Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Thread Tools Search this Thread Display Modes
Old 02-05-12, 08:35 AM   #1
JackSpratts's Avatar
Join Date: May 2001
Location: New England
Posts: 9,698
Default Peer-To-Peer News - The Week In Review - May 5th, '12

Since 2002

"Websites with religious or ideological themes were found to have triple the average number of 'threats' that those featuring adult content, according to Symantec." – AFP

"Program X." – Karin Florin

May 5th, 2012

Young File-Sharers Respond To Tough Laws By Buying a VPN

A new survey has revealed that young people are responding to tough legislation and increasing levels of online spying by investing in VPN services. The study, carried out by the Cybernorms research group at Sweden’s Lund University, found that when compared to figures from late 2009, 40% more 15 to 25-year-olds are now hiding their activities online.

Faced with the almost impossible task of physically restricting people’s activities online, during recent years authorities and copyright holders have sought to have legislation tightened up, to encourage citizens towards a path of “doing the right thing” through the fear of more and more serious consequences.

In Sweden, the results of intense lobbying are clear. Due to a combination of fat Internet pipes and its status as the spiritual home of The Pirate Bay, Sweden and file-sharing go hand in hand. As a result the country is being subjected to considerable online surveillance.

But according to new research from the Cybernorms research group at Sweden’s Lund University, an increasing proportion of the country’s population are taking measures to negate the effects of spying on their online activities.

The study reveals that 700,000 Swedes now make themselves anonymous online with paid VPN services such as The Pirate Bay’s iPredator.

A similar study carried out in 2009 revealed that 500,000 Swedes were taking steps to anonymize their connections. Today’s results therefore reveal a 40% increase in privacy service uptake in roughly 2.5 years.

Of particular interest is the response to surveillance by the younger generation. According to Cybernorms, 200,000 individuals aged between 15 to 25-years-old are now hiding themselves online. This figure represents 15% of the total group, up from 10% in 2009.

Mns Svensson, PhD in Sociology of Law at Lund and study manager, says that further uptake of anonymization services will only increase as new legislation is introduced.

“If the [recent] European Court of Justice opinion leads to an intensified hunt for file sharers, there is evidence that the use of these types of services for anonymity will grow even faster,” says Svensson.

While the researchers at Lund estimate that file-sharing is one of the key drivers behind the update of anonymity services, according to the foundation administering Sweden’s top-level .SE domain, monitoring of other kinds is also playing its part.

“Where monitoring is increasing, both from government and from private players like Facebook and Google, so does demand,” .SE president Danny Aerts told Svenska Dagbladet.

Whether it’s for file-sharing, domain blockage circumvention or freedom of speech, anonymization services are here to stay. Welcome to the encrypted Internet.

The Pirate Bay Must be Blocked by UK ISPs, Court Rules

File-sharing site The Pirate Bay must be blocked by UK internet service providers, the High Court has ruled.

The Swedish website hosts links to download mostly pirated free music and video.

Sky, Everything Everywhere, TalkTalk, O2 and Virgin Media must all prevent their users from accessing the site.

"Sites like The Pirate Bay destroy jobs in the UK and undermine investment in new British artists," the British Phonographic Industry (BPI) said.

A sixth ISP, BT, requested "a few more weeks" to consider their position on blocking the site.

BPI's chief executive Geoff Taylor said: "The High Court has confirmed that The Pirate Bay infringes copyright on a massive scale.

"Its operators line their pockets by commercially exploiting music and other creative works without paying a penny to the people who created them.

"This is wrong - musicians, sound engineers and video editors deserve to be paid for their work just like everyone else."

'Compelling alternatives'

In November 2011, the BPI asked the group of ISPs to voluntarily block access to the site.

The request followed a court order to block Newzbin 2, a site also offering links to download pirated material.

The ISPs said they would not block the site unless a court order was made, as is now the case.

Virgin Media told the BBC it will now comply with the request, but warned such measures are, in the long term, only part of the solution.

"As a responsible ISP, Virgin Media complies with court orders addressed to the company but strongly believes that changing consumer behaviour to tackle copyright infringement also needs compelling legal alternatives, such as our agreement with Spotify, to give consumers access to great content at the right price."

The Pirate Bay was launched in 2003 by a group of friends from Sweden and rapidly became one of the most famous file-sharing sites on the web.

It allows users to search for and access copyrighted content including movies, games and TV shows.
No 'extra pennies'

In April 2009, the Swedish courts found the four founders of the site guilty of helping people circumvent copyright controls.

The ruling was upheld after an appeal in 2010, but the site continues to function.

The Pirate Party UK, a spin-off from the political movement started in Sweden that backs copyright reform, said this latest move will "not put any extra pennies into the pockets of artists".

"Unfortunately, the move to order blocking on The Pirate Bay comes as no surprise," party leader Loz Kaye told the BBC.

"The truth is that we are on a slippery slope towards internet censorship here in the United Kingdom."
'Pointless and dangerous'

Critics of site-blocking argue that such measures are ineffective as they can be circumvented using proxy servers and other techniques.

However, one analyst told the BBC that it was still worthwhile to take court action as it underlines the illegal nature of sites such as The Pirate Bay.

"I know it's fashionable to say 'oh, it just won't work', but we should keep trying," said Mark Little, principal analyst at Ovum.

"We should keep blocking them - they are stealing music illegally.

"The biggest culprits of this, really, are the younger demographic who just haven't been convinced that doing this is somehow morally uncomfortable.

"The principle that downloading music illegally is a bad thing to do has not been reinforced by schools or parents."

But Jim Killock, executive director of the Open Rights Group, called the move "pointless and dangerous".

"It will fuel calls for further, wider and even more drastic calls for internet censorship of many kinds, from pornography to extremism," he said.

"Internet censorship is growing in scope and becoming easier. Yet it never has the effect desired. It simply turns criminals into heroes."

Pirate Bay Enjoys 12 Million Traffic Boost, Shares Unblocking Tips

Last week the UK High Court ruled that several of the country’s leading ISPs must block subscriber access to The Pirate Bay. The decision is designed to limit traffic to the world’s leading BitTorrent site but in the short-term it had the opposite effect. Yesterday, The Pirate Bay had 12 million more visitors than it has ever had, providing a golden opportunity to educate users on how to circumvent blocks. “We should write a thank you letter to the BPI,” a site insider told TorrentFreak.

Last Friday the UK High Court ruled that several of country’s leading ISPs must censor The Pirate Bay website having ruled in February that the site and its users breach copyright on a grand scale.

The blocks – to be implemented by Sky, Everything Everywhere, TalkTalk, O2 and Virgin Media (BT are still considering their position) – are designed to cut off all but the most determined file-sharers from the world’s most popular torrent site.

On hearing the news a Pirate Bay insider told TorrentFreak that the measure will do very little to stop people accessing the site and predicted that “the free advertising” would only increase traffic levels.

It’s not possible to buy advertising “articles” from leading UK publications such as the BBC, Guardian and Telegraph, but yesterday The Pirate Bay news was spread across all of them and dozens beside, for free. The news was repeated around the UK, across Europe and around the world reaching millions of people. The results for the site were dramatic.

“Thanks to the High Court and the fact that the news was on the BBC, we had 12 MILLION more visitors yesterday than we had ever had before,” a Pirate Bay insider informed TorrentFreak today.

“We should write a thank you note to the BPI,” he added.

The blockade, which was not contested by any of the ISPs listed above, will be implemented during the course of the next few weeks. While that time counts down, The Pirate Bay say they are viewing the interim period as an opportunity to educate site visitors on how to deal with censorship by bypassing it.

“Another thing that’s good with the traffic surge is that we now have time to teach even more people how to circumvent Internet censorship,” the insider added.

In court papers released today, Mr Justice Arnold said that since the terms of the court order (how the blocks would be implemented technically) had been agreed to by the ISPs in question, there was no need for him to detail them in his ruling. However, The Pirate Bay told us that by taking a range of measures, any blocking technique employed by any ISP can be overcome.

First off they advise that the most simple solution is to use a VPN, such as iPredator or other similar services that carry no logs.

These VPN providers cost money but there are free solutions too. Companies such as VPNReactor offer a free service that is time limited to around 30 mins per session, but that’s plenty of time for users to get on Pirate Bay and download the torrent files they need. Once users have the torrents in their client, the blocking has been bypassed and even with the VPN turned off, downloads will still complete.

Pirate Bay are also recommending the use of TOR but only for the initial accessing of their website and the downloading of the .torrent files. Torrent clients themselves should never be run over TOR, the system isn’t designed for it and besides, transfers will be pitifully slow. TPB also point to I2P as a further unblocking option.

While the above options will cut straight through any kind of blocking with zero problems, Pirate Bay are also advising people to change their DNS provider. By permanently switching to a DNS offered by the likes of OpenDNS and Google, users of UK ISPs that censor The Pirate Bay purely by DNS will have a free and effective work around.

As readers will recall, there are other simple unblocking solutions where domain names are blocked by ISPs but their related IP addresses remain unfiltered. These include the MAFIAAFire plugin and the simple action of typing a site’s IP address directly into a browser. However, in this UK case there is a problem with these solutions.

According to court papers made available today, it seems that on the advice of an expert and after being agreed to by the ISPs in question, IP address blocking of The Pirate Bay is now part of the injunction. This means that the techniques in the above paragraph simply won’t work.

To circumvent this kind of problem, The Pirate Bay can be accessed via a 3rd party – a so-called ‘proxy’. One of these purely for the job is being operated by the UK Pirate Party.

Quite how long this particular proxy stays up remains to be seen though. The Dutch Pirates tried a similar thing and were quickly pursued by rights holders. Nevertheless, there are countless free proxies online that can do the job just as well.

In just a few weeks the block of The Pirate Bay will be implemented and despite all the coverage and millions of extra visitors to the site, thousands of users will remain unprepared. Those patient enough to type a question into a search engine will regain access to the site in a few minutes.

But will the impatient start pumping more money into the pockets of the BPI? That’s the big question.

The Tor Project's New Tool Aims To Map Out Internet Censorship
Andy Greenberg

For years, the non-profit Tor Project has offered Internet users the world’s most secure tool for dodging censorship and surveillance, used by tens of millions of people around the world. Now two of the project’s researchers aim to help users to not only bypass what they call the “filternet”–the choked, distorted and censored subset of the Internet–but to understand it and map it out, the better to eradicate its restrictions.

Tor developers Arturo Filasto and Jacob Appelbaum are the co-creators of OONI-probe, an early-stage open-source software tool designed to be installed on any PC and run to collect data about local meddling with the computer’s network connections, whether it be censorship, surveillance or selective bandwidth slowdowns. OONI, their acronym for the Open Observatory of Network Interference, aims to “show an accurate topology of network interference and censorship,” as Filasto and Appelbaum describe the project in its documentation. “Through this topology, it will be possible to see what the internet looks like from nearly any location, including what sites are censored or have been tampered with.”

Machines running OONI-probe run diagnostics like cycling through a list of website URLs or keywords to see which are blocked or filtered; A typical test checks the top one million Alexa-ranked sites, a process that takes close to a week. Or a collection of remotely networked machines running the software–linked together to create what Filasto and Appelbaum call the “OONI-net”–can run experiments that follow the path data takes to and from the test machines to check for filtering or slowdowns.

Tor’s OONI project, funded in part with a grant from Radio Free Asia, isn’t the first to monitor and measure Internet censorship around the world–other projects like the Open Net Initiative, the Berkman Center’s HerdictWeb and Google’s Transparency Report all aim to spot censorship and Internet slowdowns. But unlike those projects, OONI uses only open-source software and plans to make the raw data gathered by its tools public and accessible to any researcher.

“This came from a bit of disappointment over the fact that all the existing tools out there for monitoring censorship were either not using open methodologies or not making their data available,” says Filasto, a 21-year old computer science student at Rome’s Sapienza university. “Our goal with OONI is to build that open framework, so that researchers can independently prove that the methodology is valid and repeat the tests.”

Anyone can volunteer to run OONI-probe, and the data from the software’s tests will be collected on OONI.nu for analysis. Filasto says the project has also partnered with M-Labs, a research spin-off from Google that runs software on servers around the world aimed at measuring the Internet’s flow of data and detecting anomalies.

Filasto warns that the software is still in an early stage of its development, with no easy user interface and lots of “ugly” code. But it’s already helped reveal undocumented censorship in real cases. On a recent trip to the U.S., Filasto discovered that his prepaid T-Mobile phone ran software called “Web Guard” that blocked certain sites based on what it says is violent or sexual content. But after connecting his phone to a PC with a USB cable and running OONI-probe on it, he discovered it also blocked access to everything from a British financial advice site to a 9/11-focused conspiracy site, to a Japanese URL shortening service.

Last week, the Palestinian news agency Ma’an used OONI-probe to reveal that the Palestinian Authority was demanding that the local Internet service provider censor access to opposition political sites and news sites. The Palestinian Authority minister responsible resigned three days later.

George Hale, the reporter for Ma’an who exposed the story, says he suspected the Palestinian Authority’s censorship before he used Tor’s tool, but that by showing that only political sites were inaccessible, Ma’an was able to prove that the blockages were politically-motivated, not random. “We found the [censored] sites through guesswork and interviews with government officials, but the OONI probe was really important for the opposite reason,” says Hale. “By confirming these were the only sites [blocked], it made the politically motivated effort that more apparent. And this helped point us to the likely culprit.”

The Palestinian example shows the value of Filasto’s and Appelbaum’s more scientific approach to the problem of censorship–collecting comprehensive data rather than piecemeal anecdotes about what’s being blocked online. “It’s based around the concept of experiment and control,” says Filasto. “Experiment on the network you wish to measure and compare it with the control, which is your expected results. If there’s a mismatch, it’s likely a censorship event is happening.”

Check out the OONI project here.

Pakistani Court Says Internet Censorship Plan Is Unconstitutional
Mike Masnick

We recently wrote about Pakistan's attempts to build its own internet censorship regime, capable of blocking 50 million sites that the government doesn't like. However, a petition by civil rights groups has apparently resulted in a court ruling saying that such censorship is unconstitutional under the Pakistani constitution. Of course, from the writeup linked above (from Reporters Without Borders), it appears that there is at least some skepticism that the Pakistani government will obey its own court:

The high court’s ruling, if respected, would make it impossible for the government to introduce any nationwide website filtering system.

While welcoming the ruling, which penalizes the lack of transparency in the PTA’s past website blocking, Reporters Without Borders calls for vigilance because the PTA could try to circumvent it by devising a constitutional procedure based on the anti-blasphemy law and national security provisions.

Still, it's good to see courts around the globe pushing back on this desire to censor the internet.

Feds Seized Hip-Hop Site for a Year, Waiting for Proof of Infringement
David Kravets

For more than a year, and without explanation, the government redirected hip-hop site Dajaz1.com to this landing page.

Federal authorities who seized a popular hip-hop music site based on assertions from the Recording Industry Association of America that it was linking to four “pre-release” music tracks gave it back more than a year later without filing civil or criminal charges because of apparent recording industry delays in confirming infringement, according to court records obtained by Wired.

The Los Angeles federal court records, which were unsealed Wednesday at the joint request of Wired, the Electronic Frontier Foundation and the First Amendment Coalition, highlight a secret government process in which a judge granted the government repeated time extensions to build a civil or criminal case against Dajaz1.com, one of about 750 domains the government has seized in the last two years in a program known as Operation in Our Sites.

Apparently, however, the RIAA and music labels’ evidence against Dajaz1, a music blog, never came. Or, if it did, it was not enough to build a case and the authorities returned the site nearly 13 months later without explanation or apology.

Cindy Cohn, the EFF’s legal director, said the site’s 13-month seizure by the Immigration and Customs Enforcement bureau highlights the RIAA’s influence over the government. President Barack Obama has tapped at least five former RIAA attorneys for senior positions in the Justice Department.

“Here you have ICE making a seizure, based on the say-so of the record company guys, and getting secret extensions as they wait for their masters, the record companies, for evidence to prosecute,” Cohn said in a telephone interview. “This is the RIAA controlling a government investigation and holding it up for a year.”

ICE, a branch of the Department of Homeland Security, has the power to seize web domains engaged in infringing activity under the same forfeiture laws used to seize property like houses, cars and boats allegedly tied to illegal activity such as drug running or gambling. But seizing a domain name raises First Amendment concerns — though nothing in the court records show that the government or the court was concerned about the prolonged seizure of the site that is akin to an online printing press.

In the Dajaz1 case, the authorities seized the site in November 2010 on the word of the RIAA that four songs linked to on the site were unauthorized, the records show. Yet nearly a year later, in September 2011, the government was secretly seeking yet another extension to build its case, ostensibly because it was still waiting for the recording industry to produce evidence, the records show. All the while, the site’s owner and his attorney were left out of the loop, as the court record was sealed from them and the public. The Dajaz1 site was redirected to a government landing page saying it was seized by customs officials.

On Sept. 7, 2011, about 11 months after the government seized Andre Nasib’s site, a Department of Homeland Security agent wrote a declaration to U.S. District Judge Margaret Morrow of Los Angeles, explaining the reason for seeking a third time extension to build a case. The agent said “a sampling of content obtained from the Dajaz1.com website and its purported affiliate websites was submitted for rights holder evaluation and has yet to be returned.”

The agent, Andrew Reynolds, wrote virtually the exact same sentence in a July 13, 2011 declaration, in which the government sought its second extension of time to build a case.

However, Reynolds’ declaration in September for the first time mentioned the RIAA by name.

“Additionally, a representative with the Recording Industry Association of America (RIAA) has stated that he will provide a very comprehensive statement to ICE’s and CBP’s [Customs and Border Protection's] outstanding questions, in coordination with corresponding rights holders, which will be forthcoming in approximately 30 days,” Reynolds wrote.

Other than the unsealing orders won by Wired, EFF and the First Amendment Coalition, that Reynolds filing was the last one in the case — meaning the record does not say whether the RIAA or other industry players ever produced the promised report.

The Los Angeles federal prosecutor in the case, Steven Welk, did not respond for comment. Welk’s office agreed to unseal the documents, but said that it did so without conceding there was any First Amendment or common law necessity to do so. In December, when the site was returned, the authorities said it was “the appropriate and just result.”

The RIAA declined to comment on the unsealed documents, which Wired provided to it for review.

Instead, the industry lobbying group pointed Wired to its statement in December, when Dajaz1 was returned:

We understand that a decision was made that this particular site did not merit a criminal forfeiture proceeding. We respect that government agencies must consider a range of technical issues when exercising their independent prosecutorial discretion. Criminal proceedings are not always brought, for a variety of appropriate reasons.

With respect to Dajaz1, we would note that this particular website has specialized in the massive unauthorized distribution of pre-release music — arguably the worst and most damaging form of digital theft. [...]

If the site continues to operate in an illegal manner, we will consider all our legal options to prevent further damage to the music community.

We are aware of statements by the site operator that suggest that music companies themselves were the source of at least some of the thousands of recordings available on Dajaz1. Even assuming this to be accurate, it does not excuse the thousands of other pre-release tracks also made available which were neither authorized for commercial distribution nor for uploading to publicly accessible sites where they were readily downloadable for free.

Dajaz1′s owner, Nasib, of New York, declined comment through his attorney, Andrew Bridges.

In December, Nasib told The New York Times that the recording industry offered him the four songs that were at the center of the case against him.

“It’s not my fault if someone at a record label is sending me the song,” the paper quoted him as saying.

The site’s seizure was based on an affidavit from Reynolds, who said he streamed or downloaded four songs hosted in cyberlockers — filezee.com and usershare.net — that were linked on Nasib’s site. The songs in question were “Deuces” by Chris Brown; “Fall for Your Type” by Jamie Foxx; “Long Gone” by Nelly and “Mechanics” by Reek Da Villian. Reynolds, in his seizure affidavit, wrote that he consulted with “RIAA representatives” when drafting the affidavit to verify that the songs were unauthorized.

Bridges said in a telephone interview that Nasib’s site, which is now up and running again, should never have been seized.

“To begin with,” Bridges said, “I don’t think there was any evidence of criminal copyright infringement.”

Stop Being Poor: U.S. Piracy Watch List Hits A New Low With 2012 Report
Michael Geist

The U.S. Trade Representative released its annual Special 301 Report yesterday, unsurprisingly including Canada on the Priority Watch list. While inclusion on the list is designed to generate embarrassment in target countries, this year's report should elicit outrage. Not only is the report lacking in objective analysis, it targets some of the world's poorest countries with no evidence of legal inadequacies and picks fights with any country that dare adopt a contrary view on intellectual property issues.

The inclusion of Canada on the priority watch list is so lacking in objective analysis as to completely undermine the credibility of the report. The Canadian "analysis" amounts to 173 words that hits on the usual dubious complaints (and given criticism of countries such as Chile for their notice-and-notice system, Israel for their statutory damages rules, and many countries on border enforcement, the Canadian criticism will clearly not end with the enactment of Bill C-11). By comparison, China is treated as equivalent to Canada on the priority watch list, yet garners over 4,600 words.

Earlier this year, I completed a submission with Public Knowledge to the USTR Special 301 process that examined current Canadian law as well as Bill C-11. It concluded:

the USTR should be guided by U.S. law in evaluating the laws of other countries. Viewed from a U.S. law perspective, Canadian copyright laws provide adequate and effective protection to US IP rights owners. Limitations and exceptions in current Canadian law as well as proposed limitations and exceptions do not derogate from the effectiveness of these protections. Furthermore, Canadian authorities effectively enforce copyright laws. Consequently, rates of infringement in Canada are low and the markets for creative works are expanding. Placement of Canada on the Special 301 Watch List or Priority Watch List in the face of this evidence would be unjustified. It would only lead to undermining the legitimacy of the Special 301 process.

The USTR report also confirms the Canadian government's view that the Special 301 exercise produces little more than a lobbying document on behalf of U.S. industry. The Canadian position, as described to a House of Commons committee in 2007 (and repeated regularly in internal government documents):

In regard to the watch list, Canada does not recognize the 301 watch list process. It basically lacks reliable and objective analysis. It's driven entirely by U.S. industry. We have repeatedly raised this issue of the lack of objective analysis in the 301 watch list process with our U.S. counterparts.

This year, the International Intellectual Property Alliance recommended ten countries for inclusion on the priority watch list. The USTR included all ten.

The problems with the report extend well beyond the inclusion of Canada. The report targets countries for expressing contrary views of intellectual property. For example, last year the Swiss government completed a major study on online copyright infringement, concluding that no new legislative action was needed. That wasn't enough to get the country on the list, but did lead to the following comments:

Regarding Switzerland in particular, the United States has serious concerns regarding the inability of rights holders to secure legal redress involving copyright piracy over the Internet. The United States strongly encourages Switzerland to combat online piracy vigorously and to ensure that rights holders can protect their rights on the Internet.

Perhaps the most shameful inclusion in this year's report are a series of countries whose primarily fault is being poor. For example, the list includes Guatemala, a small country the size of Tennessee with a per capita GDP of just over $5,000. It is coming out of an economic depression that had a severe impact on rural income. The IIPA did not ask for it to be included on the Special 301 Report. In response to past pressures and the conclusion of a trade agreement, Guatemala amended its copyright laws, toughened penalties, created a special IP prosecutor, and increased IP enforcement within the government. Yet the USTR included it with the following comment:

Guatemala remains on the Watch List in 2012. Guatemala continued to make progress in 2011 by enacting legislation to strengthen penalties for the production and distribution of counterfeit medications. In addition, Guatemala’s IPR prosecutor remained active in the past year, despite a lack of resources, and enforcement efforts resulted in a sustained level of seizures and an increase in convictions. The interagency IPR working group also remained active in working to improve coordination among IPR-related agencies, and Guatemala participated actively in training efforts. However, pirated and counterfeit goods continue to be widely available in Guatemala, and enforcement efforts are hampered by limited resources and the need for better coordination among all enforcement agencies. The United States encourages Guatemala to continue its enforcement efforts against the manufacture of pirated and counterfeit goods, and to take steps to improve its judicial system. The United States looks forward to continuing to work with Guatemala to address these and other matters.

Note that the USTR is not criticizing Guatemala's laws nor enforcement efforts as the government has complied with repeated U.S. demands to shift resources toward IP enforcement. Indeed, there is no obvious reason for inclusion on the Special 301 list other than an attempt to lobby a country that ranks 123rd worldwide in per capita GDP to spend even more money enforcing US intellectual property rights rather than on education, health care or infrastructure, the sorts of expenditures that might improve the country's overall economy and ultimately lead to reduced rates of infringement.

The same tactic is employed against countries such as Costa Rica (81st per capita GDP with complaints that more resources should be allocated to enforcement) or Romania (77th per capita GDP with complaints about more resources on enforcement). Moreover, with repeated complaints against countries seeking to ensure adequate access to medicines for their citizens or access to books in schools, this year's report hits a new low. It demonstrates the failure of the enforcement agenda and stands as an embarrassment for one of the world's richest countries to prioritize its IP rights over human and economic rights in the developing world.

Epic 6-Year File-Sharing Case Over Just 3 Songs Comes To An End

A file-sharing prosecution that has been dragging on for six long years has finally come to an end. The original complaint, filed by the Portuguese Phonographic Association in 2006, targeted a then 17-year-old. Now 23, their target has just received a suspended jail sentence and a fine of 880 euros. None of this has helped the country’s music industry – physical product sales nosedived more than 34% last year.

When the Portuguese arm of IFPI first decided to bring file-sharing prosecutions to the country, their aims would have been simple – to scare Internet users away from file-sharing networks and into the shops. It didn’t work out that way.

Since 2006, the Portuguese Phonographic Association filed more than two dozen cases with the Attorney General’s Office. Only two bore any fruit at all – one in 2008 and another just over a week ago having dragged on for an epic six years.

The case was brought against a then 17-year-old teenager who allegedly shared hundreds of songs online without permission. However, for “technical and procedural reasons” (read: lack of evidence), those claims were reduced massively and in the end it was decided he shared just three, a pair from local artists and ‘Right Through You’ by Alanis Morrisette.

Now, the Lisbon Criminal Court has finally delivered its ruling in the case. For violating copyright, the now 23-year-old received a two month suspended jail sentence. The Court decided that since the man was just 17 at the time of the offense and has a completely clean record, the sentence should be changed to a fine of 880 euros – 640 euros plus 4 euros in lieu of each day not served in prison.

After having made 40 similar complaints against file-sharers since 2006, the Portuguese Phonographic Association says it will now give up on the strategy.

“At the time, it was believed that, in fact, through the application of existing law we could begin to control the problem of Internet piracy,” said Association president Eduardo Simoes.

Current legal framework, Simoes added, can not cope with online file-sharing. Inevitably he is calling on the government to introduce new laws that do away with prolonged prosecution periods that reduce the deterrent effects of bringing cases to trial. What the Association wants is a “3 strikes” style arrangement whereby file-sharers are sent escalating warnings and eventually punished.

As the local branch of IFPI, the Portuguese Phonographic Association controls 95% of recorded music in Portugal but it is currently facing a crisis. The Association reports that in the last decade profits have dropped by 80%, and in 2011 sales of physical products nose-dived 34.4%.

Interestingly, in addition to blaming the piracy bogeyman and the economic crisis for these reductions in sales, Simoes also cites an undeveloped digital offering and artists’ growing tendency to self-publish as additional factors compounding the problem.
Despite the apparent lack of legal support, Portugal’s movie industry say they are working hard to reduce piracy by other means. According the MPA-backed FEVIP, they shut down 302 local sites offering pirate material during 2011.

Apple Doesn't Want Musicians to See Secret Steve Jobs Deposition

In bringing a class-action lawsuit against Universal Music over digital music revenues, musicians trigger a big objection from Apple.
Eriq Gardner

The lawsuit from F.B.T. Productions, producers of many hit Eminem recordings, against Aftermath has been closely watched in the music industry since the 9th Circuit Court of Appeals determined that the plaintiff was correct in asserting that a contract between the parties should be read as treating digital music as "licenses" rather than "sales." The two sides are about to go to trial to figure out exactly how much that is worth.

Because F.B.T. already has had much success and is at a more advanced stage -- a trial on the threshold questions was held in 2010 -- the plaintiffs in the class action want access to the documents produced in that case for their own litigation against UMG.

But Apple is resisting, filing an objection to a motion to modify a protective order.

On the eve of the F.B.T. case, almost all documents in the case have gone into lockdown. Ever since THR published a leaked audit that highlighted the millions of dollars at stake, the parties have become super-protective of evidence in the dispute, and the judge has been willing to accommodate the immense secrecy.

The musicians in the class action want to pierce the veil, but Apple contends that depositions given by Jobs and senior vp Eddy Cue, as well as other documents related to Apple's business relationships with UMG and other record labels, are "highly confidential and proprietary trade secrets."

In support, Apple points to the fact that when the depositions were taken, many individuals, including UMG employees, were sent out of the room. When Jobs' deposition was played before the jury, the judge also closed the courtroom, ordered many people to leave and had the transcripts from the trial sessions filed under seal.

In the class-action suit, which recently survived another attempt by UMG to dismiss, the judge directed the parties to meet and confer and file a motion in the F.B.T. case to seek relief from a protective order.

Apple, however, says the plaintiffs haven't shown how the requested documents are relevant. Instead, Apple faults the attorneys for the musicians bringing a motion for documents that is "broad but indiscriminate." If the documents are released, the company says it will experience competitive harm.

DRM-Free Day, Forever.

Authors and publishers need to get creative with piracy. DRM isn't the answer.
Mike Hendrickson

Before reading too far into this, you should know that supporting DRM-free content does not mean O'Reilly supports stealing, pirating, or other forms of theft. You should know that we take theft of copyrighted material seriously, but we also understand there are situations you cannot stop or may not want to stop. The gist of this post is about that last notion.

It seems like a lot of first time authors, experienced authors, editors, publishers, and publishing technologists lose sleep pondering DRM and piracy issues surrounding digital content and its availability and prevalence on the web. I'd like to say to them all, "chill out and sleep." This is not a flash-in-the-pan situation and there are some very simple things you can do to prosper. This issue has been around for a long time and will be around for a long time to come.

A couple years ago, David Pogue was gracious enough to participate in an experiment on DRM-free content in the wild with O'Reilly. You can read his conclusions here, but his bottom-line was this:

"The results? It was true. The thing was pirated to the skies. It's all over the Web now, ridiculously easy to download without paying. The crazy thing was, sales of the book did not fall. In fact, sales rose slightly during that year. That's not a perfect, all-variables-equal experiment, of course; any number of factors could explain the results. But for sure, it wasn't the disaster I'd feared."

I think this is a pretty important revelation. Sales increased during the year Pogue's work was intentionally let out DRM-free. I wonder what would have happened if we had a banner ad on Pirate Bay during the experiment that indicated you could get the print and digital versions of "XYZ title" at our retail price of the print product for anyone using the coupon "Pirate-bay." My point here is we need to get creative with piracy and how to work with it instead of thinking DRM, lawyers, or search engine blocks will address the problem.

Most recently, Eric Freeman and Beth Robson, authors of "Head First Design Patterns," "Head First HTML" and "Head First HTML5 Programming" re-kindled an old thread with O'Reilly about DRM and piracy. This is a thread that most authors feel strongly about. You can read an interesting take on this from four years ago here.

This time Beth opened the discussion with:

"I'm already seeing 'HF HTML5 Programming' popping up on illegal file sharing sites. This morning: http://bit.ly/IM7I84. Is O'Reilly on this? Do you know what they do about it, if anything? I realize we can't stop it but just curious."

And Eric chimed in with:

"When I checked a day or so after the digital copy went live they were the top searches in Google. While you may not be able to stop Pirate's Bay, etc. You should be able to have Google remove the links."

Based on my years of publishing with O'Reilly and others, I replied:

"I disagree with you on this. I think this helps market the book. 'HF Design Patterns' has been one of the books that shows up most on the P2P sites, yet sells consistently well. Have you not heard Tim's rant that piracy is not the enemy of authors, obscurity is. The people who steal, will always steal for whatever their reasons are and will figure out how to get what they want."

Let's dig into my reply a little deeper to see why I could make such a statement. First of all, let's look at some numbers. When I search for 'book torrents" there are 77,800,000 results returned by Bing from the uTorrent client. And 12,000,000 hits returned from a Google search. When I searched for "technical book torrents" there were 20,300,000 results returned from Bing and 5,180,000 results returned from Google. Further refining this search, I looked for "O'Reilly Torrents" and got 937,000 results from Bing and 23,200,000 results from Google, which reverses Bing and Google from the preceding numbers. Diving in a bit on this and searching for "Head First Design Patterns" returns this:

Notice that there are more than 69 million hits available when you search inside of uTorrent, which uses the Bing search engine. An interesting side note: I began clicking into the search pages and found as soon as I got to page 10 or so, the results change to "211-220 of 191,000 results,"' which is drastically different than 69 million. But the links were valid until about page 54, where I received the message "531-540 of 32,600 results" and many of the links were not for the Head First book torrent. So the long story short, there a boatload of torrents out there, but not as many as it first appears, yet I could find and download this title within seconds.

Getting out of the weeds and back to the point of this, there are plenty of available torrents for "Head First Design Patterns" and all of our Head First and O'Reilly books. But does the availability of torrents slow the sales of our books in both print and digital forms? Since 2004, O'Reilly has three Head First books in the top 15 all-time revenue generators (dollars at the cash registers), according to Nielsen Bookscan's Technical Book reports. If we only count the books that have a sticker price under $100, Head First has three of the top 10 all time. And the last time I looked, our Head First titles dominated the top 10 titles at Safaribooksonline.com. "Design Patterns," "Java" and "HTML" lead the way for O'Reilly in revenue generated in bookstores, revenue generated at Safari, and pirated copies on the web. Is this just a coincidence? Or is this the cost of doing business?

I believe that people who cannot afford to purchase a $50 book are likely not going to forgo other necessities so they can pay. I am pretty confident that if you did a demographic study of the people who grab torrents and unauthorized content off the Internet, the majority of them would not be economically able to pay the prices on the products. Another data point to think about is when you were in college, was the money you spent on books a good experience as you saw your beer, food, date, clothes, and incidental money fritter away on books? So here's an interesting twist: Do these college kids go on to real jobs making real money, and do they remember the books that taught them what they needed to know? You bet. Are they more willing to purchase from that publisher in the future when they have real tangible money? You bet. Are they an early-stage marketing investment for publishers? You bet.

Here's the rub: Some publishers may feel good that their books are not all over P2P networks, available in torrents, or DRM-free editions. But really, think about this. If nobody wants your content bad enough to get it and make it available, should you have published it? Obscurity is more of an enemy than piracy. Here is the double rub: If your content is free and on P2P networks, torrents, etc. and people are not downloading it, is it any good? Seriously. Most of these sites show the number of downloads on the page so others can see if lots of people like your content. I think it would be embarrassing if nobody wanted my works for free. As a publisher, it'd be something to make us re-evaluate our publishing plans, quickly. Again, I am looking at this as the cost of business, similar to a marketing taxation of sorts.

Adding DRM to content to deter theft... are you kidding me? Seriously, think about that. It will take a good programmer about an hour to get past most DRM, or a manual shop somewhere in the world will cut and scan the physical book and away it goes. DRM seems a bit like a Neanderthal dragging its knuckles rather than using its larger brain and brawn to move forward and past stuff that did not help the species evolve. As an industry we need to evolve past the archaic DRM that's retarding growth and innovation in our industry. New DRM technologies are not innovation, they are a Neanderthal-like reaction. We need distribution innovation. We need learning science innovation. We need total immersion with content innovation. We need production and manufacturing innovation. At this time our industry is staring down the barrel of a powerful gun that can soon dictate the means, price, availability of content creation and distribution if we do not figure out novel ways to move forward. Can we use P2P networks and torrents to help promote and advertise our content and services? Can we think of peer distribution and payment networks that could work with us? Can we think of ways to embed links into our content that drives people back to our websites where we can engage them in many more products and services that may be more appropriate for their economic status? You may get to learn more from these people and hear the reasons why they grabbed unauthorized content. Maybe that creates an opportunity for a follow-on product or derivative.

I hope you see enough compelling reasons to go DRM-free. Because to us, DRM-free is something that the publishing industry should embrace not just for one day, but forever.

Sleep well my friends.

Barnes & Noble, Microsoft Ink $300M Deal on e-Reading

The software giant will invest $300 million in a new Barnes & Noble subsidiary, giving it a 17.6 percent equity stake in the company. The Nook digital bookstore will be bundled with Windows 8.
Don Reisinger

Barnes & Noble and Microsoft at one time couldn't get along. Now, they're partners.

The companies announced today that Microsoft has invested $300 million into a new Barnes & Noble subsidiary, known as Newco until the company can come up with a name. The $300 million investment will give Microsoft a 17.6 percent equity stake in the firm. Barnes & Noble, which assumed a $1.7 billion valuation on the subsidiary, will retain 82.4 percent ownership.

Newco will combine Barnes & Noble's digital and college businesses, meaning the retailer's Nook operations and its Nook Study software for students and educators will be a part of the undertaking.

As part of this deal, Barnes & Noble will bundle its Nook digital bookstore with Windows 8 when the next generation of Microsoft's operating system launches later this year. In addition, the companies have settled all of their patent litigation related to use of Android on the Nook tablet, and have formed a "royalty-bearing license under Microsoft's patents for its Nook e-reader and Tablet products."

The partnership between Microsoft and Barnes & Noble is a rather surprising one. For over a year, the companies have been battling in the courts, with the software giant accusing Barnes & Noble of patent infringement. Barnes & Noble has responded with venom, saying that Microsoft was misusing patent law for its gain, and last year went as far as asking the Justice Department to investigate the Windows maker.

"Microsoft is attempting to raise its rivals' costs in order to drive out competition and deter innovation in mobile devices," Barnes & Noble lawyer Peter T. Barbur wrote in an October 17 letter to Gene I. Kimmelman, the chief counsel for competition policy in the Justice Department's antitrust division. "Microsoft's conduct poses serious antitrust concerns and warrants further exploration by the Department of Justice."

Barnes & Noble is among a host of companies that have been targeted by Microsoft for their use of Android. The software company argues that Android violates patents it holds, and has inked a slew of licensing deals with vendors. Barnes & Noble had been one of the few companies attempting to battle it out.

Although the Microsoft-B&N deal is surprising, the bookseller's decision to spin off its Nook unit isn't. Back in January, the company released a statement saying it was exploring the possibility of spinning off the operation so it could "unlock" the value of the Nook unit. In today's statement, Barnes & Noble said that Newco is still a work in progress, adding that it can provide "no assurance that the review will result in a strategic separation or the creation of a standalone public company."

Regardless, investors couldn't be more pleased. The company's shares are up a whopping 83 percent to $25 in pre-market trading.

Programming Languages Not Copyrightable Rules Top EU Court
Jennifer Baker

Europe's top court ruled on Wednesday that the functionality of a computer program and the programming language it is written in cannot be protected by copyright.

The European Court of Justice made the decision in relation to a case brought by SAS Institute against World Programming Limited (WPL).

SAS makes data processing and statistical analysis programs. The core component of the SAS system allows users to write and run application programs written in SAS programming language. Through reference to the Learning Edition of the SAS System, which WPL acquired under a lawful license, WPL created a product that emulates much of the functionality of the SAS components, so that customers' application programs can run in the same way on WPL as on the SAS components.

The court found that although WPL used and studied SAS programs in order to understand their functioning, there was "nothing to suggest that WPL had access to or copied the source code of the SAS components." It ruled that "The purchaser of a license for a program is entitled, as a rule, to observe, study or test its functioning so as to determine the ideas and principles which underlie that program."

If it were accepted that a functionality of a computer program can be protected as such, that would amount to making it possible to monopolize ideas, to the detriment of technological progress and industrial development, decided the court, echoing the opinion given last November by the court's Advocate General, Yves Bot.

The result is that the court finds that ideas and principles which underlie any element of a computer program are not protected by copyright under that directive, only the expression of those ideas and principles.

This in effect leaves the door open for other software companies to "reverse engineer" programs in many cases without fear of infringing copyright.
https://www.pcworld.com/article/2548...u_court.h tml

Judge Rules IP Addresses Are Insufficient Evidence To Identify Pirates
Eric Limer

Mass lawsuits have been one of the most effective weapons rightsholders have had against torrenters. By using IP addresses to identify infringers, rightsholders have not only been able to find a large supply of alleged infringers to take action against, but are also to attach names — and wallets — to instances of infringement. The problem is that these cases tend to operate with the pinpoint accuracy of a flamethrower, which is why New York Judge Gary Brown has ruled IP addresses are insufficient evidence to identify pirates, and has provided a lengthy and thoughtful explanation as to why that is.

The way these mass lawsuits tend to work is that rightsholders collect a bouquet of IP addresses, which in and of themselves, don’t exactly help them. The next step is that the rightsholders then take the IP addresses to court and try to get a subpoena for personal information about said IPs from Internet service providers. Once they get the names from the ISPs, they can move ahead with the case.

The problem here, clearly, is that the person who has the misfortune of having their name attached to the IP address in question isn’t necessarily the one who was doing the pirating. In fact, they often aren’t. That’s not to say they never are, but it’s a bit of a mess at best. There’s a plan in the works to start throttling Internet access to certain users this summer by using this kind of IP identification, but at the same time — using this very identification process — the RIAA’s own IPs have been caught infringing. Meanwhile, the RIAA says it was someone else using their IPs, which is exactly the same excuse they refuse to acknowledge when filing mass lawsuits. Like I said, a mess.

Judge Gary Brown, in his order, attempted to straighten things up a bit with a very detailed explanation of why, legally, IP addresses are not sufficient evidence to prosecute pirates. Essentially, it boils down to one major point; using an IP address used to be a pretty reasonable method to single out an individual, but it isn’t anymore. In the past, file-sharing could be tracked down to a single, wired access point that was registered to a single person and could only be used by one person at any given time.

The prevalence of wireless routers throws the logic of “IP address = person” — which was once reasonably valid — completely into question, or out the window depending on how you look at it. From the order:

“While a decade ago, home wireless networks were nearly non-existent, 61% of US homes now have wireless access. As a result, a single IP address usually supports multiple computer devices – which unlike traditional telephones can be operated simultaneously by different individuals.

Different family members, or even visitors, could have performed the alleged downloads. Unless the wireless router has been appropriately secured (and in some cases, even if it has been secured), neighbors or passersby could access the Internet using the IP address assigned to a particular subscriber and download the plaintiff’s film.”

It’s a pretty obvious argument, but one you see being made surprisingly infrequently in higher courts. Of course, all this really means is that mass copyright cases aren’t going to fly in the Eastern District of New York for the time being. However, the well made argument could have a positive influence on copyright cases and IP addresses in law overall. If nothing else, it’s good to see a decision that doesn’t support a shoot-first-with-a-flamethrower-and-ask-questions-later-maybe approach to dealing with piracy. Hopefully we can look forward to more in the future.

Data Harvesting at Google Not a Rogue Act, Report Finds
David Streitfeld

Google’s harvesting of e-mails, passwords and other sensitive personal information from unsuspecting households in the United States and around the world was neither a mistake nor the work of a rogue engineer, as the company long maintained, but a program that supervisors knew about, according to new details from the full text of a regulatory report.

The report, prepared by the Federal Communications Commission after a 17-month investigation of Google’s Street View project, was released, heavily redacted, two weeks ago. Although it found that Google had not violated any laws, the agency said Google had obstructed the inquiry and fined the company $25,000.

On Saturday, Google released a version of the report with only employees’ names redacted.

The full version draws a portrait of a company where an engineer can easily embark on a project to gather personal e-mails and Web searches of potentially hundreds of millions of people as part of his or her unscheduled work time, and where privacy concerns are shrugged off.

The so-called payload data was secretly collected between 2007 and 2010 as part of Street View, a project to photograph streetscapes over much of the civilized world. When the program was being designed, the report says, it included the following “to do” item: “Discuss privacy considerations with Product Counsel.”

“That never occurred,” the report says.

Google says the data collection was legal. But when regulators asked to see what had been collected, Google refused, the report says, saying it might break privacy and wiretapping laws if it shared the material.

A Google spokeswoman said Saturday that the company had much stricter privacy controls than it used to, in part because of the Street View controversy. She expressed the hope that with the release of the full report, “we can now put this matter behind us.”

Ever since information about the secret data collection first began to emerge two years ago, Google has portrayed it as the mistakes of an unauthorized engineer operating on his own and stressed that the data was never used in any Google product.

The report, quoting the engineer’s original proposal, gives a somewhat different impression. The data, the engineer wrote, would “be analyzed offline for use in other initiatives.” Google says this was never done.

The report, which was first published in its unredacted form by The Los Angeles Times, also states that the engineer, who began the project as part of his “20 percent” time that Google gives employees to do work on their own initiative, “specifically told two engineers working on the project, including a senior manager, about collecting payload data.”

As early as 2007, the report says, Street View engineers had “wide access” to the plan to collect payload data. Five engineers tested the Street View code, a sixth reviewed it line by line, and a seventh also worked on it, the report says.

Privacy advocates said the full report put Google in a bad light.

“Google’s rogue engineer scenario collapses in light of the fact that others were aware of the project and did not object,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center. “This is what happens in the absence of enforcement and the absence of regulation.”

The Street View program used special cars outfitted with cameras. Google first said it was just photographing streets and did not disclose that it was collecting Internet communications called payload data, transmitted over Wi-Fi networks, until May 2010, when it was confronted by German regulators.

Eventually, it was forced to reveal that the information it had collected could include the full text of e-mails, sites visited and other data.

Even if a user was not working on a computer at the moment the Street View car slowly passed, if the device was on and the network was unencrypted, all sorts of information about what the user had been doing could be scooped up, data experts say.

“So how did this happen? Quite simply, it was a mistake,” a Google executive wrote on a company blog in 2010. “The project leaders did not want, and had no intention of using, payload data.”

But according to the report, the engineer suggested in his proposal that it was entirely intentional: “We are logging user traffic along with sufficient data to precisely triangulate their position at a given time, along with information about what they were doing.”

Attending to paperwork did not seem to be a high priority, however. Managers of the Street View project told F.C.C. investigators that they never read the engineer’s proposal, called a design document. A senior manager of Street View said he “preapproved” the document before it was written.

More than a dozen countries began investigations of Street View in 2010. In the United States, the Justice Department, the Federal Trade Commission, state attorneys general and the F.C.C. looked into the matter.

The engineer at the center of the project cited the Fifth Amendment protection against self-incrimination. Because F.C.C. investigators could not interview him, they said there were still unresolved questions about the case.

Lawmakers Push Bill to Ban Bosses from Asking for Facebook Passwords
Brendan Sasso

Two Democrats introduced a bill on Friday that would ban employers from asking for their workers' Facebook passwords.

The Social Networking Online Protection Act, introduced by Democratic Reps. Eliot Engel (N.Y.) and Jan Schakowsky (Ill.), would prohibit current or potential employers from demanding a username or password to a social networking account.

The restriction would also apply to colleges, universities and schools.

Although several lawmakers, including Rep. Patrick McHenry (R-N.C.) and Sens. Richard Blumenthal (D-Conn.) and Charles Schumer (D-N.Y.), have been drafting legislation to ban the practice, Engel and Schakowsky are the first to introduce a bill.

"We must draw the line somewhere and define what is private," Engel said in a statement. "No one would feel comfortable going to a public place and giving out their username and passwords to total strangers. They should not be required to do so at work, at school, or while trying to obtain work or an education. This is a matter of personal privacy and makes sense in our digital world.”

An employer who violates the rules would be subject to a $10,000 civil penalty under the bill.

Outrage first erupted after The Associated Press reported earlier this year that some bosses have demanded that job applicants provide passwords to their private Facebook accounts to check for embarrassing or damaging information.

The passwords give employers access to the users’ private messages, photos and the profiles of their friends.

The AP story cited mostly isolated incidents — it is unclear how widespread the practice is.

AT&T Stockholders Vote Down Net Neutrality Measure by Overwhelming Margin
Adi Robertson

It looks like AT&T didn't have anything to worry about when Beastie Boys member Mike D and other stockholders proposed that the company commit to operating its wireless division under the principles of net neutrality. At a recent stockholder annual meeting, the proposal was defeated overwhelmingly: 94.1 percent of those voting came out against the measure, which asked that "AT&T commit to operating its wireless network without the ability to privilege, degrade or prioritize any traffic."

AT&T's vote came only after the SEC forced it and other companies to allow net neutrality-related proposals, overruling AT&T's claim that they would interfere with "ordinary business operations." This margin is certainly high, but we would have been surprised by a favorable outcome for the proposal. Besides personal conviction, there's not a really compelling reason for stockholders to make a business tactic off-limits, and with the FCC unlikely to make rules for wireless networks in the same way it has wired ones, there's little incentive to self-regulate. Verizon will examine a similar measure in May, so we'll see whether its stockholders agree with those of its competitor.

The Net vs. The Power of Narratives
Rick Falkvinge

The net changes the world’s power structures in a much more fundamental way than changing the way a few groups of entrepreneurs are able to make money. The net is the greatest equalizer that humankind has ever invented. It is either the greatest invention since the printing press, or the greatest invention since written language. The battles we see are not a result of loss of money; they are caused by a loss of the power of narratives.

Imagine if you were able to write all the world’s news for a week. You would have no bounds in what you wrote, and nobody would question your news – it would be accepted as unconditional truth. What would you write?

The people who sit on this kind of power hold the power of narrative. They hold the ability to literally dictate truth from lies. If you are able to determine and describe the problems that society must solve, and perhaps even how to solve them, you hold the greatest power of all.

Some people, when faced with this thought experiment, think in terms of affecting public opinion on some favorite issue. Those who are a little more daring think in terms of getting rich. But it doesn’t stop there, far from there. If you held the power of narratives, you wouldn’t need money ever again in your life: you could be a god. You could quite literally be seen as a walking deity on the planet.

The ability to interpret reality and tell other people what is true and what is false is the greatest power that humans have ever held. The power of narratives.

In the Middle Ages, this power was held by the Catholic Church who interpreted the Bible in sermons all over Europe. The Bible was written in Latin, and you could even be sent into exile for unauthorized reading of that Bible in Latin.

The Church had no reason to fear any laws being made against their interest, for they controlled the entire worldview of the legislators. They defined the problems and they defined the applicable solutions.

In this day and age, some crazy guy named Gutenberg made it possible to bring Bibles by the cartload into the streets of Paris?. In French! Readable without interpretation! This tore down the church’s power of narrative like a house of cards under a steamroller.

In this, the Church saw themselves as the good guys and wanted to set the record straight, to prevent the spread of disinformation. They had learned that they were the carriers of truth and could not unlearn having this position. Thus, the penalties for using the printing press gradually increased all over Europe, until it hit the death penalty: France, January 13, 1535.

Yes, there has been a death penalty for unauthorized copying. Guess what? Even the death penalty didn’t work.

But as illustrated here, cracking down on the copying technology wasn’t really a matter of preventing copying. It was a matter of maintaining the power of narratives – the complete and total control over the world’s knowledge and culture.

Between the printing press and now, that power has been held by the operators of printing presses. They have observed, they have interpreted, they have retold the story of reality. Recently, the printing presses have received company from radio and TV broadcasts, but the model has remained the same: a small, small elite has determined what the world should know and how they should relate to the events going on.

The net changes everything.

All of a sudden, anybody can publish their ideas to the world in 10 minutes. And just like the Catholic Church, the previous powerholders of the narrative can’t deal with the situation this time around either, and see it as their job to restore order.

The gatekeepers of music – the record labels – are a very minor player in this game. It is much, much larger than that. The net redefines the entire previous classes of power. Those able to tell their story, rule. Those being arrogant enough to demand that people should just keep listening to them for no reason will lose their powers of influence.

Just like when the means of spreading ideas and information accurately, quickly and cheaply came along with the printing press in the mid-1450s, those who now hold the power of narrative are fighting the already-happened loss of their power of narrative with everything they have, and using any excuses they can think of. The actions are the same from every regime in the world – only the excuses differ.

In China, it is sometimes worded as “stability” or “morale of the nation”.

In some very religious Muslim countries, “sanctity of the Prophet” has been heard as motive.

In the West, it can be “terrorism”, “file sharing”, “organized crime”, and “pedophilia”.

Everywhere on the planet, the current regime – not necessarily meaning elected political leaders – choose locally acceptable excuses to crack down on the net. But the actions remain the same, and are aimed at preventing something much more fundamental.

The power for every person on the planet to observe, interpret, and tell their story is breaking the power of money. A fat bank account can no longer buy belief in a story. This equalization of humankind is something tremendously beneficial for about 99.99% of humanity – for the ones trying to destroy the net with every trick in the book are the very few that are being equalized downwards.

Just like in the 1450s. The more things change, the more they stay the same.

Amos Vogel, Champion of Films, Dies at 91
Bruce Weber

Amos Vogel, who exerted an influence on the history of film that few other non-filmmakers can claim, founding Cinema 16, which became the nation’s largest membership film society, and directing the first New York Film Festival, died on Tuesday at his home in Greenwich Village. He was 91.

The cause was undetermined, though his kidneys had been failing, his son Steven said.

Cinema 16, the society Mr. Vogel founded in 1947 and ran for 16 years with his wife, Marcia, eventually drew some 7,000 subscribers and provided daring filmmakers from around the world — Roman Polanski, John Cassavetes, Luis Buuel, Yasujiro Ozu, Robert Bresson, Alain Resnais and Stan Brakhage among them — a place for their work to be screened for American audiences at a time when there were few if any others. It also became a distribution center for experimental films where presenters could find films that had been available only from the filmmakers themselves.

After financial strains forced Cinema 16 to close, Mr. Vogel founded, with Richard Roud, the New York Film Festival, which will present its 50th program this year. As its first director, he gave American audiences their initial exposure to Buuel’s “Exterminating Angel” and Gillo Pontecorvo’s “Battle of Algiers,” among other films. His 1974 book, “Film as a Subversive Art,” is considered a seminal text dealing with the power of cinema to challenge commonly accepted aesthetic, political, sexual and ideological standards.

“If you’re looking for the origins of film culture in America, look no further than Amos Vogel,” the director Martin Scorsese said last week in a statement to the Film Society of Lincoln Center, which produces the New York festival. He described Mr. Vogel as encouraging him and other filmmakers at the start of their careers and added, “Amos opened the doors to every possibility in film viewing, film exhibition, film curating, film appreciation.”

An Austrian-born Jew who was 17 when his family fled to America, Mr. Vogel had a wry manner and an independent, if not contrarian, bent. A leftist who considered himself a radical — the paid death announcement placed by his sons in The New York Times identified him as a “disenchanted Zionist, Trotskyite, life-long anarchist, loving husband and father” — Mr. Vogel advocated for challenging movies: in other words, the antithesis of postwar Hollywood product.

“The commercialization of art and entertainment is a negative factor in human development,” he said in a 2004 documentary by Paul Cronin, “Film as a Subversive Art: Amos Vogel and Cinema 16.”

A Cinema 16 program was typically a mixed bag. It might include a nature film, a silent narrative film, an account of a scientific study, a political propaganda film, an animated short or an avant-garde visual experiment. The films, Mr. Vogel said, “were always selected from the point of view of how they would collide with each other in the minds of the audience.”

He liked to confront taboos, giving film lovers the opportunity to see things that would be shown nowhere else. One was “The Eternal Jew,” a repellent Nazi propaganda film that argued for the Final Solution. “Even when the message of a film is evil, when it represents the ideology of a particular political group — in fact, one that was strong enough to not only take over a country but then started a world war — it was important to show it,” he said. Amos Vogelbaum was born in Vienna on April 18, 1921. His mother, Mathilde, was a teacher, and his father, Samuel, a lawyer. His father helped kindle young Amos’s interest in movies when he brought home a 9.5-millimeter camera. Young Amos became a Vienna film society member and years later fondly recalled seeing “Night Mail,” a 1936 documentary about a British mail train, and “Alexander’s Ragtime Band,” a 1938 film set in the Jazz Age.

Fleeing the Nazis, his family spent several months in Cuba before coming to the United States. Amos, who was determined to make a life in a Jewish homeland, prepared for living on a kibbutz by studying animal husbandry at the University of Georgia. But by 1941 he had abandoned his belief in Zionism and had settled in New York, where he trained as a diamond cutter in the Manhattan jewelry district.

Cinema 16 grew out of his frustration at being unable to see the experimental films he was reading about. Inspired by Maya Deren, a pioneering experimental filmmaker who had taken the unusual step of presenting her own films at the Provincetown Playhouse in Greenwich Village, Mr. Vogel showed his first program there, as well. It included “Monkey Into Man,” a film by Julian Huxley about evolution, and “Lamentation,” a Martha Graham dance film.

His second program included a silent documentary film called “The Private Life of a Cat,“ produced by Deren and her husband, Alexander Hammid, which was banned as obscene because it explicitly showed the birth of kittens. A later program, heavily advertised, almost put the Vogels out of business when a snowstorm kept the audience away. They then decided to turn the society into a members-only club and sell subscriptions, giving them some financial security and allowing them to evade censorship laws that applied to commercial theaters.

Their audience quickly outgrew the Provincetown Playhouse, and Cinema 16 — named for the 16-millimeter film gauge used by most independent filmmakers — eventually moved to the 1,600-seat auditorium of Central High School of Needle Trades (now the High School of Fashion Industries) on West 24th Street.

Mr. Vogel’s wife, the former Marcia Diener, whom he married in 1945, died in 2009. In addition to his son Steven, he is survived by another son, Loring, and four grandchildren.

Mr. Vogel directed the New York Film Festival from 1963 to 1968. He was also director of the film department at Lincoln Center and later a film consultant to Grove Press and National Educational Television. He taught at the Pratt Institute of Art, New York University, Harvard University and the University of Pennsylvania, where he was director of film at the Annenberg Center.

In the documentary about him, Mr. Vogel sought to dispel the notion that running a film society was a simple matter of acquiring films and showing them.

“The individual brave enough to venture into this troublesome field,” he said, “must be, no matter what the size of the audience, an organizer, promoter, publicist and copyrighter, businessman, public speaker and artist. A conscientious if not pedantic person versed in mass psychology, he must have roots in his community. And he must know a good film when he sees it.”

Scandal and Scrutiny Hem In Murdoch’s Empire
Amy Chozick

In the months after a phone-hacking scandal erupted in Britain last summer, Rupert Murdoch told people within News Corporation that he wanted to revisit his media company’s discontinued $12 billion bid for the pay television service British Sky Broadcasting.

Mr. Murdoch, the chairman of News Corporation, still viewed the acquisition of the 60 percent of BSkyB not already owned by News Corporation as a strategically important investment. The TV company, which posted an operating profit of more than $1.7 billion in 2011, would have provided a steady revenue stream for his company.

Pressure was put on News Corporation, mostly by investment bankers specializing in the media sector, who suggested that the best way to win government approval for the deal would be to sell or spin off its embattled British newspaper unit, News International, to help ease lawmakers’ concerns about Mr. Murdoch’s company owning the country’s largest satellite TV operator.

Mr. Murdoch rejected those proposals, according to a person involved in the discussions who was not authorized to comment publicly on the conversations.

Any shred of hope for a BSkyB takeover in the near future appeared to have been dashed last week after e-mails surfaced suggesting that a News Corporation lobbyist and a British culture minister had conspired to get the deal approved.

“I don’t think anybody believes they’ll get another shot at controlling BSkyB any time this decade,” said a person familiar with the company, who would discuss its strategic plans only on the condition of anonymity.

The failed deal highlights a period of caution and relative stagnation at the $50 billion media empire known for its risk-taking and forward-thinking acquisitions.

For months, News Corporation’s buoyant stock price and solid financial performance, driven by the strength of its United States television assets, had allowed executives based in New York to paint the scandal as an unfortunate but isolated series of events at the British tabloids, a tiny part of the overall business.

But the events in Britain and the resulting scrutiny have begun to take a toll on the broader empire, according to at least a dozen people familiar with the company, including several former News Corporation executives.

On Tuesday, the Culture, Media and Sport Committee of the British Parliament is expected to release a report that could further damage the company’s reputation.

Inside the company, one of the biggest concerns is that News Corporation now sits under a magnifying glass, making any potentially suspect business dealings, even from years ago, vulnerable to scrutiny by the United States government.

A former News Corporation subsidiary, a Moscow-based billboard company called News Outdoor Russia, is the subject of an F.B.I. inquiry into whether the company bribed local officials to advance its business. The findings of that investigation could prove a violation of the Foreign Corrupt Practices Act, according to a person briefed on the inquiry. News Corporation sold the company in July to a bank controlled by the Kremlin.

The potential for a billion dollars in fines related to a violation of the corrupt practices act could dwarf the economic downside of anything related to the lawsuits in Britain, said Behnam Dayanim, a regulatory lawyer based in Washington. “It may be the single most feared corporate criminal statute out there today,” Mr. Dayanim said.

News Corporation declined to comment. News Outdoor Russia has denied all suggestions that the company bribed officials to advance its business.

The hacking scandal has delivered a blow to News Corporation’s push into the potentially lucrative education sector, a project prized by Mr. Murdoch. In November 2010, News Corporation paid $360 million for a 90 percent stake in Wireless Generation, an education technology company based in Brooklyn that specializes in interactive learning tools.

In August, Wireless Generation lost its $27 million no-bid contract to develop educational software for New York schools. Thomas P. DiNapoli, the New York State comptroller, said the state rejected the contract “in light of the significant ongoing investigations and continuing revelations with respect to News Corporation.”

In Turkey, News Corporation, which already operates several Turkish television stations, is one of three bidders for the country’s second-largest media group, Sabah-ATV, which is valued at $700 million to $1 billion. A deal would add to its portfolio of international pay TV stations, which includes Sky Deutschland in Germany and Sky Italia in Italy.

But the bid could face regulatory opposition in Turkey as a result of the scandal. “They’re persona non grata right now as a bidder on assets,” said a person familiar with the company’s plans who did not want to publicly criticize News Corporation.

A News Corporation spokeswoman said the events in Britain had not affected potential acquisitions elsewhere.

Throughout the scandal, the company has managed investor nervousness by praising its entertainment assets and strong revenue. But it has also undertaken an expensive stock buyback program worth $5 billion, an anomaly for News Corporation and Mr. Murdoch.

Michael Nathanson, an analyst at Nomura Securities, praised the stock repurchases and minimized the effect the hacking scandal was having on the company’s overall strategy.

“I can’t imagine how what’s happening in the U.K. is impacting the people making huge decisions in those businesses,” Mr. Nathanson said. “I firmly think this is a story for folks in the U.K.”

Others say News Corporation did not grow from a tiny newspaper company in Adelaide, Australia, to one of the world’s largest media companies by sitting dormant.

“Buying back the shares isn’t building anything,” said Todd Juenger, an analyst at Sanford C. Bernstein & Company. “It’s not making the company bigger. It’s just changing the capital structure.” He added: “I’d rather see a company that is growing and building asset value than uniformly returning cash to shareholders.”

Inside News Corporation, the hacking scandal has consumed an increasing amount of attention. Mr. Murdoch, a hands-on manager who likes nothing better than to talk about his newspaper coverage, has spent the last several weeks preparing for the Leveson Inquiry into media ethics in Britain, being overseen by Lord Justice Leveson.

Joel I. Klein, hired by Mr. Murdoch to lead News Corporation’s education initiatives, and Gerson A. Zweifach, a Washington lawyer hired as the company’s in-house counsel, have led the preparation, according to people close to the company and familiar with Mr. Murdoch’s schedule.

At least temporarily, two of Mr. Murdoch’s adult children, James and Elisabeth, have both been put at a distance from important corporate decision making in the aftermath of the scandal. Elisabeth, known for her acumen in television programming (she is credited with persuading her father to broadcast “American Idol”), withdrew from joining News Corporation’s board in August amid widening investigations into the company’s British operations and criticism about nepotism on the company board.

James, once considered his father’s heir apparent, resigned as chairman of BSkyB this month, and has since spent time in Los Angeles meeting with studio executives to discuss ideas for making content more readily available digitally. He has also spent time in India and China, far from News Corporation’s power base in New York, according to several people familiar with the company who were not authorized to discuss James’s whereabouts.

James works closely with Chase Carey, News Corporation’s president and chief operating officer, “on driving our overall growth with a keen focus on our global television business and expansion into digital platforms,” a News Corporation spokeswoman, Julie Henderson, said.

And the scandal has cost Rupert Murdoch several of his most-trusted executives. News International’s former chief, Rebekah Brooks, faces possible criminal charges for her role in the scandal. Les Hinton, who had worked with Mr. Murdoch for 52 years, stepped down as the top executive at Dow Jones.

In testimony last week, Mr. Murdoch criticized Mr. Hinton, formerly News International’s chief executive, for hiring Colin Myler as editor of News of the World and not pressing him to find out “what the hell was going on” at the tabloid. He also blamed Mr. Myler and another longtime adviser, a News International lawyer, Tom Crone, for a “cover-up” of phone hacking, calling Mr. Crone “a drinking pal” and “a clever lawyer.” In response, Mr. Crone called Mr. Murdoch’s attack “a shameful lie.”

UK Lawmakers: Rupert Murdoch Not Fit to Run a Company
Georgina Prodhan and Kate Holton

Rupert Murdoch is unfit to run a major international company and should take responsibility for a culture of illegal phone hacking that has shaken News Corp, a powerful British parliamentary committee said on Tuesday.

Pulling few punches, lawmakers focused on the failings of the 81-year-old News Corp chief executive, his son James and a company which they said had showed "willful blindness" about the scale of phone-hacking that first emerged at Murdoch's News of the World newspaper.

The cross-party committee, which approved the report by a majority of six to four, scolded News Corp for misleading the British parliament and trying to cover up illegal phone hacking. It said that there had been huge failures in corporate governance which raised questions about the competence of Rupert's son, James.

"News International and its parent News Corporation exhibited willful blindness, for which the companies' directors -including Rupert Murdoch and James Murdoch - should ultimately take responsibility," it said.

"Their instinct throughout, until it was too late, was to cover up rather than seek out wrongdoing and discipline the perpetrators," the lawmakers said in an 85 page report.

"Even if there were a 'don't ask, don't tell' culture at News International, the whole affair demonstrates huge failings of corporate governance at the company and its parent, News Corporation."

The report may force James Murdoch, once heir apparent to the media empire, to sever his last ties with Britain's biggest satellite TV firm BSkyB, which News Corp had sought to take over before the scandal.

In the week of local elections, the report could also embarrass Prime Minister David Cameron, who has acknowledged that Britain's political elite has been dazzled and charmed by the Murdoch's media clout for years.

The committee has been investigating the allegations on and off since a single reporter went to jail for the crime in 2007, believing that the practice went far beyond the one "rogue" staffer and questioning a string of executives over what they knew and when.

Rupert Murdoch has apologized for the scandal but told a judicial inquiry into press ethics last week that senior staff at his British newspaper publisher had hidden the hacking scandal.

The 39-year-old James has also apologized for failing to get to the bottom of the scandal but said he was kept in the dark by staff at the paper.

Both Rupert and James Murdoch have put the blame on the journalists and in particular on the News of the World's former lawyer Tom Crone and former editor Colin Myler.


Media regulator Ofcom will take the report's findings into consideration in its assessment of whether BSkyB's owners and directors are "fit and proper" persons to hold a broadcast license.

James Murdoch recently stepped down as chairman but remains on the board of BSkyB, which is 39 percent owned by News Corp.

"We'll all be looking at the wording in terms of the fit and proper test," said Charlie Beckett, founding director of the Polis journalism and society think-tank at the London School of Economics.

"If it says there was a systematic lack of due diligence at News International or News Corp, that might impinge on future fit and proper tests for Ofcom."

Cameron was summoned to parliament on Monday to explain why he would not investigate emails revealing that a ministerial aide had assured News Corp over its $12 billion bid for BSkyB.

He insisted there was no need to refer the case to his independent adviser on ministerial conduct, noting the emails had been handed to a separate judicial inquiry into press ethics.

"I am perfectly prepared to admit that the relationship between politicians and media proprietors got too close," Cameron said during a rowdy debate, blaming politicians of both main parties for the failing.

But Cameron could face further embarrassment as former Murdoch confidante and News Corp executive Rebekah Brooks prepares to reveal text messages and emails between herself and the prime minister, a former friend and part of the so-called "Chipping Norton" set.

The group includes Cameron, Brooks and other political and media elite who live in and around the well-heeled Oxfordshire town of Chipping Norton, giving rise to accusations of cronyism and suspicions that Britain is run by an exclusive clique.

The committee will present its report to parliament, which is likely to hold a debate on its findings, and the government then has 60 days to respond.

(Additional reporting by Avril Ormsby, Mohammed Abbas and Adrian Croft; Writing by Guy Faulconbridge, Editing by Philippa Fletcher, David Holmes, Janet McBride)

Mozilla Slams CISPA, Breaking Silicon Valley's Silence On Cybersecurity Bill
Andy Greenberg

While the Internet has been bristling with anger over the Cyber Intelligence Sharing and Protection Act, the Internet industry has been either silent or quietly supportive of the controversial bill. With one exception.

Late Tuesday, Mozilla’s Privacy and Public Policy lead sent me the following statement:

While we wholeheartedly support a more secure Internet, CISPA has a broad and alarming reach that goes far beyond Internet security. The bill infringes on our privacy, includes vague definitions of cybersecurity, and grants immunities to companies and government that are too broad around information misuse. We hope the Senate takes the time to fully and openly consider these issues with stakeholder input before moving forward with this legislation.

CISPA was introduced to the House in November with the intention of allowing more sharing of cybersecurity threat information between the private sector and the government, but has since been criticized for a provision that would also allow firms to share users’ private data with agencies like the National Security Agency or the Department of Homeland security without regard for any previous privacy laws.

Just before its passage last Thursday, the House added new amendments broadening that sharing to not just information about cyberattacks but also any case that involves computer “crime,” exploitation of minors or even “the protection of individuals from the danger of death or serious bodily harm.”

But despite the outcry over the privacy violations the revamped bill might allow and even a threatened veto from the White House, tech firms have largely stood behind it–CISPA’s official supporters include Facebook, Microsoft, IBM, Intel, Oracle and Symantec among others–carriers including AT&T and Verizon have signed on, too. Despite reports that Microsoft had backed off its support for the bill citing privacy, a Microsoft spokesperson Monday told reporters that the company’s supportive position on CISPA remains “unchanged.”

Mozilla didn’t offer any further comment on its decision to break with that collection of CISPA supporters. But it wouldn’t be the first time Mozilla has taken an outspoken role against controversial legislation: In January’s protests of the Stop Online Piracy Act, Mozilla joined Reddit and Wikipedia in a “blackout” of its sites, replacing their content with information about SOPA’s violation of free speech rights.

Google now remains perhaps the only major tech firm that has yet to take a stance on CISPA. In a statement, a Google spokesperson tells me that “We think this is an important issue and we’re watching the process closely but we haven’t taken a formal position on any specific legislation.”

Debate over CISPA now moves to the Senate, where it must be squared against one of two very different bills proposed by Senators John McCain in the first case and Joe Lieberman and Susan Collins in the other. In the melee to come, Google, like its smaller Mountain View neighbor Mozilla, will likely have to choose a side.

The FBI Workaround For Private Companies To Share Information With Law Enforcement Without CISPA
Kashmir Hill

A debate is currently raging in Washington, D.C. and various politically-engaged spots on the Internet over CISPA, a bill that promises to increase cybersecurity by giving private companies carte blanche to hand over information about cyberthreats they see on their networks. Lawmakers have seemingly decided the best way to fight cybercriminals is to deputize private industry and let companies with unfettered access to the evidence do the bulk of the detective work involved in outing hackers and breaking up botnet rings. That saves the government the trouble of getting pesky subpoenas and warrants as required by the Constitution and privacy laws.

Opponents worry about all kinds of sensitive information being served up to the government on a silver platter given the legal immunity granted to companies in the bill and the murky definitions of what constitutes a “cyber threat.” What has been left out of the debate thus far, though, is the model that CISPA appears in many ways to be based upon. The FBI has been information-sharing with private industry for over a decade without a bill like CISPA in place.

In 1997, long-time FBI agent Dan Larkin helped set up a non-profit based in Pittsburgh that “functions as a conduit between private industry and law enforcement.” Its industry members, which include banks, ISPs, telcos, credit card companies, pharmaceutical companies, and others can hand over cyberthreat information to the non-profit, called the National Cyber Forensics and Training Alliance (NCFTA), which has a legal agreement with the government that allows it to then hand over info to the FBI. Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTA’s office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI.

“We can bring the pieces of intelligence together so we can see what it really is,” says Larkin of the advantage of bringing security specialists from different sectors together.

NCFTA director Ron Plesco lists off his organization’s purpose rotely: “We do information sharing with three goals: ID the cybercrime threat, share toward mitigation, share toward neutralization of threat.”

As part of a non-profit, Plesco could not comment specifically on CISPA, which would, as currently drafted, allow companies to share much richer and more individualized data directly with the government. “We get network data,” says Plesco. “Not PII (personally identifiable information).”

That means the NCFTA can pass along information, for example, about suspicious servers or IP addresses and content from spear-phishing emails that companies are seeing in their networks, but not the names or addresses of those who appear to be affiliated with the schemes.

“We can share what we see and hear with the government,” said Ron Plesco. “We can share in aggregate, but law enforcement has to develop their cases separately and independently.”

“An FBI agent works with [an NCFTA] analyst to get up to speed,” said agent Eric Strom who has been with the embedded FBI unit since 2006 when it was installed in the NCFTA office.

Inhabiting one floor of a building in Pittsburgh and with just 15 permanent employees, the NCFTA is little-known outside of information security circles, though they have been involved in some controversial operations in the past, including Dark Market. Despite the current uproar over how and why information should be shared with the government, most civil liberty groups I spoke with had never heard of the FBI’s on-going collaboration with private industry.

“We’re not in DC. We’re in Pittsburgh. We’re off the Beltway radar,” says Plesco. “Since we’re a non-profit, we don’t get called in to do briefings on the Hill. We don’t have marketing and PR though we do occasionally get thanked in FBI press releases.”

This happened most recently after Operation Ghost Click, the FBI’s takedown of a $14-million botnet ring run by six Estonians. The Estonians had infected over four million computers with DNS-changing malware that routed their computers to rogue DNS servers allowing the cybercriminals to display ads and send traffic to sites that profited them.

Several FBI agents involved in Ghost Click spoke with me about how information sharing through the NCFTA facilitated that investigation.

In 2009, an Internet security company, which the FBI prefers not to have named, saw malware affecting a customer and passed it along to the NCFTA. Soon, they got similar reports from another security researcher and an Internet payments company. “Some researcher sees malware or spam, then it leads to something bigger,” said FBI agent Eric Strom. “It generates intelligence and reporting.”

“For a year before the case started, we were seeing spam emanating from networks that they were able to track back to a company called Rove Digital,” said FBI agent Tom Grasso in a separate interview.

The embedded FBI unit builds an initial case with intelligence from the NCFTA and then refers it out to a field office. Strom says they generated 80 cases in 2011, including Ghost Click and Coreflood (another server seizure case). New York agreed to take the Ghost Click case in 2010.

“Historically, businesses would come to FBI a month or two later, which is a lifetime in the cyberworld, and reveal they’d had a problem,” said Strom. With NCFTA, they’re more likely to pass info along in real time. “This gets the fraud investigators from the different companies talking to each other.”

One of the advantages offered by both CISPA and the NCFTA is that private companies don’t just send information into a governmental black hole; they can get information back from the government about ongoing investigations, because they become partners with them.

Grasso started a mailing list with all the folks who had been tracking the malware activity, so they could continue to share information about what they were seeing on their networks.

“We had bimonthly teleconferences with FBI and private industry folks who would come into the office,” says Grasso. He said they had about 25-30 people at each meeting, including fraud and abuse researchers from private companies. and importantly from ISPs such as Cox, Century Link, Qwest, and Verizon (Correction: Representatives from ISPs were involved at a later stage, during meetings to discuss how to keep victims online after rogue DNS servers were seized). “It was the first time we brought private industry people in like that. These folks were giving up so much intel. We wanted them to know it wasn’t going into a black hole.”

As the New York office got close to taking the ring down through working with law enforcement in Estonia, they realized that people with infected computers would lose Internet access when the FBI seized the rogue servers that were operating out of New York and Chicago. The NCFTA collaboration came in handy again.

“We needed a solution to keep people online,” said Grasso. The malware had changed IP addresses to redirect infected computers to the DNS servers that were about to be seized. “We knew we couldn’t get on people’s computers and change the IP addresses back.”

So the FBI had to arrange for temporary servers so that 500,000 people in the U.S. wouldn’t suddenly lose their Internet service. “Running DNS servers is tricky because you see browser activity,” said Grasso. So they decided the FBI shouldn’t run the servers directly. Instead they had a third party ISP, ICS, run them. “The servers are recording the IP addresses of infected computers and those are being given to ISPs so they can notify users.”

(That ends soon, though, so make sure your computer isn’t infected or you lose service come July.)

Operation Ghost Click earned the NCFTA quiet raves. And quiet is how they like it to be.

It’s worth paying some attention now, though, to highlight that CISPA and the idea of information sharing are not a novel approach to cybersecurity.

“Information sharing is already going on,” said Allan Friedman, a technology fellow at the Brookings Institute, who pointed also to ISAC — a sector specific information sharing program set up by Bill Clinton in the 90s. “As we expand it, we need to understand what has failed and what has been successful.”

And to understand that, we perhaps need closer looks and more exposure of information sharing that’s already happening. It’s rather shocking that Congress has not called anyone from the NCFTA to the Hill to testify about how they function and how CISPA would change what they can do, or even make the need for a non-profit to facilitate information handovers obsolete.

FBI: We Need Wiretap-Ready Web Sites – Now

CNET learns the FBI is quietly pushing its plan to force surveillance backdoors on social networks, VoIP, and Web e-mail providers, and that the bureau is asking Internet companies not to oppose a law making those backdoors mandatory.
Declan McCullagh

The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.

In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.

The FBI general counsel's office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.

"If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding," an industry representative who has reviewed the FBI's draft legislation told CNET. The requirements apply only if a threshold of a certain number of users is exceeded, according to a second industry representative briefed on it.

The FBI's proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. The Federal Communications Commission extended CALEA in 2004 to apply to broadband networks.

"Going Dark" timeline

June 2008: FBI Director Robert Mueller and his aides brief Sens. Barbara Mikulski, Richard Shelby, and Ted Stevens on "Going Dark."

June 2008: FBI Assistant Director Kerry Haynes holds "Going Dark" briefing for Senate appropriations subcommittee and offers a "classified version of this briefing" at Quantico.

August 2008: Mueller briefed on Going Dark at strategy meeting.

September 2008: FBI completes a "high-level explanation" of CALEA amendment package.

May 2009: FBI Assistant Director Rich Haley briefs Senate Intelligence committee and Mikulsi staffers on how bureau is "dealing with the 'Going Dark' issue.'" Mikulski plans to bring up "Going Dark" at a closed-door hearing the following week.

May 2009: Haley briefs Rep. Dutch Ruppersberger, currently the top Democrat on House Intelligence, who would later co-author CISPA.

September 2008: FBI staff briefed by RAND, which was commissioned to "look at" Going Dark.

November 2008: FBI Assistant Director Marcus Thomas, who oversees the Quantico-based Operational Technology Division, prepares briefing for President-Elect Obama's transition team.

December 2008: FBI intelligence analyst in Communications Analysis Unit begins analysis of VoIP surveillance.

February 2009: FBI memo to all field offices asks for anecdotal information about cases where "investigations have been negatively impacted" by lack of data retention or Internet interception.

March 2009: Mueller's advisory board meets for a full-day briefing on Going Dark.

April 2009: FBI distributes presentation for White House meeting on Going Dark.

April 2009: FBI warns that the Going Dark project is "yellow," meaning limited progress, because of "new administration personnel not being in place for briefings."

April 2009: FBI general counsel's office reports that the bureau's Data Interception Technology Unit has "compiled a list of FISA dockets... that the FBI has been unable to fully implement." That's a reference to telecom companies that are already covered by the FCC's expansion of CALEA.

May 2009: FBI's internal Wikipedia-knockoff Bureaupedia entry for "National Lawful Intercept Strategy" includes section on "modernize lawful intercept laws."

May 2009: FBI e-mail boasts that the bureau's plan has "gotten attention" from industry, but "we need to strengthen the business case on this."

June 2009: FBI's Office of Congressional Affairs prepares Going Dark briefing for closed-door session of Senate Appropriations subcommittee.

July 2010: FBI e-mail says the "Going Dark Working Group (GDWG) continues to ask for examples from Cvber investigations where investigators have had problems" because of new technologies.

September 2010: FBI staff operations specialist in its Counterterrorism Division sends e-mail on difficulties in "obtaining information from Internet Service Providers and social-networking sites."

FBI Director Robert Mueller is not asking companies to support the bureau's CALEA expansion, but instead is "asking what can go in it to minimize impacts," one participant in the discussions says. That included a scheduled trip this month to the West Coast -- which was subsequently postponed -- to meet with Internet companies' CEOs and top lawyers.

A further expansion of CALEA is unlikely to be applauded by tech companies, their customers, or privacy groups. Apple (which distributes iChat and FaceTime) is currently lobbying on the topic, according to disclosure documents filed with Congress two weeks ago. Microsoft (which owns Skype and Hotmail) says its lobbyists are following the topic because it's "an area of ongoing interest to us." Google, Yahoo, and Facebook declined to comment.

In February 2011, CNET was the first to report that then-FBI general counsel Valerie Caproni was planning to warn Congress of what the bureau calls its "Going Dark" problem, meaning that its surveillance capabilities may diminish as technology advances. Caproni singled out "Web-based e-mail, social-networking sites, and peer-to-peer communications" as problems that have left the FBI "increasingly unable" to conduct the same kind of wiretapping it could in the past.

In addition to the FBI's legislative proposal, there are indications that the Federal Communications Commission is considering reinterpreting CALEA to demand that products that allow video or voice chat over the Internet -- from Skype to Google Hangouts to Xbox Live -- include surveillance backdoors to help the FBI with its "Going Dark" program. CALEA applies to technologies that are a "substantial replacement" for the telephone system.

"We have noticed a massive uptick in the amount of FCC CALEA inquiries and enforcement proceedings within the last year, most of which are intended to address 'Going Dark' issues," says Christopher Canter, lead compliance counsel at the Marashlian and Donahue law firm, which specializes in CALEA. "This generally means that the FCC is laying the groundwork for regulatory action."

Subsentio, a Colorado-based company that sells CALEA compliance products and worked with the Justice Department when it asked the FCC to extend CALEA seven years ago, says the FBI's draft legislation was prepared with the compliance costs of Internet companies in mind.

In a statement to CNET, Subsentio President Steve Bock said that the measure provides a "safe harbor" for Internet companies as long as the interception techniques are "'good enough' solutions approved by the attorney general."

Another option that would be permitted, Bock said, is if companies "supply the government with proprietary information to decode information" obtained through a wiretap or other type of lawful interception, rather than "provide a complex system for converting the information into an industry standard format."

A representative for the FBI told CNET today that: "(There are) significant challenges posed to the FBI in the accomplishment of our diverse mission. These include those that result from the advent of rapidly changing technology. A growing gap exists between the statutory authority of law enforcement to intercept electronic communications pursuant to court order and our practical ability to intercept those communications. The FBI believes that if this gap continues to grow, there is a very real risk of the government 'going dark,' resulting in an increased risk to national security and public safety."

Next steps

The FBI's legislation, which has been approved by the Department of Justice, is one component of what the bureau has internally called the "National Electronic Surveillance Strategy." Documents obtained by the Electronic Frontier Foundation show that since 2006, Going Dark has been a worry inside the bureau, which employed 107 full-time equivalent people on the project as of 2009, commissioned a RAND study, and sought extensive technical input from the bureau's secretive Operational Technology Division in Quantico, Va. The division boasts of developing the "latest and greatest investigative technologies to catch terrorists and criminals."

But the White House, perhaps less inclined than the bureau to initiate what would likely be a bruising privacy battle, has not sent the FBI's CALEA amendments to Capitol Hill, even though they were expected last year. (A representative for Sen. Patrick Leahy, head of the Judiciary committee and original author of CALEA, said today that "we have not seen any proposals from the administration.")

Mueller said in December that the CALEA amendments will be "coordinated through the interagency process," meaning they would need to receive administration-wide approval.

Stewart Baker, a partner at Steptoe and Johnson who is the former assistant secretary for policy at Homeland Security, said the FBI has "faced difficulty getting its legislative proposals through an administration staffed in large part by people who lived through the CALEA and crypto fights of the Clinton administration, and who are jaundiced about law enforcement regulation of technology -- overly jaundiced, in my view."

On the other hand, as a senator in the 1990s, Vice President Joe Biden introduced a bill at the FBI's behest that echoes the bureau's proposal today. Biden's bill said companies should "ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law." (Biden's legislation spurred the public release of PGP, one of the first easy-to-use encryption utilities.)

The Justice Department did not respond to a request for comment. An FCC representative referred questions to the Public Safety and Homeland Security Bureau, which declined to comment.

From the FBI's perspective, expanding CALEA to cover VoIP, Web e-mail, and social networks isn't expanding wiretapping law: If a court order is required today, one will be required tomorrow as well. Rather, it's making sure that a wiretap is guaranteed to produce results.

But that nuanced argument could prove radioactive among an Internet community already skeptical of government efforts in the wake of protests over the Stop Online Piracy Act, or SOPA, in January, and the CISPA data-sharing bill last month. And even if startups or hobbyist projects are exempted if they stay below the user threshold, it's hardly clear how open-source or free software projects such as Linphone, KPhone, and Zfone -- or Nicholas Merrill's proposal for a privacy-protective Internet provider -- will comply.

The FBI's CALEA amendments could be particularly troublesome for Zfone. Phil Zimmermann, the creator of PGP who became a privacy icon two decades ago after being threatened with criminal prosecution, announced Zfone in 2005 as a way to protect the privacy of VoIP users. Zfone scrambles the entire conversation from end to end.

"I worry about the government mandating backdoors into these kinds of communications," says Jennifer Lynch, an attorney at the San Francisco-based Electronic Frontier Foundation, which has obtained documents from the FBI relating to its proposed expansion of CALEA.

As CNET was the first to report in 2003, representatives of the FBI's Electronic Surveillance Technology Section in Chantilly, Va., began quietly lobbying the FCC to force broadband providers to provide more-efficient, standardized surveillance facilities. The FCC approved that requirement a year later, sweeping in Internet phone companies that tie into the existing telecommunications system. It was upheld in 2006 by a federal appeals court.

But the FCC never granted the FBI's request to rewrite CALEA to cover instant messaging and VoIP programs that are not "managed"--meaning peer-to-peer programs like Apple's Facetime, iChat/AIM, Gmail's video chat, and Xbox Live's in-game chat that do not use the public telephone network.

If there is going to be a CALEA rewrite, "industry would like to see any new legislation include some protections against disclosure of any trade secrets or other confidential information that might be shared with law enforcement, so that they are not released, for example, during open court proceedings," says Roszel Thomsen, a partner at Thomsen and Burke who represents technology companies and is a member of an FBI study group. He suggests that such language would make it "somewhat easier" for both industry and the police to respond to new technologies.

But industry groups aren't necessarily going to roll over without a fight. TechAmerica, a trade association that includes representatives of HP, eBay, IBM, Qualcomm, and other tech companies on its board of directors, has been lobbying against a CALEA expansion. Such a law would "represent a sea change in government surveillance law, imposing significant compliance costs on both traditional (think local exchange carriers) and nontraditional (think social media) communications companies," TechAmerica said in e-mail today.

Ross Schulman, public policy and regulatory counsel at the Computer and Communications Industry Association, adds: "New methods of communication should not be subject to a government green light before they can be used."

Wireless Carriers Who Aid Police Are Asked for Data
Eric Lichtblau

A leading House Democrat is demanding information from the country’s biggest cellphone companies about their role in helping local police departments conduct surveillance and tracking of suspects and others in criminal investigations.

Representative Edward J. Markey of Massachusetts, the co-chairman of the Congressional Bipartisan Privacy Caucus, said in a letter sent Wednesday to eight major wireless carriers that he was “deeply concerned” that routine tracking of cellphone use by law enforcement officials in many departments “may violate the privacy rights of Americans.”

In his letter, Mr. Markey sought data from the cellphone carriers on the number of requests for help they have received from law enforcement officials in cell tracking and surveillance operations, their policies on whether they require the authorities to secure court warrants, the use of cellphone surveillance in nonemergencies, the fees they charge the police and other information.

His letter was prompted by an April 1 article in The New York Times on the routine use of cellphone surveillance by local police departments, even in nonemergency situations. Mr. Markey’s office provided a copy of his letter to The Times.

The move by Mr. Markey puts the cellphone companies in the middle of a protracted public debate over the balance between civil liberties safeguards and the authorities’ use of surveillance technology. The issue has received renewed public attention recently as a result of a Supreme Court ruling in January finding that police use of a GPS device on a drug suspect’s car without a warrant violated his Fourth Amendment rights.

CTIA, the wireless industry trade association, said it had no comment on the Congressional request.

Ed McFadden, a spokesman for Verizon, one of the companies from which Mr. Markey is seeking information, said in a statement: “We will review the letter and be responsive. In responding to law enforcement requests, Verizon Wireless follows the law.”

An AT&T spokesman, Michael Balmoris, said, “We received the congressman’s letter and will respond accordingly.”

Representative Joe L. Barton, the Texas Republican who is co-chairman of the House privacy caucus with Mr. Markey, did not respond to requests for comment.

The privacy caucus has no formal subpoena power to gather records. But an official with the caucus who spoke on condition of anonymity in discussing internal matters said that private companies had normally complied with requests from the caucus and that Mr. Markey was confident that the cell companies would give him the information he was seeking.

Politicians and lawyers on both sides of the surveillance issue have debated where the line should be drawn between giving the authorities the technological tools they need and protecting the privacy of the public. Mr. Markey is seeking information not only on the legal and policy implications of cellphone surveillance, but also on the financial relationship between police departments and phone carriers — an area that has received little public attention.

The Times article, based on 5,500 pages of documents that the American Civil Liberties Union received from 205 police departments, found that cellphone carriers often charged local police departments anywhere from a few hundred dollars for using a cellphone to track a suspect’s location, up to $2,200 for a full-scale wiretap of a suspect.

The documents showed that police departments routinely used cellphone tracking for both emergency and nonemergency situations, sometimes without getting court warrants. With police policies varying widely, gray areas in the law have given departments wide discretion in determining what types of situations justify phone surveillance and whether court orders are needed. Some departments have even bought their own phone surveillance equipment and bypassed the carriers.

Skype Investigates Tool that Reveals Users' IP Addresses
Jeremy Kirk

Skype said Tuesday it is investigating a new tool that collects a person's last known IP address, a potential privacy-compromising issue.

Instructions posted on Pastebin on Thursday showed how a person's IP address could be shown without adding the targeted user as a contact by looking at the person's general information and log files.

Skype, which is owned by Microsoft, said in an e-mail statement that "this is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are taking measures to help protect them."

In October, Skype acknowledged a research paper that showed how a Skype user's IP address can be determined without that user knowing. It also demonstrated that more than half the time the IP address could be accurately linked to sharing content using the BitTorrent file-sharing protocol.

An IP address is an important piece of information that can be used to track the approximate location of a user and their service provider. But the information is not necessarily accurate, as a person could be using a VPN, whose data center may be located in a different country than the actual user.

Another way to broadcast inaccurate IP addresses is browsing the internet using The Onion Router (TOR), an anonymizing service that routes a person's internet traffic through a network of worldwide servers in a fashion that is difficult to trace. An IP address also just identifies a computer and not the person sitting behind a keyboard.

Skype uses a peer-to-peer system to route its data traffic, which is also encrypted. But its encryption system is proprietary and not been open for scrutiny, which has prompted caution from security experts.

Syrian Government Pushing Malware To Activists Via Skype

Bashar al-Assad’s government infects rebels’ computers with Remote Access Tools
Max Smolaks

Security company F-Secure has discovered the Syrian government has used Skype and social engineering to infect activist systems with surveillance tools.

Some time ago, the F-Secure lab received a hard drive with an image of a system for analysis. The system belonged to a Syrian activist. It contained a backdoor, sent from the account of another activist, but the latter was in custody at the time and could not possibly have been on Skype.

According to F-Secure, using Trojans and backdoors to spy on citizens has become a regular tactic for oppressive regimes.

Wolves in sheep’s clothing

The activist’s computer was infected during a Skype chat with who she thought was a fellow freedom fighter. “We received the hard drive from a source we cannot name. The user got suspicious when she realised that the person who she was chatting with couldn’t be available, as he was arrested before the conversation took place. Then she remembered she had received a file and became very worried,” Mikko Hypponen, chief research officer at F-Secure, told TechWeekEurope.

The impersonator sent an application called MACAddressChanger.exe that was supposed to help avoid government surveillance. Instead, it spawned a file called silvia.exe, which, upon closer examination, turned out to be the “Xtreme RAT” backdoor.

A website selling Xtreme RAT, available for €100, describes it as a tool that allows users to control their computer from anywhere in world. But Hypponen called it “a full-blown malicious Remote Access Tool”.

“It can watch the screen, log the keystrokes, turn on the microphone and webcam remotely and access the file system not just on the computer itself, but also files on any Local Area Network that user is logged on to. It can even get into shared files hosted on Dropbox.”

The backdoor called home to the IP address This IP block belongs to the Syrian Telecommunications Establishment (STE), which reports to the government. “We believe the activist’s computer was specifically targeted,” said Hypponen.

Modern warfare

“We are seeing all governments using more technology and especially the oppressive governments. It’s quite easy to see why it’s happening, but it doesn’t cease to amaze me.

“If someone would have told me 10 years ago that by 2012 it will be commonplace for governments to create backdoors and Trojans and use them to spy both on their own people and other countries, create software that would target nuclear programs of other countries, I wouldn’t have believed it. It sounds like science fiction, but it’s exactly what we are seeing at the moment.”

However, Hypponen doesn’t see his company as a band of freedom fighters. “We don’t like governments using technology against their own citizens. And our customers expect to be fully protected against malware, even if it comes from their own government. But we do it on technical merit, there’s no political context.”

This was not the first attack of its kind to happen in Syria. In February, CNN posted a similar story, identifying another two types of malware that targeted Syrian activists, being spread through Skype and Facebook.

To avoid being monitored online, by governments or otherwise, F-Secure recommends keeping systems fully patched, and having firewall and antivirus on at all times. Running an executable that has been received through Skype is never a good idea, even if it really comes from a friend. And to avoid becoming the victim of social engineering, it pays to be careful. “If something doesn’t feel right, double-check it,” advises Hypponen.

Since the beginning of the Arab Spring, various groups have upped their use of social networking and technology to oppose governments. The Syrian government tries its best to keep up with the trends. Last year, it banned the use of iPhones to stop protesters from communicating and even cut off the Internet for a whole day.

Microsoft: Macs 'Not Safe from Malware, Attacks Will Increase'
Emil Protalinski

Summary: Microsoft has discovered a new piece of Mac malware that exploits a three-year-old flaw in old versions of Office for Mac. The company recommends Mac users to keep installed software updated.

Microsoft researchers have analyzed a new piece of Mac malware that uses a multi-stage attack similar to typical Windows malware infection routines. In a post titled “An interesting case of Mac OSX malware” the Microsoft Malware Protection Center closed with this statement:

In conclusion, we can see that Mac OSX is not safe from malware. Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase. Exploiting Mac OSX is not much different from other operating systems. Even though Mac OSX has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications.

So, what was the piece of code that caused Microsoft to write this? The malware in question uses a stack-based buffer overflow as an entry point for executing two-stage shellcode on a Mac that eventually leads to the installation of a bot that connects to a remote command-and-control (C&C) server. Thankfully, the exploit in this specific piece of malware only works on Snow Leopard and older versions of Mac OS X because the particular address it uses to write to isn’t writable in Lion.

Here’s the software giant’s description:

Firstly, the vulnerability is a stack-based buffer overflow - the attack code could corrupt variables and return addresses located on the stack. As we analyzed the malware, we found that the malware author managed to corrupt a local variable and used that corrupted variable to deploy ’stage 1′ shellcode to a designated area. This corrupted variable is later used for a target address and is where the stage 1 shellcode is copied. The corrupted return address points to this target address as well.

This target address is important, as, with Snow Leopard, we could confirm that it was used to exploit a specific location on the heap that is writable and also executable. The point is, that with Lion, that specific memory address can’t be written, so the exploit fails.

We can assume that this malware itself is targeting only Snow Leopard or lower versions of Mac OSX. That means the attacker had knowledge about the target environment beforehand. That includes the target operating system, application patch levels, etc.

This stage 1 shellcode leads to stage 2 shellcode, which is located in memory. The stage 2 shellcode is actually where the infection of the system occurs.

If you want to check for this particular malware, you’ll want to know that it creates the following three files:


Each of the files on the infected machine performs a separate function. The file called “launch-hse” is the end payload of the attack. It communicates with the C&C server controlled by the attacker, which can perform a number of actions on the infected machine, including deleting files, gathering information about the OS and hardware, as well as uninstalling itself from the Mac.

While this is all certainly interesting, I’m most concerned that this malware uses a three-year-old flaw in Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac. Here’s the corresponding security bulletin: MS09-027 - Critical.

Why is this a big deal? For one, Microsoft patched this flaw 35 months ago. Secondly, this particular security hole was exploited by a different piece of Mac malware just a few weeks ago. That’s worrying. Here’s what I wrote at the time:

You’ll need to update Microsoft Office 2004 for Mac and Microsoft Office 2008 for Mac. Thankfully, this security vulnerability is from June 2009, so if you keep your Microsoft software patched, you should be good to go.

The same advice applies. Unfortunately, it appears that many Mac users, just like many Windows users, don’t keep their software up-to-date.

Religious Websites Riskier than Porn for Online Viruses: Study

Web wanderers are more likely to get a computer virus by visiting a religious website than by peering at porn, according to a study released on Tuesday.

“Drive-by attacks” in which hackers booby-trap legitimate websites with malicious code continue to be a bane, the US-based anti-virus vendor Symantec said in its Internet Security Threat Report.

Websites with religious or ideological themes were found to have triple the average number of “threats” that those featuring adult content, according to Symantec.

“It is interesting to note that websites hosting adult/pornographic content are not in the top five, but ranked tenth,” Symantec said in the report.

“We hypothesize that this is because pornographic website owners already make money from the Internet and, as a result, have a vested interest in keeping their sites malware-free; it’s not good for repeat business.”

The report was based on information gathered last year by the Symantec Global Intelligence Network, which monitors cyber attack activity in more than 200 countries through its services and sensors.

Symantec said that it blocked 5.5 billion attacks in 2011 in an increase of 81 percent from the prior year.

In keeping with trends seen by other Internet security firms, Symantec reported surges in hacks aimed at smartphones or tablet computers and in attacks targeting workers in companies or government agencies.

PM to Consider Porn Blocking Plans
Nicole Kobie

The Prime Minister is expected to announce formal plans to look into network-level filtering of pornography from the web, as the MP leading the charge said blocking sites wasn't censorship.

A Downing Street source told The Times that David Cameron will announce a consultation into existing laws regarding internet porn, including whether consumers should be forced to "opt in" with their ISPs to receive adult content.

"Nothing is ruled in or out at the moment," the source told the paper. "We will look at all the options."

The campaign to block adult content from the web and require customers to "opt in" to receive it has been led by MP Claire Perry - and backed by The Daily Mail. It initially met with little support from the Prime Minister, and has been criticised by digital rights groups and industry bodies.

"I'm not zealous about this - I just want the facts," Perry told the newspaper. "If we can see that the idea of an 'opt-in' system is technologically difficult or bad for the economy, then fine. But the problem with the debate is we need to know the facts." Perry last month released a report from an inquiry she led into the issue, calling Sun columnist Dear Deidre as the first expert witness.

She suggested that blocking websites didn't amount to censorship. "There is a 'hands off our internet' movement that sees any change in how access is delivered as censorship," she said. "We are not being prudish, but we just think the current method of blocking that material is broken."

Perry previously told PC Pro and its readers to "get a grip" over web censorship fears.

European e-Identity Plan to be Unveiled This Month
David Meyer

Authorities in Europe are ready to lay out plans to introduce an electronic identity system across Europe, with the proposals to be unveiled at the end of this month.
EU flags

Digital agenda commissioner Neelie Kroes has outlined a proposal to bring in an electronic identity system across the EU.

On Wednesday, the European Commission published a strategy document aimed at setting up systems to protect children online. In the document — but not in the accompanying press release nor the citizens' summary — the Commission mentioned that it will soon propose a "pan-European framework for electronic authentication".

A spokesman for digital agenda commissioner Neelie Kroes said the Commission "will have full e-ID proposals on 30 May".

The document, entitled European Strategy for a Better Internet for Children, gives a rough outline of proposals to harmonise protections across member states for children using online services. It contains many suggestions for the increased use of age classification, as well as the inclusion of "efficient" parental controls "on any type of device and for any type of content, including user-generated content".

The age classification scheme, which is meant to feed into new data protection rules that take specific account of children's privacy and 'right to be forgotten', will largely be a matter of industry self-regulation. However, the language of the e-ID clause suggested that one element will be mandatory.

"The Commission... intends to propose in 2012 a pan-European framework for electronic authentication that will enable the use of personal attributes (age in particular) to ensure compliance with the age provisions of the proposed data protection regulation," the Commission said in the document, adding that member states should "ensure the implementation of EU legislation in this field at national level".

As part of this, the industry will be expected to introduce "technical means" of electronic identification and authentication, it noted.

The launch of the strategy follows Kroes's push in November to strengthen internet security in the EU, which laid the ground for the child protection proposals. It also outlined legal measures to make it easier for people to use a single e-ID for online services across borders, which would underpin a move toward a pan-European framework for electronic identification, authentication and signature (Pefias) framework.

Fuzzy areas

Digital rights campaigner Jim Killock, of the Open Rights Group, told ZDNet UK that the idea of an electronic ID scheme was not in itself bad, but he is keen to know the scope of the programme.

"There are discussions elsewhere about identity management online — the UK is looking at this," Killock said. "That in itself isn't a terrible thing, although there may be fuzzy areas where you're having to supply your identity to sites that are discursive."

"If it's aimed at the end services, then there's possibly something in what they are saying, but the devil is in the detail," he added.

Killock also gave a tentative welcome to the idea of putting parental controls on devices such as smartphones or tablets, "as the calls we're hearing for content filtering at network level is much more dangerous". However, he added that parental control technologies are "fallible".

The strategy document also said the Commission will adopt a pan-EU "initiative on notice-and-takedown procedures" for websites. This will extend not only to child sexual abuse images, but to "all categories of illegal content".

Questions remain as to whether the e-ID system will have uses beyond age classification, and whether every citizen will be required to use the system, with the implications this has for online anonymity. In addition, the document did not describe what technology is needed to apply parental controls to any type of device and which parts of industry are expected to implement this, and whether the harmonised notice-and-takedown procedures will apply to material that breaches copyright. The Commission had not replied to a request for clarification on these questions at the time of writing.

Elusive File Sharing Program Found in Preston Child Pornography Case
Karen Florin

When state police went to the home of a 31-year-old Preston man last year with a search-and-seizure warrant for child pornography, Matthew Nylen was sitting in front of his laptop computer.

The computer contained two icons for peer-to-peer file sharing programs, one of which has "presented major obstacles to the law enforcement community," according to an arrest warrant affidavit prepared by state police Detective Michael Hoagland.

The computer also contained an estimated 666 images of child pornography, the warrant says.

Nylen, of 51 Miller Road, was charged last month with obscenity, promoting a minor in an obscene performance, importing child pornography and possession of child pornography. He was freed on a written promise to appear in court and is due for presentment today in the New London court where major crimes are tried.

According to the warrant, detectives from the state police Computer Crimes and Electronic Evidence Unit were searching in November 2010 for images of child pornography using a file-sharing network called Gnutella. They made a connection to the IP address at the Nylen home and noted that the 158 video files that had been shared from the address had names known by law enforcement to contain child pornography.

When detectives from Troop E and the computer crimes unit went to Nylen's home with the search warrant on April 28, 2011, they determined that one of the peer-to-peer file-sharing programs, which they refer to as "Program X," has eluded law enforcement and allowed members to trade child porn with ease.

The program operates on an invitation-only basis to subscribers and is password-protected. Once accepted into the file-sharing network, individuals are provided passwords of other account numbers and are able to freely share pornography, according to the warrant.

Nylen permitted the detectives to access the program from his laptop and assume his "Program X" account identity. They then obtained the identity of the program and changed the password to limit any future sharing of the child pornography, according to the warrant.

Until next week,

- js.

Current Week In Review

Recent WiRs -

April 28th, April 21st, April 14th, April 7th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.

"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
Thanks For Sharing
JackSpratts is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM

All times are GMT -6. The time now is 06:50 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
www.p2p-zone.com - Napsterites - 2000 - 2018