November 22, 2014 / / Uncategorized

Please note that this specific post is explicitly directed to on specific individual. If this is not for you — feel free to turn this into a learning experience.

I like how often you reference law as if you had any singular professional or state-sanctioned credential that would allow you to practice law. You’re like the bald guy in Pawn Stars: You aren’t that guy, but you sure know who to call.

Here’s an honest question for you. Twenty hours ago you wrote a message to a young lady. That message indicated that you were in contact with a law firm in Nashville and that they would resolve the following situation through suing — not arbitration — but suing:

  • Defendant is in control of two social media arms and one primary gMail account that you, as the individual claiming ownership of a publication, used so little that you both did not set it up nor know the password for it. All accounts in question:
    • Twitter
    • Facebook page (which you asked for the password for just as a demonstration of your complete disassosciation of how the Interwebs works)
    • Gmail account

Let’s look at a few other things of importance:

  • It’s interesting you would select a firm in Nashville for an issue specifically going on in Knoxville. While Nashville lawyers would, if anything, be most talented with regard to issues involving creative rights ownership: cost of ownership for an office space goes up considerably in Nashville thus raising their overhead for a storefront.
    • Due to this, your only options would be ‘bono or specifically getting the accounts back and then burning a young adult for court fees. Classy.
  • You also said that, once Facebook got their… I guess a C/D?… that they would quickly conform to your demands because “they hate court stuff”. My favorite part was when you suggested that this would also impact her non-business accounts.
    • Let me make sure I have this correct. The man who asked for a /Page/’s password and didn’t know the password to his own publication’s primary email address is now somehow versed in Facebook’s typical response when approached with a worthless C/D from AndWhoTheFuckAreYou, Attorney at Law?
    • You also completely mixed different law processes. If you’ve noticed, I’m keeping this in a Bullet format because I feel I may need to break this down into succinct concepts. You mentioned:
      • Facebook will give you the account credentials if threatened; this will impact the operator of those pages. Addendum: operator of those pages/email is the original creator of said page/email.
      • Talking to a lawyer in Nashville which, let’s be honest, is where CR/IP law lives. If you were just referencing Nashville because it’s the closest thing to a big city around here: I would have gone with Atlanta. So would you. Fun part: I’m not sure that inference (CR/IP) kicked in with her. If it makes you feel any better, you made a funny joke and I got it.
      • The person you are (let’s be honest) harassing is to provide an additional issue of a publication. The specifications for this publication are, in no way, established in any form of documentation that would be either admissible in court nor featuring signatures. As an even funnier addition, you state that if she does not provide this issue — she owes you $500.
        • Actually. Let’s expand on this part for a second. You’re suing. With a firm in Nashville. For $500 — a sum that is absolutely covered in county small claims court. Did you select Nashville because how much charm your council will need to have for this whole thing not to come off as a complete waste of time?
      • She had until 3pm to respond. See, I get “You have until 3pm”. The desk closes at 5. If you want something moving, 3. The reason that’s kind odd is because that’d be 2p in Nashville. Huh.

Here’s the important summation.

  • You thought Facebook Pages still had the password system from years and years ago.
  • You had another person create /the most efficient method of communication for a publication; the place where all your money comes from/: the email for the publication. And you don’t know the password? You know you can reset the password if it’s hooked to your phone number. I would have asked for that. Good tip to know in the future, perhaps. Then you can just change it out and not take your bipolar swings out on people whenever you feel like it.
  • You have literally no idea how Facebook’s evaluation system works. Facebook cowers at things like that? And then takes it out on the originator’s page. With no litigation provided?
    • If I create a page for Jellybelly and I’m not Jellybelly — and then they ask for it back. And I refuse. If they have the correct credentials showing ownership of that name, they will change the Page to a Group and then give the page to the owner. It doesn’t count as a strike. It was called TheFaceBook when I created my profile; I ran BBS’s before that. Statement from Authority: You don’t know anything about how this works. And I’m watching you pretend like you do as a form of intimidation. And it’s disgusting.
  • You are a grown-ass man, ~8 months older than I am, shaking down kids for money. Could you describe That Feel for me sometime?
  • You want to know why that post hasn’t had any movement? The one with your cute line of butthurt you added? Because this last post of anything is the last attention you will be given. I/We have ensured this.
  • You used ‘Methinks’. When you were diagnosed with autism? What color is your fedora? Do you think that provides an astute tone to your statement?
    • The initial statement was condescending. But it could have been worse.
    • Then you added the lie/cheat/steal part. I notice these things. I’m not on the Internet all day but I do have enough scripts running to convince you otherwise.
    • Sorry, CrayHair. Were the kids not paying attention to you?

Your threats may intimidate the inexperienced.

I have a very funny history. It all involves the USDC. The side that involves picnics and not things you’ll find on Pacer.

Last part here.

Protip: When I found myself in situations where I was about to file papers against an individual for doing something, I took a picture of it and sent it to them. I didn’t say, “I’ve got these papers here and I’m going to file a suit against you”. Picture. Demand. Time. After watching you bullshit someone about what your powers were, like a fucking bully, and what you can and can not do while completely mixing up every part of IP/CR/Claims: you know nothing.

Final Thought:We snapped our fingers and, 12 hours later, are 20 likes away from you.

You’re an asshole and a liar.

And as a fellow asshole and liar? Busch league.

…methinks. jesus christ what’s wrong with you-

August 8, 2014 / / pay attention

Or: How Alex Holden Spends Most of the Day Chillaxing on TOR and Lurking Russian Hack Boards

Preface: I’d like to personally thank Rick Romell and Bill Glauber of the Milwaukee-Wisconsin Journal Sentinel for absolutely nailing this story out of the park with regard to localized research on Holden. That the number of credential went from 4 billion, then to 1.2 billion, and then (as per Mother Jones) to ~500 million is absolutely absurd and warranted investigation. Both of you are absolutely awesome.

This will be short and sweet because Alex Holden does not need any further publicity for his actions. You have likely read the accusations that, earlier this week, Alex Holden of Hold Security announced to the NYT that he had discovered Russian hackers had stolen over 4 billion usernames and passwords. After running a duplication check, that narrowed to 1.2 billion and, while not often reported, that list was further whittled down to around 500 million individual users via unique email addresses.

Let’s look at the warning signs right off the bat:

  • Announces 4 billion passwords have been taken across 420,000 websites
  • Makes zero indication on how he learned this or how he obtained the output of 420,000 website’s U/P data
  • Unbiased sources who have met Holden describe him as a generally acceptable individual with an aggressive approach to establishing clients. Chris Roberts, founder of Denver’s One World Labs, said that Holden “[…] has gone off and done his own thing […] he has his way of doing it — very different than mine”
  • Refuses to indicate any of the sites compromised so that users can change their passwords as “there is an ongoing investigation”
  • No law enforcement agencies (local, state, or federal) have corroborated that they are investigating
  • Explains that he knows the names and locations of these hackers but not the group they are affiliated with
  • Offers a for-pay service for individuals and companies to see if their data is being compromised which is odd because that generally doesn’t happen during an investigation
  • Lied about where he went to school and graduated — the 2001 engineering degree from the University of Wisconsin-Milwaukee? That never happened as Holden never graduated.
  • Released information specifically during BlackHat for maximum attention when a very similar story was released in February by Hold Security.
  • Individuals quickly chimed in with similar-but-different ulterior motives: Chase Cunningham and Brian Krebs
  • Lacking a name for the criminal group, Holden simply references them as CyberVor — Vor meaning “thief” in Russian.
  • States that the “group” purchased large numbers of U/P lists; however, makes zero indication where the stolen content ends and the bought content begins.

Just a quick validation of the “didn’t graduate” accusation since that’s a pretty hefty falsehood.
From the MWJS article:

Told that UWM had no record of him earning a degree, Alex Holden said Wednesday, “That is correct. I never finished. I attended but I never finished.”

In an interview Tuesday evening, however, Holden had said he graduated from the school in 2001 with a degree in mechanical engineering.

His LinkedIn page, under “Education,” says “University of Wisconsin-Milwaukee, BS, Mechanical Engineering, 1993-2001.”

Regardless, let’s move on to the individuals that joined in on this.

Via CBS:

Chase Cunningham, lead threat intelligence agent for cloud security company Firehost, spent years tracking Russian crime syndicates with the FBI and the NSA. At Black Hat on Wednesday, he said Hold Security has “uncovered one of the largest caches of data ever seen.”

In no circumstance is it stated that Chase has actually seen the data in question; however, over the iterations of his career with the DOD, Neu*, and now an employee at Firehost who apparently doesn’t even get his picture on the staff page — he would like to chime in. This is becoming a grab for attention by security experts who want to take every opportunity to get into the public spotlight before Blackhat winds down later today. From his bio on CyberUnited:

Mr. Cunningham researched, developed and designed a new cognitive intelligence model focused on accurately forecasting human behavioral activities and likely clandestine human tactics within protected networks to counter malicious insiders.

Additionally, don’t get the impression that Chase was a speaker at BlackHat: he just happened to be there and is not on the speaker list and was seemingly wandering around looking for a reporter to speak to; however, it wasn’t likely this random considering that Chase has extensive experience with social engineering and a skill we will reference as “the ability to know who the right person is, what they look like, and where they are currently located”. On a bright note, FireHost can now add the AP logo to their newsroom masthead.

Let’s go back to a previous individual who I feel deserves a little recognition: Brian Krebs.
Brian is a somewhat well-known security enthusiast that also puts words on an Internet blog about his thoughts on security. Holden’s Hold Security is essentially a go-to for many of his posts regarding Internet security — the reason for this being that Brian Krebs is listed as a “Special Advisor” for Hold Security. Established media outlets generally try to ensure that the individual reporting about something isn’t directly connected to the entity that is being discussed; however, as luck would have it for Krebs, that rule really doesn’t exist on the Internet.

One question that I feel a good number of security-centric individuals not swooned by Alex “The Watchman” Holden, Brian “The Megaphone” Krebs, and Chase “The Avenger” Cunningham’s story of intrigue is:
How does one suddenly wind up with 4 billion U/P entries? Holden /had/ to have those entries on hand if they were, in fact, verified by an “independent security source” (who was left unnamed) used by the New York Times. I would ask how those were verified (“Yup. That’s a database. Yup. Those are usernames. Yup. That’s the format those would be in.“) — but let’s stick with accrual for a moment.

Hold Security’s website, like any other good WordPress-driven security site, likes to toot their own horn for their accomplishments. Let’s look at a few of the headlines and see if we can pick up a pattern:

HOLD SECURITY, LLC DISCOVERS HACKERS STEALING SOURCE CODE FOR ADOBE FLAGSHIP PRODUCTS
(8/5/2014)
“Hold Security’s newly announced Deep Web Monitoring Program working with journalist Brian Krebs informed Adobe Systems Incorporated that source code for their flagship products has been found on servers of known hackers responsible for breaches of LexisNexis, Kroll, NW3C, and many other sites.”

HOLD SECURITY DISCOVERS THOUSANDS OF FTP SITES INFECTED BY MALWARE
(2/13/2014)
“Hackers compromised thousands of FTP sites to plant their malware or to attempt to compromise connected web services. This week Hold Security’s Deep Web Monitoring Service obtained evidence of hackers abusing FTP sites of companies of all sizes across the globe. Hackers planted PHP scripts armed with backdoors (shells) and viruses in multiple directories hoping that these directories map to web servers of the victim companies to gain control of the web services. They also uploaded HTML files with seamless re-directs to malicious sites.”

HOLD SECURITY DISCOVERS PR NEWSWIRE BREACH
(10/16/2013)
The same group of cyber criminals responsible for LexisNexis, NW3C, and Adobe breaches also had stolen data that belongs to PR Newswire. Partial website source code and configuration data along with a database of PR Newswire customers was found on the same server where Adobe System’s source code was located […] Update: Hold Security’s Deep Web Monitoring confirms today that PR Newswire was not a random target for the hackers. There is evidence, dated February 13, 2013, of a large-scale attack targeting PR Newswire’s multiple networks hitting over 2,000 IP addresses using ColdFusion exploits.

Oh hey look, it’s Brian Krebs again. Hey, Brian!

I want to point out a common phrase here: Deep Web Monitoring.
Were I to use a term like this to a novice user it sounds impressive — almost like Hold Security is deeply probing the Internet — judiciously locating and identifying information that has been breached and alerting the appropriate parties. What Hold Security is actually doing is logging into established .onion sites/forums/boards on TOR and essentially flipping through For Sale postings for user data and bragging posts for recent successful hacks. People pay him money to do this which, honestly, sort of drives me to believe that I am a Black-Hat-Gone-Hatless who really selected the wrong profession.

Here is Hold Security’s definition of what I just stated which understandably sounds much more complex. Additionally, here is Hold Security’s “Consumer Hold Identity Protection Service” offer — where you install an application and it tells you if you are at risk. If they happen to find your credentials when scanning Russian forums on TOR preforming a Deep Web Monitoring: “[…]we will ask you to provide an encrypted versions of your passwords to compare it to the ones in our database, so that we can let you know exactly which of your passwords have been compromised.” That seems reasonable. Last week my credit card was stolen and my bank called me to verify my credit card number. I’m glad they’re watching out for me.

“Sure (author), they may be absolutely sketchy but as a consumer I’m really looking for something like questionable Privacy Policies and Terms of Service. Does Hold Security offer that?”
I’m glad you asked. They sure do.

Privacy Policy
“We may disclose aggregated information about our users without restriction. We may disclose your personal information to our subsidiaries and affiliates, to service providers and other third parties we use to support our business, and to our business partners.” This wouldn’t be such a large deal if the information they were dealing with weren’t your user credentials and password(s).

Terms of Service
“9.2. When we obtain Customer Data or any other personal information about you, we may process such information outside of the country in which you are located, including in the United States. The countries in which we process the information may not have the same data protection laws as the country in which you are located. By using the Consumer Hold Identity Protection Service or otherwise providing any Customer Data or other personal information to us, you expressly consent to the transfer of such Customer Data and information to, and the collection and processing[…]” Data obtained by Russian phishers may return to Russian phishers for verification.

The more you dig — the more nothing about this adds up.

Since this is a blog and not a news story, allow me to speculate. Of Hold Security’s press releases, this one is my favorite:
“To help our customers we tracked over 300 million abused credentials that were not disclosed publicly (that is over 450 million credentials if you count our Adobe find). But this month, we exceeded all expectations! In the first three weeks of February, we identified nearly 360 million stolen and abused credentials and 1.25 billion records containing only email addresses.” (2/25/2014)

I highlighted a number I feel is pretty important. What Holden told the New York Times was a carefully worded falsehood. Holden himself has carefully collected this data over the span of a year or two, maybe even to the point of purchasing old U/P information. Hold Security is a passive form of security — they are not going out to find your data and wrangle it out of the hands of those Evil Russian Hackers (Holden is from the Ukraine). What they are doing is lurking TOR nodes observing chatter. I would almost go so far as to suggest that he has obtained access to multiple forum systems on TOR that require verification of l33t-krad-LoD-versus-MoD status. Holden throws together a giant list of antiquated loose account leads, pings the New York Times (a source he “found” was compromised previously) and tells a fantastical story about this massive cache of (completely outdated) U/P’s. Since lists like this have a very specific half-life, they were probably an aggregate of bargain bin purchases — thus why 4.1 billion quickly narrowed down to 1.2 billion and then to ~500 million unique email accounts: if I’m selling a list of 2 year old U/P’s there’s no reason for me not to grab a few lists from 3 years ago, tack those on to the end, call my offering “520,000 Login Credentials” instead of “210,000 Login Credentials”, and add a markup. U/P lists are the cold leads of the phishing world.

From Russell Brandom’s story on The Verge:

The biggest red flag of all, though, is that CyberVor isn’t trying to sell the data or use it to steal actual money. They’re using it for Twitter spam, the dark web equivalent of boiling the bones for stock. If there were anything else they could do with these passwords, it would be more lucrative and more sustainable than spamming. The fact that the crew is reduced to jacking Twitter accounts suggests the data is more about quantity than quality.

That’s the ultimate point here. Not Brian Krebs describing how he once demonstrated the exact method of a bot SQL injection that Holden blames as the cause of this, not Chase Cunningham running into the wrestling ring vowing that these criminals need to be caught and maybe he is the hero Gotham deserves, and not even the fact that the numbers provided by Hold Security in previous posts regarding the collection of U/P lists almost exactly matches the number that is being reported — but the fact that, to any individual who has ever been involved in pentesting websites while not on the payroll of that company: none of this makes sense. Were those passwords to all work, 500 million unique U/P’s is money in the bank and double that if you’re smart enough to extort those users with the information you find. Holden states they’re using them for Twitter spam. We’re either dealing with a group of idiot savants, or one savant idiot.

That’s how Alex Holden told a story to the New York Times, how the NY Times poorly corroborated said story, how Alex had a friend chime in to talk about his character, and how that story spread like wildfire — kind of like Back Orifice in the days of cDc. God, I miss cDc.

The moral of the story is:
Never trust the narrator.

August 8, 2014 / / pay attention

But an accredited technology writer did it anyway and then distributed it.

There are essentially two types of consent laws when it comes to recording a conversation between two individuals: one-party consent and two-party consent.

The definition of one-party consent is actually kind of adorable: you can record a conversation between you and an individual if just /one/ party consents to the action of recording. Also, that party can totally be you. It may be somewhat flawed; however, in terms of a hilariously self-enforcing stipulation it wins hands-down. The second, adopted in a handful of states, is known as a two-party consent. This form is, like it sounds, permission being necessitated from both parties before recording can take place.

Block, who was placing the call from California, was in violation of Cal. Penal Code § 632. Let’s take a look into the fascinating and mystical world of law definitions. I’m going to format this in a way that gets the point across; however, feel free to read it in its entirety. Let’s deconstruct this:

632.  (a) Every person who, intentionally and without the consent of
all parties to a confidential communication, by means of any
electronic amplifying or recording device, eavesdrops upon or records
the confidential communication, whether the communication is carried
on among the parties in the presence of one another or by means of a
telegraph, telephone, or other device, except a radio, shall be
punished by a fine not exceeding two thousand five hundred dollars
($2,500), or imprisonment in the county jail not exceeding one year,
or in the state prison, or by both that fine and imprisonment. If the
person has previously been convicted of a violation of this section
or Section 631, 632.5, 632.6, 632.7, or 636, the person shall be
punished by a fine not exceeding ten thousand dollars ($10,000), by
imprisonment in the county jail not exceeding one year, or in the
state prison, or by both that fine and imprisonment.

Actually, wait. There really is no deconstruction to this. If this call was recorded in California, Ryan Block broke the law. Let’s pop over to the SoundCloud with his official description:

So! Last week my wife called to disconnect our service with Comcast after we switched to another provider (Astound). We were transferred to cancellations (aka “customer retention”).

The representative (name redacted) continued aggressively repeating his questions, despite the answers given, to the point where my wife became so visibly upset she handed me the phone. Overhearing the conversation, I knew this would not be very fun.

What I did not know is how oppressive this conversation would be. Within just a few minutes the representative had gotten so condescending and unhelpful I felt compelled to record the speakerphone conversation on my other phone.

This would be the point where an individual generally regarded as a leading technical journalist apparently has zero concept of the communication laws that govern the state he presently inhabits.

Am I stomping around demanding justice? Not specifically — I really just want to point out a few things. Do you remember that really good laugh we had at the definition of one-party consent? That’s a reality in the vast majority of the United States. For someone to record your interaction with the singular requirement being that at least one person know — with the addendum that the person recording can be the one person that knows? That’s insane.

But I feel a twinge of protest. Let’s work on massaging that knot out.

Do you fancy yourself an individual who considers Privacy with the importance of making it a proper noun? Are you generally concerned about your privacy? The law that you read above was part of the California Invasion of Privacy Act (CIPA) (Cal. Penal Code §§ 630-637.5) that sets up the laws governing when another person can listen to/record/use/extort/kidnap/be-crimey regarding the information that you, the little information emitting machine you are, emit to specific parties under specific circumstances.

The argument then is that this is somehow unfair with regard to the consumer; however, should the individual you are speaking to — while they are at their place of employment — not be given the right to decline that their interaction be recorded?

Is their privacy less important than the privacy of Ryan Block?

“Doesn’t matter. Their center is located in a one-party consent state. Ha.”

Says the individual. Calling from a two-party state. Using a recording device. On an outbound call. In a state where, to record, both parties must consent.

Cool.

“OH YOU DONE MESSED UP! They tell you you’re being recorded so I can record too!”

Well, let me clarify that a little bit.

When the automated system informs you that your call will be answered based on if the people in front of you are having good days or bad days /and/ that your call may be recorded for quality reasons — you actually enter into an agreement where you are given acknowledgement that you are going to be recorded and, through the fact that you didn’t scream that the Reptilians were listening, agree to be recorded. The individual who is answering your call agreed to be recorded upon signing into their job. The center recording the call is completely covered on all legal grounds to record the call.

That being said, Ryan Block is not covered by these precedents. If you really want to press the issue of you staying on the line is not implying that you consent, I’d like to introduce you to Shin v. Digi-Key Corp.

“OK, so I passively agreed to being recorded by staying on the line after being informed that the call may be recorded. The representative agrees to be recorded as per their job with the call center they work with. Then what is the problem? They’re recording so I can record.”

You’re going to hate me on this but no, you can not. These are two separate instances of the same thing.

Thing 1 (T1): The location you are calling has consent from you and the person you are talking with to record the call.
Thing 2 (T2): Recording a call between you and an entity that you agreed to record your call — but did not agree to you recording them.

These are two different things. The center had consent to record from both parties. Ryan did not have that consent nor, in the recordings placed online, did he specifically ask or tell the representative he was recording.

Ryan did not feel that the privacy of the representative awarded any concern. They’re just voices on the phone — they’re not real people, anyway. A call that /should/ have gone to the department that deals with moving (even if you’re cancelling your service) went to retention — a specific department that is, by nature, driven by numbers. That thought, sadly, was bereft when the necessity was felt to both illegally record and then broadcast the contents of a recording to take a quick shot at the inbound customer service industry: a service hated only slightly more by the people providing it than the people using it. Better yet, it was a good shot at Comcast — a company with a less-than-stellar history of customer sentiment.

Again, I’m not saying that the Recording Stuff Police should break down the door to Ryan’s new home and bring him into the station for booking on this horrid offense to his fellow man. That being said, CIPA is really not a bad act: don’t record people without both parties knowing they are being recorded, don’t use the recordings to be a jerk, don’t intercept data that isn’t yours, if the situation is domestic violence recording is permitted (633.6), don’t be weird and open your ex’s email even though you know their password, if you have access to customer information in large numbers please don’t be a jerk and use it for private sales, if you have access to customer information in large numbers please don’t be a jerk and sell it, if you buy customer information that representatives have access to in large numbers you’re kind of a jerk.

I’m obviously paraphrasing here but the point comes down to the fact that, as much as Block’s Klout score has been boosted in the past 72 hours, he willingly (and likely unknowingly) violated 632, broadcast the illegally recorded communication, and admitted to the action in the description of the illegally recorded material. If anything, one would expect a technically-minded individual to know the specifications of the laws that govern the technology they report on.

Then again, it’s just privacy law.

—-

Update:

So Ryan actually did use the defense on Twitter that, since he was in a two-party state calling a one-party state, everything was kosher. I must again reiterate that this is not how the law works. I can’t legally send marijuana from Knoxville to Denver regardless of the contents being legal in the area shipped to. That’s a pretty loose analogy; however, I placed roughly as much effort into it as Ryan placed into his defense.

When contacted specifically in reference to the violation of law, I was informed to reference sections B and E1.

Let’s do that together.

632 (B)

 (b) The term "person" includes an individual, business
association, partnership, corporation, limited liability company, or
other legal entity, and an individual acting or purporting to act for
or on behalf of any government or subdivision thereof, whether
federal, state, or local, but excludes an individual known by all
parties to a confidential communication to be overhearing or
recording the communication.

I may be off here; however, what I anticipate may have happened is that this portion was read and interpreted under the T1/T2 error. This would be a case for exclusion; however, the only recording that was “known by all parties to [be a] recording of the communication” was the recording made by the center. Ryan’s recording, an instance of recording totally separate from the internal recording, was not known to all parties. Now let’s hop over to E1.

(e) This section does not apply (1) to any public utility engaged
in the business of providing communications services and facilities,
or to the officers, employees or agents thereof, where the acts
otherwise prohibited by this section are for the purpose of
construction, maintenance, conduct or operation of the services and
facilities of the public utility

Again, I may be off but I believe I see where the confusion is here. If you’ll note, I only placed part of that definition in bold as I believe it’s where the reading stopped. This section is not stating “the rules above do not apply if you are recording a conversation with a company providing communication services”. It states, “If you are a business that provides communications services and facilities (see: call centers), you are excluded from the entirety of this section if those calls are specifically used for internal use and review”.

I want to reiterate again:

The point of this entire post is not to point out how Ryan Block should be prosecuted for his gross crimes against nature. It’s that an individual who is recognized as a solid writer by a large aggregate of the population (myself included) intentionally violated the privacy of an individual as per the communication laws of the state that they live in. After doing that, a transmission that was obtained illegally was then placed on the Internet. Considering the procurement method was not lawful in the first place, how much closer does that place the distribution and broadcast of an illegally obtained communication to malice? This isn’t Bartnicki v. Vopper — Ryan broke the law himself and then distributed it and, let’s be honest, posting it to SoundCloud isn’t what I’d consider a news format where that case would apply.

I can not begin to describe to you how unpopular of an idea it is to suggest that not only was a law broken for the sake of being Mayven Patient-0 in a viral post — but that the assumed antagonist of  was actually the victim of a privacy rights violation. And that the antagonist represents Comcast. I would really have a lot more luck arguing for the release of a serial killer based on the creative merit of their murders.

The same laws that protect you — protect other people. Sometimes in ways that conflict with your opinion of what should happen. This even protects the lowly call center representative. When talking to a friend about this who vehemently disagreed with the post above, I asked if the rights of an individual wearing a headset and answering calls for Comcast were less than that of the individual calling them. He stated they were. Have we really become short-sighted enough to have a sliding scale for what rights you have to privacy based on the company you answer calls for — or more likely the company that was hired to answer the calls for your company?

Regardless this was not intended as a troll piece, call to action for prosecution, or even an attempt at a smear.

But when I go to Ryan’s Twitter page and see the bolded post asking that the representative not be fired for the illegal recording that Ryan made of a confidential call with the consent of only one party for /Ryan/ to record — the first thought I can come up with is, “That’s mighty big of you, Ryan.”

February 14, 2014 / / pay attention

My father always says four things to me when our interaction with one another ends:

  • “I love you.”
  • “Be good.”
  • “Be careful.”
  • “Pay attention.”

I am here to assist in the facilitation of all of us, as a group, paying attention.

I’m not here to tell you to wake up, I’m not going to reference you as a sheep, this is not some sort of Alex Jones thing.

I do not want to talk about chem-trails. I do not believe that lizard people want our delicious People Juice.

I just want to have a talk with you.

Take a seat. Grab some coffee.

Pay attention.

January 14, 2014 / / pay attention

Ever have that one friend who uses the same move over and over in a fighting game? Who elects for mutually assured destruction over teamwork? Meet the KNS.

The Knoxville News Sentinel (KNS), and Scripps as a whole, is facing a bit of a conundrum. Print media, with regard specifically to news intake, is dying a long and painful death. I really can not overstate how long, arduous, and painful this death is. If the KNS were a terminal patient with a tangle of tubes, pumps, and pneumatic breathing devices keeping it on the skirt-hem relevance — Scripps would be the sobbing widow-to-be frantically burning money in an attempt to spend one last glorious day with the fading remains of their loved one.

This was most apparent when the decision was made to change an aggregate of Scripps publications to partial-paywall publications, allowing access to ‘Premium Content’ (words that don’t follow an inverted pyramid layout) for those who subscribe to the paper. The funny thing about this move is that it directly points to online access, as a media, being the biggest competitor to print. It also shows that Scripps is desperately struggling to make an entire arm of news-specific print media a viable and profitable option. It’s a tough call: do you keep funneling money into an entity that is currently living off the breadcrumbs of Want Ads and Ted Russel Ford half-page ads — or do you become the Bad Man who killed print news for a town?

What is more interesting about this shift is the rise of the alternative publication market.

Quick question for you, just to break the fourth wall: When was the last time you saw someone leisurely reading the Sentinel while out on the town? Would you say that the number of times you saw this action was more or less than the number of times you’ve seen someone reading a Metro Pulse?

Killing off Metro Pulse wasn’t just a bad idea due to the obvious repercussions to Knoxville culture and writing — it also completely demolished any ability that Scripps had to reach the coveted 18-35 year-old demographic. It also directly impacts the businesses who advertised through Metro Pulse and removed a staple of Knoxville, The Metro Pulse ‘Best Of Knoxville’ Awards. Way to win hearts and minds.

Scripps is essentially making the same error that the music industry faced in 1996: an unwillingness to find a marketing approach that embraces new media. “People will always want a physical copy of music to hold in their hands.” The problem was that they would not. “People will always want a physical copy of the news to hold in their hands.” The problem is that they do not. The current marketing demographic for the KNS is the same for most local papers in mid-markets: older individuals (P1) and the bored (P2). That isn’t to suggest that local news isn’t important: it’s pivotal — specifically with regard to local politics. The solution to this problem isn’t to place opinion stories behind a paywall or to cripple the slowly-awakening culture of a community by taking away a staple sister publication. Additionally, taking away the publication at the forefront of alternative Knoxville culture isn’t the solution — it’s a symptom of the disease.

There was a quick push to let Knoxville know that they would not be left out in the cold with regard to culture. As part of the release regarding Metro Pulse on Wednesday, a tangible effort was made to state that Knoxville.com would be the primary source for future arts and culture news. Calling this move insulting is, at best, an understatement. Metro Pulse was not simply a directory listing of who is playing at the Pilot Light for any given week; however, that’s how it appears to be viewed. Metro Pulse provided absolutely wonderful pieces on politics, culture, music, food, and the people who make up this confusing town that somehow thought making an artificial creek on top of an actual creek (Second Creek; World’s Fair Park) was a good idea.

As I write this, it is currently 10:00pm on Wednesday. Let’s see what Knoxville culture stories Knoxville.com is propagating through their Facebook:

  • GoVolsXtra | Enter to win UT-Missouri tickets (cross promotion with KNS)
  • [Link] Were you annoyed by the sudden, inexplicable appearance of U2’s “Songs of Innocence” album on your iPhone? Well, Bono says he’s sorry.
  • [Link] Check out the PumPecApple: Three pies baked in a cake, stacked and iced!
  • [Link] Harry Potter spinoff ‘Fantastic Beasts’ will be ‘at least’ a trilogy.
  • [Link] Netflix to stream all of ‘Friends’ starting Jan. 1, 2015

I’m going to cut it off there. It took eleven posts before I hit the first post actually about Knoxville — restaurant health scores for Oct. 13th. That was posted yesterday at 2:25pm. Five posts later, another football post.

I struggle to find a comparison between a publication that has been with Knoxville for over 20 years and an absolutely horrid excuse for journalism that has nothing to do with its namesake. Perhaps it would be in the interest of those operating the Knoxville.com Facebook to consider posts about Knoxville and those who make up its populace before posts wishing Usher a happy birthday. In a land of steak, Scripps took away all knives and forks but assures us that the spoons provided should be able to handle our eating needs.

This is more than “just an arts and culture paper”. Be it out of lack of knowledge or lack of concern, Scripps (and the KNS by proxy) are responsible for a magnitude of damage to Knoxville. Small niche businesses are impacted because their demographic is not the KNS. Local non-commercial stations like WUTK are impacted as one of the station’s tags, “Winner of the Metro Pulse ‘Best of Knoxville’ award (x) years in a row” is no longer a relevant statement — not to mention the mountain of cross-promotion that both medias provided one another. I fail to have even the slightest trust in the culinary opinions of a media outlet that has covered everything /but/ Metro Pulse today. Your parent publication created this issue — have a sense of ownership. Open a dialog. That’s what social media is for versus “McDonalds invites icky questions about its food”.

Scripps isn’t concerned about you, Knoxville.

Perhaps it is time to return the sentiment.