From a report: The announcement came on the same day Europol, FBI, and DEA officials announced tens of arrests and a massive crackdown on dark web drug trafficking. The timing of the four announcements immediately sent most of Dream Market's users and dark web threat intel analysts into a frenzy of theories that law enforcement might have already seized the site and are now running a honeypot operation. Their fears are based on a similar event from June 2017 when Dutch police took over Hansa Market and ran the site for a month while collecting evidence on the portal's users. Law enforcement later used passwords collected from Hansa Market users to gain access to accounts on other dark web marketplaces.

mi shares a report from The Washington Post (Warning: source may be paywalled; alternative source): The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls "Going Dark" -- the spread of encrypted software that can block investigators' access to digital data even with a court order. "The FBI's initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,'' the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

schwit1 shares an exclusive report via BuzzFeed: The fingerprint-analysis software used by the FBI and more than 18,000 other U.S. law enforcement agencies contains code created by a Russian firm with close ties to the Kremlin, according to documents and two whistleblowers. The allegations raise concerns that Russian hackers could gain backdoor access to sensitive biometric information on millions of Americans, or even compromise wider national security and law enforcement computer systems. The Russian code was inserted into the fingerprint-analysis software by a French company, said the two whistleblowers, who are former employees of that company. The firm -- then a subsidiary of the massive Paris-based conglomerate Safran -- deliberately concealed from the FBI the fact that it had purchased the Russian code in a secret deal, they said. The Russian company whose code ended up in the FBI's fingerprint-analysis software has Kremlin connections that should raise similar national security concerns, said the whistleblowers, both French nationals who worked in Russia. The Russian company, Papillon AO, boasts in its own publications about its close cooperation with various Russian ministries as well as the Federal Security Service -- the intelligence agency known as the FSB that is a successor of the Soviet-era KGB and has been implicated in other hacks of U.S. targets.

Cybersecurity experts said the danger of using the Russian-made code couldn't be assessed without examining the code itself. But "the fact that there were connections to the FSB would make me nervous to use this software," said Tim Evans, who worked as director of operational policy for the National Security Agency's elite cyberintelligence unit known as Tailored Access Operations and now helps run the cybersecurity firm Adlumin. The FBI's overhaul of its fingerprint-recognition technology, unveiled in 2011, was part of a larger initiative known as Next Generation Identification to expand the bureau's use of biometrics, including face- and iris-recognition technology. The TSA also relies on the FBI fingerprint database.

An anonymous reader writes: The FBI issued a press release about the 30-year prison sentence for a 58-year-old Florida man running "the world's largest child pornography website, with more than 150,000 users around the world." But their investigation involved what Gizmodo describes as "a decision controversial to this day" -- taking over the child pornography site and running it "for almost two weeks while distributing malware designed to unmask its visitors." Thursday the FBI described it as "a court-approved network investigative technique" which led to more than 1,000 leads in the U.S. and "thousands more" for law enforcement partners in other countries, leading to arrests in the EU, Israel, Turkey, Peru, Malaysia, Chile, and the Ukraine. Those 1,000 U.S. leads led to "at least 350 U.S-based individuals arrested", as well as actual prosecutions of 25 producers of child pornography and 51 hands-on abusers, while 55 children were "identified or rescued" in America, and another 296 internationally who were sexually abused.

Though Motherboard describes it as hacking "over 8,000 computers in 120 countries based on one warrant," the FBI calls it their "most successful effort to date against users of Tor's hidden service sites," adding that the agency "has numerous investigations involving the dark web." Though they'd soon became aware of the site's existence, "given the nature of how Tor hidden services work, there was not much we could do about it" -- until a foreign law enforcement agency discovered the site had "slipped up" by revealing its actual IP address, and notified the U.S. investigators. The FBI also says the investigation "has opened new avenues for international cooperation in efforts to prosecute child abusers around the world."
The site's two other administrators -- both men in their 40s -- were also given 20-year prison sentences earlier this year.

schwit1 shares with us a report on a 11-part series led by The Intercept reporter Cora Currier: Secret FBI rules allow agents to obtain journalists' phone records with approval from two internal officials -- far less oversight than under normal judicial procedures. The classified rules dating from 2013, govern the FBI's use of national security letters, which allow the bureau to obtain information about journalists' calls without going to a judge or informing the news organization being targeted. They have previously been released only in heavily redacted form. Media advocates said the documents show that the FBI imposes few constraints on itself when it bypasses the requirement to go to court and obtain subpoenas or search warrants before accessing journalists' information. The rules stipulate that obtaining a journalist's records with a national security letter requires the signoff of the FBI's general counsel and the executive assistant director of the bureau's National Security Branch, in addition to the regular chain of approval. Generally speaking, there are a variety of FBI officials, including the agents in charge of field offices, who can sign off that an NSL is "relevant" to a national security investigation. There is an extra step under the rules if the NSL targets a journalist in order "to identify confidential news media sources." In that case, the general counsel and the executive assistant director must first consult with the assistant attorney general for the Justice Department's National Security Division. But if the NSL is trying to identify a leaker by targeting the records of the potential source, and not the journalist, the Justice Department doesn't need to be involved. The guidelines also specify that the extra oversight layers do not apply if the journalist is believed to be a spy or is part of a news organization "associated with a foreign intelligence service" or "otherwise acting on behalf of a foreign power." Unless, again, the purpose is to identify a leak, in which case the general counsel and executive assistant director must approve the request.

An anonymous reader shares this update about programmer/game developer Brianna Wu as well as the FBI's recently-released report on their GamerGate investigation:Wu has officially unveiled the web site for her campaign for a seat in the U.S. Congress, and says if elected she'll confront the FBI over their "appalling failure" when investigating members of the controversial GamerGate coalition. "Wu catalogued more than 180 death threats that she said she received because she spoke out against sexism in the game industry and #GamerGate misogyny," according to VentureBeat, which quotes Wu as saying "only a fraction of a fraction of the information we gave them was ever looked into."

The article says the FBI did investigate -- even asking Google to "preserve records" for several email addresses and YouTube accounts, and making a similar request to Microsoft. And the FBI also interviewed one minor who admitted to making at least 40 threatening phone calls, but after turning over that information learned that the state of Massachusetts had declined to prosecute. In the end the FBI's 173-page report ultimately concluded that there were no actionable leads.
Wu's response? "All this report does for me is show how little the FBI cared about the investigation."

An anonymous reader shares this update about programmer/game developer Brianna Wu as well as the FBI's recently-released report on their GamerGate investigation:Wu has officially unveiled the web site for her campaign for a seat in the U.S. Congress, and says if elected she'll confront the FBI over their "appalling failure" when investigating members of the controversial GamerGate coalition. "Wu catalogued more than 180 death threats that she said she received because she spoke out against sexism in the game industry and #GamerGate misogyny," according to VentureBeat, which quotes Wu as saying "only a fraction of a fraction of the information we gave them was ever looked into."

The article says the FBI did investigate -- even asking Google to "preserve records" for several email addresses and YouTube accounts, and making a similar request to Microsoft. And the FBI also interviewed one minor who admitted to making at least 40 threatening phone calls, but after turning over that information learned that the state of Massachusetts had declined to prosecute. In the end the FBI's 173-page report ultimately concluded that there were no actionable leads.
Wu's response? "All this report does for me is show how little the FBI cared about the investigation."

blottsie writes from a report via Daily Dot: Earlier this year, the FBI released a free, online video game featuring sheep in its attempts to fight terrorism recruitment efforts. The game is called The Slippery Slope of Violent Extremism, and it is a real thing that exists. You can play it here. After journalists filed a FOIA request to find out more about the game, the FBI said it would take two years to respond -- a staggeringly long wait that helps expose how the Bureau actively avoids responding to open-records requests. The information requested asked for "all documents -- specifically memos, email correspondence, and budgets -- around the development, release, and public reception of the FBI's Slippery Slope game. It's the one with the sheep." There are several reasons why it would take two years to respond. One reason is because of the lack of requests. "If 500 people want to have the FBI file on a famous dead person, that's going to be available, and it's going to be available quickly," J. Pat Brown, an employee at MuckRock, a nonprofit that helps journalists, researchers, good government groups, and interested members of the public make FOIA requests of government agencies, said. "But basic requests about agency activities are pushed into their own pile," adds Daily Dot. Another part of the problem has to do with the outdated technology used by government agencies. "Many of the computers the FBI is using to search for this material are from the 1980s and lack graphical interfaces. Outdated technology being a hurdle to government transparency is common across many federal agencies. The CIA only accepts FOIA request by fax machine, for example," reports Daily Dot. "In 2013, the Office of the Secretary of Defense, which oversees the NSA among other agencies, was unable to accept FOIA requests for months because its fax machine broke and it had to wait until the next fiscal year to get it replaced." What's more is that government agencies are often not required to disclose information after long wait times for processing FOIAs. "As Ginger McCall of the Electronic Privacy Information Center told the Daily Dot in 2014, she once waited four years with near total silence on a FOIA request about the TSA's airport body-scanner technology only to get a note out of the blue from TSA saying she had to respond with 30 days if she wanted them to continue processing her request," reports Daily Dot. "When McCall reached out to others who had made FOIA requests to agencies under the Department of Homeland Security umbrella, they reported similar experiences."

Long-time Slashdot reader coondoggie quotes an article from Network World: The FBI today said it released a new application making it easier for the public -- as well as financial institutions, law enforcement agencies, and others -- to view photos and information about bank robberies in different geographic areas of the country.
The FBI's new "Bank Robbers" application runs on both Android and iOS, according to the article, "and lets users sort bank robberies by the date they occurred, the category they fall under (i.e., armed serial bank robber), the FBI field office working the case, or the state where the robbery occurred." The app ties into BankRobbers.fbi.gov, which overlays FBI information about bank robberies onto Google Maps.

The app's users "can also select push notifications to be informed when a bank robbery has taken place near their location," according to the FBI's site, which adds innocently that "If the location services on your device are enabled, you can view a map that shows the relevant bank robberies that took place in your geographic area..."

Long-time Slashdot reader coondoggie quotes an article from Network World: The FBI today said it released a new application making it easier for the public -- as well as financial institutions, law enforcement agencies, and others -- to view photos and information about bank robberies in different geographic areas of the country.
The FBI's new "Bank Robbers" application runs on both Android and iOS, according to the article, "and lets users sort bank robberies by the date they occurred, the category they fall under (i.e., armed serial bank robber), the FBI field office working the case, or the state where the robbery occurred." The app ties into BankRobbers.fbi.gov, which overlays FBI information about bank robberies onto Google Maps.

The app's users "can also select push notifications to be informed when a bank robbery has taken place near their location," according to the FBI's site, which adds innocently that "If the location services on your device are enabled, you can view a map that shows the relevant bank robberies that took place in your geographic area..."

An anonymous Slashdot reader quotes a report from Motherboard: It's been just over a year since amateur aviation sleuths first revealed the FBI's secret aerial surveillance of the civil unrest in Baltimore, Maryland. Now, in response to a FOIA request from the ACLU, the Bureau has released more than 18 hours of aerial footage from the Baltimore protests captured by their once-secret spy planes, which regularly fly in circles above major cities and are commonly registered to fake companies.

The cache is likely the most comprehensive collection of aerial surveillance footage ever released by a US law enforcement agency... The footage shows the crowds of protesters captured in a combination of visible light and infrared spectrum video taken by the planes' wing-mounted FLIR Talon cameras. While individual faces are not clearly visible in the videos, it's frighteningly easy to imagine how cameras with a slightly improved zoom resolution and face recognition technology could be used to identify protesters in the future.
The FBI says they're only using the planes to track specific suspectds in serious crime investigations, according to the article, which adds that "The FBI flew their spy planes more than 3,500 times in the last six months of 2015, according to a Buzzfeed News analysis of data collected by the aircraft-tracking site FlightRadar24."

An anonymous reader writes: The Federal Bureau of Investigation says it is no longer investigating the unsolved mystery of D.B. Cooper. The bureau said Tuesday that it's "exhaustively reviewed all credible leads" during its 45-year investigation and has redirected those resources to other priorities. The investigation was of a man calling himself Dan Cooper (the media mistakenly called him D.B. Cooper and it stuck) who hijacked a Boeing 727 headed for Seattle after boarding at Portland International Airport on November 24, 1971. In Seattle, he claimed he had an explosive device and demanded parachutes and $200,000 in ransom money. After releasing the 36 passengers from the plane and receiving four parachutes and $200,000 in cash, Cooper ordered several of the crew members who were kept on board to fly to Mexico City. Shortly after returning to the air, Cooper jumped from the back of the plane and landed somewhere in the Pacific Northwest. No trace of Cooper was found, but several bundles of cash were found in 1980. The FBI says it has conducted searches, collected all available evidence and interviewed all identifiable witnesses, but none have resulted in identifying the hijacker.

An anonymous reader writes from a report via EFF: The federal Government Accountability Office published a report on the FBI's face recognition capabilities that says the FBI has access to hundreds of millions of photos. According to the GAO report, the FBI's Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to the FBI's Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, but it also has access to the State Department's Visa and Passport databases, the Defense Department's biometric database, and the drivers license databases of at least 16 states. This totals 411.9 million images, most of which are Americans and foreigners who have committed no crimes. In May, it was reported that the FBI is keeping information contained in the NGI database private and unavailable. It argues in a proposal that the database should be exempt from the Privacy Act.

Trailrunner7 quotes a report from onthewire.io: The FBI is working to keep information contained in a key biometric database private and unavailable, even to people whose information is contained in the records. The database is known as the Next Generation Identification System (NGIS), and it is an amalgamation of biometric records accumulated from people who have been through one of a number of biometric collection processes. That could include convicted criminals, anyone who has submitted records to employers, and many other people. The NGIS also has information from agencies outside of the FBI, including foreign law enforcement agencies and governments. Because of the nature of the records, the FBI is asking the federal government to exempt the database from the Privacy Act, making the records inaccessible through information requests. From the report: "The bureau says in a proposal to exempt the database from disclosure that the NGIS should be exempt from the Privacy Act for a number of reasons, including the possibility that providing access 'could compromise sensitive law enforcement information, disclose information which would constitute an unwarranted invasion of another's personal privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detection or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses.'" RT released a similar report on the matter.

coondoggie quotes a report from Networkworld: The FBI today said it was offering a reward of up to $25,000 for information leading to the recovery of seven Andy Warhol paintings stolen from the Springfield Art Museum in Springfield, Missouri. The collection, which has been owned by the Springfield Art Museum since 1985, is set number 31 of the Campbell's Soup I collection and is valued at approximately $500,000. Each painting in the screen print collection measures 37 inches high by 24.5 inches wide and framed in white frames, the FBI stated. The FBI says that seven of 10 Andy Warhol paintings Campbell's Soup I collection, made in 1968, were taken. Since its inception, the FBI's Art Crime Team has recovered more than 2,650 items valued at over $150 million.

New submitter ffkom writes: European police organization Europol was probably jealous of the fame and popularity of the FBI's Most Wanted site, so they finally launched their own, European version. And if you want to know what a peaceful place Europe is, just consider this: You don't even have to kill anyone to get on the current "Most Wanted Fugitives" list. A mere fraud worth 12€ is currently enough to get you into this "Hall of questionable fame."

An anonymous reader writes: Your devices should come with a government backdoor. That's according to the heads of the FBI, NSA, and DHS. There are many objections, especially that backdoors add massive security risks.

Would backdoors even be effective, though? In a new writeup, a prominent Stanford security researcher argues that crypto backdoors "will not work." Walking step-by-step through a hypothetical backdoored Android, he argues that "in order to make secure apps just slightly more difficult for criminals to obtain, and just slightly less worthwhile for developers, the government would have to go to extraordinary lengths. In an arms race between cryptographic backdoors and secure apps, the United States would inevitably lose."

Advocatus Diaboli sends a story of how a high tech forensic procedure almost led investigators to the wrong person. In 1996, a young woman named Angie Dodge was assaulted and murdered in Idaho Falls, Idaho. There was a conviction in the case, but later reports claimed the wrong man was in prison, and police thought there were more than one attacker anyway. This eventually led to the re-opening of the investigation. Using DNA evidence that had been preserved from the crime scene, police used a controversial technique called familial searching to try to find a lead. This method is used when there is no direct DNA match within the available databases. Instead, it tries to identify family members of the suspect. Police found a partial match, which eventually led them to Michael Usry, a New Orleans filmmaker. They convinced a judge to provide a search warrant to extract Usry's DNA and test it against the sample. It wasn't until a month after the extraction that they told him he'd been cleared.

mpicpp sends word that the FBI and the U.S. State Department have announced the largest-ever reward for a computer hacking case. They're offering up to $3 million for information leading to the arrest of Evgeniy Bogachev, a 31-year-old Russian national. Bogachev is the alleged administrator of the GameOver Zeus botnet, estimated to have affected over a million computers, causing roughly $100 million in damages. "Bogachev has been charged by federal authorities in Pittsburgh, Pennsylvania, with conspiracy, computer hacking, wire fraud, bank fraud and money laundering... He also faces federal bank fraud conspiracy charges in Omaha, Nebraska related to his alleged involvement in an earlier variant of Zeus malware known as 'Jabber Zeus.'"

phantomfive writes: Bruce Schneier has an opinion piece discussing the Sony attack. He says, "Your reaction to the massive hacking of such a prominent company will depend on whether you're fluent in information-technology security. If you're not, you're probably wondering how in the world this could happen. If you are, you're aware that this could happen to any company." He continues, "The worst invasion of privacy from the Sony hack didn’t happen to the executives or the stars; it happened to the blameless random employees who were just using their company’s email system. Because of that, they’ve had their most personal conversations—gossip, medical conditions, love lives—exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now. This could be any of us." Related: the FBI has officially concluded that the North Korean government is behind the attack.

An anonymous reader sends this report from The Verge: Senator Ron Wyden (D-OR) is trying to proactively block FBI head James Comey's request for new rules that make tapping into devices easier. The Secure Data Act would ban agencies from making manufacturers alter their products to allow easier surveillance or search, something Comey has said is necessary as encryption becomes more common and more sophisticated. "Strong encryption and sound computer security is the best way to keep Americans' data safe from hackers and foreign threats," said Wyden in a statement. "It is the best way to protect our constitutional rights at a time when a person's whole life can often be found on his or her smartphone."

Bennett Haselton writes As commenters continue to blame Jennifer Lawrence and other celebrities for allowing their nude photos to be stolen, there is only one rebuttal to the victim-blaming which actually makes sense: that for the celebrities taking their nude selfies, the probable benefits of their actions outweighed the probable negatives. Most of the other rebuttals being offered, are logically incoherent, and, as such, are not likely to change the minds of the victim-blamers. Read below to see what Bennett has to say.

In a new Vanity Fair interview, Jennifer Lawrence calls the theft of her nude photos a "sex crime". Predictably, a good portion of the 300+ comments posted on TheVerge's article contained an element of victim-blaming -- "maybe people in her position should think twice about taking nude photos? I’m sure it could help" ; "She posted them online. Unless she is a complete rube, she should have known of the security risks" ; "Victims can be blamed for putting themselves into potentially exploitable situations. Something similar might be going to a rave without a friend." ; and more variations on things that had already been said many times ever since the original photo leak on August 31st.

These comments are mostly being met with angry backlash from other commenters, which is good. But the rebuttals themselves tend to violate the rules of logic and consistency, which is bad. And when victim-blamers can spot the flaws so easily in their opponents' logic, their own minds are unlikely to be changed.

A typical example of a weak "rebuttal" is this cartoon you may have seen shared on Facebook, in which an arrogant man lectures women, "Don't want your nude selfies to leak, ladies? Simple: don't take any! Bothered by street harassment? Don't be so eager to walk down streets." Sorry, but if the second piece of advice was meant to highlight the absurdity of the first, the analogy doesn't work -- because you kinda have to walk down streets, but nobody has to take a nude selfie.

This is a recurring theme in the "rebuttal" comments that I've seen, including those on TheVerge's article -- telling the victim-blamers that they might just as well blame themselves for the risks of walking down the street, or buying something from Home Depot ( burn! ), or having a credit card at all, or owning a valuable object that could be a target of theft. Sample comments: "by that standard... you shouldn’t have had something of value to begin with, or else you were just asking for it to be stolen" ; "Just like when you walk down the street you should be fully aware of the potential to be mugged" ; "So, we will hold you to the very same 'complete rube' test when you fall victim to identity theft or unauthorized charges to your credit cards" ; etc.

All of these "rebuttals" are committing the same logical error: they're drawing an analogy to things that you either have to do (walk down the street) or pretty-much-have to do (own a credit card, own at least one valuable object). This means the victim-blamers have such an easy response -- "Those are all things you have to do; but taking a nude selfie is different, because nobody has to do that!" So the victim-blamers are unlikely to have their minds changed by such an analogy, since their own central premise is so obvious to them: the victims chose to take the nude selfies, and the leak never would have happened if they hadn't.

So, let's respond to the victim-blamers on their own terms, by acknowledging first of all: Of course, they're right. Of course taking the selfies was an optional choice, and of course the only way to stop nude selfies from leaking, is not to take them. But this is ignoring (a) the benefits of taking nude selfies; and (b) the low risk of them getting leaked. (The fact that the pictures did get leaked, does not mean that the selfie-takers misjudged the risk of it happening; rather, it was very unlikely, but the victims got unlucky and it happened to them.)

To begin with the benefits: Jennifer Lawrence explained bluntly in her Vanity Fair interview why she took the photos: "I was in a loving, healthy, great relationship for four years. It was long distance, and either your boyfriend is going to look at porn or he's going to look at you." (Considering how easily she could have gotten away with some platitudes about how "deeply hurt" she was, and how she "thanks all her fans for her support in this difficult period" -- doesn't a quote like that make you think she's decently cool?) OK, so that's the benefit. To her boyfriend at the time, a pretty big benefit.

As for the risks, whenever someone takes a risk of a bad outcome and the bad outcome does happen, it's tempting to think that they misjudged the risks. (I'll bet that a psychological experiment could demonstrate this easily -- have test subjects read stories of people who took a risk that was known to be small, but who got unlucky and fell victim to the bad outcome anyway, and see if the test subjects incorrectly judge the risk-takers to be foolish.) But out of the millions of nude photos that are probably sent between cell phone users every month, a vanishly small proportion of them get stolen in security breaches of cloud storage. (Usually the far greater risk is that the recipient will forward the image to other people until it gets out of control.) There's no reason to think that Jennifer Lawrence and other victims of the hacking scandal underestimated the risk of the photos being stolen from the cloud. If anything, most users are probably over-estimating the risk today, while the news of the breach is fresh in their minds.

In cases where the benefits of an action clearly don't outweigh the risks, that's when "victim-blaming" might be appropriate, even if we don't call it that. If someone leaves their car unlocked and leaves a valuable item in plain view in the front seat, we might feel less sorry for them if they return to their car to find it stolen. But it's a logical error to blame the victim just because they took a risk; the real reason to blame them is that there's no counterbalancing benefit to leaving the car door unlocked, or failing to move the valuable item into the trunk.

By contrast, when victim-blamers say that a woman is "bringing the risk upon herself" (of harassment, or even assault) by going out in a halter top, the logically correct response is not to say that victim-blamer is "clearly" wrong. Because, again, to the victim-blamer, their own premise is obviously true: wearing a sexy outfit in public does increase your risk of harassment, and probably even of being groped or worse. The fallacy is that the victim-blamer is ignoring the benefits of that choice. A woman never knows when she might meet a guy out in public that she's attracted to, and if they hit it off, it helps to have an outfit that says, "I'm a real woman, not a moron who thinks that if I engage in pre-marital kissing then Jesus will set me on fire with a blowtorch." Wearing a halter top has its benefits, which is why some women do it.

So that's it. The correct response to the victim-blamers is not to draw false analogies to "having a credit card" or "walking down the street". The correct response is that taking nude selfies is a perfectly rational choice when the probable benefits outweigh the probable risks. That is, in fact, the only rational defense of any action, ever. But it's not getting any play, because it doesn't fit in a tweet.

Contributor Bennett Haselton writes with a interesting take on the recent release of racy celebrity photos: "Lawyers for Olympic gymnast McKayla Maroney succeeded in getting porn sites to take down her stolen nude photos, on the grounds that she was under 18 in the pictures, which meant they constituted child pornography. If true, that means that under current laws, Maroney could in theory be prosecuted for taking the original pictures. Maybe the laws should be changed?" Read on for the rest.

Online warnings about the dangers of teen sexting, from sources ranging from the FBI to MTV, frequently warn that even a minor who takes a sexually explicit picture of themselves can be prosecuted for violating child pornography laws.

And these prosecutions really do happen. One Pennsylvania district attorney threatened child pornography charges against two teen girls who posed for a photo in their bras making peace signs, and tried to force them to write a report on why their actions were wrong and "what it means to be a girl in today's society." (With the ACLU's help, the girls' parents sued to stop the D.A. from following through.) A study from the American Academy of Pediatrics found that in teen "sexting" incidents reported to the police, even in cases where the sexting was between two minors and there were no "aggravating" circumstances (abuse or lack of clear consent), police made arrests in 18% of those cases. (The arrest rate was higher in cases involving "aggravating" circumstances or where an adult was involved in the sexting.)

Meanwhile, hundreds of articles have been written about Porn.com being forced to take down the nude pictures of McKayla Maroney, after receiving word from her lawyers that she was underage when the pictures were taken. As far as I can tell, none of the articles about the incident mentioned that, if her lawyers are correct, then Maroney could be theoretically prosecuted for creating, possessing, and distributing child pornography. Of course nobody wants to see that happen, but the elephant in the living room is that before Maroney's photo leak scandal, many teens were arrested for doing essentially the same thing, and more of them will continue to be arrested after the celebrity nude hacking scandal is old news.

That's not to say that Maroney's photos necessarily did constitute child pornography. Nude or topless photos of minors are not necessarily illegal, if they're not sexually explicit; Thora Birch was under 18 for her topless scene in American Beauty. I haven't seen the Maroney photos (honest -- although I'd like to think that whatever she was doing, she was making her not impressed face). Maybe they really were explicit enough to qualify as child pornography. Maybe they weren't, and Maroney's lawyers misunderstood the law and thought that any of her underage nude or topless selfies were automatically child porn. Or maybe her lawyers knew the pictures were not really child porn, but they were bluffing when they demanded that Porn.com take the pictures down. Whatever the case, Maroney's lawyers claimed the pictures were child pornography, and if they're right, the lawyers just criminally implicated their client as well.

If the pictures really were explicit and she sent them to any of her same-age friends, she could also be charged with disseminating obscene material to a minor. Iowa teenager Jorge Canal was convicted on this charge, and his conviction upheld by the Iowa Supreme Court, after his 14-year-old female friend asked him to send him a picture of his erect penis, and he obliged. (Although since he was 18 at the time of sending the picture, there was no child porn charge.) If his defense attorneys tried a defense along the lines of, "My clients actions harmed absolutely no one, and it's the prosecutors who have ruined the lives of not only my client but also his supposed 'victim', by putting them both through a trauma that will hang over them for the rest of their lives," it didn't work.

Many states have attempted to pass laws specifically addressing sexting by and/or to teenagers by reducing the penalty from a felony child pornography charge to something less severe. What all of these laws still have in common, though, is that they retain the option to impose some criminal penalties on teens for sexting even among themselves. The ACLU has opposed such a bill in Pennsylvania on the grounds that even a misdemeanor charge for teen sexting would be too draconian of a punishment.

"The Need for Sexting Law Reform: Appropriate Punishments for Teenage Behaviors", written by Alexandra Kushner, a legal associate at Winston & Strawn LLP, and published in the University of Pennsylvania Journal of Law and Social Change, argues for de-criminalizing consensual sexting among teens. (The paper argues for retaining the option to prosecute cases involving abuse or malicious forwarding of a sexted picture.) Much of the paper is refreshing for the plain language not often found in legal argumentation; discussing the case of a 16-year-old and 17-year-old who faced child pornography charges for taking sexy pictures of each other, Kushner writes, "They should not have been charged at all because they were not harming each other or anyone else by taking and keeping these pictures." This is exactly the right way to frame the issue, but to most legal scholars, sentences like these are considered simply adorable.

For the other side, you can read "A Legal Response Is Necessary for Self-Produced Child Pornography", by law professor Susan Hanley Duncan. I found it less than convincing because much of the paper stresses that sexting can have serious unforeseen consequences for teens, including public humiliation if the pictures are forwarded to their friends. Well, we know that. But that just raises the obvious question: Isn't that punishment enough, and why do we need criminal charges on top of that? Even buying into the stereotype that teens are focused only on the present -- if a teen is not deterred by the humiliating prospect of having her photo forwarded around the entire school, then why would they be deterred by the threat of prosecution, which is less likely, further out in the future, and a potential risk that they might not even be aware of?

(Note that this logic does not apply to students who forwarded sexted images to harass the person appearing in them -- the person forwarding the image usually does not face the short-term threat of public humiliation, which means a legal penalty might be the only deterrent they would care about. That's one argument for retaining the option to prosecute people who forward sexted pictures maliciously.)

Even the FBI, in their "Advice for Young People" regarding sexting, betrays a certain embarrassment over the hypocritical nature of the laws. To a person forwarding an image of someone else, they warn: "You could face child pornography charges, go to jail, and have to register as a sex offender;" but to the person taking the original picture, they say only vaguely that you could "even get in trouble with the law" -- while leaving out the fact that all of the draconian penalties in their list, also apply to the person who takes the picture, under the laws that the FBI enforces.

But unless or until sexting laws are changed, Maroney probably did violate them according to the statements from her own lawyers, which might lead cynics to think that she escaped being charged because of her celebrity status. I think that's unlikely. Recall that "only" 18% of teens who sexted each other were arrested in cases where the incidents were reported to police, so if she had been a non-celebrity, she probably would have gotten off scot-free as well. Whether a teen gets arrested or charged for "sexting," probably depends less on what they actually did, than the luck of the draw as far as which police officer hears the report of the incident, and which prosecutor ultimately has the discretion to decide whether to file charges. (Of course that makes me a cynic too, but I'm the kind who thinks that people see patterns and non-existent reasons for outcomes that are far more random than we'd like to believe.)

Public reaction is another matter. When District Attorney George Skumanick prosecuted those two girls for posing in their bras making peace signs, he may not have had all of the public on his side, but there would have been an absolute tsunami of outrage if he had tried the same thing against a celebrity like Maroney, trying to get her to write an essay about "what it means to be a girl in today's society." I'm sure she would have been not impressed.

Contributor Bennett Haselton writes with a interesting take on the recent release of racy celebrity photos: "Lawyers for Olympic gymnast McKayla Maroney succeeded in getting porn sites to take down her stolen nude photos, on the grounds that she was under 18 in the pictures, which meant they constituted child pornography. If true, that means that under current laws, Maroney could in theory be prosecuted for taking the original pictures. Maybe the laws should be changed?" Read on for the rest.

Online warnings about the dangers of teen sexting, from sources ranging from the FBI to MTV, frequently warn that even a minor who takes a sexually explicit picture of themselves can be prosecuted for violating child pornography laws.

And these prosecutions really do happen. One Pennsylvania district attorney threatened child pornography charges against two teen girls who posed for a photo in their bras making peace signs, and tried to force them to write a report on why their actions were wrong and "what it means to be a girl in today's society." (With the ACLU's help, the girls' parents sued to stop the D.A. from following through.) A study from the American Academy of Pediatrics found that in teen "sexting" incidents reported to the police, even in cases where the sexting was between two minors and there were no "aggravating" circumstances (abuse or lack of clear consent), police made arrests in 18% of those cases. (The arrest rate was higher in cases involving "aggravating" circumstances or where an adult was involved in the sexting.)

Meanwhile, hundreds of articles have been written about Porn.com being forced to take down the nude pictures of McKayla Maroney, after receiving word from her lawyers that she was underage when the pictures were taken. As far as I can tell, none of the articles about the incident mentioned that, if her lawyers are correct, then Maroney could be theoretically prosecuted for creating, possessing, and distributing child pornography. Of course nobody wants to see that happen, but the elephant in the living room is that before Maroney's photo leak scandal, many teens were arrested for doing essentially the same thing, and more of them will continue to be arrested after the celebrity nude hacking scandal is old news.

That's not to say that Maroney's photos necessarily did constitute child pornography. Nude or topless photos of minors are not necessarily illegal, if they're not sexually explicit; Thora Birch was under 18 for her topless scene in American Beauty. I haven't seen the Maroney photos (honest -- although I'd like to think that whatever she was doing, she was making her not impressed face). Maybe they really were explicit enough to qualify as child pornography. Maybe they weren't, and Maroney's lawyers misunderstood the law and thought that any of her underage nude or topless selfies were automatically child porn. Or maybe her lawyers knew the pictures were not really child porn, but they were bluffing when they demanded that Porn.com take the pictures down. Whatever the case, Maroney's lawyers claimed the pictures were child pornography, and if they're right, the lawyers just criminally implicated their client as well.

If the pictures really were explicit and she sent them to any of her same-age friends, she could also be charged with disseminating obscene material to a minor. Iowa teenager Jorge Canal was convicted on this charge, and his conviction upheld by the Iowa Supreme Court, after his 14-year-old female friend asked him to send him a picture of his erect penis, and he obliged. (Although since he was 18 at the time of sending the picture, there was no child porn charge.) If his defense attorneys tried a defense along the lines of, "My clients actions harmed absolutely no one, and it's the prosecutors who have ruined the lives of not only my client but also his supposed 'victim', by putting them both through a trauma that will hang over them for the rest of their lives," it didn't work.

Many states have attempted to pass laws specifically addressing sexting by and/or to teenagers by reducing the penalty from a felony child pornography charge to something less severe. What all of these laws still have in common, though, is that they retain the option to impose some criminal penalties on teens for sexting even among themselves. The ACLU has opposed such a bill in Pennsylvania on the grounds that even a misdemeanor charge for teen sexting would be too draconian of a punishment.

"The Need for Sexting Law Reform: Appropriate Punishments for Teenage Behaviors", written by Alexandra Kushner, a legal associate at Winston & Strawn LLP, and published in the University of Pennsylvania Journal of Law and Social Change, argues for de-criminalizing consensual sexting among teens. (The paper argues for retaining the option to prosecute cases involving abuse or malicious forwarding of a sexted picture.) Much of the paper is refreshing for the plain language not often found in legal argumentation; discussing the case of a 16-year-old and 17-year-old who faced child pornography charges for taking sexy pictures of each other, Kushner writes, "They should not have been charged at all because they were not harming each other or anyone else by taking and keeping these pictures." This is exactly the right way to frame the issue, but to most legal scholars, sentences like these are considered simply adorable.

For the other side, you can read "A Legal Response Is Necessary for Self-Produced Child Pornography", by law professor Susan Hanley Duncan. I found it less than convincing because much of the paper stresses that sexting can have serious unforeseen consequences for teens, including public humiliation if the pictures are forwarded to their friends. Well, we know that. But that just raises the obvious question: Isn't that punishment enough, and why do we need criminal charges on top of that? Even buying into the stereotype that teens are focused only on the present -- if a teen is not deterred by the humiliating prospect of having her photo forwarded around the entire school, then why would they be deterred by the threat of prosecution, which is less likely, further out in the future, and a potential risk that they might not even be aware of?

(Note that this logic does not apply to students who forwarded sexted images to harass the person appearing in them -- the person forwarding the image usually does not face the short-term threat of public humiliation, which means a legal penalty might be the only deterrent they would care about. That's one argument for retaining the option to prosecute people who forward sexted pictures maliciously.)

Even the FBI, in their "Advice for Young People" regarding sexting, betrays a certain embarrassment over the hypocritical nature of the laws. To a person forwarding an image of someone else, they warn: "You could face child pornography charges, go to jail, and have to register as a sex offender;" but to the person taking the original picture, they say only vaguely that you could "even get in trouble with the law" -- while leaving out the fact that all of the draconian penalties in their list, also apply to the person who takes the picture, under the laws that the FBI enforces.

But unless or until sexting laws are changed, Maroney probably did violate them according to the statements from her own lawyers, which might lead cynics to think that she escaped being charged because of her celebrity status. I think that's unlikely. Recall that "only" 18% of teens who sexted each other were arrested in cases where the incidents were reported to police, so if she had been a non-celebrity, she probably would have gotten off scot-free as well. Whether a teen gets arrested or charged for "sexting," probably depends less on what they actually did, than the luck of the draw as far as which police officer hears the report of the incident, and which prosecutor ultimately has the discretion to decide whether to file charges. (Of course that makes me a cynic too, but I'm the kind who thinks that people see patterns and non-existent reasons for outcomes that are far more random than we'd like to believe.)

Public reaction is another matter. When District Attorney George Skumanick prosecuted those two girls for posing in their bras making peace signs, he may not have had all of the public on his side, but there would have been an absolute tsunami of outrage if he had tried the same thing against a celebrity like Maroney, trying to get her to write an essay about "what it means to be a girl in today's society." I'm sure she would have been not impressed.

Advocatus Diaboli writes: According to a report from Gizmodo, "After six years and over one billion dollars in development, the FBI has just announced that its new biometric facial recognition software system is finally complete. Meaning that, starting soon, photos of tens of millions of U.S. citizen's faces will be captured by the national system on a daily basis. The Next Generation Identification (NGI) program will logs all of those faces, and will reference them against its growing database in the event of a crime. It's not just faces, though. Thanks to the shared database dubbed the Interstate Photo System (IPS), everything from tattoos to scars to a person's irises could be enough to secure an ID. What's more, the FBI is estimating that NGI will include as many as 52 million individual faces by next year, collecting identified faces from mug shots and some job applications." Techdirt points out that an assessment of how this system affects privacy was supposed to have preceded the actual rollout. Unfortunately, that assessment is nowhere to be found.

Two recent news items are related. First, at a music festival in Boston last year, face recognition software was tested on festival-goers. Boston police denied involvement, but were seen using the software, and much of the data was carelessly made available online. Second, both Ford and GM are working on bringing face recognition software to cars. It's intended for safety and security — it can act as authentication and to make sure the driver is paying attention to the road.

mrspoonsi sends this BBC report: "A U.S. juggler facing child sex abuse charges, who jumped bail 14 years ago, has been arrested in Nepal after the use of facial-recognition technology. Street performer Neil Stammer traveled to Nepal eight years ago using a fake passport under the name Kevin Hodges. New facial-recognition software matched his passport picture with a wanted poster the FBI released in January. Mr Stammer, who had owned a magic shop in New Mexico, has now been returned to the U.S. state to face trial. The Diplomatic Security Service, which protects U.S. embassies and checks the validity of U.S. visas and passports, had been using FBI wanted posters to test the facial-recognition software, designed to uncover passport fraud. The FBI has been developing its own facial-recognition database as part of the bureau's Next Generation Identification program."

mrspoonsi sends this BBC report: "A U.S. juggler facing child sex abuse charges, who jumped bail 14 years ago, has been arrested in Nepal after the use of facial-recognition technology. Street performer Neil Stammer traveled to Nepal eight years ago using a fake passport under the name Kevin Hodges. New facial-recognition software matched his passport picture with a wanted poster the FBI released in January. Mr Stammer, who had owned a magic shop in New Mexico, has now been returned to the U.S. state to face trial. The Diplomatic Security Service, which protects U.S. embassies and checks the validity of U.S. visas and passports, had been using FBI wanted posters to test the facial-recognition software, designed to uncover passport fraud. The FBI has been developing its own facial-recognition database as part of the bureau's Next Generation Identification program."

coondoggie writes: "The FBI today said it was making national a pilot program it tried out in 12 locations earlier this year that offers up to $10,000 for information leading to the arrest of anyone who intentionally aims a laser at an aircraft. According to the FBI, the pilot locations have seen a 19% decrease in the number of reported laser-to-aircraft incidents. Those locations included: Albuquerque, Chicago, Cleveland, Houston, Los Angeles, New York City, and Philadelphia."

coondoggie writes "Here's a good idea: The FBI has launched a targeted, 60-day program that will offer up to a $10,000 for information leading to the arrest of anyone who intentionally aims a laser at an aircraft. The FBI said the laser-pointing scourge continues to grow at an alarming rate. Since the FBI and the Federal Aviation Administration began tracking laser strikes in 2005, there has been ridiculous 1,000% increase in the number of laser pointing/aircraft incidents. Last year, 3,960 laser strikes against aircraft were reported — an average of almost 11 incidents per day."

McGruber writes "Today, Former FBI agent Donald John Sachtleben has agreed to plead guilty to leaking secret government information about a bomb plot to the Associated Press. In May, Sachtleben agreed to plead guilty to unrelated charges of possessing and distributing child pornography, and to pay restitution to an identified victim portrayed in the images and videos he allegedly possessed." The deal includes a prison sentence of three years and seven months, and "If accepted by a judge, the prison sentence would be the longest ever handed down in a civilian court for a leak of classified information to a reporter."

An anonymous reader writes "The FBI has released images of what they say are two suspects with backpacks and ball caps. 'Somebody out there knows these individuals as friends, neighbors, co-workers or family members of the suspects,' Special Agent Rick DesLauriers, the head of the FBI's Boston office said. 'And though it may be difficult, the nation is counting on those with information to come forward and provide it to us.'"

An anonymous reader writes "A trader who last year made an unauthorized purchase of nearly US$1 billion worth of Apple stock has pled guilty to wire fraud, securities fraud and conspiracy. On October 25, 2012 — the same day Apple posted its Q3 2012 earnings — David Miller of Rochdale Securities made a number of unauthorized purchases of Apple shares which ultimately led to the demise of the financial services firm he worked for. The aim of Miller's action was to make a lot of money very quickly by purchasing large quantities of Apple shares and selling them in a post-earnings surge."

An anonymous reader writes "Nearly one year ago, the U.S. government launched a global takedown of Megaupload.com, with arrests of the leading executives in New Zealand and the execution of search warrants in nine countries. Canada was among the list of participating countries as the action included seizure of Megaupload.com servers. Last week, a Canadian court rejected a request to send mirror-imaged copies of 32 computer servers to authorities in the U.S., indicating that a more refined order is needed. Megaupload successfully argued 'that there is an enormous volume of information on the servers and that sending mirror image copies of all of this data would be overly broad, particularly in light of the scantiness of the evidence connecting these servers to the crimes alleged by the American prosecutors.'"

First time accepted submitter tomscott writes "So I've been using using Linux for over ten years now and I'm sure like most Linux users I've got SSH running on my box and port 22 open on my cable modem so that I can access my system no matter where I am. Over the years I've seen people try to gain access to my system but — knock on wood — I've never had a breach. What I am wondering: Is there a website where I can report these attempts and even supply the details of where the break-in attempt originated from?" The FBI is interested, but probably only if you've actually suffered a loss.

Since you're reading this here, you're probably already aware that in the early hours of Monday, lots of DNS calls are going to fail as the FBI turns off servers from which Windows machines infected with DNSChanger have been served. New submitter SuperCharlie adds a reminder of the impending shutdown, and adds: "The FBI has a step-by-step method for you to see if you are infected in this PDF document, or you can go to dcwg.org for an automated check if you are so inclined."

An anonymous reader writes, using various bits of the article: "While most international students, researchers and professors come to the U.S. for legitimate reasons, universities are an 'ideal place' for foreign intelligence services 'to find recruits, propose and nurture ideas, learn and even steal research data, or place trainees,' according to a 2011 FBI report. Tretyakov was quoted as saying, 'We often targeted academics because their job was to share knowledge and information by teaching it to others, and this made them less guarded than, say, UN diplomats.' China has 'lots of students who either are forced to or volunteer to collect information,' he said. 'I've heard it said, "If it wanted to steal a beach, Russia would send a forklift. China would send a thousand people who would pick up a grain of sand at a time."' China also has more than 3,000 front companies in the U.S. 'for the sole purpose of acquiring our technology,' said former CIA officer S. Eugene Poteat."

Hugh Pickens writes "Bloomberg reports that the FBI has released a decades-old file it kept on Steve Jobs, the deceased Apple co-founder, after a background check for a possible appointment by former President George H. W. Bush conducting interviews with unnamed associates of Jobs to judge his character, drug use and potential prejudices. 'Several individuals questioned Mr. Jobs' honesty stating that Mr. Jobs will twist the truth and distort reality in order to achieve his goals,' according to the materials. Several people commented 'concerning past drug use on the part of Mr. Jobs,' according to the file including marijuana, hashish and LSD during the period 1970 – 1974. The file also noted that Jobs was not a member of the communist party."

bdcny7927 writes "In an exclusive interview with CIO.com, the FBI official in charge of cybercrime speaks for the first time with the media specifically about hacktivism. Here, Assistant Executive Director Shawn Henry describes the threats hacktivists pose, the challenges associated with investigating them, and the FBI's success disrupting these groups. He also delivers a special message to hacktivists." The so-called special message: "My organization is a believer in civil rights and civil liberties, and the first amendment is something I hold very dear personally and professionally. I have no problem with people picketing and protesting in the street. I get all that. But the freedom for me to swing my arm ends where your nose begins. If you are impinging on others' rights, that's illegal."

wiredmikey writes "Hitachi-LG Data Storage, a joint venture between Hitachi and LG Electronics, has agreed to plead guilty and to pay a $21.1 million criminal fine for its part in a scheme to rig bids and fix prices of optical disk drives. According to the Department of Justice, the company had conspired with others to rig the bidding process on optical disk drives sold to Dell, HP, and Microsoft. Court documents show that Dell and HP hosted optical disk drive procurement events in which bidders would be awarded varying amounts of optical disk drive supply depending on where their pricing ranked."

Hugh Pickens writes "On the fiftieth anniversary of the death by suicide of author Ernest Hemingway, his friend and biographer A. E. Hotchner writes in the NY Times that the man who 'had stood his ground against charging water buffaloes, who had flown missions over Germany, who had refused to accept the prevailing style of writing but, enduring rejection and poverty, had insisted on writing in his own unique way, this man, my deepest friend, was afraid — afraid that the FBI was after him, that his body was disintegrating, that his friends had turned on him, that living was no longer an option.' In the midst of depression and under treatment at St. Mary's Hospital in Rochester, Minnesota, Hemingway was convinced that his room was bugged, his phone was tapped, and suspected that one of the interns was a fed. Decades later, in response to a Freedom of Information petition, the FBI released its Hemingway file. It revealed that beginning in the 1940s J. Edgar Hoover had placed Hemingway under surveillance because he was suspicious of Ernest's activities in Cuba. The surveillance continued all through his confinement at St. Mary's Hospital, making it likely that the phone outside his room was tapped after all. 'In the years since, I have tried to reconcile Ernest's fear of the FBI, which I regretfully misjudged, with the reality of the FBI file,' writes Hotchner, author of Papa Hemingway and Hemingway and His World. 'I now believe he truly sensed the surveillance, and that it substantially contributed to his anguish and his suicide.'"

schwit1 writes "An investigator for the Air Force stated that three so-called flying saucers had been recovered in New Mexico. They were described as circular in shape with raised centers approximately 50 feet in diameter. Each one was occupied by three bodies of human shape, but only 3 feet tall dressed in metallic clothing of very fine texture."

Following on the 19 ZeuS botnet arrests in the UK, adeelarshad82 and other readers sent word that US and New York officials have unsealed more than 90 indictments of money mules and others accused of helping siphon more than $3M from 5 banks and dozens of individuals, and sending it overseas. The Manhattan US Attorney announced charges against 37 individuals and New York charged 55. Most of those indicted are foreign students who came to the US on exchange visitor visas. Most are from Russia, the Ukraine, Kazakhstan, or Belarus. Here is the FBI's lengthy press release. A security blogger has put up Facebook party photos of some of the indicted individuals who are still at large.

olsmeister writes "It appears the White House would like to make it easier for the FBI to obtain records of a person's internet activities without a court order to do so, via the use of an NSL. While they have been able to do this for a long time, it may expand the type of information able to be gathered without a court order to include things like web browsing histories."

chrb writes "New Scientist has an article questioning the uniqueness of DNA profiles. 41 scientists and lawyers recently published a high-profile Nature article (sub. required) arguing that the FBI should release its complete CODIS database. The request follows research on the already released Arizona state DNA database (a subset of CODIS) which showed a surprisingly large number of matches between the profiles of different individuals, including one between a white man and a black man. The group states that the assumption that a DNA profile represents a unique individual, with only a minuscule probability of a secondary match, has never been independently verified on a large sample of DNA profiles. The new requests follow the FBI's rejection of similar previous requests."

Czmyt sends the excellent news that one of the US's most notorious spammers has pleaded guilty and could serve 6 years in jail. "Five individuals pleaded guilty today in federal court in Detroit for their roles in a wide-ranging international stock fraud scheme involving the illegal use of bulk commercial e-mails, or 'spamming'... Alan M. Ralsky, 64, of West Bloomfield, Mich., and Scott K. Bradley, 38, also of West Bloomfield, both pleaded guilty to conspiracy to commit wire fraud, mail fraud and to violate the CAN-SPAM Act. ... Ralsky and Bradley also pleaded guilty to wire fraud, money laundering, and violating the CAN-SPAM Act. Under the terms of his plea agreement, Ralsky acknowledges he is facing up to 87 months in prison and a $1 million fine..."

piemcfly writes "Chinese-born physicist Shu Quan-Sheng Monday pleaded guilty before a US court to violating the Arms Export Control Act by illegally exporting American military space know-how to China. The 68-year-old naturalized US citizen, pictured here on his company profile, admitted handing over the design of fueling systems between 2003 and 2007. Also, in 2003 he illegally exported a document with the impossibly long name of 'Commercial Information, Technical Proposal and Budgetary Officer — Design, Supply, Engineering, Fabrication, Testing & Commissioning of 100m3 Liquid Hydrogen Tank and Various Special Cryogenic Pumps, Valves, Filters and Instruments.' This contained the design of liquid hydrogen tanks for space launch vehicles. He also admitted to a third charge of bribing Chinese officials to the tune of some 189,300 dollars for a French space technology firm." Here's the FBI press release regarding Shu's plea.

Frequent Slashdot Contributor Bennett Haselton writes "A federal judge has ruled that a school district didn't violate a student's free speech rights when it suspended her for a parody MySpace page she created calling her principal a sex addict who "hits on students". In the ruling, Judge James M. Munley made the curious argument that if the case involves a student publishing lewd and offensive speech outside of school on their own time, then the proper precedent-setting cases to look to, are cases involving students making offensive statements in school during school hours, not cases involving students making less-offensive statements outside of school on their own time. In other words, if you can't find prior caselaw where all of the factors are the same, then the lewd-speech issue is more significant than the issue of whether the speech was made in or out of school." Hit that magical link below to read the rest of these words.

Apart from the politics of minors' free speech rights in general, I think there are at least three logical problems with the ruling. The first is the judge's argument that even though on-campus speech and off-campus speech are separate, if the off-campus speech is offensive enough, that elevates it to the point of giving the school jurisdiction over it. The second is the judge's comparison between a student's parody MySpace page, and the mock-threatening rap lyrics that got a student expelled in another court case -- a court ruled that the school overstepped their bounds by expelling the student for the rap song, but Judge Munley said that a MySpace page jokingly calling the principal a "sex addict" was actually more offensive than the violent rap lyrics. The third is the argument that because the student's conduct was so offensive that it could have theoretically been criminally punished if the principal took her to court, that made it acceptable for the school to take the easier route of suspending her.

All right, all together now: I'm not a lawyer, and probably neither are you. But as I've said before, if you put 10 judges in 10 separate rooms and asked them to decide this case (or any other case) independently of each other, you'd be very unlikely to get a consensus anyway. The importance of courts in a civilized society is that they provide a peaceful means of settling disputes, not because we expect that the judges will actually get the "right" answer -- that's why we don't have a crisis of faith in the system every time the Supreme Court splits 5-4. (By contrast, when physicists work on problems involving car safety and satellite trajectories, we do care about them getting the "right" answer, and so physicists are held to a higher standard than judges -- we expect that 9 physicists working on the same problem in separate rooms would all get the same result.) That goes for the rest of us too -- I have no independent confirmation that I'm right, and anyone ranting with supreme confidence that I'm wrong, has no independent confirmation that they're right, either. The best we can do is try to make arguments that are logically consistent, and check that even if they are free of internal contradicions, that they also can't be carried through to an absurd conclusion.

To wit: Judge Munley's decision cites four prior cases that involved students making offensive or disruptive speech (although still not as offensive as the MySpace page in this case calling the principal a pedophile) while on school property or at school events: Bethel School Dist v. Fraser, Hazlewood Sch. Dist. v. Kuhlmeier, Morse v. Frederick, and Klein v. Smith. In those cases, the courts ruled that the discipline did not violate the students' rights because the students were at school events or on campus when they made the statements at issue. Judge Munley then cites another list of cases in which students published speech that was generally more offensive than the incidents in the first list, but did it on their own time, away from school: Flaherty v. Keystone Oaks Sch. Dist., Latour v. Riverside Beaver Sch. Dist., Killion v. Franklin Regaional Sch. Dist., and Layshock v. Hermitage Sch. Dist. In all of these cases, the courts ruled that the school districts violated the students' rights by punishing them for off-campus speech. So far, all eight of these cases cited by Munley, followed the rule: on-campus or school-affiliated speech is punishable, off-campus speech is not. (Munley cites only one case that was an exception to this rule: Fenton v. Stear, in which the court upheld the punishment of a student who was off campus when he loudly referred to a teacher as a "prick.")

But then, Judge Munley argues more or less that the speech in this case is so offensive (calling the principal a sex addict and a pedophile), that you're allowed to lift it out of the category of off-campus speech and treat it by analogy to earlier cases involving on-campus speech. Munley wrote:

In the instant case, there can be no doubt that the speech used is vulgar and lewd. The profile contains words such as "fucking," "bitch," "fagass," "dick," "tight ass," and "dick head." The speech does not make any type of political statement. It is merely an attack on the school's principal. It makes him out to be a pedophile and sex addict. This speech is not the Tinker silent political protest. It is more akin to the lewd and vulgar speech addressed in Fraser. It is also akin to the speech that promoted illegal actions in the Morse case.

The content itself is "akin" to the offensive speech in the earlier cases, but what difference does that make, if the speech didn't take place in school? Getting back to first principles: Why does the First Amendment generally grant the freedom to call people "dick" and "tight ass"? Because it doesn't hurt anyone except to the extent that it hurts their feelings, and you don't have a right to unhurt feelings. Because the remarks can be made in the context of general legitimate criticism of someone, which might motivate them to change the behavior that led someone to call them a "tight ass" in the first place. Once these premises are accepted, it doesn't matter if you ratchet up the offensiveness from calling someone a "dick" to calling them a "fucking dick." It does change the analysis if you move the speech to a different setting, e.g. standing up in class when people are trying to learn, and shouting that the principal is a "fucking dick." But that's not what this student was doing.

After all, if the regulation of off-campus speech were justified in order to prevent harm or embarrassment to the principal, carry that through to its logical conclusion: Suppose a former student, who had since graduated, created the parody MySpace page and e-mailed it to friends at the school. The school's "interest" in preserving order and protecting the principal's reputation, would be exactly the same -- and yet no court has ever suggested that the government can punish a former student for speech outside of school (unless the speech rises to the level of threats or libel, which anyone can be punished for, regardless of the former student-principal relationship). To be punished, the former student would have to bring the speech into the school, where it could cause a disruption (and where, as a non-student, they could be banned from the premises anyway).

As for the second problem, apart from the issue of whether offensiveness alone is enough to give the school the right to punish a student for off-campus speech, there is the question of what criteria Judge Munley used to determine that the MySpace page was more offensive than the student off-campus speech in previous cases. In Latour v. Riverside Beaver Sch. Dist. , the court found that a student's rap lyrics which made mock threats toward another student, identified by name, could not be treated as a true threat because they were the kind of boastful posturing that rappers are known for (apparently including the ones in junior high school these days). Similarly, the MySpace page created in this case, began with the words:

yes. It's your oh so wonderful, hairy,
expressionless, sex addict, fagass, put on this world
with a small dick PRINCIPAL

and hopefully the principal would agree that any reasonable reader would know this was not written by him. So if the content of the speech in both cases was clearly not meant to be taken seriously, a fair apples-to-apples comparison would be to ask which is the more offensive topic: violence, or a joke about a principal listing among his "interests": "detention, being a tight ass, riding the fraintrain, spending time with my child (who looks like a gorilla), baseball, my golden pen, fucking in my office, hitting on students and their parents"?

What Judge Munley seems to be saying is that joking about murder is more acceptable than joking about a principal hitting on students. While I think this is absurd and offensive to victims of violence, I have to admit that this is at least consistent with standards of censorship in the U.S. It's a tired old complaint, but it's never been satisfactorily answered: Why can you show a character being killed on television, but a sex act is taboo? Why are the most offensive swear words derived from sex acts and sex organs, but there are no equivalent words for murder that are banned from the airwaves? What's worse?

Third, the judge seemed to adopt the position that because the student could theoretically have been prosecuted for creating the fake MySpace profile, that made it acceptable for the school to impose a milder punishment that circumvented the court system. Judge Munley wrote:

The speech at issue here could have been the basis for criminal charges against J.S. Additionally, the state police indicated to McGonigle that he could press harassment charges based upon the imposter profile. (Dep. McG, 98- 99). McGonigle indicated that he would not press charges, but asked the police officer to contact the students involved and their parents to inform them of the seriousness of the situation. (Dep. McG at 99, 163-64). The officer summoned the students and their parents to the state police station and discussed the seriousness of the profile and that McGonigle would not press charges.

It's at least debatable whether the MySpace page, which was an obvious parody, could have been the basis for criminal charges. But suppose we grant the judge that point. In that case, even if we know that someone's actions would have gotten them a more severe punishment from the courts, is it acceptable to give them a lighter punishment for something else, just because that's simpler for the school?

No. First, because it fosters disrespect for the rule of law in general: If you committed X, then you should be punished for X, according to the rules set up for punishing X. When Judge Jackie Glass began O.J. Simpson's trial this month for robbing two men at gunpoint, she told jurors: "If you think you are going to punish Mr Simpson for what happened in 1995, this is not the case for you." She, like most sentient beings, probably believed privately that O.J. committed the murders in 1994, but she knew the rule of law was more important than the outcome of any one case, even a murder trial. Second, lighter punishments (such as a suspension from school) often come with a lower standard of judicial review, so you could end up getting an undeserved punishment, in cases where a proper trial for the actual crime at issue might have found that you should not have been punished at all. (Al Capone did get put away for tax evasion, but the court found that he was in fact guilty of tax evasion -- they weren't reaching that as a compromise to avoid trying him for his crimes as a gangster.)

To come clean, however, I have to admit that I have tried to egg judges down that route occasionally. I've taken spammers to court and gotten them to say, under oath, that they never sent any spam and didn't know what I was talking about, before I revealed a tape-recording of a conversation (recorded legally) in which they offered to send 5 million pieces of spam for $500, that the spams were routed out through a server in China to help defeat spam filters, etc. The idea was that the judge would get pissed at the spammer for committing perjury, but realize that it would be too much paperwork to prosecute that, so just bang them over the head with a thousand-dollar judgment for spamming, which would go to me. Unfortunately this can backfire if the judge is so opposed to anti-spam suits that no amount of evidence will convince them anyway. But even if it had worked, it would not be strictly correct to say that justice had been done -- perjury should be punished as perjury, even if only with a slap on the wrist.

So, I'm sure that Judge Munley was trying in his own way to do the right thing by preserving order in the school system, but he probably decided in advance what conclusion to reach, and came up with the arguments after the fact. Still, it may not be a loss for student rights in the long run. The ACLU, which represented the student, has not said whether they will appeal, and anyway, virtually all other caselaw so far has said that student speech off campus is protected, as Judge Munley himself pointed out.

eldavojohn writes "While the number of cases dropped, the amount of money lost to internet fraud reached an all-time high in 2007, a new government report states. 'According to the 2007 Internet Crime Report, the Internet Crime Complaint Center (IC3) received 206,884 complaints of crimes perpetrated over the Internet during 2007. Of the complaints received, more than 90,000 were referred to law enforcement around the nation, amounting to nearly $240 million in reported losses. This represents a $40 million increase in reported losses from complaints referred to law enforcement in 2006.' The top ruses used by the fraudsters involved pets, romance and secret shoppers. The original report[Large PDF] is available online, and it contains some interesting graphs. One indicates that the two largest types of fraud are Auction Fraud and Non-delivery, which combine for over 60% of all cases. As Computerworld notes, men are more likely to fall for scams than women, and over 30% of losses are between $1,000 and $5,000. The report also contains data about the location of the perpetrators (Nigeria only accounts for 5.7%), age demographics, and contact methods."

Hugh Pickens writes "The Russian Business Network, an ISP and Web hosting provider based in St. Petersburg, whose client list amounts to a laundry list of organized cybercrime operations appears to have closed shop after a number of its main upstream Internet providers severed ties with the group. The disappearance of RBN comes less than a month after Brian Krebs of the Washington Post wrote a series of stories detailing the organization and history of the shadowy ISP. However, experts at anti-spam group Spamhaus say there are strong indications that a huge swath of Internet space recently established in China may soon emerge as the next incarnation of the Russian Business Network. In related news FBI Director Robert S. Mueller, III gave a speech on cybercrime earlier this week where he said that the FBI has 60 Legal Attaché offices around the world working with partners in Russia, Romania,Poland, Hungary, Italy, and Estonia, among others, to investigate international cyber threats."

An anonymous submitter writes "Osama bin Laden delivered a new videotaped message in which he told Americans their security does not depend on the president they elect, but on U.S. policy. 'Your security is not in the hands of Kerry or Bush or al Qaeda.'"