Category Archives: Government

Californians may get a break on their mobile bills after tax is struck down in court

Californians have a lot to enjoy — great weather, big waves, solid microbreweries, and of course extremely high taxes on prepaid mobile service. But this controversial last feature is being adjusted after a judge found at least part of the state’s Mobile Telephony Surcharge to be unconstitutional. As a result, bills could shrink by a couple bucks starting this month.

The tax, which funds various local services like 911 and so on, was raised in 2016 and depending on various factors could be around 20 percent of the bill. That turns a $50 bill into a $60 bill, which is especially rough when you consider that lower prepaid plans are often preferred by people with limited incomes. So the tax was unpopular from the start — not that many are particularly liked.

In addition to making users angry, it attracted the attention of wireless carriers: MetroPCS filed a lawsuit alleging that the way the tax was calculated conflicted with federal rules set by the FCC. The details are buried in a mound of legalese, but essentially the problem was that California was effectively taxing inter-state services as well as within-state ones, which is not allowed either by state or federal law.

The challenge took its course and although the California government argued that its tax was compliant with the FCC’s rules, the judge ultimately decided otherwise.

“The California Prepaid Mobile Telephony Services Surcharge Collection Act [i.e. the tax increase passed in 2014 and instituted in 2016], in its entirety, conflicts with federal law and therefore is preempted and unconstitutional,” she wrote in the order concluding the case.

Example bills from T-Mobile show how fees could change. The amounts will differ based on region and bill total.

Although California is appealing the case, the judge’s order prevents it from collecting the tax in the meantime. So as long as that injunction remains in place, mobile bills should see a small break.

It won’t be a lot — an example provided by T-Mobile showed total taxes and fees reduced by about $3. But hey, every little bit counts.

The actual amount you pay your carrier shouldn’t change, though. Your $40 or $75 plan will remain the same; it’s only the associated taxes that are effected. The way they’re listed may also change; for instance, AT&T is replacing the “Prepaid MTS Surcharge” line item with “CA Surcharges, Fees & Taxes.” Its announcement doesn’t explicitly mention a change in amount, but unless it adds a fee of its own to make up the difference, it seems that users there and at other carriers will see similarly lowered taxes.

If you’re curious how much your bill will drop, if at all, your best bet is to call customer service and ask them to check.

Copyright compromise: Music Modernization Act signed into law

Musicians are celebrating as the Music Modernization Act, an attempt to drag copyright and royalty rules into the 21st century, is signed into law after unanimous passage through Congress. The act aims to centralize and simplify the process by which artists are tracked and paid on digital services like Spotify and Pandora, and also extends the royalty treatment to songs recorded before 1972.

The problems in this space have affected pretty much every party. Copyright law and music industry practices were, as you might remember, totally unprepared for the music piracy wave at the turn of the century, and also for the shift to streaming over the last few years. Predictably, it isn’t the labels, distributors or new services that got hosed — it’s artists, who often saw comically small royalty payments from streams if they saw anything at all.

Even so, the MMA has enjoyed rather across-the-board support from all parties, because existing law is so obscure and inadequate. And it will remain that way to a certain extent — this isn’t layman territory and things will remain obscure. But the act will address some of the glaring issues current in the media landscape.

The biggest change is probably the creation of the Mechanical Licensing Collective. This new organization centralizes the bookkeeping and royalty payment process, replacing a patchwork of agreements that required lots of paperwork from all sides (and as usual, artists were often the ones left out in the cold as a result). The MLC will be funded by companies like Pandora or Google that want to enter into digital licensing agreements, meaning there will be no additional commission or fee for the MLC, but the entity will actually be run by music creators and publishers.

Previously digital services and music publishers would enter into separately negotiated agreements, a complex and costly process if you want to offer a comprehensive library of music — one that stifled new entrants to the market. Nothing in the new law prevents companies from making these agreements now, as some companies will surely prefer to do, but the MLC offers a simple, straightforward solution and also a blanket license option where you can just pay for all the music in its registry. This could in theory nurture new services that can’t spare the cash for the hundred lawyers required for other methods.

There’s one other benefit to using the MLC: you’re shielded from liability for statutory damages. Assuming a company uses it correctly and pays their dues, they’re no longer vulnerable to lawsuits that allege underpayment or other shenanigans — the kind of thing streaming providers have been weathering in the courts for years, with potentially massive settlements.

The law also improves payouts for producers and engineers, who have historically been under-recognized and certainly under-compensated for their roles in music creation. Writers and performers are critical, of course, but they’re not the only components to a great song or album, and it’s important to recognize this formally.

The last component of the MMA, the CLASSICS Act, is its most controversial, though even its critics seem to admit that it’s better than what we had before. CLASSICS essentially extends standard copyright rules to works created before 1972, during which year copyright law changed considerably and left pre-1972 works largely out of the bargain.

What’s the problem? Well, it turns out that many works that would otherwise enter the public domain would be copyright-protected (or something like it — there are some technical differences) until 2067, giving them an abnormally long term of protection. And what’s more, these works would be put under this new protection automatically, with no need for the artists to register them. That may sound convenient, but it also means that thousands of old works would be essentially copyrighted even though their creators, if they’re even alive, have asserted no intention of seeking that status.

A simple registry for those works was proposed by a group of data freedom advocates, but their cries were not heard by those crafting and re-crafting the law. Admittedly it’s something of an idealistic objection, and the harm to users is largely theoretical. The bill proceeded more or less as written.

At all events the Music Modernization Act is now law; its unanimous passage is something of an achievement these days, though God knows both sides need as many wins as they can get.

FCC has a redaction party with emails relating to mystery attack on comment system

You may remember the FCC explaining that in both 2014 and 2017, its comment system was briefly taken down by a denial of service attack. At least, so it says — but newly released emails show that the 2014 case was essentially fabricated, and the agency has so aggressively redacted documents relating to the 2017 incident that one suspects they’re hiding more than ordinary privileged information.

As a very quick recap: Shortly after the comment period opened for both net neutrality and the rollback of net neutrality there was a rush of activity that rendered the filing system unusable for a period of hours. This was corrected soon afterwards and the capacity of the system increased to cope with the increased traffic.

A report from Gizmodo based on more than 1,300 pages of emails obtained by watchdog group American Oversight shows that David Bray, the FCC’s chief information officer for a period encompassing both events, appears to have advanced the DDoS narrative with no real evidence or official support.

The 2014 event was not called an attack until much later, when Bray told reporters following the 2017 event that it was. “At the time the Chairman [i.e. Tom Wheeler] did not want to say there was a DDoS attack out of concern of copycats,” Bray wrote to a reporter at Federal News Radio. “So we accepted the punches that it somehow crashed because of volume even though actual comment volume wasn’t an issue.”

Gigi Sohn, who was Wheeler’s counsel at the time, put down this idea: “That’s just flat out false,” she told Gizmodo. “We didn’t want to say it because Bray had no hard proof that it was a DDoS attack. Just like the second time.”

And it is the second time that is most suspicious. Differing on the preferred nomenclature for a four-year-old suspicious cyber event would not be particularly damning, but Bray’s narrative of a DDoS is hard to justify with the facts we do know.

In a blog post written in response to the report, Bray explained regarding the 2017 outage:

Whether the correct phrase is denial of service or “bot swarm” or “something hammering the Application Programming Interface” (API) of the commenting system — the fact is something odd was happening in May 2017.

Bray’s analysis appears sincere, but the data he volunteers is highly circumstantial: large amounts of API requests that don’t match comment counts, for instance, or bunches of RSS requests that tie up the servers. Could it have been a malicious actor doing this? It’s possible. Could it have been bad code hammering the servers with repeated or malformed requests? Also totally possible. The FCC’s justification for calling it an attack seems to be nothing more than a hunch.

Later the FCC, via then-CIO Bray, would categorize the event as a “non-traditional DDoS attack” flooding the API interface. But beyond that it has produced so little information of any import that Congress has had to re-issue its questions in stronger words.

No official documentation of either supposed attack has appeared, nor has the FCC released any data on it, even a year later and long after the comment period has closed, improvements to the system have been made and the CIO who evaded senators’ questions departed.

But most suspicious is the extent to which the FCC redacted documents relating to the 2017 event. Having read through the trove of emails, Gizmodo concludes that “every internal conversation about the 2017 incident between FCC employees” has been redacted. Every one!

The FCC stated before that the “ongoing nature” of the threats to its systems meant it would “undermine our system’s security” to provide any details on the improvements it had made to mitigate future attacks. And Bray wrote in his post that there was no “full blown report” because the team was focused on getting the system up and running again. But there is also an FCC statement saying that “our analysis reveals” that a DDoS was the cause.

What analysis? If it’s not a “significant cyber incident,” as the FBI determined, why the secrecy? If there’s no report or significant analysis from the day — wrong or right in retrospect — what is sensitive about the emails that they have to be redacted en masse? Bray himself wrote more technical details into his post than the FCC has offered in the year since the event — was this information sent to reporters at the time? Was it redacted? Why? So little about this whole information play makes no sense.

One reasonable explanation (and just speculation, I should add) would be that the data do not support the idea of an attack, and internal discussions are an unflattering portrait of an agency doing spin work. The commitment to transparency that FCC Chairman Pai so frequently invokes is conspicuously absent in this specific case, and one has to wonder why.

The ongoing refusal to officially document or discuss what all seem to agree was an important event, whether it’s a DDoS or something else, is making the FCC look bad to just about everyone. No amount of redaction can change that.

Washington sues Facebook and Google over failure to disclose political ad spending

Facebook and Google were paid millions for political advertising purposes in Washington but failed for years to publish related information — such as the advertiser’s address — as required by state law, alleges a lawsuit by the state’s attorney general.

Washington law requires that “political campaign and lobbying contributions and expenditures be fully disclosed to the public and that secrecy is to be avoided.”

Specifically, “documents and books of account” must be made available for public inspection during the campaign and for three years following; these must detail the candidate, name of advertiser, address, cost and method of payment, and description services rendered.

Bob Ferguson, Washington’s attorney general, filed a lawsuit yesterday alleging that both Facebook and Google “failed to obtain and maintain” this information. Earlier this year, Eli Sanders of Seattle’s esteemed biweekly paper The Stranger requested to view the “books of account” from both companies, and another person followed up with an in-person visit; both received unsatisfactory results.

They alerted the AG’s office to these investigations in mid-April, and here we are a month and a half later with a pair of remarkably concise lawsuits. (This appears to be separate from the Seattle Election Commission’s allegations of similar failings by Facebook in February.)

All told Facebook took in about $3.4 million over the last decade, including “$2.5 million paid through political consultants and other agents or intermediaries, and $619,861 paid directly to Facebook.” Google received about $1.5 million over the same period, almost none of which was paid directly to the company. (I’ve asked the AG’s office for more information on how these amounts are defined.)

The total yearly amounts listed in the lawsuits may be interesting to anyone curious about the scale of political payments to online platforms at the state scale, so I’m reproducing them here.

Facebook

  • 2013: $129,099
  • 2014: $310,165
  • 2015: $147,689
  • 2016: $1,153,688
  • 2017: $857,893

Google

  • 2013: $47,431
  • 2014: $72,803
  • 2015: $56,639
  • 2016: $310,175
  • 2017: $295,473

(Note that these don’t add up to the totals mentioned above; these are the numbers filed with the state’s Public Disclosure Committee. 2018 amounts are listed but are necessarily incomplete, so I omitted them.)

At least some of the many payments making up these results are not properly documented, and from the looks of it, this could amount to willful negligence. If a company is operating in a state and taking millions for political ads, it really can’t be unaware of that state’s disclosure laws. Yet according to the lawsuits, even basic data like names and addresses of advertisers and the amounts paid were not collected systematically, let alone made available publicly.

It’s impossible to characterize flouting the law in such a way as an innocent mistake, and certainly not when the mistake is repeated year after year. This isn’t an academic question: if the companies are found to have intentionally violated the law, the lawsuit asks that damages be tripled (technically, “trebled.”)

Neither company addressed the claims of the lawsuit directly when contacted for comment.

Facebook said in a statement that “Attorney General Ferguson has raised important questions and we look forward to resolving this matter with his office quickly.” The company also noted that it has taken several steps to improve transparency in political spending, such as its planned political ad archive and an API for requesting this type of data.

Google said only that it is “currently reviewing the complaint and will be engaging with the Attorney General’s office” and asserted that it is “committed” to transparency and disclosure, although evidently not in the manner Washington requires.

The case likely will not result in significant monetary penalties for the companies in question; even if fines and damages totaled tens of millions it would be a drop in the bucket for the tech giants. But deliberately skirting laws governing political spending and public disclosure is rather a bad look for companies under especial scrutiny for systematic dishonesty — primarily Facebook.

If the AG’s suit goes forward and the companies are found to have intentionally avoided doing what the law required, they (and others like them) would be under serious pressure to do so in the future, not just in Washington, but in other states where similar negligence may have taken place. AG Ferguson seems clearly to want to set a precedent and perhaps inspire others to take action.

I’ve asked the AG’s office for some clarifications and additional info, and will update this post if I hear back.

Google reportedly backing out of military contract after public backlash

A controversial Google contract with the U.S. military will not be renewed next year after internal and public outcry against it, Gizmodo reports. The program itself was not particularly distasteful or lucrative, but served as a foot in the door for the company to pursue more government work that may very well have been both.

Project Maven, as the program was known, essentially had Google working with the military to perform image analysis on sensitive footage like that from drones flying over conflict areas.

A small but vocal group of employees has repeatedly called the company out for violating its familiar (but now deprecated) “Don’t be evil” motto by essentially taking a direct part in warfare. Thousands of employees signed a petition to end the work, and several even resigned in protest.

But more damaging than the loss of a few squeaky wheels has been the overall optics for Google. When it represented the contract as minor, and that it was essentially aiding in the administration of open-source software, the obvious question from the public was “so why not stop?”

The obvious answer is that it isn’t minor, and that there’s more to it than just a bit of innocuous support work. In fact, as reportage over the last few months has revealed, Maven seems to have been something like a pilot project intended to act as a wedge by which to gain access to other government contracts.

Part of the goal was getting the company’s security clearance fast-tracked and thus gaining access to data by which it could improve its military-related offerings. And promises to Pentagon representatives detailed far more than facilitation of garden-variety AI work.

Gizmodo’s sources say that Diane Greene, CEO of Google Cloud, told employees today at a meeting that the backlash was too much and that the company’s priorities as regards military work have changed. They must have changed recently, since discussions have been ongoing right up until the end of 2017. I’ve asked Google for comment on the issue.

Whether the expiration of Project Maven will represent a larger change to Google’s military and government ambitions remains to be seen; some managers are surely saying to themselves right now that it would be a shame to have that security clearance go to waste.

Draft Text Of EU-US Privacy Shield Deal Fails To Impress The Man Who Slayed Safe Harbor

google-servers-datacenter The draft text of an agreement between the EU and the US to establish a new self-certification framework governing transatlantic data flows aimed at ensuring data protection and privacy compliance when Europeans’ data is taken to the US for processing has now been published. But questions remain over whether the deal is robust enough to pass muster. Read More

Impact, Investment And Demand: Three Pillars For Civic Tech Success

pillars Last year was one of great momentum for civic tech. We saw more people and resources than ever enter the space, garnering interest from startups, corporations, government agencies and investment firms. Kicking off 2016, civic tech is a fast-growing field with tangible potential to improve the relationship between citizens and government. Read More

Zuckerberg Says Muslims Will Always Be Welcome On Facebook

Facebook Muslims Mark Zuckerberg urged the world not to “succumb to cynicism” despite bigots like Donald Trump calling for Muslims to be banned from entering the United States. Today, Facebook’s CEO posted on his site that “I want to add my voice in support of Muslims in our community and around the world…As the leader of Facebook I want you to know that you are always welcome here… Read More

Share