Fluffeh writes:
A recent article by The Intercept showed how US and UK intelligence agencies have been impersonating the servers of companies like Facebook. In November, Der Spiegel noted that agencies created "bogus versions" of sites like Slashdot and LinkedIn to plant malware in targets' machines.
Copyright claims brought against the government must be filed in the US Court of Federal Claims, and the subject matter in question must have previously been registered with the Copyright Office-something companies don't typically do for their Web interfaces.
In contrast, under the Lanham Act, the government is expressly liable. The law clearly states, "As used in this paragraph, the term 'any person' includes the United States, all agencies and instrumentalities thereof, and all individuals, firms, corporations, or other persons acting for the United States and with the authorization and consent of the United States."
(Score: 5, Insightful) by Zyx Abacab on Tuesday March 25 2014, @11:41PM
I'm sure the government is liable for this in exactly the same way that Clapper was liable when he lied to Congress. Yes, the law was clearly and flagrantly broken, but so what? It's not there to punish those with power, only those without.
(Score: 4, Interesting) by Fluffeh on Wednesday March 26 2014, @12:07AM
It is rather a case where Clapper is an INDIVIDUAL working for the government, but in this case it is the GOVERNMENT ENTITIY that is held liable - meaning it cannot hide away by claiming "he did it... she did it... etc" the bucks stops at the front door, it is up to them to then work out internally who is at fault.
(Score: 3, Insightful) by Anonymous Coward on Wednesday March 26 2014, @12:24AM
National security, tovarisch. You are at fault. Off to Siberia!
(Score: 5, Insightful) by c0lo on Wednesday March 26 2014, @12:54AM
Well, even within the "golden rule" applicability (I expect Google or FB qualify into "the one who has the gold" category), seems they would still not qualify for monetary damages.
Says the FA:
This does nothing but demonstrate to me that the suggested approach (Lanham law) is only a gimmick meant to benefit the lawyers, the civil society doesn't have enough power against a govt agency ran amok. This is the real actual problem.
Which brings me to: applying any palliative solution comes with the risk of losing (loosing equally applicable) the focus from the actual problem so I'd rather not see this used Especially since using https only (or, at least, by default) is a technical solution which:
(Score: 0) by Anonymous Coward on Wednesday March 26 2014, @02:05AM
It sure would be nice if everything we did on the internet was https, however... A partial solution I guess.
(Score: 4, Interesting) by c0lo on Wednesday March 26 2014, @02:19AM
Within the context [xkcd.com] of the proposed solution (sue NSA for "spearphishing" and thus breaching the trademark), using https would be a deterrent by increasing the cost of the attack (even if not making it impossible).
Granted, I'd like to live in a world where the Internet is entirely Tor-ified and there's enough bandwidth to not feel a difference - but again, I'm surely not representative (as, for instance, I do prefer my games offline rather than MMO-ed).
(Score: 1) by cbiltcliffe on Saturday March 29 2014, @11:24PM
Using HTTPS to foil the NSA's monitoring would be absolutely useless.
When the NSA approaches a domestic CA with an NSL, requesting the CA to provide an SSL certificate with your website's name on it, then as far as any visitor is concerned, the NSA site *is* your website, right down to the 100% valid SSL certificate with your name on it.
(Score: 2) by c0lo on Sunday March 30 2014, @01:09AM
Which comes with a cost - note that I didn't say it cannot be done, I said "raising the cost for NSA of doing so".
Besides, I guess there exist CA in this world that aren't under US jurisdiction and I still can choose to host my web site outside US.
Also, the context of this discussion: what could Google or Facebook do if they would try something against NSA impersonating them? Now, question: suppose that Google or Facebook would choose to become CA-es for themselves, do you thing the major browsers would refuse to include the certificates they issue for themselves as "trusted"?
What is the cost of Google/Facebook doing so? Compare with the cost of suing NSA for a trademark breach.
What would be the cost for NSA to try twisting Google/Facebook's arms to allow NSA break the trust and setup a MitM?
(Score: 1) by cbiltcliffe on Sunday March 30 2014, @12:55PM
The fact that there are CAs outside the US, or you could host outside the US is completely and utterly irrelevant, due to the broken design of the CA/SSL system.
As long as a single CA exists inside the US that the NSA can coerce, then a certificate can be generated which is trusted by all major browsers, regardless of the fact that you've never used that CA yourself.
Your choice of CA isn't enforced - isn't even provided to the client - by the SSL negotiation. That's why the breach at DigiNotar a while back was so serious. It didn't just compromise DigiNotar's customers. It compromised the entire SSL system.
(Score: 4, Interesting) by Tork on Wednesday March 26 2014, @12:17AM
Slashdolt logic: 1600 x 1200 > 1920 x 1200
(Score: 3) by Tork on Wednesday March 26 2014, @04:14AM
Slashdolt logic: 1600 x 1200 > 1920 x 1200
(Score: 3, Interesting) by rts008 on Wednesday March 26 2014, @05:28AM
IMHO, trademark lawsuits went out of style years ago, and recently 'copyright wars' and 'style patents'('rounded corners' is the prevalent example used) have erupted and is more in the media spotlight.
There is just 'more bang for the buck' currently with copyright lawsuits...kinda like the 'war on terror' and other hyperbole.
I think the modding was heavyhanded in this case, but that is just my opinion. Maybe someone else can explain it better?
(Score: 3, Interesting) by Tork on Wednesday March 26 2014, @05:37AM
Well... the reason I brought up trademark law is that if I create a website claiming to be Slashdot (which I assume, possibly in error, to be trademarked...) then I instantly lose the case. Okay, that's an over-simplification, but the whole idea behind trademark law is to prevent consumer confusion. Copyright law is a good deal more subjective.
This is why I challenged the mod. I was half-hoping to hear: "You fool, the Gov't is immune to trademark law!". In which case, my question might have been worth being modded overrated. Oh well...
Slashdolt logic: 1600 x 1200 > 1920 x 1200
(Score: 4, Interesting) by MrGuy on Wednesday March 26 2014, @07:06AM
Let's say you could get into court, prove the government copied your website and used your trademarks without permission and with an intent to mislead. That's what the Lanham act [wikipedia.org] is all about.
Congratulations! Now what does it get you?
The standard for damages is creating confusion in the marketplace and/or causing the trademark owner to suffer harm.
What exactly is the harm suffered by the trademark owner? The standard here is "substantial effect" on commerce. The loss of a few cents of ad revenue by not service "real" ads to someone visiting "fake" facebook ain't gonna cut it.
One option is a notional "people will think Facebook is riddled with malware!" Even that's not very strong - only very specific people see the fake site, and by design they don't know the malware is there.
I suppose you could argue that, now that this has been revealed to be a thing that's been done, that people will be less likely to visit Facebook because they fear they MAY be intercepted by the government. "People have lost faith in Facebook to the extent that it materially harms Facebook's business" is a pretty strong assertion to make, however, and I'd question they'd have dat actually showing this is the case.
(Score: 5, Informative) by randmcnatt on Wednesday March 26 2014, @10:26AM
Copyright is automatic throughout the world thses days. In the US you have to register the copyright to bring a suit, but you have five years from the date of the infraction to register the work and bring suit. And, at least in the US, you can bring suit anytime during the copyright period; but if you hit the 5 year deadline you get to ask for statutory damages (I think it's currently $US 500,000 (£ 303000) per infraction).
Its gets rather complicated, but in the US, for an individual, the copyright period usually extends 70 years past your death. For a corporation the period is 90 to 120 years, depending on a lot of factors. You can take it to court anytime during that period (and everybody expects Congress to extend it again when Micky Mouse hits 120).
The Wright brothers were not the first to fly: they were the first to land.
(Score: 3, Funny) by mtrycz on Wednesday March 26 2014, @10:46AM
I actually got infected throught the Slashdot vector once. It was an awful experience. Lots and lots of whitespace instead of content, illegible comments, broken moderation, corporate arrogance, it had it all.
I'm glad I got rid of that virus.
(Score: 2) by hamsterdan on Wednesday March 26 2014, @12:18PM
Now apply the same to wiretapping and all other stuff government bodies and corporations do that would be illegal for a citizen to do.