Police tapped the surveillance system to identify and detain dozens of people who attended last week's protests in the Russian capital in support of jailed Kremlin foe Alexey Navalny. More than 50 were picked up over the following days, including several journalists, according to OVD-Info, an independent human-rights monitoring group that gathers information on detentions.

Nothing too surprising there, perhaps. But the RFERL.org site points out an important shift in the Russian authorities' tactics. In the past, the police detained thousands of people who had participated in unsanctioned demonstrations. This time, a token two to three percent of the protesters at a rally were arrested, apparently allowing the rest to go free. However, this is actually part of a new, and even more cruel approach:

in recent days, Russian police have unveiled a new strategy, using surveillance-camera footage and other techniques to identify demonstrators and track them down, days after the event.

The opposition politician and political analyst Leonid Gozman explains:

"Now we have a different situation," he continued. "They are signaling to everyone: 'Go ahead and march, guys, but a year from now you can expect we'll come, expect a knock at your door. And we'll come or not as we wish....' Now they have placed everyone in that position."

It's a clever approach. It means anyone coming away from attending a demo is unsure whether they have been identified there. The absence of any immediate action by the authorities no longer means protesters have escaped notice. Instead, a kind of digital sword of Damocles hangs over them, waiting to fall at some future, unknown date. The painful uncertainty this generates will probably be enough to dissuade many people from taking part in future demos -- a big win for the authorities, obtained at very low cost.

This cat-and-mouse game with protesters is only possible thanks to Moscow's blanket surveillance cameras and advanced facial recognition systems. Where, in the past, police could only arrest people at a demonstration on the spot, because there was no sure way to find them afterwards, now their faces on CCTV are enough. Once photographed and identified, there is no need to arrest them immediately, which allows the authorities to create this new and debilitating anxiety among protestors that one day there will be that dreaded knock on the door.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

More recently, Russia has been engaged in a bit of a hissy fit over Twitter's unwillingness to censor things the Russian government doesn't like. And while Twitter has been trying to filter more illegal behavior and pornography at the government's behest, the company hasn't been censoring broader content at the rate Putin and pals prefer. So as punishment, Russia has taken to throttling user access to Twitter to a rather 1997-esque 128 kbps, or about the speed of an old IDSN line. Granted the ham-fisted gamesmanship Russia has been engaged in has already resulted in some notable collateral damage:

New data suggests (you can find the technical specifics here) that Russia is engaging in the throttling via the use of "middleboxes" that Russian ISPs have installed as close to the customer as possible. Russian authorities then feed data on which domain should be throttled and punished to the devices, which utilize deep packet inspection to identify targeted traffic. Ars Technica notes that the deep packet inspection technology (which US ISPs also use, though most frequently for targeted advertising) opens the door to a much more sophisticated tracking and censoring regime less prone to collateral damage:

"The middleboxes inspect both requests sent by Russian end users as well as responses that Twitter returns. That means that the new technique may have capabilities not found in older Internet censorship regimens, such as filtering of connections using VPNs, Tor, and censorship-circumvention apps. Ars previously wrote about the servers here.

The middleboxes use deep packet inspection to extract information, including the SNI. Short for “server name identification,” the SNI is the domain name of the HTTPS website that is sent in plaintext during a normal Internet transaction. Russian censors use the plaintext for more granular blocking and throttling of websites. Blocking by IP address, by contrast, can have unintended consequences because it often blocks content the censor wants to keep in place.

New reports suggest there are around seven countermeasures Russian companies and citizens can use to thwart these efforts, including ECH, or Encrypted ClientHello, an update for the Transport Layer Security protocol that prevents domain blocking and throttling. That forces government censors to rely on the more collateral damage-prone IP-level blocklists, which (might) act as a deterrent for censorship obsessed governments that don't want a whole lot of attention focused on the fact they're massive cowards afraid of the free exchange of information that might challenge their hegemony.

Here's everything Twitter users agree to do when creating a parody account:

• Bio: The bio should clearly indicate that the user is not affiliated with the subject of the account. Non-affiliation can be indicated by incorporating, for example, words such as (but not limited to) "parody," "fake," "fan," or "commentary.” Non-affiliation should be stated in a way that can be understood by the intended audience.

• Account name: The account name (note: this is separate from the username, or @handle) should clearly indicate that the user is not affiliated with the subject of the account. Non-affiliation can be indicated by incorporating, for example, words such as (but not limited to) "parody," "fake," "fan," or "commentary.” Non-affiliation should be stated in a way that can be understood by the intended audience.

In May 2016, Twitter suspended the account for its alleged violations.

This ban immediately resulted in backlash from other Twitter users who were fans of the account -- one that made it clear (albeit without all the specifics demanded by Twitter) that it was a parody. Disappointed fans included Estonian president Toomas Hendrik and Radio Free Europe, which published a collection of the account's best tweets.

While the ban was technically justified by the violation of the specifics of Twitter's rules, the end result was a lot of Twitter users wondering whether Twitter moderators were capable of recognizing obvious parody without accounts bios copying the platform's parody guidelines word-for-word.

Decisions to be made by Twitter:

• Is the banning of harmless parody accounts an acceptable tradeoff for protecting users from impersonation?

• Should the parody guidelines be altered to make it easier to identify parody accounts?

• Should moderators be allowed to make judgment calls if an account is clearly a parody but does not strictly adhere to the parody account guidelines?

• Should Twitter use more caution when moderating parody accounts whose parodic nature isn't immediately clear?

• Is impersonation too much of a problem on the platform to ever relax the standards governing this kind of humor?

But it wasn't the first time Twitter moderated accounts parodying Russian government officials. A similar thing happened roughly a year earlier, when Twitter blocked an account parodying powerful Russian oil executive Igor Sechin, apparently in response to a Russian government complaint the satirical account "violated privacy laws." This happened despite the fact the user's handle was IgorSechinEvilTwin, making it clear it was a parody, rather than an attempt to impersonate the real Igor Sechin.

Originally published on the Trust & Safety Foundation website.

There’s a tendency in parts of the American media right now to reflexively decry the rise of alternative voices and open platforms on social media, seeing them solely as vectors for misinformation or tools of Donald J. Trump. Russia is a potent reminder of the other side of that story, the power of these new platforms to challenge one of the world’s most corrupt governments....

The new Russian investigative media is also resolutely of the internet. And much of it began with Mr. Navalny, a lawyer and blogger who created a style of YouTube investigation that draws more from the lightweight, meme-y formats of that platform than from heavily produced documentaries or newsmagazine investigations.

The other interesting tidbit is that these independent investigative reporting outfits are not just figuring out how to break astounding stories, but also how to build up support and a business model -- again, using the internet.

Mr. Badanin, who modeled Proekt on the American nonprofit news organization ProPublica, said he had begun to see another sign of intense interest: financial support from his audience. About a third of the budget that supports a staff of 12, he said, now comes from donations averaging $8, mirroring the global trend toward news organizations relying on their readers. In Russia, some of this is still nascent. For instance, a colleague in Russia, Anton Troianovski, tells me that there’s a cafe near the Kurskaya Metro station where you can add to your bill a donation to MediaZona, which was founded by two members of the protest group Pussy Riot to hold the Russian justice system to account. But the protests against Mr. Navalny’s imprisonment also seem to be driving support for independent media, a phenomenon that The Bell, another of the new independent websites, christened “the Navalny Effect.”

Of course, the article does end on something of a dark note -- with many of the journalists Smith spoke to saying they fully expect a Putin crackdown on their efforts before long. And, of course, that's nothing new in Putin's Russia. But, it's still fascinating, for at least this moment in time, to see these operations springing up, breaking very big stories, and actually being able to thrive thanks to the internet. Perhaps if news organizations elsewhere focused more on building a supportive audience instead of whining to the government about how evil Facebook and Google are, they'd find support as well.

The site appears to be using Epik for hosting and DDoSGuard for DDoS protection. Neither of these are that surprising. Epik has built up something of a specialty in hosting the garbage, hate-filled websites no one else wants to touch. It has hosted Gab, 8chan/8kun, and The Daily Stormer among others. DDoSGuard is a somewhat sketchy Russian company that provides services to an equally sketchy group of sites -- and some terrorist groups. Brian Krebs has recently discussed how DDoSGuard may create some significant liability issues:

A review of the several thousand websites hosted by DDoS-Guard is revelatory, as it includes a vast number of phishing sites and domains tied to cybercrime services or forums online.

Replying to requests for comment from a CBSNews reporter following up on my Oct. 2020 story, DDoS-Guard issued a statement saying, “We observe network neutrality and are convinced that any activity not prohibited by law in our country has the right to exist.”

But experts say DDoS-Guard’s business arrangement with a Denver-based publicly traded data center firm could create legal headaches for the latter thanks to the Russian company’s support of Hamas.

Ooof. There's a lot more in Krebs' writeup.

But what struck me as most ridiculous about Parler's holding page (beyond trying to hide behind MLK Jr.'s "Letter from a Birmingham Jail" as if Parler's raging nut job userbase is somehow oppressed) is that the company is still claiming that beyond being a place for (a misunderstood concept of) "free speech," that the impetus behind the site was about "protecting privacy."

That reads:

Now seems like the right time to remind you all — both lovers and haters — why we started this platform. We believe privacy is paramount and free speech essential, especially on social media. Our aim has always been to provide a nonpartisan public square where individuals can enjoy and exercise their rights to both.

We will resolve any challenge before us and plan to welcome all of you back soon. We will not let civil discourse perish!

The "privacy is paramount" line is one that Parler really only started spewing more recently. Rebekah Mercer used a similar line when she outed herself as a co-founder of the platform and it never made any sense at all. After all, Mercer was also behind Cambridge Analytica, a company involved in what is now considered one of the biggest privacy breaches in the history of social media. The whole "privacy" claim seemed like little more than a convenient talking point to pretend that their approach was somewhat different than Facebook's or Google's.

But in the case of Parler, it's even more ridiculous. After all, this was a company that required users who wanted to get its version of "verified" to hand over their social security numbers. And, of course, before Parler shut down, a hacker was able to grab nearly the entire corpus of Parler posts, including pictures and videos that did not have location metadata stripped out. This allowed multiple reporters to find and highlight Parler users as they stormed the Capitol, exposing exactly who was raiding the Capitol and what evidence they revealed about their own activities. Indeed, it's becoming clear that law enforcement is using this data to go around arresting tons of people.

Doesn't seem that privacy protecting, after all, now does it?

Of course, much of this seems to be due to just plain old incompetence, rather than malice. Last week there was also a fascinating thread on Parler's clueless CTO, who didn't seem to understand some fairly basic things about running a large internet-scale service. That thread, by software engineer Sarah Mei is worth reading, if only to reach the conclusion, that Parler "might have done better with four ferrets in a trench coat."

So, yes, the site may be coming back, but to say that it takes privacy seriously, while asking for social security numbers, hosted on a dodgy host, with a DDoS provider best known for its Russian home-base and its willingness to provide services to terrorists and online criminals... I would suggest that anyone who thinks of Parler as supportive of privacy, do so at their own risk.

Is it time to panic? No, says the lame duck president, who claims this is already "under control" -- something that very definitely isn't true. SolarWinds says it has 18,000 customers using the affected Orion software. And many of those customers (which include Fortune 500 companies and major telcos/service providers) have thousands of customers of their own -- all of which may be operating compromised systems. The DHS said the only way to ensure systems are clear of this threat was to airgap them and uninstall the infected software.

Others who have been briefed on the hack are far less cheery about its ongoing impact. Trump tweeted there was nothing to worry about. Republican allies seem more concerned than the man who won't have to worry about this for much longer.

Shortly after Mr. Trump’s tweet, Sen. Marco Rubio (R., Fla), acting chairman of the Senate Intelligence Committee, said it was “increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history.”

Mr. Rubio added on Twitter that efforts to determine the extent and damage of the hack were ongoing and that remediation would take significant time and resources. “Our response must be proportional but significant,” he said.

The 2050s will be like 1950s, apparently: with America in the midst of another Cold War.

But is it true this is the "gravest cyber intrusion in our history?" Or is it just the "gravest" intrusion that's targeted us? After all, the Russians don't have a monopoly on government-ordained hacking. Our intelligence and security agencies deploy their own persistent threats -- something we've done for years with minimal blowback. These calls for a cyber war by pundits and government officials aren't anything to be applauded. I don't think America really wants to get involved in another forever war -- one whose wins and losses can't be tallied with temporary "liberations" and body bag back orders.

Let's be cautious, says Jack Goldsmith. Better yet, let's be aware of the hypocrisy of the stance some government officials are demanding we take.

The lack of self-awareness in these and similar reactions to the Russia breach is astounding. The U.S. government has no principled basis to complain about the Russia hack, much less retaliate for it with military means, since the U.S. government hacks foreign government networks on a huge scale every day.

Turning a cyber war into a shooting war isn't just an overreaction. It's illegal under international law. That doesn't mean nothing should be done about it. It just means the US government can't pretend it doesn't engage in the same activities some now want to go to war over. What's happened here might be unprecedented in scale, but it's the same thing every government with enough resources has done for years. It's not a war waiting to happen. It's business as usual.

Peacetime government-to-government espionage is as old as the international system and is today widely practiced, especially via electronic surveillance. It can cause enormous damage to national security, as the Russian hack surely does. But it does not violate international law or norms.

In recent years, the US government has deployed more offensive weapons in hopes of deterring cyber attacks. It really hasn't worked. Meeting escalation with more escalation is unlikely to change the standard operating procedures of espionage, especially since the US government hasn't rolled back its offensive efforts in the wake of massive breaches.

But there may be a way forward -- one almost impossible to achieve but promising enough it shouldn't be dismissed out of hand.

[The US government] has not seriously considered the traditional third option when defense and deterrence fail in the face of a foreign threat: mutual restraint, whereby the United States agrees to curb certain activities in foreign networks in exchange for forbearance by our adversaries in our networks. There are many serious hurdles to making such cooperation work, including precise agreement on each side’s restraint, and verification. But given our deep digital dependency and the persistent failure of defense and deterrence to protect our digital systems, cooperation is at least worth exploring.

There's no moral high ground to claim here. And refusing to consider bringing some of our cyber boys back home leaves us with nothing but continuous escalation. This hack is raising uncomfortable questions about our own practices. Let's see if anyone in the White House is willing to honestly confront the consequences of our own actions and find another route towards safety and national security.

A joint investigation between Bellingcat and The Insider, in cooperation with Der Spiegel and CNN, has discovered voluminous telecom and travel data that implicates Russia's Federal Security Service (FSB) in the poisoning of the prominent Russian opposition politician Alexey Navalny. Moreover, the August 2020 poisoning in the Siberian city of Tomsk appears to have happened after years of surveillance, which began in 2017 shortly after Navalny first announced his intention to run for president of Russia.

That's hardly a surprise. Perhaps more interesting for Techdirt readers is the story of how Bellingcat pieced together the evidence implicating Russian agents. The starting point was finding passengers who booked similar flights to those that Navalny took as he moved around Russia, usually earlier ones to ensure they arrived in time but without making their shadowing too obvious. Once Bellingcat had found some names that kept cropping up too often to be a coincidence, the researchers were able to draw on a unique feature of the Russian online world:

Due to porous data protection measures in Russia, it only takes some creative Googling (or Yandexing) and a few hundred euros worth of cryptocurrency to be fed through an automated payment platform, not much different than Amazon or Lexis Nexis, to acquire telephone records with geolocation data, passenger manifests, and residential data. For the records contained within multi-gigabyte database files that are not already floating around the internet via torrent networks, there is a thriving black market to buy and sell data. The humans who manually fetch this data are often low-level employees at banks, telephone companies, and police departments. Often, these data merchants providing data to resellers or direct to customers are caught and face criminal charges. For other batches of records, there are automated services either within websites or through bots on the Telegram messaging service that entirely circumvent the necessity of a human conduit to provide sensitive personal data.

The process of using these leaked resources to establish the other agents involved in the surveillance and poisoning of Navalny, and their real identities, since they naturally used false names when booking planes and cars, is discussed in fascinating detail on the Bellingcat site. But the larger point here is that strong privacy protections are good not just for citizens, but for governments too. As the Bellingcat researchers put it:

While there are obvious and terrifying privacy implications from this data market, it is clear how this environment of petty corruption and loose government enforcement can be turned against Russia's security service officers.

As well as providing Navalny with confirmation that the Russian government at the highest levels was probably behind his near-fatal poisoning, this latest Bellingcat analysis also achieves something else that is hugely important. It has given privacy advocates a really powerful argument for why governments -- even the most retrogressive and oppressive -- should be passing laws to protect the personal data of every citizen effectively. Because if they don't, clever people like Bellingcat will be able to draw on the black market resources that inevitably spring up, to reveal lots of things those in power really don't want exposed.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Reuters was the first to report suspected Russian hackers had gained access to hundreds of SolarWinds customers, including US government agencies.

Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg.

[...]

The cyber spies are believed to have gotten in by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick - often referred to as a “supply chain attack” - works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.

A full report by FireEye (which was also a victim of this hacking) details the process used to gain illicit access, which involved leveraging bogus signed components crafted by the hackers and distributed by an unaware SolarWinds. The widespread hacking campaign may have begun as early as March of this year. That it was only discovered now means the fallout from this will continue for months to come.

Here's how the backdoor works, according to FireEye:

SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. We are tracking the trojanized version of this SolarWinds Orion plug-in as SUNBURST.

After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. The malware masquerades its network traffic as the Orion Improvement Program (OIP) protocol and stores reconnaissance results within legitimate plugin configuration files allowing it to blend in with legitimate SolarWinds activity. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers.

SolarWinds boasts over 300,000 customers, including 425 Fortune 500 companies, all ten of the top ten telcos, the Pentagon, State Department, NSA, DOJ, and the White House. Its long list of customers (which now returns a 404 error) all but ensures every passing hour will add another victim to the list.

According to SolarWinds' post-attack-discovery SEC filing, it believes only a small percentage of its customers are affected. But even a fraction of its users is still a gobsmacking number of potential victims.

On December 13, 2020, SolarWinds delivered a communication to approximately 33,000 Orion product customers that were active maintenance customers during and after the Relevant Period. SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000.

The attack is serious and widespread enough that the DHS's cybersecurity arm has issued a warning -- one that says the only proven way to mitigate damage at this point is to disconnect affected hardware from the internet and pull the plug on Orion software. The CISA (Cybersecurity and Infrastructure Security Agency) Emergency Directive says this is a persistent threat -- one not easily patched away.

CISA has determined that this exploitation of SolarWinds products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. This determination is based on:

• Current exploitation of affected products and their widespread use to monitor traffic on major federal network systems;

• High potential for a compromise of agency information systems;

• Grave impact of a successful compromise.

CISA understands that the vendor is working to provide updated software patches. However, agencies must wait until CISA provides further guidance before using any forthcoming patches to reinstall the SolarWinds Orion software in their enterprise.

The directive goes on to mandate reporting on infected systems and for affected agencies to assume the system remains compromised until CISA gives the all-clear. Unfortunately, this grave warning comes from an agency that is also compromised. CISA issued the directive on December 13. Here's what was reported in the early hours of December 14:

US officials suspect that Russian-linked hackers were behind the recent data breach of multiple federal agencies, including the Departments of Homeland Security, Agriculture and Commerce, but are continuing to investigate the incident, multiple sources told CNN Monday.

CNN learned Monday that DHS' cyber arm, which is tasked with helping safeguard the nation from attacks by malicious foreign actors, is among at least three US government agencies compromised in the hack.

In addition to CISA, government officials also suspect breaches at the US Postal Service and the Department of Agriculture. And the Defense Department is in the process of assessing its own exposure, if any. If any of its components have been breached, it has yet to be publicly reported.

The Russian government is denying involvement, but the evidence seems to point to "Cozy Bear," the offensive hacking wing of Russia's intelligence services. Unfortunately, SolarWinds' dominance in the network management field made it that much easier for the attack to scale. And with CISA compromised, the government's attempts to mitigate damage will be slowed as its own cybersecurity wing attempts to rid itself of a persistent threat.

If you don't recall, this particular lawsuit was about an opinion piece on CNN by Larry Noble, a former general counsel for the Federal Election Commission, who laid out a detailed analysis of the Mueller report about Russian interference in the 2016 election, and how it likely violated Federal Elections laws. The article expressed Noble's opinions, based on clearly disclosed facts. And that, by definition, should not be defamatory. District court judge Michael L. Brown -- who was appointed to the bench by Trump -- rejects the complaint, but not because it was opinion and therefore not defamatory.

The case focuses on a single statement in Noble's CNN article:

“The Trump campaign assessed the potential risks and benefits of again seeking Russia’s help in 2020 and has decided to leave that option on the table”

While many other statements in the article include language making it clear that these are Noble's opinion, that one sentence doesn't have that specific language, and that opens it up to being seen as a statement of fact, provable true or false.

A reasonable reader could readily understand the first part as alleging a weighing of the risks and benefits. It has a precise meaning. Defendants argue the second part is “couched in figurative, imprecise language, and thus is not actionable under New York [l]aw.” (Id. at 16.) The Court disagrees. While “[s]tatements ‘couched in loose, figurative or hyperbolic language in charged circumstances’ are more likely to be deemed opinions,” it is not an inflexible rule, and “the court should weigh the totality of the circumstances.”.... Thus, while “left on the table” is figurative language, it is also precise language. A reasonable reader could readily understand it to mean “available for consideration.” The Statement satisfies the first factor of the test.

However, what kills the lawsuit is the failure of Harder and the Trump Campaign to make much of an effort at all to get over the NYT v. Sullivan standard of defamation of a public figure. In order to meet that standard, they need to show that CNN/Noble knew that what was written was false, or had "reckless disregard" for the truth (which doesn't just mean they were sloppy -- it has to mean some actual action to avoid the truth). It seems that Harder barely even bothered to try to get over this "actual malice" bar, and the judge is not impressed:

Most of the allegations in the complaint regarding actual malice are conclusory. Plaintiff, for example, alleges in a purely conclusory manner that Defendants “clearly had a malicious motive” and “knowingly disregarded all . . . information when it published the Defamatory Article.”... The complaint’s allegation that Defendants were “aware at the time of publication” that the Statement was false due to “[e]xtensive public information” is also conclusory and without factual support.... Allegations such as these amount to little more than “[t]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements,” which are insufficient to support a cause of action....

Plaintiff’s only other allegation of actual malice is that Mr. Noble had “a record of malice and bias against the President” as evidenced by a tweet and previous articles he had written.... In the tweet, Mr. Noble wrote: “Trump cheats and lies, and when caught, lies again and claims the right to make the rules. He claims defeats as victories, takes credit for anyone’s success and blames his failures on others . . . .” (Id.) The Supreme Court has emphasized “that the actual malice standard is not satisfied merely through a showing of ill will or ‘malice’ in the ordinary sense of the term.”... The tweet might show Mr. Noble’s ill will towards the President, but it fails to plead actual malice in the constitutional sense—that is, it does not show Mr. Noble made the Statement with knowledge that it was false or with reckless disregard of whether it was false.

And thus the case is dismissed, though they can try to amend the complaint to plead actual malice. That seems quite unlikely to get anywhere.

In the meantime, this should be another reminder of why we need better state anti-SLAPP laws (that can apply in federal court) and a full federal anti-SLAPP law.

It was a sensible ruling. After all, why should anyone want websites in one nation to be subject to the laws of every other nation's laws just because the internet is designed to be international? And, yet, the RIAA labels appealed the ruling and got it reversed. The case was sent back to the lower courts where it was supposed to once again proceed, except that Kurbanov's team has asked the Supreme Court to consider its jurisdiction arguments once more.

Those plans were then confirmed last month back at the Virginia court where the lawsuit began, which is considering the case anew following the Fourth Circuit ruling. Kurbanov’s lawyers have asked the district court to pause the ongoing proceedings there pending their application to the Supreme Court.

That application was submitted earlier this week. It argues that the top court should consider the case, because some Supreme Court style consideration is required on the issue of whether or not “the ‘due process clause’ of the United States Constitution is violated when a foreign citizen is subjected to personal jurisdiction based entirely on: (1) his operation of a website that is popular both within the United States and worldwide, but which is not specifically aimed at the United States; and (2) minor internet-based and internet-initiated transactions entered into by the foreign citizen entirely from outside the United States”.

This is indeed just the sort of important due process argument in the age of the internet that a sober SCOTUS should be weighing in on. And, while we could get lost in the legality of it all, common sense really should rule the day here. Does American law have jurisdiction over foreign entities not making any real effort to do commerce on American soil or does it not? And, if so, what precedent does that set for every other nation out there in terms of how American-based businesses conduct business over the internet?

Shall legal pornography websites in America be subject to the more prudish laws of other nations? Should news organizations in America face litigation from countries with far fewer press and free speech protections? Hell, should American entities legitimately selling RIAA label music themselves face threats from countries with obscenity laws and the like?

Evan Fray-Witzer said: “If you operate a website that is popular, then you’re subject to jurisdiction anywhere – and everywhere – that people access the website. And that’s not a precedent that anyone should want to stand, because if Kurbanov can be dragged into court here from Russia, then any US citizen who creates a popular website can expect to be dragged into court anywhere in the world”.

The lawyer also told Torrentfreak that the major labels should support his client’s bid to get the Supreme Court to provide clarity on this issue.

“If the record companies are so certain that the Fourth Circuit got this question right, then they should be anxious for the Supreme Court to take up the case”, he added. “We invite them to join our petition and ask the Supreme Court to weigh in on these crucial jurisdictional questions. But I’m not holding my breath that they’ll do so”.

It can be hard for the labels to see past the ends of their own noses, but they should realize that they could truly be biting themselves in their own asses if SCOTUS refuses to hear this case and this precedent gets set. The internet is international, but American laws are not.

"Russian hackers have leaked the personal data of nearly every voter in Michigan (7.6 million of the state’s 7.8 million voters), as well as the information of another million voters in Arkansas, Connecticut, North Carolina, and Florida, according to the newspaper Kommersant. The data recently appeared on a Darknet forum, posted by a user nicknamed “Gorka9.” The information was current as of March 2020 and a source at the security firm “InfoWatch” confirmed to Kommersant that the data is authentic.

For each American voter targeted in the leak, the following information is now available: full name, date of birth, sex, date of registration, home address, zip code, email address, voter ID number, and polling station number."

The reports also insisted that hackers were then exploiting the U.S. Rewards for Justice Program to get paid for bringing the hack to the attention of the U.S. government. From there, the story quickly ballooned across Twitter, thanks in part to journalists:

The problem? This data was already either widely available, or available via a basic Freedom of Information Act (FOIA) request. Much like the recent hysteria over TikTok (in which many people act as if banning the app prohibits China from accessing U.S. user data that's available pretty much everywhere thanks to our crap privacy and security standards), people that actually study or report on infosec for a living were then forced to try and do damage control by adding useful context. That context being that the ease in which anybody could obtain this data means it doesn't actually hold much value:

The disconnect between those that cover infosec for a living, and those who engage in security or privacy tourism on Twitter was a bit jarring:

The one truly interesting bit, that the U.S. tip line was being exploited to pay hackers for directing them to publicly accessible data, is far more interesting and will require additional reporting. Meanwhile, the Michigan Department of State was forced to issue a statement noting it was never hacked, and urging internet users to exercise a little better judgement in terms of what they choose to hyperventilate over:

All told, just another day on the internet. Granted, our non-transparent and dodgy election security systems in many states still pose a genuine threat to U.S. security. A threat that's not being fully addressed due to the fact we seem to have idiotically made basic election security a partisan issue. But freaking out over inflated claims of hacks that never happened sure as hell isn't helping to fix that problem.

Whether or not COVID parties are actually real or not, some jackass decided to set up an Instagram account called "asu_covid.parties," supposedly to promote such parties among students of Arizona State University as they return to campus. The account (incorrectly and dangerously) claimed that COVID-19 is "a big fat hoax." Of course, if it were a hoax, why would you organize parties to infect people? Logic is not apparently a strong suit. Arizona State University appears to believe that the account was created by someone (or some people) in Russia to "sow confusion and conflict." And that may be true.

You can understand why the University might be upset about this and want to stop it. But, that shouldn't mean that the University gets to abuse the law to do so. Unfortunately, the University decided to sue Facebook (and the anonymous account holder) over the account, claiming... trademark infringement.

Because of the serious public health issues involved here, and pursuant to Fed. R. Civ. P. 65, ASU seeks a temporary restraining order and preliminary injunction to prohibit the “asu_covid.parties” account holder (i) from using the ASU Marks and the maroon and gold school colors trade dress as part of any account username, profile name, profile picture, and/or bio description, and (ii) from using the ASU Marks and the maroon and gold school colors trade dress in connection with the promotion of any parties, events, or other goods and services. ABOR also seeks relief against Facebook, Inc., the owner and operator of the Instagram platform and service, temporarily and preliminarily enjoining it from continuing to provide any services to the “asu_covid.parties” account holder as a means for infringing upon the ASU Marks and school colors trade dress.

As dumb and dangerous as the account may be that remains no excuse for abusing trademark law for this purpose. The use by the account is clearly not "in commerce" and certainly is not likely to create confusion. No moron in a hurry is going to think this is coming from an official ASU account. Indeed, the filings admit that the account itself (falsely) claims that it won a legal fight with ASU... which proves that it's separate from ASU:

In addition to the instances of infringement of the ASU Marks, the John Doe defendant has engaged in a series of offensive and false statements about ASU. The account has posted objectively false statements and information about ASU, including, for example, the following post in which it claims that the account owner has “won the battle in court” and that ASU has been ordered to pay its legal fees plus $500,000 in damages.... No such lawsuit or claim for damages exists.... If that were not enough, in several posts the owner of this account portrays ASU and its leadership as Nazis, referring to ASU’s President Crow as Fuhrer Crow and comparing ASU’s mask requirement to forcing Jews to wear a yellow Star of David...

While this is being used to argue tarnishment, it's difficult to see how that's a legit claim either. No one is believing these silly claims.

Furthermore, making the trademark claim against Facebook, rather than just the account holder seems particularly stupid. Now, it is true that trademark claims are a kind of loophole when it comes to Section 230. Intellectual property is exempted from 230. And while copyright has the DMCA safe harbors, trademark has no official safe harbor of that nature -- so, in theory, if you want to get around Section 230, trademark is one way to do so. But, in reality, it doesn't work that well because courts are still quick to recognize when someone is trying to blame a third party for actions of their users.

Here, ASU is claiming that when it complained to Instagram about the account over trademark claims, Instagram responded that it did not appear to violate ASU"s trademarks. That's correct. It does not violate ASU's trademarks. It may violate other Facebook/Instagram policies, but the company made the right call on the specific trademark complaint. But ASU claims this makes Facebook liable:

On August 12, 2020, undersigned counsel on behalf of ASU submitted a trademark infringement report using Instagram’s reporting tool and identifying the federally registered ASU Marks as being infringed by the “asu_covid.parties” account.... On August 14, 2020, Instagram responded that “the reported party appears to be using your trademark to refer to or comment on your goods and services” and that it would not take any action regarding this account.... Instagram’s response mischaracterized the account’s use of the ASU Marks because neither the account profile nor any of the referenced posts refer to or comment on any of ASU’s goods or services....

Of course, soon after the lawsuit was filed, Instagram did shut down the account. This was the right move because the account violated other policies that Instagram and Facebook have regarding COVID-19 disinformation -- but that's separate from a trademark claim.

While Facebook taking down the account may make most of the rest of this moot, we should be concerned about the fact that ASU filed this in the first place (or if it does somehow go forward, what happens). Imagine a ruling in favor of ASU here and how it could be abused to silence many different student groups or organizations criticizing a university (or just to pressure Facebook and other platforms to delete such groups and accounts).

I can completely understand why ASU wanted this account shut down. But it shouldn't abuse trademark law to do so.

On appeal in May, however, the case was sent back to the lower court.

The labels then took their case to the Fourth Circuit appeals court back in May, where judges concluded that the district court judge was wrong to quickly dismiss the lawsuit on those jurisdiction grounds. The appeal judges listed various reasons why it could be deemed that FLVTO.biz and 2conv.com were actively trading in the US – and specifically Virginia – even though the websites are formally based in Russia and don’t require any sign-up from users.

The technical interaction that occurred between Kurbanov’s servers and the computers of his site’s American users constituted a “commercial relationship”; he’d had business dealings with US-based advertisers and server companies and registered a ‘DMCA agent’ with the US Copyright Office; plus he could but didn’t seek to geo-block Americans from using FLVTO.biz and 2conv.com.

It should be immediately clear how dangerous this is for a healthy international internet to exist. The idea that a website, whatever its purpose, could find itself in the jurisdiction of any nation just because that nation's population can reach that website is absurd. Should Wikipedia be in the jurisdiction of Saudi Arabia just because it doesn't geoblock that country? Should Cosmo Magazine's site be subject to the laws of Mexico if its people can get to the site?

No, that's absurd. Were that the standard, it would be a legal quagmire for any site to operate unless it geoblocked every country where it doesn't have a direct presence. And that, it should be obvious, would be the end of a free and open international internet. Which is why FLVTO's lawyers want this to go to the Supreme Court.

Speaking to Torrentfreak, one of those lawyers, Evan Fray-Witzer, said the Fourth Circuit’s ruling set a dangerous precedent that could have a big impact on all foreign website operators. This makes it important enough for Supreme Court consideration, he added.

“The Supreme Court has not yet decided a case concerning personal jurisdiction based on internet contacts and we think this case would be a good opportunity for the court to address the issue head-on”, he continued.

And so we wait, I suppose, to see if SCOTUS would kindly like to un-break the internet.

The Justice Department on Tuesday accused two Chinese hackers of stealing hundreds of millions of dollars of trade secrets from companies across the world and more recently targeting firms developing a vaccine for the coronavirus.

This is totally performative, as those hackers are in China and the US can't do a damn thing about them, other than allow for Attorney General Bill Barr and FBI Director Chris Wray to grandstand and pretend they're doing something useful. And, again, the really shameful part is the fact that this research is "secret" in the first place.

And, of course, last week we had a repeat of the story from May, except that this time it wasn't "Chinese hackers" trying to get vaccine data, but theoretical Russian hackers:

Russian cyber actors are targeting organizations involved in coronavirus vaccine development, according to a new warning by US, UK and Canadian security officials on Thursday that details activity by a Russian hacking group called APT29, which also goes by the name "the Dukes" or "Cozy Bear."

An advisory published by the UK National Cyber Security Centre (NCSC) details activity by the Russian hacking group and explicitly calls out efforts to target US, UK and Canadian vaccine research and development organizations.

"APT29's campaign of malicious activity is ongoing, predominantly against government, diplomatic, think tank, healthcare and energy targets to steal valuable intellectual property," a press release on the advisory said.

I'm sure within a month or two we'll have another performative press conference from Barr and Wray announcing pointless show charges against Russian hackers as well, because why not?

And, again, rather than recognize that saving and protecting global health is the key priority here, the US government is responding by worrying that others might save the world first. House Minority Leader Rep. Kevin McCarthy is even introducing a bill to "sanction foreign hackers" for trying to get US COVID-19 vaccine information in his somewhat pointless Defend COVID Research from Hackers Act".

The bill is pointless on multiple levels. Foreign hackers are not subject to US jurisdiction, so this wouldn't do anything in the first place. Second, given the indictments announced today, it's not as if law enforcement actually needs greater authority. They seem to have the authority they need to go after hackers. But, (to repeat myself) more importantly, we should be sharing this research widely and getting everyone else to pool their research efforts as well in order to move everyone forward as quickly as possible in order to save as many lives as possible. This isn't a zero sum game where one country "wins" and another "loses." This is about stopping a devastating global pandemic.

As even CNN is admitting, there are no good health reasons for keeping this info secret or worrying about hacks, it's literally a completely wasteful attempt to want to claim bragging rights.

Given the inevitable confusion ahead, getting to the head of the line just does not make sense as an explanation, at least from a financial windfall perspective or a saving lives perspective. But the need to dominate voiced both by Trump and the leader of Russian vaccine efforts, Dmitriev, makes the likely reason for any sneak attack all too clear. It's less about saving the world with a vaccine than about beating the other guy and taking home the first place medal.

What a stupid, stupid reason. Leadership is about doing the right thing even if it makes you look bad. The right thing here is figuring out how to save as many lives as possible and to end the pandemic as quickly as possible. McCarthy's bill would do the opposite of that, and is a total waste of time. I get that it's still driven by the silly belief that everything related to drug discovery must be "owned" and "patented," but actual lives are on the line right now, and Rep. McCarthy should be ashamed that he's wasting time and holding back research, instead of encouraging more open sharing of information.

Of course, some are now wondering if that's part of the reason why the Trumpian wing of the GOP have come out against Burr. Because the Senate Intel Committee has released a report confirming that Russia tried to help Trump win in 2016. The report is not particularly surprising, highlighting many widely known points. However, in Trumpland, no one seems to be able to handle the nuanced differences between the campaign directly "colluding" with Russia (for which the evidence is more limited) with the idea that Russia independently sought to boost Trump (for which the evidence is overwhelming). So, Trump supporters have been clamoring for Burr's head on a platter for merely stating facts, which are not allowed in this world where pointing out that The Emperor is Naked is somehow deemed to be heresy.

Given Attorney General Barr's recent decisions to more fully weaponize and politicize the Justice Department, it can't be dismissed out of hand that there are political reasons for the FBI's sudden interest in Burr, but it still seems like a stretch. Sooner or later it's likely that there will be some fallout from which one can better assess the validity of the warrant, and whether or not Burr was engaged in insider trading.

One point that a few people have raised is to look at whether or not the FBI is looking into any of the other Senators who sold notable chunks of stock just before the pandemic hit, though as we explained in that original story, the situations and fact patterns with each of the other Senators is at least somewhat different than Burr's case. For what it's worth, there are reports that the FBI questioned Senator Dianne Feinstein, who also sold some stock during this period. However, as we pointed out in the original post, there's little indication that her sales were COVID-19 related, especially since it was mostly selling off biotech stocks (exactly the kind of stocks you'd think would go up in a pandemic).

The other Senator's selloff behavior that looked at least somewhat sketchy was Senator Kelly Loeffler, whose actions look worse and worse, as she denies things more vociferously. Just recently, she went on Fox News (natch) to claim that "this is 100% a political attack." Huh? What? You're the one who sold the stock. She also (get this) tried to blame socialism because why not?

This gets at the very heart of why I came to Washington, to defend free enterprise, to defend capitalism. This is a socialist attack.

Who knew that insider trading was "free enterprise"?

Either way, while Burr has had to hand over his phone and Feinstein had to answer questions from the FBI... Loeffler simply refuses to say whether or not the FBI has reached out to her. If it does turn out that the FBI has investigated the others, but left Loeffler entirely alone (whether or not her sales were aboveboard), that's certainly going to be some evidence to add to the pile that the focus on Burr was just as much political as it was about the legal issues at play.

Update: After this story was completed, Loeffler's office announced that she had handed documents over to the SEC and DOJ along with the Senate Ethics Committee. It's unclear if the DOJ/FBI asked for anything or if she just did this proactively. Just a few days ago, there was a report saying that her team was considering doing exactly this as a "hail mary" to try to get out ahead of this story that she can't seem to get rid of, and which appears to be having an impact on her campaign to retain the office that she was gifted a few months ago.

The folks over at Bellingcat have done their open source intelligence investigation thing, and provided a ton of evidence to show that Badin almost certainly is part of GRU... including the fact that he registered his 2018 car purchase to the public address of a GRU building. This is not the first time this has happened. A few years back, Bellingcat also connected a bunch of people to the GRU -- including some accused of hacking by the Dutch government -- based on leaked car registration info.

There's much, much more in the Bellingcat report, but the final paragraph really stands out. Bellingcat also found Badin -- again, a hacker who is suspected in multiple massive and consequential hacks, including of email accounts -- didn't seem to be all that careful with his own security:

The most surreal absence of “practice-what-you-breach” among GRU hackers might be visible in their lackadaisical attitude to their own cyber protection. In 2018, a large collection of hacked Russian mail accounts, including user name and passwords, was dumped online. Dmitry Badin’s email — which we figured out from his Skype account, which we in turn obtained from his phone number, which we of course got from his car registration — had been hacked. He had apparently been using the password Badin1990. After this, his email credentials were leaked again as part of a larger hack, where we see that he had changed his password from Badin1990 to the much more secure Badin990.

Yes, the password for at least one of his email accounts... was apparently his own last name and the year he was born. The cobbler's kids go shoeless again.

Everything about this lawsuit is silly. First, it's suing over an opinion piece published by the NY Times in March of 2019 by Max Frankel. Just the fact that it's an opinion piece (opinions are not defamatory) should give you a sense of where this is going. The article itself, entitled "The Real Trump-Russia Quid Pro Quo" makes a pretty banal observation: that whether or not there was any direct "collusion" between the Trump campaign and the Russian government, it doesn't matter if both sides expected certain outcomes (i.e., if Trump's campaign expected the Russians to help get him elected, and if the Russian's expected that Trump would favor pro-Russia policies -- then there would be no need for actual direct communication between the two). Whether or not you think that's an accurate summation of what happened, it's certainly an understandable opinion for one to hold.

But, Trump and Harder try to argue that this opinion is not true. But everything about the argument made in the lawsuit is silly.

The Defamatory Article does not allege or refer to any proof of its claims of a “quid pro quo” or “deal” between the Campaign and Russia. Rather, the Defamatory Article selectively refers to previously-reported contacts between a Russian lawyer and persons connected with the Campaign. The Defamatory Article, however, insinuates that these contacts must have resulted in a quid pro quo or a deal, and the Defamatory Article does not acknowledge that, in fact, there had been extensive reporting, including in The Times, that the meetings and contacts that the Defamatory Article refers to did not result in any quid pro quo or deal between the Campaign and Russia, or anyone connected with either of them.

But, if you read the actual Times piece (which is quite short), it doesn't allege any actual deal. Indeed, it says right up front that there didn't need to be a deal. Literally the 1st paragraph of Frankel's piece lays out the lack of any need for an explicit quid pro quo, highlighting that merely having everyone know what to expect is more than enough.

Collusion — or a lack of it — turns out to have been the rhetorical trap that ensnared President Trump’s pursuers. There was no need for detailed electoral collusion between the Trump campaign and Vladimir Putin’s oligarchy because they had an overarching deal: the quid of help in the campaign against Hillary Clinton for the quo of a new pro-Russian foreign policy, starting with relief from the Obama administration’s burdensome economic sanctions. The Trumpites knew about the quid and held out the prospect of the quo.

That's not insinuating a deal. It's doing the opposite -- saying that a deal wasn't needed.

But the lawsuit assumes an entirely different interpretation. Even worse, its "proof" that the NY Times must know this reporting is false is the Mueller report that came out three weeks after the article was published. How was the NY Times supposed to know the details of a classified report nearly a month early in an opinion piece? That is left as a mystery for the ages. The Times piece was published on March 27th. As the filing admits, the Mueller report wasn't released until April 18th.

The Times’ story is false. The falsity of the story has been confirmed by Special Counsel Robert Mueller’s Report on the Investigation into Russian Interference in the 2016 Presidential Election released on or about April 18, 2019 (the “Mueller Report”), and many other published sources, that there was no conspiracy between the Campaign and Russia in connection with the 2016 United States Presidential Election, or otherwise. Among other things, there was no “deal,” and no “quid pro quo,” between the Campaign or anyone affiliated with it, and Vladimir Putin or the Russian government.

Indeed, Harder tries to argue that the reason the NY Times put this piece out prior to the Mueller report was that it somehow knew the Mueller report would prove the article wrong. Which, of course, it did not. The whole case seems to be based on Harder and/or the Trump campaign misreading the Frankel article.

There's also a lot of garbage in the filing that no serious lawyer would put into a filing, unless it was to appeal to a political base, rather than a judge.

It is not entirely surprising that The Times would publish such a blatant false attack against the Campaign. There is extensive evidence that The Times is extremely biased against the Campaign, and against Republicans in general. This evidence includes, among other things, the fact that The Times has endorsed the Democrat in every United States presidential election of the past sixty (60) years. Also, Max Frankel, the author of the Defamatory Article, described himself in an interview as “a Democrat with a vengeance.”

The case has been filed in NY state court, and as Harder well knows, New York has a very limited anti-SLAPP law, meaning that it is unlikely to apply.

Of course, I find it depressingly amusing that this comes the same month that Harder was in court in California on behalf of Donald Trump supporting broad anti-SLAPP laws in a case in which Harder argued that "a defamation standard that turns typical political rhetoric into actionable defamation would chill expression that is central to the First Amendment and political speech."

The lawsuit is garbage and hopefully the NY Times gets it quickly tossed out, but I guess this means that Harder and Trump's support for anti-SLAPP laws that protect against these kinds of frivolous lawsuits won't extend to New York or to a (necessary) federal anti-SLAPP law.

The latest case in point: starting last Friday, the Russian government banned access to encrypted email service Tutanota, without bothering to provide the company with much of any meaningful explanation:

In a blog post, the company notes that Tutanota has been blocked in Egypt since October of last year, and that impacted users should attempt to access the service via a VPN or the Tor browser:

"Encrypted communication is a thorn in the side to authoritarian governments like Russia as encryption makes it impossible for security services to eavesdrop on their citizens. The current blocking of Tutanota is an act against encryption and confidential communication in Russia.

...We condemn the blocking of Tutanota. It is a form of censorship of Russian citizens who are now deprived of yet another secure communication channel online. At Tutanota we fight for our users’ right to privacy online, also, and particularly, in authoritarian countries such as Russia and Egypt.

Except VPNs have been under fire in Russia for years as well. Back in 2016 Russia introduced a new surveillance bill promising to deliver greater security to the country. Of course, as with so many similar efforts around the world the bill actually did the exact opposite -- not only mandating new encryption backdoors, but also imposing harsh new data-retention requirements on ISPs and VPN providers forced to now register with the government. As a result, some VPN providers, like Private Internet Access, wound up leaving the country after finding their entire function eroded and having some of their servers seized.

Last year Russia upped the ante, demanding that VPN providers like NordVPN, ExpressVPN, IPVanish, and HideMyAss help block forbidden websites that have been added to Russia's censorship watchlist. And last January, ProtonMail (and ProtonVPN) got caught up in the ban as well after it refused to play the Russian government's registration games. While Russian leaders want the public to believe these efforts are necessary to ensure national security, they're little more than a giant neon sign advertising Russian leaders' immense fear of the Russian public being able to communicate securely.

Academic journals in Russia are retracting more than 800 papers following a probe into unethical publication practices by a commission appointed by the Russian Academy of Sciences (RAS). The moves come in the wake of several other queries suggesting the vast Russian scientific literature is riddled with plagiarism, self-plagiarism, and so-called gift authorship, in which academics become a co-author without having contributed any work.

The article mentions the findings of Antiplagiat, a plagiarism detection company. Antiplagiat looked at over four million academic articles published in the Russian language, and found that more than 70,000 were published at least twice. Some were reused 17 times. That's an impressively efficient re-cycling of material once it has been written, and saves people the bother of writing new papers, while racking up citations that look good on a CV.

The practice of what is known as "gift authorship" is arguably even more convenient for lazy academics. It involves selling slots on papers already written by other authors that have been accepted by a journal. No work or connection with the research is required. Instead, a site like 123mi.ru acts as a matchmaker between authors willing to sell slots on their articles, and those willing to pay for them. Prices range from around $500 to $3000 per author slot, depending on the subject matter and the journal -- although the latter is only revealed after the slot has been paid for. Some articles allow up to five authors slots to be bought in this way.

Academic publishing in Russia clearly has some serious problems, which undermine its value as a measure of scholarly achievement. Sadly, the same could be said about academic publishing in the West, albeit for different reasons.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

However, the Washington Post is now claiming that the DOJ has been investigating Sci-Hub founder, Alexandra Elbakyan, who started the site as an academic herself who found it nearly impossible to access the research she needed. But here's the twist, apparently the DOJ is alleging that Elbakyan is somehow tied to Russian intelligence.

It’s unclear whether Elbakyan is using Sci-Hub’s operations in service of Russian intelligence, but her critics say she has demonstrated significant hacking skills by collecting log-in credentials from journal subscribers, particularly at universities, and using them to pilfer vast amounts of academic literature.

The investigation has both criminal and intelligence-gathering elements, according to the people familiar with the matter, who spoke on the condition of anonymity to discuss an ongoing probe.

A former senior U.S. intelligence official said he believes Elbakyan is working with Russia’s military intelligence arm, the GRU, the same organization that stole emails from the Democratic National Committee and Hillary Clinton’s campaign chairman and then provided them to WikiLeaks in 2016.

Given the typical demonization of those who seek to open up access to academic research (see: Swartz, Aaron), I'd take this report with a pretty large grain of salt until some actual evidence is provided.

Some of the accusations -- provided in the article by Elsevier's lawyer, who has worked on cases against Sci-Hub -- claim that rather than academics sharing their credentials willingly, Sci-Hub has resorted to phishing to get them. If true, that would be quite unfortunate. And, at one point in the article, Elbakyan might admit to as much, though it's not clear if the full context of the question or response from her is included in the article:

“We’ve seen phishing, that’s most common,” he said, referring to the use of deceit to trick someone into providing a username and password. “But also password-breaking,” Pitts added, suggesting Elbakyan uses more-aggressive hacking techniques.

“I do not deny that some accounts that Sci-Hub is using were obtained” in such a way, Elbakyan said, but she declined to elaborate on how she comes by credentials.

If true, that would be disappointing. But it still seems like a lot more evidence would be necessary to argue that it's a tool of Russian intelligence.

The idea is to isolate the Russian internet from the internet the rest of the world uses. It's not to protect Russia or Russian internet users. It's to force all Russian internet traffic through Roskomnadzor servers, which will allow the government to surveil its citizens' internet use, presumably to facilitate censorship efforts and prosecutions.

Lots of experts doubted the plan was feasible. At best, it would subject all Russian internet traffic to government surveillance. At worst, it would cause critical systems to fail. The plan was to pull the plug in April. It didn't happen until December. According to the Russian government, this extreme Balkanization of the internet went off without a hitch.

"It turned out that, in general, that both authorities and telecom operators are ready to effectively respond to possible risks and threats and ensure the functioning of the Internet and the unified telecommunication network in Russia," said Alexei Sokolov, deputy head of the Ministry of Digital Development, Communications and Mass Media, as cited by multiple Russian news agencies [1, 2, 3, 4].

That's the only source we have, so trusting this narrative means trusting the Russian government -- a government that is claiming it's essential to seal off its internet to protect it from threats when all it really wants to do is control narratives, perform mass censorship, and hunt down citizens who color outside the lines.

Russia wants to make its policy an everywhere policy. Its proposal -- currently being considered by the United Nations -- pushes for more internet sovereignty everywhere. Again, this tool of censorship and control is being portrayed as an anti-cybercrime tool meant to secure nations, rather than censor citizens.

It seems harmless enough in Newspeak:

The representative of the Russian Federation, presenting the draft, said cybercrime threatens entire sectors and is a crucial national security priority. Despite the importance of the issue, there is a lack of an instrument to tackle it, and until last year’s resolution 73/187, the General Assembly had not addressed the need for a unified conceptual framework. While inclusive international dialogue has commenced, its geographic scope is “limited”, and there is a clear need to bolster international cooperation, he said. Stating that the draft complements similar initiatives — including the United Nations Convention against Transnational Organized Crime — he said it must also take on board work done by the Expert Group to Conduct a Comprehensive Study on Cybercrime in Vienna. He pointed out that the draft resolution “does not cost much, at less than $200,000”, and fosters a more just, balanced world order in the digital sphere by ending “club-based” agreements.

A draft of this proposal [PDF] has already been approved by the UN. Maybe the UN should have looked a little closer at the parties behind the proposal -- all of which already engage in strict control of internet services and engage in mass censorship.

Belarus, Cambodia, China, Democratic People’s Republic of Korea, Myanmar, Nicaragua, Russian Federation and Venezuela

The proposal says things about "cooperation," but the only cooperation being asked for is assistance in making it easier to run country-specific versions of the internet.

The resolution -- Countering The Use Of Information And Communications Technologies For Criminal Purposes -- would create a new cybercrime treaty written by Russia, a country analysts have said is cracking down on Internet freedom at home to stifle opposition to the Kremlin.

“The Russians clearly are interested in pushing their vision of what the Internet should look like in the future, and that’s conflating this idea of cybercrime with cybersecurity and cyber controls,” a State Department official told media on December 19.

Russia wants “a form of lockdown on information” over the Internet and a “curtailment of those freedoms” that the United States stands for, the State Department official said.

There's also the attendant irony of Russia leading the fight against misinformation and the use of the internet for criminal purposes. The countries in agreement on this proposal routinely engage in state-sponsored attacks on foreign government entities and Russia is internationally infamous for its interference in the last US presidential election. Russia wants all the best foxes to guard the internet hen house. That the draft passed with plenty of support indicates the world is loaded with foxes who see only an upside to taking control of the internet their citizens have access to.

It keeps happening. Recently, stock photo site Shutterstock -- all of it -- suddenly appeared on the Russia banned sites list. You might be assuming that this is a copyright issue, but it isn't.

However, those who visit the URL detailed at the top of the notice will find what appears to be an image of a Russian flag placed in the middle of a pile of excrement. Russian authorities do not take kindly to their national symbols depicted in such a fashion and have laws in place to prevent it.

As a result, Russian ISPs are now blocking two Shutterstock-related IP addresses (one in Germany, one in the Netherlands) which are both operated by cloud company Akamai. Whether other sites using the same IP addresses are also being affected is currently unclear.

For good measure, Russia is also targeting the image.shutterstock.com domain. As highlighted by Russian digital rights group Roskomsvoboda, which first reported the news, this is particularly problematic since rather than tackling just a single URL, a whole HTTPS subdomain is in the register.

As a recap, because the Russian government is upset over someone putting an image online of the Russian flag in less than flattering circumstances, Shutterstock's domain is blocked nationwide. This is about where I'd like to ping the MPAA and ask again about its support of Rozcomnadzor. After all, the MPAA signed on with the Russian agency over a concern on copyright protection, ostensibly so that creative types could sell their wares to legitimate buyers. With this overreaction of a site-wide block of Shutterstock, a whole bunch of stock photo artists have suddenly lost their ability to sell their creative works.

One also wonders just how long this can go on without a massive reaction by the internet-using Russian public. After all, with these massive overblocks, eventually the Russian government will run out of internet to deprive of its citizens.

While it is generally a best practice to follow local laws when offering services in foreign countries, it's always disappointing when US companies respect laws that have been created solely for the purpose of stifling dissent, silencing critics, and putting marginalized people at the risk of even greater harm.

Paul Bischoff of Comparitech has compiled information from a number of companies' transparency reports to produce an easily-readable snapshot of worldwide censorship as enabled by US tech companies. And the countries you'd expect to be demanding the censorship of the most content are the ones you'll see taking top spots at various platforms. Russia, Turkey, and India all top the charts, both in the number of demands made and the actual amount of memory-holed content.

Russia must be home to one of the last large Blogger userbases, considering how often the country targets this platform. Russia alone accounted for 53% of the 115,000 removal requests received by Google, which also covers search engine listings and YouTube. Russia's takedown demands have been steadily escalating over the past half-decade, jumping from 2,761 in 2015 to 19,192 in the first half of 2018 alone. Most of Russia's requests are supposedly "national security" related, but that still leaves plenty to spread around to cover other things the government disapproves of, like nudity, drug abuse, and defamation.

Turkey comes in at a very distant second. It too likes to claim stuff is either defamation or a threat to national security, but it prefers to perform its vicarious censorship on a different social media platform: Twitter.

Turkey jumps into the top spot here, accounting for 55.23 percent of the overall number of requests (54,652). Russia is a distant second with 21.17 percent of the overall number.

But Russia is gaining ground…

[T]he largest number of content removal requests came last year with 23,464 (an 84% increase on the previous year). [...]Russia and Turkey... made up 21.25 and 59.67 percent of the requests in 2018, respectively.

Yes, Twitter is Turkey's playground. The easily-offended head of state (and all of his easily-offended officials) love to use content removal requests to silence critics and bury unflattering coverage. Unfortunately, Twitter has been all too helpful when it comes to Turkey oppressing its citizens via third parties. Sure, much of the blocking only affects Turkey, but that's where dissenting views are needed the most.

Bischoff's report is worth reading in full. It breaks down the raw data of transparency reports into easily-digestible chunks that show which platforms which countries censor most, as well as the type of complaints these countries are sending most often.

You'll also see why one of the biggest censors in the world barely shows up in these reports. China doesn't need third parties' help to control what its citizens see online. It begins this censorship at home by blocking content across multiple platforms (and, often, the platforms themselves), some of which are homegrown services far more popular with Chinese users than their American equivalents. A lack of data doesn't mean China is taking a hands-off approach to content moderation. It simply means the Chinese government rarely has to put its hands on anything outside the country to achieve its aims.

One of the more minor players in the global takedown playground is Wikimedia. Outside of the occasional DMCA takedown request, Wikimedia rarely gets hassled by anyone, much less world governments. But the requests it does get are far weirder than the run-of-the-mill censor-by-proxy requests delivered to social media platforms. Wikimedia is one of the few American entities that has told the Turkish government to beat it when Turkey asked for negative (but apparently factual) content to be removed. It also had to explain to members of an unnamed political party how Wikipedia -- and the First Amendment -- actually work.

A lawyer reached out to us on behalf of a lesser-known North American political party that was unhappy with edits to English Wikipedia articles about the party and one of its leaders. Her clients apparently wanted previous, more promotional versions of the articles restored in place of the later versions. To better engage in discussions with the community, we encouraged them to familiarize themselves with Wikipedia’s recommendations on style and tone and the policy restricting use of promotional language. We also advised that one of the best ways to resolve their concerns is to engage with the community directly.

And it has only removed one piece of content ever that wasn't the result of a valid DMCA takedown request:

According to Wikimedia, a blogger visiting Burma/Myanmar posted a redacted photo of his visa on his website. Somehow, a version of his visa picture without his personal information removed ended up on an English Wikipedia article concerning the country’s visa policy.

“He wrote to us, asking to remove the photo,” wrote Wikimedia. “Given the nature of the information and the circumstances of how it was exposed, we took the image down.”

Tech advances have accelerated the pace of global censorship. When you're dealing with the world's greatest communication tool -- the internet -- you kind of have to take the good with the bad. Geoblocking content to stay in the good graces of foreign governments may seem like the "lesser of several evils" approach, but even if it's the approach that will result in the least amount of collateral damage, it's still something that encourages authoritarians to continue being authoritarian.

Drones are now an integral part of the inventory of the region's most advanced militaries, and the also-rans. Non state actors have been clamouring to secure them as well -- convinced by the utility of hard-to-detect, dispensable flying toys to be used as weapons of war.

But as Techdirt has noted before, drones are not all about death and destruction. BBC News has an interesting example of a novel use from Russia. It concerns a police raid on the flat of Sergey Boyko, who heads the local branch of the movement of opposition leader Alexei Navalny. Raids were conducted in more than 40 cities across the country, allegedly investigating money laundering, something denied by Navalny's supporters. Elsewhere, the police seized activists' computers and mobile phones. But they came away empty-handed from their raid on Boyko, thanks to the use of a small drone:

The drone was loaded with various hard disks, solid-state drives and flash sticks containing "very important" information that he did not want to fall into the police's hands, according to the activist.

"Done. The evacuation has been carried out. The drone reached its destination," he says at one point.

The drone's destination was an unnamed friend of Boyko, presumably not an obvious one that the police might easily find in their search for the data. Boyko was clearly expecting to be raided. He not only had the presence of mind to have a drone to hand for the delivery, but he also recorded the police raid as it was happening. The video concludes with a plea for viewers to support the Navalny campaign financially -- a neat way of using the police raid against the authorities who ordered it. The whole episode is another indication of how Russians seem able to keep calm in even the most difficult situations, which is probably just as well given the way that some people drive there.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams. Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet. Senior FBI and CIA officials briefed congressional leaders on these issues as part of a wide-ranging examination on Capitol Hill of U.S. counterintelligence vulnerabilities.

These compromises, the full gravity of which became clear to U.S. officials in 2012, gave Russian spies in American cities including Washington, New York and San Francisco key insights into the location of undercover FBI surveillance teams, and likely the actual substance of FBI communications, according to former officials. They provided the Russians opportunities to potentially shake off FBI surveillance and communicate with sensitive human sources, check on remote recording devices and even gather intelligence on their FBI pursuers, the former officials said.

That all seems like a fairly big deal. And, it specifically targeted the FBI's encrypted communications phone system:

That effort compromised the encrypted radio systems used by the FBI’s mobile surveillance teams, which track the movements of Russian spies on American soil, according to more than half a dozen former senior intelligence and national security officials. Around the same time, Russian spies also compromised the FBI teams’ backup communications systems — cellphones outfitted with “push-to-talk” walkie-talkie capabilities. “This was something we took extremely seriously,” said a former senior counterintelligence official.

The Russian operation went beyond tracking the communications devices used by FBI surveillance teams, according to four former senior officials. Working out of secret “listening posts” housed in Russian diplomatic and other government-controlled facilities, the Russians were able to intercept, record and eventually crack the codes to FBI radio communications.

While this is all interesting in the "understanding what the latest spy v. spy fight is about," it's even more incredible in the context of the FBI still fighting to this day to weaken encryption for everyone else. The FBI, under both James Comey and Christopher Wray, have spent years trashing the idea that encrypted communications was important and repeatedly asking the tech industry to insert deliberate vulnerabilities in order to allow US officials to have easier access to encrypted communications. The pushback on this, over and over, is that any such system for "lawful access" will inevitably lead to much greater risk of others being able to hack in as well.

Given that, you'd think that the FBI would be especially sensitive to this risk, now that we know the Russians appear to have cracked at least two of the FBI's encrypted communications systems. Indeed, back in 2015, we highlighted how the FBI used to recommend that citizens use encryption to protect their mobile phones, but they had quietly removed that recommendation right around the time Comey started playing up the "going dark" nonsense.

Of course, it's possible that the folks dealing with the Russians cracking FBI encrypted comms are separate from the people freaking out about consumer use of encryption, but the leadership (i.e., Comey and Wray) certainly had to understand both sides of this. This leaves me all a bit perplexed. Were Comey and Wray so completely clueless that they didn't think these two situations had anything to do with one another? Or does it mean that they thought "hey, if we had our comms exposed, so should everyone else?" Or do they just not care?