Hey there, What’s Next readers! We often look at ways in which innovation, law, and user expectation fail to match up, and this week we’ve got a lot of that. Kicking off, we’ll dive into a bot’s big fail in issuing DMCA notices and what it means for automation and web platform responsibility. We’ll also look at how yet another bad news week for Google may lead to greater regulatory scrutiny. Plus: Why Twitter may be the next hot legal tech… for serving complaints; and how an 11 year old hacker may have uncovered vulnerabilities in Florida’s election system.

Anything you’re not seeing here that you’d like to know more about? How about other tips, tricks or insights? Drop me a line any time at ilopez@alm.com, or Twitter at @IanMichaelLopez.

➤➤ Would you like to receive What’s Next as an email? Sign up here. Or subscribe to the What’s Next RSS feed.


Does Not Compute: Topple Track Bot Goes Berserk with Bogus DMCA Notices


Automation may be touted as a saving grace for the legal industry’s more mind-numbing tasks, but even robots make mistakes. Case in point: self-described “content protection service” Topple Track was called out for some big blunders last week over what appeared to be bogus Digital Millennium Copyright Act takedown notices. The bot targets included a New Yorker article, musician Ed Sheeran’s website, and the Electronic Frontier Foundation — which judging by a piece by EFF attorney Daniel Nazer, isn’t too happy with “copyright robots run amok.”

Essentially an automated way for musicians to send takedown notices, Topple Track was a member of Google’s Copyright Program, up until recently being pulled down. (The company said on its website that it’s “tightening some nuts and bolts”.) Quoting a page taken down by Topple Track’s parent company, Nazer writes that in practice, this means sending DMCA takedown requests to Google so URLs are deindexed from search and/or removed by website hosts.

In Nazer’s telling, the company is “a poster child for the failure of automated takedown processes,” particularly given the “scope of expression it has sought to delist” (EFF, for example, was targeted for a song called “My New Boy,” which might not even exist). And it isn’t just a send-and-forget obligation under the law; DMCA requires that senders affirm they have “a good faith belief” that a site is unlawfully using copyrighted material. In analyzing Topple Track’s bunk notifications, Nazer says EFF could find neither link nor “plausible claim of infringement” between the accused and the takedown notices.

Now, DMCA notifications are no laughing matter, and minor mishaps can have significant consequences. Nazer writes that many website owners remain oblivious to their URLs being targeted, or could be subject to a “copyright strike” - basically where a hosting site, say YouTube, takes down your content in response to a notification.

And while a considerable amount of questionable takedown requests can be chalked up to bot botches or “plain incompetence,” TorrentFreak reports that there’s been “an influx of more coordinated DMCA abuse.” The motive? Downranking competitors in Google search results, with malicious users posing as major entities under misleading names, such as ‘Walt Disney LTD.’ Whether sketchy or legit, those targeted can find recourse in issuing a counter-notice. However, as Stanford’s Daphne Keller and Annemarie Bridy write in a blog, “The number of potentially mistaken or malicious notices still vastly exceeds the number of counter-notices.”

This isn’t the only time the idea of scrubbing the web with bots has led to controversy. In September of last year, the European Commission issued a communication not only encouraging web platforms to employ measures for pulling illegal content, but “step up cooperation and investment in” automatic detection technology. In a fun twist of coincidence, TorrentFreak reports the trigger-happy Topple Track also targeted an article written by an EU Parliament Member,discussing web “censorship machines” and copyright, which was later nixed from Google’s search index. You can search for other bot victims here.

➤ Thinking Ahead: Platforms are under greater pressure to keep watch over user content, but automated filtering isn’t proving to be such a hot option. Topple Track is one example — but seems unlikely to be the last.

Image: Screen grab from Topple Track’s homepage

On the Radar:  Three Things to Know

➤ Social Media Serve. Think you’re a legal innovator? Talk to the law firm that served a complaint on the elusive WikiLeaks with a Tweet. Representing the DNC in a civil suit against the leaks site and others alleged to have conspired against the party in the 2016 election, law firm Cohen Milstein sent service via Tweet on Friday, a move that TechCrunch dubbed “very unusual.” But that doesn’t mean it’s without precedent: In a motion filed in New York’s Southern District, the DNC points out that the U.S. District Court for the Northern District of California had previously marked Twitter fair game for notifying defendants with active accounts.

➤ Script Kiddies. Speaking of election vulnerabilities, hackers spent the weekend uncovering them at the annual DEF CON 26 hacking convention. And it wasn’t nation-state actors or renowned cyber experts working their way around replicas of state voting security apparatuses. Some weren’t even old enough to vote, like an 11 year old who not only hacked a replica of Florida’s election website in under 10 minutes, but changed fake voting results. And while some hackers think they’re helping by exposing cracks in the system, others aren’t so sure. Kathy Rogers, senior VP of Election Systems & Software LLC, pointed out the conference was open to anyone to participate, meaning “potential bad actors, foreign or otherwise” could get their hands on important information, the Wall Street Journal reports.

➤ Every Swipe You Take. Facial recognition got you freaked out? Biometrics might be taking a new turn, this time with tracking how web users maneuver on mobile device screens or keyboards. The New York Times reports that retailers and banks are monitoring the “physical movements” of those perusing their websites and apps. And while some may tout the security benefits of such technologies, others are raising red flags about more controversial possibilities. In the case of companies collecting user data, EFF lawyer Jennifer Lynch noted, “It’s a very small leap from using this to detect fraud to using this to learn very private information about you.”

Prying Eyes:  Google Sneaking Peeks at User Whereabouts

You’d think that the Cambridge Analytica scandal would have taught big tech a lesson. Turns out it may have largely flown over Google’s head.

The beleaguered tech giant this week was subject of an Associated Press investigation that concluded many apps are tracking user location despite telling users otherwise. Set your privacy settings stop tracking your movement all your want–Google is keeping tabs, whether it be via snapshots upon opening Maps or pinpointing your whereabouts when checking the weather.

Google for its part says its being up front with its practices, but some lawmakers feel otherwise. Rep. Frank Pallone, Democrat of New Jersey, called for “comprehensive consumer privacy and data security legislation” in light of the report, AP said, while Democratic Sen. Mark Warner of Virginia likewise emphasized policymaking as a path to provide users greater control over their data. Meanwhile, Jonathan Mayer, a former FCC enforcement bureau chief technologist currently working at Princeton, which verified AP’s results, put it bluntly: “If you’re going to allow users to turn off something called ‘Location History,’ then all the places where you maintain location history should be turned off.”

So is legislative action actually around the corner? Well, mostly it’s Democrats raising noise —and they’re obviously not in power. Sen. Richard Blumenthal of Connecticut tweeted that he’s “called for an FTC investigation” into Google’s “persistent privacy invasions.” He’s not alone in his view. Electronic Privacy Information Center senior counsel Alan Butler told Wired that Google’s behavior “reads like a classic case of an unfairly deceptive business practice,” and that “the FTC needs to investigate right away.” Echoing that point is Ashkan Soltani, a former FTC technologist, who tweeted that that news may warrant the FTC taking a look.

 Thinking Ahead: Criticism of alleged big tech misbehavior is nothing new, nor are calls for greater regulation. But there’s another element now: a public that is generally pissed off at Silicon Valley. Perhaps Sundar Pichai will be following in Mark Zuckerberg’s footsteps in making apologies on Capitol Hill?

That’s it for this week! Stay tuned for What’s Next!