Daily Archives: August 12, 2024

UK Once Again Denies A Passport Over Applicant’s Name Due To Intellectual Property Concerns – again

Posted on by

I can’t believe this, but it happened again. Almost exactly a decade ago, Tim Cushing wrote about a bonkers story out of the UK in which a passport applicant who’s middle name was “Skywalker” was denied the passport due to purported trademark or copyright concerns. The question that ought to immediately leap to mind should be: wait, nothing about a name or its appearance on a passport amounts to either creative expression being copied, nor use in commerce, meaning that neither copyright nor trademark law ought to apply in the slightest.

And you would have thought that coming out of that whole episode, proper guidance would have been given to the UK’s passport office so that this kind of stupidity doesn’t happen again. Unfortunately, it did happen again. A UK woman attempted to get a passport for her daughter, who she named Khaleesi, only to have it refused over the trademark for the Game of Thrones character that held the same fictional title.

Lucy, 39, from Swindon in Wiltshire, said the Passport Office initially refused the application for Khaleesi, six.

Officials said they were unable to issue a passport unless Warner Brothers gave permission because it owned the name’s trademark. But the authority has since apologised for the error.

“I was absolutely devastated, we were so looking forward to our first holiday together,” Lucy said.

While any intellectual property concerns over a passport are absolutely silly, I would argue that trademark law makes even less sense here than copyright would. Again, trademark law is designed specifically to protect the public from being confused as to the source of a good or service in commerce. There is no good or service nor commerce here. Lucy would simply like to take her own child across national borders. That’s it. Lucy had to consult with an attorney due to this insanity, which didn’t initially yield the proper result.

After seeking legal advice, her solicitors discovered that while there is a trademark for Game of Thrones, it is for goods and services – but not for a person’s name.

“That information was sent to the Passport Office who said I would need a letter from Warner Brothers to confirm my daughter is able to use that name,” she said.

This amounts to a restriction on the rights and freedoms of a child in a free country as a result of the choice their parent’s made about their name. Whatever your thoughts on IP laws in general, that simply cannot be the aim of literally any of them.

Now, once the media got a hold of all of this, the Passport Office eventually relented, said it made an error in denying the passport, and has put the application through. But even the government’s explanation doesn’t fully make sense.

Official explained there had been a misunderstanding and the guidance staff had originally given applies only to people changing their names.

“He advised me that they should be able to process my daughter’s passport now, ” she said.

Why would the changing of a name be any different? My name is my name, not a creative expression, nor a use in commerce. If I elect to change my name from “Timothy Geigner” to “Timothy Mickey Mouse Geigner”, none of that equates to an infringement of Disney’s rights, copyright nor trademark. It’s just my name. It would only be if I attempted to use my new name in commerce or as part of an expression that I might run afoul of either trademark or copyright law.

What this really is is the pervasive cancer that is ownership culture. It’s only with ownership culture that you get a passport official somehow thinking that Warner Bros. production of a fantasy show means a six year old can’t get a passport.

Source: UK Once Again Denies A Passport Over Applicant’s Name Due To Intellectual Property Concerns | Techdirt

Amazon-Anthropic Investment Investigated by UK Government – is it a stealth merger?

Posted on by

The U.K. government has launched a preliminary investigation into the partnership between Amazon and Anthropic to see if it will significantly lessen competition. This comes days after a similar probe was announced into Alphabet’s collaboration with the AI startup.

In March, Amazon concluded its $4 billion (£3.16 billion) investment in Anthropic, the company behind the Claude LLM family, some of the only viable competitors to OpenAI’s ChatGPT and Google’s Gemini. It was founded by former OpenAI employees, including siblings Daniela and Dario Amodei, who were both execs.

In return for the investment, Anthropic committed to using Amazon Web Services as its primary cloud provider for “mission critical workloads, including safety research and future foundation model development.” It also agreed to use Amazon’s Trainium and Inferentia chips to build, train, and deploy its models and host them on the AI app development platform Amazon Bedrock.

However, the Competition and Markets Authority believes that this partnership could result in a “substantial lessening of competition” within the U.K. tech markets.

[…]

Complete mergers and acquisitions often trigger extensive regulatory scrutiny and potential antitrust actions for this reason, which can delay or block proceedings. To avoid this situation, Big Tech instead makes strategic investments in the most promising startups and hires their top talent, allowing them to gain influence and access to innovative technologies unchecked.

In an April report on how the CMA is looking into AI foundational models, the CMA said, “Without fair, open, and effective competition and strong consumer protection, underpinned by these principles, we see a real risk that the full potential of organisations or individuals to use AI to innovate and disrupt will not be realised, nor its benefits shared widely across society.

[…]

The CMA is looking to identify “relevant merger situation(s)” that allow large tech companies to “shield themselves from competition” in the U.K. It says that “a range of different kinds of transactions and arrangements” could represent a relevant merger with the provisions of the Enterprise Act 2002.

The Digital Markets, Competition, and Consumers Bill that was passed in May also “anticipates new powers for the CMA.” According to the April report, the CMA can “enforce consumer protection law against infringing firms” and apply non-compliance penalties of up to 10% of a firm’s worldwide turnover.

“We are ready to use these new powers to raise standards in the market and, if necessary, to tackle firms that do not play by the rules through enforcement action,” it said.

[…]

Source: Amazon-Anthropic Merger Investigated by UK Government

New U.N. Cybercrime Treaty Could Threaten Human Rights

Posted on by

The United Nations approved its first international cybercrime treaty yesterday. The effort succeeded despite opposition from tech companies and human rights groups, who warn that the agreement will permit countries to expand invasive electronic surveillance in the name of criminal investigations. Experts from these organizations say that the treaty undermines the global human rights of freedom of speech and expression because it contains clauses that countries could interpret to internationally prosecute any perceived crime that takes place on a computer system.

[…]

among the watchdog groups that monitored the meeting closely, the tone was funereal. “The U.N. cybercrime convention is a blank check for surveillance abuses,” says Katitza Rodriguez, the Electronic Frontier Foundation’s (EFF’s) policy director for global privacy. “It can and will be wielded as a tool for systemic rights violations.”

In the coming weeks, the treaty will head to a vote among the General Assembly’s 193 member states. If it’s accepted by a majority there, the treaty will move to the ratification process, in which individual country governments must sign on.

The treaty, called the Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes, was first devised in 2019, with debates to determine its substance beginning in 2021. It is intended to provide a global legal framework to prevent and respond to cybercrimes.

[…]

experts have expressed that the newly adopted treaty lacks such safeguards for a free Internet. A major concern is that the treaty could be applied to all crimes as long as they involve information and communication technology (ICT) systems. HRW has documented the prosecution of LGBTQ+ people and others who expressed themselves online. This treaty could require countries’ governments to cooperate with other nations that have outlawed LGBTQ+ conduct or digital forms of political protest, for instance.

“This expansive definition effectively means that when governments pass domestic laws that criminalize a broad range of conducts, if it’s committed through an ICT system, they can point to this treaty to justify the enforcement of repressive laws,” said HRW executive director Tirana Hassan in a news briefing late last month.

[…]

“The treaty allows for cross-border surveillance and cooperation to gather evidence for serious crimes, effectively transforming it into a global surveillance network,” Rodriguez says. “This poses a significant risk of cross-border human rights abuses and transnational repression.”

[…]

Source: New U.N. Cybercrime Treaty Could Threaten Human Rights | Scientific American

For a more complete look at the threats presented by this treaty, also see: UN Cybercrime Treaty does not define cybercrime, allows any definition and forces all signatories to secretly surveil their own population on request by any other signatory (think totalitarian states spying on people in democracies with no recourse)

Apple tries again to make EU officials happy with new fees for in-app purchases

Posted on by

Apple this week revised its alternative contractual terms for devs selling apps in the European Union – a revision that was immediately dismissed by critics as more “malicious compliance.”

[…]

Essentially, Apple has allowed developers in the EU to choose whether they want to use its own In‑App Purchase system for App Store transactions or an alternative payment processor for In-App transactions. EU app developers can also choose to sell their apps through a third-party storefront.

The Alternative Terms contract covers: 1) In‑App Purchase system from the App Store; 2) alternative payment processors; and 3) linking out from apps.

The StoreKit addendum covers just linking out – it “allows the ability to link out for purchases of digital goods or services for apps distributed in the EU and includes new business terms for those transactions.” It’s not for in-app transactions.

The StoreKit contract doesn’t include the Core Technology fee – assessed for devs using the Alternative Terms contract on app installs beyond one million at €0.50 for each app installed.

But it does come with two new fees: a 5 percent “Initial Acquisition Fee” and a 10/20 percent “Store Services Fee.”

On iOS, under the Alternative Terms contract, Apple demands a 17 percent commission for apps sold in EU storefronts of the App Store, or 10 percent for App Store Small Business Program participants. Then there’s the 3 percent payment processing fee, and the Core Technology fee is applicable.

There’s also an Initial acquisition fee of 5 percent “for sales of digital goods and services, made on any platform, that occur within a 12-month period after an initial install.” And there’s a Store services fee of 10 percent “for sales of digital goods and services, made on any platform, that occur within a fixed 12-month period from the date of an install, including app updates and reinstalls.”

Under the StoreKit Contract, the Initial acquisition fee is the same – 5 percent – but the Store service fee is 20 percent. For App Store Small Business Program participants or auto-renewal subscriptions beyond one year, that drops to 7 percent.

Fee calculation is complicated enough that Apple has built a web-based calculator for the task.

In a statement provided to The Register, Spotify said, “We are currently assessing Apple’s deliberately confusing proposal. At first glance, by demanding as much as a 25 percent fee for basic communication with users, Apple once again blatantly disregards the fundamental requirements of the Digital Markets Act (DMA). The European Commission has made it clear that imposing recurring fees on basic elements like pricing and linking is unacceptable. We call on the Commission to expedite its investigation, implement daily fines and enforce the DMA.”

[…]

United Kingdom’s Competition and Markets Authority – as part of its Mobile Browsers and Cloud Gaming Market investigation – is contemplating uncomfortable remedies [PDF] against the fruiterer.

[…]

Among the issues that concern the CMA are: Apple’s requirement that all browsers on its mobile devices use its own WebKit rendering engine; Apple’s and Google’s dominance of browser engines; and Apple’s rules that limit in-app browsers.

Some of the options being considered include: “Requirement for Apple to grant access to alternative browser engines to iOS”; “Requirement for Apple to grant equivalent access to iOS to browsers using alternative browser engines”; and “Requirement for Apple to grant equivalent access to APIs used by WebKit and Safari to browsers using alternative browser engines.”

[…]

Source: Apple tries again to make EU officials happy – with new fees • The Register

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

Posted on by

Security flaws in your computer’s firmware, the deep-seated code that loads first when you turn the machine on and controls even how its operating system boots up, have long been a target for hackers looking for a stealthy foothold. But only rarely does that kind of vulnerability appear not in the firmware of any particular computer maker, but in the chips found across hundreds of millions of PCs and servers. Now security researchers have found one such flaw that has persisted in AMD processors for decades, and that would allow malware to burrow deep enough into a computer’s memory that, in many cases, it may be easier to discard a machine than to disinfect it.

At the Defcon hacker conference tomorrow, Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, plan to present a vulnerability in AMD chips they’re calling Sinkclose. The flaw would allow hackers to run their own code in one of the most privileged modes of an AMD processor, known as System Management Mode

[…]

an attacker could infect the computer with malware known as a “bootkit” that evades antivirus tools and is potentially invisible to the operating system, while offering a hacker full access to tamper with the machine and surveil its activity. For systems with certain faulty configurations in how a computer maker implemented AMD’s security feature known as Platform Secure Boot—which the researchers warn encompasses the large majority of the systems they tested—a malware infection installed via Sinkclose could be harder yet to detect or remediate, they say, surviving even a reinstallation of the operating system.

[…]

Only opening a computer’s case, physically connecting directly to a certain portion of its memory chips with a hardware-based programming tool known as SPI Flash programmer and meticulously scouring the memory would allow the malware to be removed, Okupski says.

Nissim sums up that worst-case scenario in more practical terms: “You basically have to throw your computer away.”

In a statement shared with WIRED, AMD acknowledged IOActive’s findings, thanked the researchers for their work, and noted that it has “released mitigation options for its AMD EPYC datacenter products and AMD Ryzen PC products, with mitigations for AMD embedded products coming soon.” (The term “embedded,” in this case, refers to AMD chips found in systems such as industrial devices and cars.) For its EPYC processors designed for use in data-center servers, specifically, the company noted that it released patches earlier this year. AMD declined to answer questions in advance about how it intends to fix the Sinkclose vulnerability, or for exactly which devices and when, but it pointed to a full list of affected products that can be found on its website’s security bulletin page.

[…]

Nissim and Okupski respond that while exploiting Sinkclose requires kernel-level access to a machine, such vulnerabilities are exposed in Windows and Linux practically every month

[…]

Nissim and Okupski’s Sinkclose technique works by exploiting an obscure feature of AMD chips known as TClose. (The Sinkclose name, in fact, comes from combining that TClose term with Sinkhole, the name of an earlier System Management Mode exploit found in Intel chips in 2015.) In AMD-based machines, a safeguard known as TSeg prevents the computer’s operating systems from writing to a protected part of memory meant to be reserved for System Management Mode known as System Management Random Access Memory or SMRAM. AMD’s TClose feature, however, is designed to allow computers to remain compatible with older devices that use the same memory addresses as SMRAM, remapping other memory to those SMRAM addresses when it’s enabled. Nissim and Okupski found that, with only the operating system’s level of privileges, they could use that TClose remapping feature to trick the SMM code into fetching data they’ve tampered with, in a way that allows them to redirect the processor and cause it to execute their own code at the same highly privileged SMM level.

[…]

Nissim and Okupski say they agreed with AMD not to publish any proof-of-concept code for their Sinkclose exploit for several months to come, in order to provide more time for the problem to be fixed.

[…]

Source: ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections | WIRED