P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
Reload this Page Peer-To-Peer News - The Week In Review - June 18th, '11
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 15-06-11, 08:41 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,016
Default Peer-To-Peer News - The Week In Review - June 18th, '11
Since 2002


































"All users should have greatest possible access to Internet-based content, applications and services. Cutting off users from access to the Internet is generally not a proportionate sanction." – UN Human Rights Council


"WE ARE /b/astards NOT TERRORISTS." – Anonymous


























Hacking Begins at Home

In five easy clicks anyone can uncover secret passwords and website usernames, and it’s so simple even your gram can do it...and maybe she already has.

Mozilla's popular FireFox browser lets you quickly and easily display any website password that’s been saved to a computer, even those belonging to others. All that’s needed are a few brief moments alone with a mouse.

There are several ways to do this. One is by going directly through "Tools"/"Options" while another is a bit more crafty: If a webpage is open, like this one for instance, or Facebook, or Amazon or just about any page where passwords have been autosaved, click the site logo at the left of the FireFox address bar. That launches a menu with a "More Information" bar. Click it to display a page with additional data, including how many times the site’s been visited with FireFox since the history was last cleared. Assuming it has been cleared. If not be prepared for a big number.

Meanwhile among the menu selections is something called "View Saved Passwords" which brings us to the heart of the matter. After clicking "Show Passwords" select "Yes" and the browser will obligingly display every single password saved in FireFox on that computer, including, if any, the usernames and passwords for users other than yourself. Why Mozilla would allow this is uncertain, but it’s how they roll.

So if you'd like to read your brother's email or see what he's been up to at those social sites like Reddit where he seems to spend all his time, well, you can do that and more. Like assume his online identities. In stealth, from other computers besides the one in the family room. Because when you have his passwords you can make his life a living hell from wherever you like. How fun is that? Of course, the same could happen to you.

Now I trust that you being sophisticated and all are not saving your passwords to a box that others might have even the briefest access to but still, things happen and forewarned is forearmed. Which means if you'd like to keep the power to sink your online life out of the hands of friends, family and other passing ships, it may be time to select an alternate mode of transportation, or rethink the whole saved passwords thing entirely, perhaps by doing away with them altogether or choosing and using a FireFox “Master Password,” even if those solutions bring on other problems. It’s the least you can do.


















Enjoy,

Jack




















June 18th, 2011




US, NZ, Sweden, Others Condemn "Three Strikes" Internet Laws
Timothy B. Lee

Earlier this month we covered a UN report that argued that "three strikes" laws that deprive alleged copyright infringers of Internet access violate human rights. The report was delivered by an independent UN investigator, and so didn't represent the view of any UN member governments.

Michael Geist notes that on Friday, Sweden made remarks at the UN Human Rights Council that endorsed many of the report's findings, including the criticism of "three strikes" rules. The statement was signed by 40 other nations, including the United States and Canada. The United Kingdom and France, two nations that have enacted "three strikes" regimes, did not sign the statement.

"All users should have greatest possible access to Internet-based content, applications and services," the statement said, adding that "cutting off users from access to the Internet is generally not a proportionate sanction." It also called network neutrality and Internet openness "important objectives."

Interestingly, the report is signed by New Zealand, which enacted legislation in April that sets up a special Copyright Tribunal for expediting file-sharing cases. The penalties available to the New Zealand government include Internet disconnections of up to six months.

The Swedes told the Human Rights Council that "Only in a few exceptional and limited circumstances can restrictions on content be acceptable." It said that Egyptian-style Internet shutdowns are "in violation of freedom of expression."

The statement also endorsed the UN report's arguments about the dangers of holding intermediaries liable for copyright infringement. It argued that "governments should not mandate a more restrictive standard for intermediaries than is the case with traditional media."

It endorsed a right to communicate online anonymously and underscored the importance of privacy protection, though it didn't endorse any particular approach to the issue. And it argued that "the present digital divide must be bridged to enable participation of all" online.

Other countries signing the statement include Brazil, India, Japan, Poland, and Turkey.
http://arstechnica.com/tech-policy/n...ernet-laws.ars





Nude Nuns Mass BitTorrent Lawsuit is Terminated
David Kravets

A Utah investment company late Friday dropped its copyright-infringement lawsuit against 5,865 BitTorrent users who allegedly downloaded the movie Nude Nuns with Big Guns between January and March of this year.

Incentive Capital, which is embroiled in litigation with another company called Camelot Distribution over who actually owns the B-rated flick, notified the Los Angeles federal judge presiding over the copyright action that it was dropping the case. An identical Nude Nuns lawsuit brought by Camelot Distribution, a California company, was voluntarily dismissed three weeks ago.

Neither company stated a reason, but the dismissals come after the April 22 order by a federal judge demanding the plaintiffs to explain why it was suing so many people at once. The judge also appointed the Electronic Frontier Foundation to defend the rights of the 5,865 IP addresses.

The copyright infringement lawsuits are part of a nationwide surge of suits collectively targeting more than 130,000 BitTorrent users for pilfering indie films, porn and exploitation flicks from the internet. Unlike the Recoding Industry Association of America’s former litigation campaign, which targeted only a handful of defendants at a time, the BitTorrent film lawsuits are targeting thousands of defendants by internet IP address, and then asking federal judges to order ISPs to identify the subscribers by name.

The Nude Nuns lawsuit, first reported by Threat Level in March, was among the largest of its type. But after our report, it emerged that Camelot’s claim to the film was in dispute. One of the company’s creditors, Incentive Capital, claimed it had legal ownership over Nude Nuns and filed its own mass lawsuit against the same 5,865 IP addresses — a lawsuit it dropped Friday.
http://www.wired.com/threatlevel/201...-lawsuit-ends/





Righthaven Copyright Troll Lawsuit Dismissed as Sham

Court finds Righthaven had no authority to bring claims against political forum
Kurt Opsahl

In a decision with likely wide-ranging impact, a judge in Las Vegas today dismissed as a sham an infringement case filed by copyright troll Righthaven LLC. The judge ruled that Righthaven did not have the legal authorization to bring a copyright lawsuit against the political forum Democratic Underground, because it had never owned the copyright in the first place. The Electronic Frontier Foundation (EFF), Fenwick & West LLP, and Las Vegas attorney Chad Bowers are defending Democratic Underground.

"We are pleased that the Court saw through Righthaven's sham assignment of the copyright and dismissed its improper claim," said EFF Senior Staff Attorney Kurt Opsahl. "Today's decision shows that Righthaven's copyright litigation business model is fatally flawed, and we expect the decision to have wide effect on the over 270 other cases Righthaven has brought."

Righthaven sued Democratic Underground last fall over an excerpt of a Las Vegas Review Journal news story that a user posted on the forum, claiming that the newspaper had transferred copyright to Righthaven before it filed the suit. However, a document unearthed in this litigation showed that the copyright assignment was a sham and that Righthaven was merely agreeing to undertake the newspaper's case at its own expense in exchange for a cut of the recovery.

"In dismissing Righthaven's claim in its entirety, Chief Judge Hunt's ruling decisively rejected the Righthaven business model of conveying rights to sue, alone, as a means to enforce copyrights," said Laurence Pulgram, head of copyright litigation at Fenwick & West in San Francisco. "The ruling speaks for itself. The court rejected Righthaven's claim that it owned sufficient rights in the copyright, stating that claim was 'flagrantly false--to the point that the claim is disingenuous if not outright deceitful.'"

Judge Hunt also noted that "Righthaven has made multiple inaccurate and likely dishonest statements to the Court" and rejected Righthaven's efforts to fix things after the fact with a May 9, 2011, amendment to the original assignment agreement. The judge expressed "doubt that these seemingly cosmetic adjustments change the nature and practical effect" of the invalid assignment.

As part of his ruling today, the judge ordered Righthaven to show why it should not be sanctioned for misrepresentations to the court. The Court permitted Democratic Underground's counterclaim to continue against Stephens Media -- the publisher of the Review Journal -- allowing Democratic Underground to show that it did nothing wrong in allowing a user to post a five-sentence excerpt of a 50-sentence article.

"This kind of copyright trolling from Righthaven and Stephens Media has undermined free and open discussion on the Internet, scaring people out of sharing information and discussing the news of the day," said Opsahl. "We hope this is the beginning of the end of this shameful litigation campaign."

"To Righthaven and Stephens Media, the Court has issued a stinging rebuke," added Pulgram. "For those desiring to resist the bullying of claims brought by pseudo-claimants of copyright interests, the ruling today represents a dramatic and far reaching victory."

For the judge's full order:
https://www.eff.org/files/filenode/r...der6-14-11.pdf
https://www.eff.org/press/archives/2011/06/14





MIPI Stands Firm On Graduated Response To Illegal File-Sharing

Music Industry Piracy Investigations, the anti-piracy organisation for the Australian music industry, strongly rejects recent misleading media reports that it is not supportive of a graduated response model to discourage illegal file-sharing. MIPI remains firmly committed to its goal of working with Internet Service Providers to implement an industry led graduated response scheme in Australia that will encourage legal content consumption online.

MIPI has always made it clear that such a graduated response model would need to incorporate effective sanctions for the small minority of people that ignore educational warning notices and repeatedly illegally file-share creative content. While temporary suspension of the internet for repeat infringers is the preferred sanction under an industry led code this does not in any way preclude termination remaining within the current safe harbour provisions of the Australian Copyright Act which deals with copyright infringement more broadly.

Sabiene Heindl, General Manager of MIPI and spokesperson for the ACIG stated "The Australian music industry and the ACIG have always made it clear that any industry led code to deal with illegal file-sharing of content will require effective sanctions for repeat infringers that fail to heed educational notices. Research around the world makes it clear that notice-upon-notice schemes are unlikely to achieve the goal of encouraging consumers to migrate to consumption that supports artists and songwriters."
http://www.mi2n.com/press.php3?press_nb=142882





Hours of Surveillance Led to Connecticut Music Piracy Arrest
Hoa Nguyen

Surveillance teams poured hours into following suspects named “Little Mike” or "Big Mike,” also known as “DJ Big Mike,” trailing them for miles. Local police executed search warrants on three homes in Danbury, Bethel and Newtown, in addition to conducting numerous interviews with suspected accomplices.

This was some of what went into a lengthy investigation that began two years ago and culminated last week with the arrest of two brothers, Michael Willcox, 33, of Danbury and Stephen Sabato, 21, of Sandy Hook, on music piracy charges.

More arrests are expected, according to officials and an affidavit, which was filed in state Superior Court in Danbury, Connecticut and made available Monday.

The two brothers and their representatives could not be reached for comment Monday.

The arrest affidavit details a lengthy surveillance of Michael Willcox, also known as "Big Mike" or "DJ Big Mike" and his half brother Stephen Sabato, and their respective homes on Stetson Place in Danbury and Washington Avenue in Sandy Hook.

The investigation began with the Recording Industry Association of America, a trade group that sent its own team of investigators to conduct a surveillance of a suspected "burner lab" at 27 Stetson Place in Danbury where pirated CDs were alleged being made and distributed, according to the affidavit.

The trade group is comprised of record companies that create, manufacture and distribute about 85-percent of all legitimate sound recordings made and sold in the United States, according to the affidavit. Three investigators from RIAA began the surveillance in Feburary of 2009.

The investigators allegedly followed a 1995 Ford Explorer registered to Willcox from his Danbury home to a residence at 12 George St., Mount Vernon, NY, which was suspected of supplying the materials and equipment used to manufacture recordable CDs and DVDs, according to the affidavit.

The surveillance team said Willcox appeared to have no other employment, though he was recorded as the property owner of the Stetson Place home, according to the affidavit.

Through further surveillance, an RIAA investigator allegedly followed Willcox to a Queens, NY check cashing establishment and later bought two CDss from a stack he allegedly had seen Willcox bringing in labeled “Big Mike DJ Mixes,” according to the affidavit.

Later, another RIAA investigator conducting a surveillance on the Danbury home saw a suspect identified only as “Little Mike” carrying a handful of CDs into a Gulf gas station at 113 North St. in Danbury and when she went in she was able to purchase one of those CDs for $5, according to the affidavit.

The CD bought in Queens and the one bought in Danbury apparently held the same content and later examination showed they were pirated recordings, according to the affidavit.

A search warrant was then executed on the Steson Place home where Danbury police found about 3,500 disks suspected of containing pirated music and inserts to make about 40,000 items, according to the affidavit. Songs by Lil Wayne, Mya, The Dream and G Unit and other Universal artists were part of what was found, according to the affidavit.

Titles of the CDs that were seized included “Blue Label That was my joint,” “Hard Knock Life,” “New York Struggle,” R&B Jump Off 50,” “Red Apples Falling” and “Trapaholics.”

Danbury detectives then interviewed an associate of Willcox, whose name was associated with a post office box used by Willcox and whose name shows up on mail delivered to the Danbury house, according to the affidavit. The associate said the master CD was mixed at another home and then burned into CD-Rs intended for distribution at the Washington Avenue, Sandy Hook residence where Sabato lives with his and Willcox's mother.

Meanwhile, RIAA continued its surveillance through July of 2009 where its investigators said they allegedly followed Sabato to an establishment in Stamford and later purchased CDs for $5 that were determined to be pirated music, according to the affidavit.

Later, Newtown police execute a search warrant on the Sabato residence at 18 Washington Ave. where they found 383 CDs with pirated music and boxes that were labeled to contain burner towers, according to the affidavit.

While police were executing the search warrant, an investigator with RIAA was keeping a surveillance on Willcox's Danbury home where she allegedly observed them quickly loading brown boxes into a car and then bringing them to an apartment in Bethel, according to the affidavit. Later they allegedly were seen throwing out CD disk inserts, the affidavit said.

A search warrant then was executed on the 32 Durant Ave., Bethel home where hundreds of CD-Rs and several thousand disc jacket inserts were found, the affidavit said.

Also based on UPS shipping records for Willcox, the three companies that he used to distribute the CDs collected a total of more than $600,000 for UPS cash on deliveries made between 2007 and 2009, the affidavit said.

At some point, some shipping invoices also showed that an ESPN account was being used to ship materials but that had not been authorized by ESPN, according to the affidavit. An ESPN representative told authorities the company believed the shipping information has been passed around the disc jockey industry, according to the affidavit.

A Newtown police officer also apparently reported a conversation he had with Sabato and another man in 2008 where the two said they spent a lot of time burning CDs on behalf of Willcox. The report said that Willcox mixes 10 songs every month onto a CD, which costs $.20 to make but is sold at $3 each, netting about $30,000 a month.

Sabato is out on a $1,000 bond and is to appear Wednesday, June 15 while Willcox was released on a promise to appear June 21.
http://danbury.patch.com/articles/ho...-piracy-arrest





British Student Faces Extradition to US Over Copyright Infringement

Vows to fight charges
Dean Wilson

A 23-YEAR-OLD BRITISH COMPUTER STUDENT faces possible extradition to the US for linking to copyrighted content on his website.

The student, Richard O'Dwyer, was accused of copyright infringement after setting up the website TV Shack, which had links to thousands of films and tv shows, but did not directly host them.

The website was seized by US Immigration and Customs Enforcement. O'Dywer was arrested on May 23, brought to Wandsworth prison and then released on a £3,000 bail paid by his aunt.

Now he faces extradition to the US, where he could get up to five years in jail if found guilty of infringing copyrighted material, according to the Metro newspaper.

He has vowed to fight the extradition attempt and his mother has pleaded with the UK government to "bring some common sense" to the entire affair and end the extradition demands, which she called disproportionate, unnecessary and deeply truamatic.

She said that her son was foolish in not understanding the implications of copyright and said he was talented with web design, a skill he likely gained during his computer sciences studies at Sheffield Hallam University. Not properly understanding the law is unlikely an excuse that will wash with the courts, however.

O'Dywer's lawer is Ben Cooper, who is also defending alleged military hacker Gary McKinnon, who equally faces extradition to the US. This is a much less serious crime than McKinnon's and Cooper has prepared a number of defence arguments, including the fact that O'Dwyer never hosted the copyright content himself and that the server was not based in the US and therefore he should not be extradited to there.

O'Dwyer is due in court again on September 12.
http://www.theinquirer.net/inquirer/...t-infringement





Music Pirates Won’t Rush to iCloud for Forgiveness
David Glance

Some people, including on this site, have suggested there’s a loophole in Apple’s new iCloud that will allow people who illegally download music to somehow “launder” their dirty music files, getting a nice clean, and legal, license to the music stored on iCloud. This argument is flawed for two main reasons.

The first has to do with how the laws of copyright work and the second is to do with why people share or download music (and movies) in the first place.

The law

Unlike existing cloud services offered by Amazon and Google, Apple will search your hard disk looking for music; for any track it recognises, it will give you access to download a legitimate version of that track from the iCloud.

In Australia, copyright law allows the public to “format-shift” their music. If you have a CD, you’re allowed to “rip” it into another format so that you can listen to the music on another device such as an iPod or phone.

You can even share this music with other members of your household, but not with anyone outside. Importantly, you have to keep the original copy of the music. If you give that original away, or sell it, you have to get rid of all copies you’ve made of the music.

iTunes Match, which, at a cost of $24.99, matches a user’s existing music library against the 18 million tracks held in iTunes store, will work on the basis of assuming that you have a legal version of the music on your disk.

It will have to do this to stay in keeping with the copyright laws in the US which are similar to that in Australia. So if you were acting illegaly before you used Apple’s iCloud, you will still be deemed illegal afterwards.

Dancing in the dark

The second and probably more relevant issue is this: why you would anyone bother to “launder” their pirated music? Some 60% of 18 to 24 year olds surveyed in the UK in 2009 admitted to using peer-to-peer networks to download music.

They had, on average, 8,000 music files in their collection – a staggering 17 days’ worth of tunes. The main reasons cited for downloading illegally were to do with cost (it was free), accessing hard-to-get music and simply trying new music out.

The other key findings of this survey were that the majority of the young people were more bothered by the moral aspect of piracy (the fact musicians are losing money) than the legal one.

They were not particularly interested in streaming the music, as offered by a number of services currently. Physical ownership of the files was important because it meant they could transfer them to other devices, as was the fact they could listen to music offline (in the car or on the bus, for example).

Teenage kicks

Picture this: I am a 16 year old with 8,000 music files and I only feel mildly guilty that I downloaded them or got them from my friends.

I listen to the music mostly on my computer and then on my iPod, which I synchronise with my computer after having carefully constructed my favourite playlists.

Why would I feel motivated to pay $25 a year to download this exact same music again?

It certainly won’t be, as some have been arguing, so I can claim to be the legal owner of the music – even if I cared about this, I clearly wouldn’t be the legal owner.

Live and let die

Downloading music and movies gives people access to things they would not be able to access any other way, either because it would cost too much or because it’s simply not available for sale.

Competing against “free-and-now” is hard to do, but there are signs that the music industry at least is starting to do exactly that.

It used to be the case that live music was the promotional, loss-making part of the business to drive recorded music sales.

Increasingly, the music industry is seeing that the money can be made from live music, concerts and music festivals, while the recorded music could be used as a give-away to promote these social events.

Live is the only thing that can’t be replicated: everything else – with or without the iCloud – is up for grabs.
http://theconversation.edu.au/music-...rgiveness-1771





Spotify: A Massive P2P Network, Blessed by Record Labels
Ernesto

For years the music industry has seen P2P technology as the single biggest threat, claiming that file-sharers are responsible for billions of dollars in losses. However, P2P technology is also part of the music industry’s future. One of the major revelations in the music business, the streaming service Spotify, is actually one of the largest file-sharing networks on the Internet.

When Spotify launched their first beta in the fall of 2008, we branded it “an alternative to music piracy.”

Having the option to stream millions of tracks supported by an occasional ad, or free of ads for a small monthly fee, Spotify appeared to be serious competitor to music piracy.

In the two years that followed Spotify rapidly won the hearts and minds of many music fans. Currently limited to a few European countries only, the service has already amassed more than 10 million users and over a million paid subscribers. A true success story, which has been recognized by the music industry on various occasions.

What’s often overlooked is that Spotify is in reality one of the largest P2P networks on the Internet. No surprise, since one of the lead engineers from the start is none other than Ludvig Strigeus, the original creator of the BitTorrent client uTorrent. However, not much is known about this private P2P network.

Using P2P technology allows Spotify to use less servers, less bandwidth and have a better up-time. And it appears to be working. In fact, of all the tracks that are streamed over the Internet by Spotify users the majority come via P2P connections. Since they’re dealing with copyrighted music, all transfers are totally anonymous, encrypted and secure of course.

Let’s take a look at some data provided by Spotify on their three main music sources.



As can be seen in the graph above most tracks are played from the local cache. These are songs a user has listened to before, and those files are stored on the local hard drive. Of all the remaining tracks that are played, roughly 80% are accessed via the P2P network.

What’s further notable is that P2P performance is most efficient during peak hours and in the weekend. In the graph provided by Spotify the share of P2P traffic peaks on Saturday evening.

Spotify’s P2P network uses various influences from other file-sharing platforms. It uses both a BitTorrent like tracker and a Gnutella style network, but is specifically tailored towards playing relatively small files. Since it’s dealing with streaming, the first bits of a song are prioritized while slow peers are rejected.

This custom P2P solution guarantees what is one of the most important features of Spotify, a very low latency. Tracks have to start almost instantly, and with a median delay of 265 milliseconds it lives up to this expectation. Quite remarkable for a P2P-powered application.

So finally, there we have it. A massive P2P network that’s fully supported and even partially owned by the music industry. Who ever thought that would happen?
http://torrentfreak.com/spotify-a-ma...labels-110617/





File Sharing, Fair Use and the Trans-Pacific Partnership Free Trade Agreement

Part one of Q and A with intellectual property lawyer Rick Shera
Stephen Bell

Intellectual property lawyer Rick Shera is a prominent voice on issues relating to the internet. Here he talks to Stephen Bell about the ongoing copyright debate, privacy concerns and whether New Zealanders will make the most of high-speed broadband.

What is top of mind right now for you as an intellectual-property lawyer involved in ICT? I know copyright and file-sharing rates highly with us in the media, but is there something more important in your eyes?

Copyright and privacy; those are the two issues in the online environment that are really developing areas, where the law is having to morph to take into account the internet and connectivity; but areas where, in copyright particularly, the law is struggling.

Do you think we’ve reached a stable state on file-sharing legislation now; have we got the best deal we can?

There are passionate people on both sides of the debate. It is a little like mediation; both sides are now probably equally frustrated and annoyed, which is a kind of balance. I don’t think it is the end of the debate; it is probably only round one.

Even with respect to the file-sharing legislation that is just come through. The penalty of termination [of a repeat offender’s internet account] is sitting there like the sword of Damocles and can be brought into effect with little or no consultation.

It was interesting to hear the National Party members speak in the final stages of the Bill. I think every one of them emphasised that if the regime didn’t work, termination would be brought in as a remedy. I think the deal — if there was a deal — at the select committee stage was, in the eyes of the current government, only a postponement. If that is true, then for those like me who see termination as a draconian and disproportionate remedy, there will need to be continuing scrutiny.

We’re aware the rights-owning organisations internationally bandy about huge figures as to their losses, which even the US government’s Accountability Office has questioned. But those figures will be used, I don’t doubt, to justify an argument that this regime is not working and termination needs to be brought in. There has to be a lot of care around that.

There’s still debate, as you know, on the regulations. There will be an arm-wrestle on what fees rights-holders will be charged when they submit their notices to ISPs – or IPAPs [internet protocol access providers] - and there are various other regulatory matters that need to be sorted out.

Beyond this particular piece of legislation, I think copyright as a whole will be an ongoing debate. The Copyright Act is on a scheduled review – I think the next review is due in 2013; and there are issues around whether New Zealand should have an overarching fair-use exemption, and around the TPM [technological protection mechanisms] regime.

What’s the fair-use discussion about?

In New Zealand we have limited exemptions to copyright; for example journalists and others have a right to report on current affairs and not infringe copyright; there are educational uses and a few other specific uses; but they’re very strictly confined and defined.

In the US, arising out of First Amendment rights, they have an overarching fair-use defence, which is more fluid and more flexible. It will protect a number of things, particularly where no commercial damage is done to the copyright owner’s rights. For example parody and satire is fair use in the US, but because it’s not one of our defined exemptions it would be no defence in New Zealand.

How do you view the current state of the Trans-Pacific Partnership free-trade negotiations?

From my reading of where the Anti-Counterfeiting Trade Agreement (ACTA) got to, there will be minimal changes to our law. In the early stages of ACTA negotiation it looked like significant changes would be required. TPPA looks like it is going back to Stage 1 of ACTA and is proposing all the provisions and more that were such a concern with ACTA last year in New Zealand and around the world and gave rise to the Wellington Declaration.

So the TPPA is a real cause for concern, not only in its impact on copyright, but also trademark and patent law and other areas. It would require us to sign up to a number of international treaties that in the past we either considered and decided we didn’t want to sign up to, or considered and decided we already complied with [their provisions] and therefore didn’t need to [sign].

Signing up to TPPA in the area of intellectual property law would be the biggest change in the last 20 years at least, if we were to adopt the provisions that the US negotiators want us to adopt – as we have seen from leaked reports.

Anything else in TPPA apart from file-sharing that’s relevant to ICT?

There is the question of TPMs[technological protection mechanisms]. The suggestion from the US is that the mere breaking of a TPM should be a criminal offence, even where the material protected is out of copyright. If some US person decided to put Shakespeare on a CD and protect it with a TPM, you wouldn’t be able legally to get to the work.

What these measures are typically used for is to preserve zone control, where we pay more for, or can’t access material in New Zealand when it is a lot cheaper or has been released months ago in the US. That’s a very artificial way of looking at the world in the days of a global internet.

Do you see commercial services like iTunes changing the business model and attitude of the movie and music industries?

I think they are trying to change; but they have shareholders and investors who want returns. They are clinging for as long as they can to their [current] business models, and preparing, in the hope that when we realise where we are shifting to, they will be able to shift. But I think the ground is moving so fast that they will lose the game.

The danger is that they have created a generation of people who equate copyright with those outdated business models and therefore have lost respect for the fair control that people should have over their own creativity.

What might cure that is to have better access online. In New Zealand, we just can’t access a lot of this material. If you’re on a social network and people are talking about the latest series of a television programme in the US, you’re left out. In a globally connected world, what are people expected to do?

The irony about that is that a copyright owner will suggest that someone who file-shares [such] a television programme is causing them loss. If we can’t obtain that programme, there isn’t actually a lost sale.

What’s your impression of where our negotiators are on TPPA?

I think they are doing a very robust and good job. They are to be congratulated on two counts; firstly they have been relatively open. I see they have recently put up a TPPA discussion page on the MFAT website. That’s very useful; it reveals the local negotiators’ position quite clearly. Transparency is very welcome, given the secrecy of such negotiations in the past.

Secondly, the positions they have taken are balanced. They recognise that copyright and intellectual property laws are a balance between the rights of creators and the rights of users; and the interests of intermediaries such as ISPs also have to be factored in.

On the New Zealand side, this flows from a discussion New Zealanders have been having for at least 10 years about how technology and the internet should interact with the laws. That is a result of the discussion we have been having about changes to our intellectual property laws.

The position we have reached through changes to our Copyright Act, our Trademark Act and the Patents Act – those [last] are still going through [Parliament] – and by virtue of signing up to treaties, in particular TRIPs, we have reached a considered and balanced position. We are saying we have thought about this. Yes we recognise it is necessary to consider whether changes need to be made, but in our view the position we have reached is the right position at this stage and we do not need to go further.

Intellectual property is not the only matter that is being debated in TPPA, so if IP rights are going to be strengthened and that is the bargaining chip that US interests require, then we have to be damned sure we obtain countervailing benefits to New Zealanders.

I am not qualified to talk about those other aspects, but what we need is more transparency. At the moment we have some around the intellectual property aspects because of the agitation in that area, but we don’t have any as far as I know in the rest of the agreement.

Is there anything in the less-open parts of the agreement that might affect ICT?

The one thing I am aware of that would is the clauses relating to international investment. As far as I understand those clauses they suggest that if we change our law to comply with the agreement and later decide to change it again to deal with changing circumstances and that impacts adversely on an overseas company trading in or with New Zealand, then as I understand it, that company would have the right to sue the New Zealand government.

There have been examples of companies taking action against governments on the basis of similar clauses in existing agreements. We need to take notice of that, particularly in respect of intellectual property law that does and will need to change in the future.
http://computerworld.co.nz/news.nsf/...rade-agreement





File Sharing: Will New Copyright Act Tip the Balance for NZ Rights Holders?

The Copyright (Infringing File Sharing) Amendment Act 2011 comes into force on September 1 2011. This controversial legislation was designed to give copyright holders a fast and cheap method of preventing unauthorised file sharing over the Internet.

The act creates a procedure for rights holders to object to unlawful file sharing. They must:

• establish that a party has made an unauthorised copy of a copyright-protected work; and
• identify the internet protocol (IP) address to which the party downloaded the file.

The rights holder can then ask the internet service provider (ISP) that is responsible for the IP address to send an infringement notice to the account holder.

Infringement notices come in three forms: detection, warning and enforcement notices. If a person infringes copyright, the ISP must send the account holder a detection notice at the rights holder's request. If the same person infringes the same rights holder's copyright again, the ISP must send a warning notice if the rights holder so requests. A third infringement will lead to a final notice being sent.

Once a rights holder has issued an enforcement notice, it can apply to the Copyright Tribunal for damages of up to NZ$15,000 against the account holder. The tribunal must award damages against the account holder if it finds that infringement has taken place. The only exception is where it would be manifestly unjust to make an award against the account holder.

The most contentious part of the legislation is a provision that will allow a rights holder to apply to the district court for an order to suspend the account holder's internet account. However, this provision will not come into force in September 2011. Instead, the system will be reviewed after two years to determine whether the damages awards are acting as a sufficient penalty and deterrent. If not, the provision that allows for the suspension of accounts will come into force.

ISPs that allocate IP addresses now face the burden of putting systems in place before the September implementation date so that they can comply with their obligations under the act. This will involve a significant cost, which ISPs will have to bear. However, rights holders will be required to pay a fee - as yet undecided - for every infringement notice that they ask an ISP to send.

Some critics argue that the system is unnecessary and will not deter serious pirates. Nonetheless, the legislation will come into force as scheduled.

In May 2011 the Ministry of Economic Development asked for submissions on the proposed regulations. The deadline for filing submissions has passed and the ministry must now draft the regulations. It will then be a matter of waiting to see whether the system helps to curb online piracy.
http://www.internationallawoffice.co...4-f55d671979a3





Senate Committee Votes to Make Illegal Streaming of Movies, TV a Felony

The Commercial Felony Streaming Act is supported by AFTRA, the DGA, SAG and other Hollywood unions.
Alex Ben Block

Moving to close a possible loophole in the laws against the pirating of movies, TV shows and other intellectual property, the U.S. Senate Judiciary Committee on Thursday approved making illegal streaming of video over the Internet a felony in most cases. The proposed law will now go to the full Senate for consideration.

The Commercial Felony Streaming Act (S. 978), introduced by Senators Amy Klobuchar (D-Minn.) and John Cornyn (R-Texas), reconciles a disparity between the current law and streaming of content and peer-to-peer (P2P) downloading.

This legislation is supported by the Obama administration and a broad entertainment industry coalition, including the American Federation of Musicians (AFM), AFTRA, Directors Guild of America, IATSE and SAG. Others who have pushed for passage include the MPAA, the Independent Film & Television Alliance and the National Association of Theatre Owners.

"We commend the Committee for moving this important piece of legislation for consideration by the Senate. It will close a gaping hole in the law and go far in protecting the livelihoods of theater employees from the threat posed by illegal streaming,” says NATO President John Fithian. ”To the technicians, designers, construction workers, and artists who support their families through their work in entertainment, there’s no difference between illegal downloading and illegal streaming – it’s all theft that hurts their work, their wages and their benefits.

"This bill will help ensure that the punishment for these site operators fits the crime,” says Michael O’Leary, Executive Vice President, Government Affairs for the MPAA.

"The illegal streaming of motion pictures and television programming is as financially devastating for our industry as is illegal downloading,” says IFTA President Jean Prewitt. “Stealing is stealing, regardless of the means in which the product is being received.

The bill targets the illegal streaming of video for commercial purposes. The penalty is increased to up to five years in prison when it involves 10 or more instances of streaming over a 180-day period. The retail value of the streamed video must exceed $2,500, or the licenses to the material must be worth more than $5,000.

The bill follows the suggestion made two months ago by the White House Office of U.S. Intellectual Property Enforcement which urged Congress to make illegal streaming a felony.
http://www.hollywoodreporter.com/new...illegal-202503





Digital Economy Act Will Cost Nearly £6m

Amount rights holders, Ofcom and internet providers will pay to stop illegal filesharing revealed by FoI request
Josh Halliday

Rights holders such as Sony Music, whose artists include Beyoncé, will effectively pay back the £6m cost of the Digital Economy Act. Photograph: Kevin Winter/American Idol 2011/Getty Images

Government plans to curb illicit filesharing under the Digital Economy Act will have cost rights holders, Ofcom and internet providers almost £6m by the time the controversial legislation is implemented next year, according to figures released under the Freedom of Information Act.

The communications regulator Ofcom spent £1.8m investigating the filesharing measures last year. It expects to spend a further £4m in the financial year to March 2012, Ofcom confirmed in response to an FoI request on Thursday.

The costs are incurred as part of the regulator's process of researching a base level of copyright infringement, setting up an appeals body, and launching a nationwide education campaign.

However under the deal between the government and the industry, rights holders and internet companies – such as Sony Music, the Premier League, BT and Virgin Media – will effectively pay back the £6m once the anti-piracy scheme is up and running.

However, Ofcom will have to shoulder the £100,000 it has spent investigating one of the act's most contentious aspects – blocking access to websites accused of illicit filesharing – as requested by the culture secretary Jeremy Hunt in February.

The Department for Culture Media and Sport, which has undertaken most of the work on the act since it was passed in April 2010, is expected to disclose its costs under FoI laws in the coming days.

A DCMS spokesman said: "We will respond to the FoI request shortly."

Separately, BT and TalkTalk have been ordered to pay 93% of the government's legal fees of the judicial review of the Digital Economy Act, understood to be about £100,000.

The act is expected to come into force in the first half of next year after being held up by the legal review. BT and TalkTalk launched a third challenge to the act last month at the court of appeal.

In March, Ofcom announced it was to cut its £142.5m budget by more than 20% this year, to £115.8m, as it implements a four-year saving plan as part of the government's comprehensive spending targets.

The implementation of France's so-called "three strikes law" – which requires that ISPs disconnect alleged filesharers after three written warnings – is thought to have cost about €12m (£10m).

Ofcom declined to comment.
http://www.guardian.co.uk/technology...onomy-act-cost





Facebook Page Protests File Sharing Website Ban in Malaysia
Willis Wee

Thanks to Facebook, a throng of Malaysians, over 8,000 of them, are able to gather and let their voices be heard. The gather was triggered by the recent file sharing website ban placed by SKKM, the Malaysian Communications and Multimedia Commission.

TorrentFreak reported that a memo was sent to the Internet Service Providers to ban ten file sharing websites, including Pirate Bay and Megaupload. The decision was made to reduce pornographic content and perhaps also to battle against piracy content on the Internet. But to many Malaysians, especially to those who ‘like’ the Facebook page, blocking the pornography websites makes more sense. From the DontBockFS Facebook page:

Quote:
MCMC has released an official order to block access to file sharing web sites to all ISPs in Malaysia. The move is quite drastic and will surely enrage internet users in Malaysia. Do you agree with this move? Should they block pornography sites instead of file sharing websites? Now They Block File Sharing Websites, Next ? Facebook, Twitter?
The page was created yesterday and has so far gathered more than 8,000 supporters. It hit 7,000 today at about 2.30pm in the afternoon (GMT +8) which the folks “celebrated” with a graph.

Despite the huge reaction from Malaysians, Karyawan president Datuk Freddie Fernandez said the ban was a “tremendous move” by the Government.

“The music industry definitely applauds this decision because filesharing is against the law. It is piracy,” he said. The ten websites within the memo are:

http://www.warez-bb.org
http://thepiratebay.org
http://www.movie2k.to
http://www.megavideo.com
http://www.putlocker.com
http://www.depositfiles.com
http://www.duckload.com
http://www.fileserve.com
http://www.filetube.com
http://www.megaupload.com

This isn’t the first time that Malaysians gathered together on Facebook to protest against Internet-related decisions made by the government. In April, the government introduced 1Malaysia email which gives citizens an email account dedicated to receiving official governmental documents. The program which cost $50 million Ringgit ($16 million), caused a stir on Facebook as well. Many believe that the money can be invested in other much needed areas, such as improving Internet access in the country. One Facebook user said, “Dear PM there’s something called Gmail.”
http://www.penn-olson.com/2011/06/12...n-in-malaysia/





Online Users Bypass Block
P. Aruna and M. Kumar

PETALING JAYA: The online file-sharing community remains active despite the Government’s move to block 10 such websites to curb piracy.

Blogger and online marketing consultant David Wang said most users simply moved on to other websites offering the same facilities and services to download content.

“Users can also continue using the blocked websites by getting around it in a few simple steps,” he said.

Wang, who published a blog post titled “What is a DNS (Domain Name System) block and three ways to get around it” following the Govern#ment’s ban against the websites, said IT expertise was not necessary to gain access.

“Anyone who knows how to download free content from such websites will be able to do it,” he said.

A quick online search using the keywords “How to bypass DNS block” also showed many websites offering detailed explanations on the ways to get past it.

It was reported that the Government had declared war on file-sharing websites, with 10 of them blocked by the Malaysian Communications and Multimedia Commission (MCMC) in a bid to combat piracy.

The websites were among the most visited sites by Malaysians to illegally download movies.

The MCMC had on May 30 written to all Internet Service Providers (ISPs) ordering the block.

The letter, which was leaked online, also stated that the websites were being blocked for breaching Section 41 of the Copyright Act, which deals with pirated content.

The MCMC had said that the websites would be blocked in stages.

Sanjeev Nair, a marketing executive at an IT firm here, said although users could access the blocked websites through various other methods, the block should not have been imposed in the first place.

He said it was a violation of the MSC Malaysia Bill of Guarantees which stated that the Government would not censor the Internet.

“It is the principle of the matter and the authorities should realise that the Internet is all about sharing,” he said.

A check yesterday showed that nine of the websites were still accessible.
http://thestar.com.my/news/story.asp...415&sec=nation





U.S. Funding Stealth Internets to Circumvent Repressive Regimes
Dan Farber

The revolution will be broadcast, despite efforts by repressive regimes to censor or shut down Internet and cell phone networks.

The New York Times reports that U.S. government funding is helping to develop and deploy "shadow" Internet and mobile phone systems to undermine repressive regimes that seek to prevent dissidents from getting their stories out to the world.

According to the Times, by the end of the year the State Department will have spent $70 million on efforts to provide alternate pathways for dissidents to access the Internet and telecommunications services.

One group received $2 million to develop an "Internet in a suitcase" that could be easily carried and set up in a foreign country.

The use of technology as a kind of soft weapon and staple of foreign policy efforts against repressive regimes has become a focus for Secretary of State Hillary Clinton. The U.S. government has financed wireless networks in Afghanistan, Libya and other countries to assist dissidents in their efforts to bring about regime change.
http://www.cbsnews.com/8301-503544_1...87-503544.html





Rojadirecta Sues US Government, Homeland Security & ICE Over Domain Seizure
Mike Masnick

This morning, we wrote about the list of sites that ICE knew was challenging its domain seizures, and some people complained that there still were no details. There's been a lot happening behind the scenes, but the first bit of public information is now available, as the company behind Rojadirecta, Puerto80 has officially filed suit against the US government, demanding the return of its domains. Not only that, but it's brought on some top notch legal talent to help them. The company is represented by Ragesh Tangri and Mark Lemley from Durie Tangri. If you're at all familiar with intellectual property law, you know who Lemley is, and know the level of respect he gets within intellectual property circles. In fact, it's interesting to note that one of Lemley's papers is one that we've seen frequently cited by those who believe the domain seizures are legal. The fact that he's arguing on the other side seems pretty telling.

As for the filing itself, it details the stalling by the US government that we pointed out last month:

Contrary to the grounds on which the domain names were seized, the Rojadirecta site is not violating copyright law, let alone criminal copyright law. Rojadirecta explained this to the government when, on February 3, 2011, it sent ICE and the Department of Justice a letter requesting immediate return of the subject domain names pursuant to 18 U.S.C. § 983(f). Following that letter, counsel for Puerto 80 Projects, S.L.U. (“Puerto 80” or “Petitioner”), the company which owns the sites, repeatedly tried to discuss the seizure with the government, but was unable to engage with the government until it notified the U.S. Attorney’s Office of its intent to seek a temporary restraining order and file a petition for immediate return of the seized domain names. It was not until then that Puerto 80 was able to have a substantive conversation with the appropriate officials. Hoping to avoid burdening the court, Puerto 80 held off filing the instant petition pending the outcome of those negotiations. On May 26, 2011, the government informed counsel for Puerto 80 that the only acceptable “compromise” would entail Puerto 80 prohibiting its users from linking to any U.S. content anywhere on its sites. Because this “solution” would prohibit Puerto 80 from engaging in lawful acts not prohibited by copyright law, Puerto 80 chose instead to challenge the seizure in court.

The filing notes that it is asking the court to speed up the process, as it tried to be patient, but the delays in reclaiming the domain are harming Puerto 80's business. It also notes that "in hopes of avoiding having its property tied up in lengthy forfeiture proceedings, Puerto 80 decided to engage in good faith negotiations with the government and held off filing the instant petition pending the outcome of those discussions." It then lists out all of the detailed attempts to get the domains back. It involves multiple attempts by Puerto 80's lawyers to discuss this with the Justice Department, and as we heard from pretty much all the sites in this process, talking to anyone substantial proved to be quite difficult. It also notes that "the government attempted to dissuade Puerto 80 from filing anything in district court." That supports our contention that the government really wanted to avoid a legal challenge...

As for the specific legal arguments, it starts out by pointing out that under the rules for seized property, there are certain conditions under which the seized property should be returned -- with a key one being that "the property will be available at the time of the trial." As we've discussed at length, the key official reason for seizures is to preserve evidence. That's why this is a key element here: if the evidence will be there, there is no reason for the seizure.

Then out come the big guns, starting with the claim (as we've suggested in the past) that the seizure represents unlawful prior restraint (i.e., a violation of the First Amendment). Here's a big chunk of the filing, included in its entirety (minus footnotes), because it's quite interesting:

The seizure imposes another hardship on Puerto 80, in that it constitutes an invalid prior restraint and suppresses its users’ and readers’ protected First Amendment activities. See Fort Wayne Books, Inc. v. Indiana, 489 U.S. 46, 63 (1989) (“[W]hile the general rule under the Fourth Amendment is that any and all contraband, instrumentalities, and evidence of crimes may be seized on probable cause . . . ., it is otherwise when materials presumptively protected by the First Amendment are involved.”). See also Maryland v. Macon, 472 U.S. 463, 468 (1985) (“The First Amendment imposes special constraints on searches for and seizures of presumptively protected material, and requires that the Fourth Amendment be applied with ‘scrupulous exactitude’ in such circumstances.”) (internal citation omitted); Lo-Ji Sales, Inc. v. New York, 442 U.S. 319, 326, n.5 (1979) (noting that the First Amendment imposes special constraints on searches for, and seizures of, presumptively protected materials). In Fort Wayne, state and local officials (respondents) filed a civil action pursuant to Indiana’s RICO laws, alleging that the defendant bookstores had engaged in a pattern of racketeering activity by repeatedly violating Indiana’s obscenity laws. 489 U.S. at 50-51. Prior to trial, respondents petitioned for, and the trial court granted, immediate seizure of the bookstores pursuant to a state law that permitted courts to issue seizure orders “upon a showing of probable cause to believe that a violation of [the State’s RICO law] involving the property in question has occurred.” Id. at 51. On appeal, the Supreme Court held that the pretrial seizure order was unconstitutional, stating that “mere probable cause to believe a legal violation has transpired is not adequate to remove books or films from circulation.” Id. at 66. As in Fort Wayne, the government here has seized an entire business and effectively suppressed all of the expressive content hosted on it, including political discussions, commentary, and criticism by the site’s users—without it being determined whether the seizure was “actually warranted” under the relevant statutes. Id. at 67.

In Center for Democracy & Technology v. Pappert, 337 F. Supp. 2d 606, 619 (E.D. Pa. 2004), the Eastern District of Pennsylvania struck down, on First Amendment grounds, a Pennsylvania statute that permitted the state’s Attorney General or a district attorney to seek a court order requiring an Internet Service Provider (“ISP”) to “remove or disable items residing on or accessible through” the ISP’s service upon a showing of probable cause that the item constituted child pornography. The district court found that the statute imposed an unconstitutional prior restraint on speech. It concluded that under Fort Wayne Books and Bantam Books v. Sullivan, 372 U.S. 58 (1963), a court must “make a final determination that material is child pornography after an adversary hearing before the material is completely removed from circulation.” Pappert, 337 F. Supp. 2d at 657 (emphasis added). The court further noted that the state statute “allow[ed] for an unconstitutional prior restraint because it prevents future content from being displayed at a URL based on the fact that the URL contained illegal content in the past.” Id.

In the instant case, the government effectively shut down an entire website, suppressing all of the speech hosted on it, based on an assertion that there was probable cause to believe that some of the material linked to by the website (though not found on the website itself) might be infringing. The site’s owner was not provided any advance notice, nor was he provided the opportunity to contest the seizure before (or, for that matter, shortly after) the government shut down the site. Nor were the site’s users afforded any notice or opportunity to contest the seizure. Because case law is clear that “mere probable cause to believe a legal violation has transpired is not adequate to remove [protected material] from circulation,” Fort Wayne, 489 U.S. at 66, the seizure of the expressive materials in this case violates the First Amendment. See also Pappert, 337 F. Supp. 2d at 657 (finding that a procedure that permits a judge to make an ex parte finding of probable cause that material is child pornography, with no opportunity for the content publisher to receive notice or be heard, violates the First Amendment). This First Amendment deprivation extends not just to registered users of Rojadirecta, but also to anyone wishing to visit the website. See, e.g., Va. State Bd. of Pharmacy v. Va. Citizens Consumer Council, Inc., 425 U.S. 748, 756 (1976) (“[T]he protection afforded is to the communication, to its source and to its recipients both.”); Red Lion Broad. Co. v. FCC, 395 U.S. 367, 390 (1969) (“It is the right of the public to receive suitable access to social, political, esthetic, moral, and other ideas and experiences . . . . That right may not constitutionally be abridged . . . .”).

If you want the key bit, it's from that third paragraph above. One of the footnotes also points out (as we've noted elsewhere) that the government appears to have made up, whole cloth, the idea that linking to infringing content can be seen as criminal infringement:

Indeed, several courts have held that the act of indexing and linking to copyrighted material— which was the government’s basis for seizing the domain names—is not direct or indirect copyright infringement. See Field v. Google Inc., 412 F. Supp. 2d 1106 (D. Nev. 2006); see also Ticketmaster Corp. v. Tickets.com, Inc., No. CV 99-7654 HLH(BQRX), 2000 WL 525390, at *2 (C.D.Cal. Mar. 27, 2000) (finding that hyperlinking to other sites does not constitute direct infringement); Arista Records, Inc. v. MP3Board, Inc., No. 00 CIV. 4660, (SHS) 2002 WL 1997918, at *4 (S.D.N.Y. Aug. 29, 2002) (unreported) (linking to content does not implicate distribution right and thus, does not give rise to liability for direct copyright infringement); Online Policy Group v. Diebold, Inc., 337 F.Supp.2d 1195, 1202 n.12 (N.D. Cal. 2004) (“Hyperlinking per se does not constitute direct copyright infringement because there is no copying.”).

Finally, the filing points out that the domain names did not meet the conditions set out under US law to qualify for seizure in the first place, saying that it is not contraband, evidence, "particularly suited for illegal activities" or "likely to be used to commit additional criminal acts." That last one, I assume, is the one that most supporters of the seizures will take issue with, but, the argument is again laid out in tremendous detail:

Puerto 80 does not host any infringing material on the websites which operate under the subject domain names... In the same way a search engine or other site which aggregates links to existing material on the Internet, Rojadirecta provides an index of links to streams of sporting events that can already be found on the Internet through a search for those sites or simply by typing the URL for the site directly. Id. Such activity does not constitute direct copyright infringement, much less criminal infringement. See supra, at note 8. Indeed, United States Senator Ron Wyden (D-Or) made this point in a letter he wrote to ICE Director John Morton and Attorney General Holder expressing concern over the government’s seizure of the subject domain names....

Puerto 80’s operation of the Rojadirecta site does not constitute contributory infringement because the subject domain names are capable of—and are, in fact, used for— substantial non-infringing uses. Sony Corp. v. Universal City Studios, Inc., 464 U.S. 417, reh’g denied, 465 U.S. 1112 (1984); Arista Records LLC v. Lime Group LLC, 715 F. Supp. 2d 481, 517-18 (S.D.N.Y. 2010) (summary judgment inappropriate where material fact existed as to whether file-sharing program, which was “used overwhelmingly for infringement,” is “capable of substantial non-infringing uses.”).

Nor is Rojadirecta a site devoted simply to linking to such streams. In addition to providing a forum for discussion on sports, politics, and a variety of other topics, the Rojadirecta site enables users to post links to authorized sports broadcasts. For example, on Saturday, February 12, 2011, the Rojadirecta site (hosted on the rojadirecta.es domain name) provided a link to “9:30am Hockey (NHL): Los Angeles – Washington.”... Clicking on this link opened a new window for the Yahoo! sports website for the National Hockey League, and provided a live stream of the match between the Los Angeles Kings and Washington Capitals. Id.

Nor does Puerto 80’s operation of the Rojadirecta site constitute vicarious liability because it does not have “a right and ability to supervise that coalesce[s] with an obvious and direct financial interest in the exploitation of copyrighted materials.” Softel, Inc. v. Dragon Med. & Sci. Commc’ns Inc., 118 F.3d 955, 971 (2d Cir. 1997) (quoting Shapiro, Bernstein & Co. v. H.L. Green Co., 316 F.2d 304, 307 (2d Cir. 1963) (emphasis added)). Puerto 80 does not receive any revenue that is derived from specific content hosted on, or streamed by, the sites to which it links.... In other words, Puerto 80 does not receive any revenue from any site to which a user can link from the subject domain names based upon the content of that site. Id. To the extent there is any site to which Rojadirecta links that contains infringing material, Puerto 80 receives no specific financial benefit from a user clicking through to that site and viewing such content.... Because Puerto 80’s revenues are not tied to whether or not infringing material is linked to or accessed, the government cannot show that Puerto 80 has a “direct financial interest in the exploitation of copyrighted materials” which “coalesce[s] with” any right or ability to supervise what is linked to on the site. See Artists Music, Inc. v. Reed Publ’g (USA), Inc., Nos. 93 civ. 3428(JFK), 73163, 1994 WL 191643, at *6 (S.D.N.Y. May 17, 1994) (direct financial benefit not established where defendant leased space at a trade show for a fixed fee to exhibitors who played infringing music, but defendant’s revenues were not dependant on whether exhibitors actually played music or what they played); Viacom Int’l Inc. v. YouTube, Inc., 718 F. Supp. 2d 514, 521 (S.D.N.Y. 2010) (in DMCA safe-harbor context, “financial benefit directly attributable to the infringing activity” not established “where the infringer makes the same kind of payment as non-infringing users of the provider’s service”) (quoting Senate Judiciary Committee Report and the House Committee on Commerce Report, H.R. Rep. No. 105-551, pt. 2 (1998)).

Furthermore, the filing points out that the government totally failed to meet the requirements to show criminal copyright infringement, and notes that the government cannot show that Rojadirecta meets those requirements.

The full filing is embedded below, but I've pulled out most of the key points above... Earlier this morning we had supporters of the domain seizures insist that no one was actually filing lawsuits in the US over this. It will be interesting to see how they respond to this particular filing.
http://www.techdirt.com/articles/201...-seizure.shtml





"Big Content" Is Strangling American Innovation
James Allworth

Innovation has emerged as a key means by which the US can pull itself out of this lackluster economy. In the State of the Union, President Obama referred to China and India as new threats to America's position as the world's leading innovator. But the threats are not just external. One of the greatest threats to the US's ability to innovate lies within: specifically, with the music and movie business. These Big Content businesses are attempting to protect themselves from change so aggressively that they risk damaging America's position as a world leader in innovation.

Many in the high technology industry have known this for a long time. Despite making their living relying on it, the Big Content players do not understand technology, and never have. Rather than see it as an opportunity to reach new audiences, technology has always been a threat to them. Example after example abounds of this attitude; whether it was the VCR which was "to the American film producer and the American public as the Boston strangler is to the woman home alone" as famed movie industry lobbyist Jack Valenti put it at a congressional hearing, or MP3 technology, which they tried to sue out of existence. In fact, it's possible to go back as far as the gramophone and see the content industries rail against new technology. The reason why? Every shift in technology is difficult for them. Just as they work out how to make money using one technology, it changes.

The sensible thing for them to do would be to learn how to deal with the change. Instead, their approach to every generation of technology is either to attempt to stymie it so badly that nobody wants it, or to stop it altogether through their influence with lawmakers in Washington DC.

Now, in the past, these efforts might have impacted technology that only involved the consumption of movies and music. But as the technology used to display movies and listen to music converges with other technology — technology where America has historically led — Big Content's attempts to protect their business model threaten innovation at the very heart of America's competitive advantage.

Let's take a look at one specific example: the industry's repeated attempts to introduce innovation-chilling legislation. The latest is COICA, designed to allow the Government to take down any website that infringers copyright — and lock the domain. Fortunately, a number of American legislators have taken a more clear-headed view of the problem. It was defeated late last year in Congress, after being described by Senator Ron Wyden as a "bunker buster cluster bomb." But it's back again. In a recent interview, Silicon Valley Congressman Zoe Lofgren describes the back and forth with the content industry and their requests for legislation like COICA as increasingly draconian.

These laws won't just have the power to stop copyright infringers. They have the potential to stop legitimate uses that the content industries don't like — examples like YouTube and even the early MP3 players are examples of legitimate uses that big content have gone after. As Senator Wyden put it: "the collateral damage of this statute could be American innovation, American jobs, and a secure Internet."

The result of laws like this? Startups — the engine of America's growth — will just go elsewhere. China and India are creating environments extremely conducive to disruptive innovation. Even Europe is benefiting — one of the most promising recent music services, Spotify, is hosted in Europe. It's still not available to American consumers.

Unfortunately, a subset of what COICA proposes is already in existence today. Immigrations and Customs Enforcement (known as ICE) has been simply seizing domains of websites suspected of copyright infringement at taxpayer expense. Because of the sheer number of sites the content industries want taken down, they innovated — by bypassing due process altogether. ICE have taken down entire sites for only linking to files — for example, torrent-finder.com. The sites have no opportunity to stop this process until after they have been taken down.

If you're the next YouTube, would you want to locate here in the US and risk having the government simply switch off your site at the behest of Big Content? Or might it not be easier to find a more benign environment to create your business in?

The ultimate irony in all of this is that if we stop giving the content industries what they want — sweeping, blanket protections — we may actually be doing them a favor. They wanted the VCR banned. It turned out to be one of the most profitable technologies for the movie industry in its history. Ignoring their requests may turn out to be cruel to be kind — instead of focusing on trying to fight the technology, they'll be forced to find ways of profitably embracing it.

The next generation of technology companies are already starting to shift overseas. Before conceding to any more demands for protection from Big Content, America would do well to consider what it places at risk.
http://blogs.hbr.org/cs/2011/03/big_...ling_amer.html





Banks Turn to Schumer on Patents
Edward Wyatt

For years and much to their frustration, big banks have paid hundreds of millions of dollars to a tiny Texas company to use a patented system for processing digital copies of checks, making Claudio Ballard, the inventor of the system, a wealthy man and the bank industry’s biggest patent foe.

After years of fighting Mr. Ballard at the federal Patent Office, in court and across a negotiating table, the banks went to see one of their best friends in Congress, Senator Charles E. Schumer of New York, who inserted into a patent overhaul bill a provision that appears largely aimed at helping banks rid themselves of the Ballard problem. The Senate passed the bill easily in March.

The proposal would allow banks to get a federal re-examination of certain patents that they have been accused of infringing, specifically limited to “a financial product or service.” The language is now included in a bill that may come to a vote in the House of Representatives as early as Wednesday. While at least two House members have moved to strip the provision from the bill, bank lobbyists have worked hard to defeat previous attempts to remove it.

Mr. Schumer and the Financial Services Roundtable, a business group that pushed the measure, say the provision is not focused on any one company but more broadly at “meritless litigation over patents of dubious quality,” as Steve Bartlett, the president of the Roundtable, said at a House hearing.

Mr. Schumer said that most of the largest New York banks had settled disputes with Mr. Ballard and his DataTreasury Corporation of Plano, Tex., and Mr. Schumer says those agreements will not be affected.

But DataTreasury and Mr. Ballard have fought back. They have hired their own Washington lobbyist, financed in part by the $400 million in settlements, jury verdicts and royalties earned in recent years.

In an interview, Mr. Ballard said the banks’ argument that they had embarked on electronic check processing — the process covered by his patents — long before his patents were issued is simply wordplay.

“You can say that about the guy who invented the light bulb,” Mr. Ballard said. “Steel had been around forever, tungsten had been around forever, glass had been around forever. But someone put all those elements together and created the light bulb.”

The patents at issue are called “business method” patents, which cover a process for performing a task but not necessarily the technology required to make it happen. Method patents are the bane of the corporate world, and business groups say they encourage frivolous lawsuits based on faulty application of patent law.

Mr. Schumer said he believed he did the right thing. “This is a case where one company has made a cottage industry out of extracting legal settlements by exploiting a fuzzy part of the law on patents,” he said. “When New York institutions are in the right and under assault, I will support them all the way. If these lawsuits are legit, the company should have no problem letting the patent office do an independent review.”

DataTreasury patents have already been reviewed and validated by the patent office, but the bill would allow for an expanded consideration of other elements in a new review format.

While other provisions address reviews for patents after they are issued, the language of Mr. Schumer’s provision seems aimed at banks or, specifically, “a method or corresponding apparatus for performing data processing operations used in the practice, administration or management of a financial product or service.”

The DataTreasury camp says it has little doubt that the Schumer provision is aimed at the company. “There’s no question about that,” said John Feehery, a prominent Washington public relations executive and a spokesman for DataTreasury. “It’s a specific provision aimed at a small company.”

Supporters insist that the provision can be used against patents for electronic commerce in any industry, but banks have been especially energetic in their support of the measure.

Three of the largest financial lobbying groups — the Financial Services Roundtable, the Independent Community Bankers of America and the Securities Industry and Financial Markets Association — which spread campaign contributions lavishly through both chambers of Congress, have warned the bill’s main sponsor that they will fight any patent legislation that does not include the special financial exemption.

The Schumer provision is not the only disputed part of the patent overhaul bill. To help the patent office update its technology and deal with a mountain of patent applications, the bill would allow the patent office to keep all of the fees it collects to finance its operations, removing it from politics of the Congressional appropriations process. Leaders of the House Appropriations committee strongly dismiss the idea.

The bill would also change the rules for which inventor would obtain a patent by shifting to a first-to-file system instead of a first-to-invent system, which is the current practice.

Small businesses do not like that change because they fear they will be outrun in a race to the patent office.

The patent office director, David J. Kappos, has championed patent reform, and the trade groups and Mr. Schumer have said that he helped to write the Schumer provision.

More than three dozen banks have signed license agreements with DataTreasury to use its patents, but Mr. Ballard, the company’s chairman, said he feared that the bill could undo all of that. That is part of the reason he has employed Thorsen French Advocacy, a Washington lobbying firm, and a team of other consultants and advisers.

He refers to himself as an inventor, but Mr. Ballard, 52, is really a computer engineer who has spent most of his career in and around the technology industry. He has worked on software systems for large companies like General Electric, and he has started his own businesses.

So he bristles at the characterization of DataTreasury as a company that merely exploits dubious patents.

It is true that the company now is just a holding company for the patents with only a few employees. At one time it had more than 100 — before the banks stole his patented technology, he said.

“I didn’t invent the scanner; I didn’t invent networking, or computers or software,” he said. “But I am an expert at systems integration, and I created this complete end-to-end solution” for digital check processing.
https://www.nytimes.com/2011/06/15/b...15schumer.html





States Weigh Relaxing Penalties for Teen Sexting
David Klepper

A congressman who sends an X-rated photo of himself jeopardizes his reputation and his job. But in many states, teens caught doing the same thing can risk felony charges, jail time and being branded sexual offenders.

That's because a minor who transmits a sexually explicit photo of themselves according to many state laws, is manufacturing and distributing child pornography. Lawmakers across the country, however, now say the problem of teen sexting didn't exist when they enacted harsh punishments for child porn and are considering changes that would ensure minors don't face jail time for youthful mistakes.

"Let's just call this what it is: stupid," said Rhode Island state Rep. Peter Martin, a Democrat from Newport who is sponsoring a bill to downgrade teen sexting from a felony to a juvenile offense. "These are kids we're talking about. I don't think minors should face these severe punishments just for being stupid."

Legislatures in Rhode Island and 20 other states have considered bills this year to adjust penalties for teen sexting, according to the National Conference of State Legislatures. California lawmakers are considering legislation that would enable schools to expel students caught sexting. Florida lawmakers voted to punish teen sexting with a $60 fine and community service.

Lawmakers in New York, where U.S. Rep. Anthony Weiner is embroiled in a sexting scandal, have introduced legislation that would allow judges to send teens who send explicit photos to counseling instead of jail if prosecutors agree they meant no harm.

Studies show that one in five teens has electronically transmitted explicit photos of themselves, and one third say they have received such photos. It's a 21st century update of "I'll show you mine" with one critical difference: lewd photos can be passed on with the push of a button and live forever on the Internet.

"It's an extraordinarily common behavior among kids, like it or not," said Amy Adler, a law professor at New York University who has studied how child pornography laws have been applied to sexting. "I hope lawmakers and prosecutors figure out quickly how to address it, because it's not going away."

Parents and educators are the most likely to discover that a teen has sent or received lewd photos. Even when police or prosecutors get involved, most cases don't result in felony charges. But it has happened.

Six Pennsylvania teens faced felony child pornography charges after police found underage boys swapping nude pictures of female classmates. Three girls were charged with manufacturing and distributing child porn, and three boys were charged with possession. The case ended up in juvenile court, where the teens were sentenced to community service and curfews.

In another Pennsylvania case last year, a federal judge blocked a prosecutor from filing felony charges against teen girls caught in a sexting investigation.

Last month, a Michigan prosecutor announced he had authorized felony charges against three 13- and 14-year-olds caught sexting.

In Rhode Island, a 16-year-old avoided felony charges last summer but pleaded guilty to disorderly conduct and indecent exposure. The boy had shown friends an explicit phone video of himself with a female student. He was sentenced to 200 hours of community service and prohibited from owning a cell phone with a camera for one year.

Prosecutors and judges need more discretion to treat each cast of sexting differently, according to Sherry Capps Cannon, a former principal and high school administrator who recently graduated from Southern University Law Center in Louisiana, where she wrote a law review article examining laws surrounding teen sexting.

There's a big difference, she said, between an adult who emails an explicit photo of a young teen and a 15-year-old who sends such a photo to a boyfriend. But laws in most states make no distinction.

"The law has to acknowledge the intent of the person sending the photo," she said. "Right now, laws designed to protect children are being used to punish them."

The legislation working its way through the Rhode Island General Assembly would make sexting by minors a juvenile offense similar to truancy. The bill has passed the House and awaits a vote in the Senate. Under current law minors who transmit indecent photos of themselves could face criminal penalties including prison time and fines of up to $5,000.

Teens who forward indecent photos of other minors, however, could still face child pornography charges.

State Sen. John Tassoni led a state task force examining cyberbullying and other problems caused by teens using technology in inappropriate ways. He said parents and schools can help stop sexting by reminding students that mistakes committed in cyberspace can have long-lasting, real-world consequences.

But as Weiner's recent case shows, he said, there's no age limit for inappropriate Internet use. And Tassoni doesn't see the problem going away anytime soon.

"I tell these kids that whatever they're putting out there will live forever," said Tassoni, D-Smithfield. "We need to discourage it, but charging them with felonies doesn't seem to be the way to do it."
http://www.newstimes.com/business/ar...ng-1420785.php





F.B.I. Agents Get Leeway to Push Privacy Bounds
Charlie Savage

The Federal Bureau of Investigation is giving significant new powers to its roughly 14,000 agents, allowing them more leeway to search databases, go through household trash or use surveillance teams to scrutinize the lives of people who have attracted their attention.

The F.B.I. soon plans to issue a new edition of its manual, called the Domestic Investigations and Operations Guide, according to an official who has worked on the draft document and several others who have been briefed on its contents. The new rules add to several measures taken over the past decade to give agents more latitude as they search for signs of criminal or terrorist activity.

The F.B.I. recently briefed several privacy advocates about the coming changes. Among them, Michael German, a former F.B.I. agent who is now a lawyer for the American Civil Liberties Union, argued that it was unwise to further ease restrictions on agents’ power to use potentially intrusive techniques, especially if they lacked a firm reason to suspect someone of wrongdoing.

“Claiming additional authorities to investigate people only further raises the potential for abuse,” Mr. German said, pointing to complaints about the bureau’s surveillance of domestic political advocacy groups and mosques and to an inspector general’s findings in 2007 that the F.B.I. had frequently misused “national security letters,” which allow agents to obtain information like phone records without a court order.

Valerie E. Caproni, the F.B.I. general counsel, said the bureau had fixed the problems with the national security letters and had taken steps to make sure they would not recur. She also said the bureau, which does not need permission to alter its manual so long as the rules fit within broad guidelines issued by the attorney general, had carefully weighed the risks and the benefits of each change.

“Every one of these has been carefully looked at and considered against the backdrop of why do the employees need to be able to do it, what are the possible risks and what are the controls,” she said, portraying the modifications to the rules as “more like fine-tuning than major changes.”

Some of the most notable changes apply to the lowest category of investigations, called an “assessment.” The category, created in December 2008, allows agents to look into people and organizations “proactively” and without firm evidence for suspecting criminal or terrorist activity.

Under current rules, agents must open such an inquiry before they can search for information about a person in a commercial or law enforcement database. Under the new rules, agents will be allowed to search such databases without making a record about their decision.

Mr. German said the change would make it harder to detect and deter inappropriate use of databases for personal purposes. But Ms. Caproni said it was too cumbersome to require agents to open formal inquiries before running quick checks. She also said agents could not put information uncovered from such searches into F.B.I. files unless they later opened an assessment.

The new rules will also relax a restriction on administering lie-detector tests and searching people’s trash. Under current rules, agents cannot use such techniques until they open a “preliminary investigation,” which — unlike an assessment — requires a factual basis for suspecting someone of wrongdoing. But soon agents will be allowed to use those techniques for one kind of assessment, too: when they are evaluating a target as a potential informant.

Agents have asked for that power in part because they want the ability to use information found in a subject’s trash to put pressure on that person to assist the government in the investigation of others. But Ms. Caproni said information gathered that way could also be useful for other reasons, like determining whether the subject might pose a threat to agents.

The new manual will also remove a limitation on the use of surveillance squads, which are trained to surreptitiously follow targets. Under current rules, the squads can be used only once during an assessment, but the new rules will allow agents to use them repeatedly. Ms. Caproni said restrictions on the duration of physical surveillance would still apply, and argued that because of limited resources, supervisors would use the squads only rarely during such a low-level investigation.

The revisions also clarify what constitutes “undisclosed participation” in an organization by an F.B.I. agent or informant, which is subject to special rules — most of which have not been made public. The new manual says an agent or an informant may surreptitiously attend up to five meetings of a group before those rules would apply — unless the goal is to join the group, in which case the rules apply immediately.

At least one change would tighten, rather than relax, the rules. Currently, a special agent in charge of a field office can delegate the authority to approve sending an informant to a religious service. The new manual will require such officials to handle those decisions personally.

In addition, the manual clarifies a description of what qualifies as a “sensitive investigative matter” — investigations, at any level, that require greater oversight from supervisors because they involve public officials, members of the news media or academic scholars.

The new rules make clear, for example, that if the person with such a role is a victim or a witness rather than a target of an investigation, extra supervision is not necessary. Also excluded from extra supervision will be investigations of low- and midlevel officials for activities unrelated to their position — like drug cases as opposed to corruption, for example.

The manual clarifies the definition of who qualifies for extra protection as a legitimate member of the news media in the Internet era: prominent bloggers would count, but not people who have low-profile blogs. And it will limit academic protections only to scholars who work for institutions based in the United States.

Since the release of the 2008 manual, the assessment category has drawn scrutiny because it sets a low bar to examine a person or a group. The F.B.I. has opened thousands of such low-level investigations each month, and a vast majority has not generated information that justified opening more intensive investigations.

Ms. Caproni said the new manual would adjust the definition of assessments to make clear that they must be based on leads. But she rejected arguments that the F.B.I. should focus only on investigations that begin with a firm reason for suspecting wrongdoing.
https://www.nytimes.com/2011/06/13/us/13fbi.html





Surveillant Society
Devin Coldewey

One aspect of the Egyptian uprising (among the others, most ongoing) that was overpowered by the wild acclamation of social media is something that has been quietly but powerfully changing societal norms over the last decade. It is simply the inclusion, on almost every mobile phone sold, of a digital camera. When 90% of the active population can, at any time, record an event they are witness to, and transmit it to the rest of the world instantly, many rules begin to change.

It’s not new, of course: “citizen journalism” has a long history before mobiles were prevalent, and the growing trend of “you report”-style news and things like Twitter streams in live reporting are as plain as the lens on your phone. And while I regularly deride the quality of camera phones, the truth is that improvements have been made that are now promoting phone-cams from joke cameras to true documentary devices.

The reason I bring this up today is because of a video I watched a few weeks back that documented some aggressive behavior by a few NYPD officers. You may have seen it — it’s up to around 400,000 views now. Not that this particular incident is of particular import (compared to the countless enormities being perpetrated every day around the world), but its trajectory (essentially viral) is signal. And, importantly, the quality of the video is good enough to prove identities in court, and arguably too difficult to fake. A few years ago this level of definition would only be available on a thousand-dollar camcorder. Today it’s on phones that are literally being given away. Malcom Gladwell may be out of vogue presently, but nevertheless this has all the appearances of one of those tipping points.

Institutional

What happens, exactly, when every individual is not only a node connected to a worldwide network, but is also able to take anything they see and cause it to be made public and (efforts are made in this direction) unable to be taken down?

The consequences are, in an institutional way, the same loss of deniability that has affected citizens in cities like London, where CCTV cameras have squelched crime on the street, and around the world, where the loss of privileged privacy is now affecting everyone tagged in an embarrassing photo on Facebook. The assumption that one is not being recorded in any real way, a standard in civilization for more or less all of history, is being overturned. (I’ll be writing more about this in a longer series of posts on privacy, but the societal effect of widespread documentary devices is distinct enough to consider on its own.)

Places where this effect is already visible include some parts of government: official Congressional discussions, for instance, are frequently broadcast and have been recorded in their entirety for decades. You can’t take back something you say on the Senate floor. CEOs of major companies, too, have felt the sting of the ever-vigilant ears and eyes of the internet. Steve Jobs’ infamous response to a user regarding the iPhone 4 antenna issue is a good example, but similar things happen every day, and now that there’s no plausible deniability (since as head of the company almost all their public speech is on the record), CEOs have become slaves to the PR department in a bizarre inversion of internal corporate checks and balances.

And there is, of course, the more obvious example of things like police brutality. Rodney King was an early indicator of the directions things will take. But imagine if catching police when they acted illegally were to be the rule rather than the exception. That’s what the NYPD cops who hassled that passerby are finding out, and I suspect many more in positions where abuse of authority is a risk will find out soon as well. Too late for them to save themselves, but just in time for victims (not just of police brutality, but of any kind of unexpected or undocumentable trauma or danger – a hit and run, for example), who for centuries have lacked a way to strike back, for want of evidence. “Your word against mine” can be a serious and drawn-out dispute, subject to all kinds of subjective judgments, loyalties, rights, and arguments; “Your word against my high-definition video” gives citizens and the vulnerable a bit more leverage.

Things aren’t so simple, though. As anyone who has worked in visual media can tell you, deception and fakery are not only incredibly easy, but very common as well. Hoaxes, fakes, set-ups, staged scenarios, creative editing, post-production, photoshopping, and every other tool of the trade, all show something other than the raw, original product. I’m not familiar with forensic digital media evaluation tools in use today, but I get the feeling that if they’re not inadequate now, they will be so in a few years.

It matters because as “citizen journalism” becomes more commonplace, distinguishing between verified and unverified media will become a serious problem (and, I would hazard, a serious business). Indeed, where unverified reports are the rule and anecdote prevails over skepticism (cryptozoology, UFOs, faith healing, etc.), fakes are demonstrably much more common than in, say, day-to-day news reporting. As the volume of self-reported news (and implicit trust thereof) increases, the tools to vet it become that much more important.

And where better to search for proof of authenticity than in a courtroom? I think that we will find that, as we produce more and more images and video, less and less of it will be considered “admissible” (since “publishable” and the like are valueless now), a standard for which we will need to come to some kind of agreement about the definition of a “digital original.” Imaging companies have attempted to do this, but as I posted a short while ago, their method is inadequate.

The ability to determine whether something has been digitally tampered with may be a new and frustrating mire of red tape and legislative dysfunction, but it’s essential to a society that is capable of producing and tampering with documentary evidence. Timestamp incorrect? Inadmissible. Cropped? Inadmissible. EXIF blank? Inadmissible. Restrictions like these, and more sophisticated things like investigating sub-pixel metadata and so on, will be tools of legal protection the way, say, a public notary has been for paper documents.

Worth noting separately is the difference between what I am describing and the more familiar “surveillance society,” which is not related to decentralized documentational powers but centralized monitoring powers. I borrowed the idiom, and in some places these ideas overlap, but for the most part they are distinct (and it is upon the distinctions that I am focused).

Social

A change that will need to occur along with this huge increase in citizen surveillance (because really, that’s what having cameras in the hand of every person amounts to) is finding out what is acceptable behavior on camera. This is, again, a topic I’ll discuss in later articles covering different aspects of privacy, but the relevant portions here are two in number: first, that what is acceptable for, say, an employer to see in your Facebook profile will change, and second, that control over your own data will be a sticking point one way or another.

These days it’s not uncommon for someone to lose a job or not be hired because of something seen and deemed irresponsible on their Facebook or Flickr page. I get the feeling that as a generation accustomed to the social net grows up and ascends the ranks, this kind of judgment will decrease in intensity, while at the same time such social checks will become more common. A more troublesome point is the fact that if you show everything, you’re likely to show something you should have hidden, and if you hide everything, everyone will assume you did so for a reason. Employers might require you to be Facebook friends with them so they can monitor you. Make no mistake, this is certainly a breach of privacy, but it’s going to happen (in all likelihood is happening already – do you do this?). Refusal to, or having pictures hidden, untagged, and so on, may for a time be considered withholding information. It’s going to be rough for a while.

But the end result is a society that is more at home with itself in public, and less concerned about what may or may not make it into the hands of our parents or employers — not necessarily because we have more control, but because the threat is known.

Yet the question of control is problematic as well. If a friend takes a picture of you, uploads a cropped version to Flickr and Facebook, and “keeps” the original in a folder somewhere, what is the rights situation with that picture? You’ve surrendered some of your claim by putting it on Facebook, where it is immediately catalogued, resized, copied, and so on. What if you retain the “original”? What if it’s your camera, or you took the picture, and they uploaded it? If the servers are in Iceland, the company is in the US, and the user is in Germany, what then? The issue of ownership is being muddied by the same process that has upended media industries – the transition of recordable data from physical to virtual property, infinitely copyable but still subject to many of the necessities of more traditionally-held items. Who owns what, who is legally bound to act in which way, which licenses supercede others? A team of lawyers and scholars might spend months putting together a cohesive argument for any number of possibilities. What chance does an end user have to figure out whether or not they have the right to print, distribute, delete, and so on?

Ownership of the data we create is a complicated and subtle thing, and right now the content is piling up, but understanding of how that data is stored, licensed, accessed, and so on is no better than it was. We’ll need to take charge of our own data, but do we even have the tools to do so? Have we already given up our rights to EULAs and obscure default settings? I doubt I could delete myself from the net without breaking a dozen “contracts” and as many loosely-interpreted laws.

Surveillant Society

But these are all bridges that are better crossed when we reach them. It’s fun to play pretend in a future of gigapixel phone cams and Blade Runner-style “enhance,” but there are changes other than technical and legal ones that are perhaps better worth our considering. (Why I didn’t put them at the beginning of this article, the better to get my point across, is, as usual, a mystery. But hopefully your eye was drawn here, dear reader, by the bold text above.) I’m speaking of our responsibilities as a society to use these new tools judiciously and responsibly.

A few days ago, I was at a local coffee shop, writing as usual. A girl sat her things down on the table in front of me, then went outside to smoke. When she got back a few minutes later, her bag was gone. Someone had stolen it, in front of my eyes (and, in my defense, the eyes of the baristas and everyone else). There were, by a conservative estimate, some 40 cameras in the place, counting webcams, phone cams, and point and shoots, though unfortunately no security cameras. All of those cameras were either in pockets or pointing at nothing. Does anyone else sense a missed opportunity here?

Don’t you think it’s our responsibility as members of society to back each other up however we can? The guys on that balcony in New York knew the biker being cited, so they recorded it, and happened to catch questionable behavior on the part of the cops. Would they have recorded it if they hadn’t known the guy? Perhaps only if they saw the other man being hassled? What if they were recording, and nothing of serious consequence occurred — did they violate anyone’s privacy? Maybe, maybe not. But I think that increasingly, the answers to these questions are tending towards the “record first” mentality.

In a situation of medium importance (we’ll call it) like that one, the constant presence of cameras and smartphones is, at the very least, potentially welcome. But consider a situation like the ongoing revolutions in the middle east, where cameras have also become pervasive. No government is vigilant enough (though some are brutal enough) to prevent a hundred thousand massed citizens from taking pictures of the force suppressing them, or of the crowd itself, or of atrocities finished in seconds that would otherwise have only been hinted at in second-hand reports in newspapers. Again: the camera, combined with the will and means to use it and spread the resultant images, gives the underdog leverage, as with the lesser case of police aggression in New York, and makes quaint the traditional obfuscatory tactics of oppressive regimes. The policy of shutting down cellular networks and internet is a desperate move and will only be effective as long as we don’t have the means of circumventing it. Ad-hoc networks will emerge as a serious force to be reckoned with, and represent a true democratization of data distribution.

Not that we should all be constantly suspicious of each other at all times and in all places (though I admit I at least should have been vigilant enough to notice such a brazen theft as that in the coffee shop), but it seems a little strange to me, that a crime should be suffered to be committed in the presence of some three dozen cameras. The logical next step, after assuming one is being recorded at all times when in public (potentially true) is ensuring one is being recorded at all times when in public. Theoretically, you won’t act any differently, since you’re already operating under that assumption.

Yes, I’m suggesting that, when it’s technically feasible, our cameras should be recording at all times, unless instructed otherwise. Our personal imaging devices have become more and more accessible over the years, and this is really the vanishing point for that trend, which we may approach asymptotically (or Zenoistically, if you will) Many cameras do this on command, especially high-speed models made to catch events too brief for the camera operator to react. The limitations are technical only — and philosophical, of course. If your phone recorded the voice of an attacker, or the gunshot of a policeman preceding a warning rather than following it, would you regret that functionality? If you could be sure that this information could not be obtained except by your requesting it, however idealistic that notion is, would you submit to it? And how long before it’s considered negligent to have not recorded an accident or criminal act?

The notion of privacy in public is being demolished anyway. Every inch of your city has been mapped by Google; you cross the paths of dozens of cameras every day. In cities like New York and LA, where filming on the street is common, you can sign away your appearance rights by walking past a “recording in progress” sign. A large number of people voluntarily (or unknowingly, but that’s another story) let themselves be tracked by their phones or cameras. Your home address, place of work, and general likeness are public information. Your shopping habits, brand preferences, and shoe size are on record and being sold to the highest bidder. Forensic audio analysts in London tracked the location of sounds in the city based on variations detected in the power grid. You have no privacy in public, haven’t had any for a long time, and what little you have you tend to give away. But the sword is double-edged; shouldn’t we benefit from that as well as suffer? A surveillance society is watched. A surveillant society is watching.

It’s not an idea that’s easy to get used to, but neither was the idea of widespread instantaneous photography in the late 19th century. The fact is it’s happening, and to pretend otherwise only retards progress. In 10 years, the idea that you’re not being recorded at all times when outside your home (in any populated area, anyway) will be as quaint as the idea now that you can maintain any kind of meaningful anonymity while availing yourself of modern banking, social internet, and mobile phones. A world where fear of persecution, accident, and injustice are unfounded is a fine dream, but that’s not the world we live in, nor the world we’re approaching. Our society will be a surveillant society; it’s up to us to make that a virtue, and not just another fear.
http://techcrunch.com/2011/06/17/surveillant-society/





Bilderberg 2011: The Tipping Point

What we have learned from this year's Bilderberg conference
Charlie Skelton

This year, Bilderberg was bigger than ever. Bigger crowds, bigger names, more coverage. So here, starting with about the least most important thing, is what I've learned from this year's Bilderberg summit in St Moritz.

I've got a bit of a crush on the Chinese vice-minister for foreign affairs

Move over Queen Beatrix. Fu Ying is my new postergirl. I can't help myself. She just seems so … fun.

Always hopping about, taking photos of wild flowers, pointing at the view, laughing – she's like, I don't know, a normal person or something. I look at Ying and have to wonder if China's really such an oppressive place after all. It can't be! Not with people like lovely Fu Ying running it. I think we've been misinformed.

Western lies. Fu is the real China.

The BBC turned up!

But only in the form of Marcus Agius, the senior non-executive director on the BBC's executive board. He's also chairman of Barclays, and extremely well connected. Here he is, queuing to get on a private jet home.

Also on board was Washington hawk, and one of Bilderberg's nastiest pieces of work, Richard Perle. Boy, that's someone you don't want to get stuck next to on flight. I bet he really hogs the armrest.

Bilderbergers look down on things

I've looked at hundreds of photos of the delegates on their nature walk through one of the world's most stunning valleys, and this is honestly the case: they don't look at the view. They walk with their heads down. They stare at their shoes. Googleboss, Eric Schmidt, was probably the least engaged with the world around him:

I know this sounds crackers, but it's really noticeable. It's heads down, as they network with grim determination. The only pair who looked up at all were Fu Ying (*SIGH*) and Loukas Tsoukalis, president of a Greek thinktank. Here he is, with his binoculars, smiling at a passing jogger.

I think Tsoukalis and Fu Ying would make a good couple. I'll stand aside for the sake of international relations.

Bilderberg is the best networking event in the world

And I'm not just talking about the way it gives Douglas Flint, the head of HSBC, the chance to bend George Osborne's ear (policies). It's turned into the most extraordinary networking event for people on the other side of the security line.

I've just spent the best part of a week rubbing shoulders with a bunch of politically articulate, highly intelligent, engaged individuals: many of whom are scarily young and energetic. The character of the event has utterly changed over the last three years. The numbers have rocketed: from about a dozen in 2009, to three hundred in 2011 – and that's according to the Swiss police.

What the mainstream press have failed to do, the alternative media are simply getting on and doing. In the absence of an adequate press centre, people have formed their own. In the weird journalistic vacuum of the conference, people are newsgathering and sharing their information – and sending out bulletins to the world. It's properly inspiring, and it's only going to get bigger.

If you're simply looking to meet switched-on, clued-up people, come to Bilderberg 2012. If you want to help, observe, tweet, photograph, give legal advice, learn, share, chat, talk geo-politics, attend meetings, or just sip beer and watch the spectacle unfold, then come. The spectacle of Bilderberg is reason enough to turn up, but the people – that's where the real value is.

Email us at bilderbergmeetings@yahoo.com and come along to the summit of a lifetime.

It's been a happy conference

On Sunday, we bought a cake and a card for David Rockefeller, and delivered them to the gates of the hotel. We couldn't find a card with "Happy 96th Birthday" on the front, but we got one that showed a rainbow over the Engadine: a symbol of peace between God and humanity after the flood.

And I have to say, it's been a very peaceful conference on the outside. The activists have been picking up their litter, shaking hands with security – and the Swiss police issued a press release saying the behaviour of the crowds was "grade A". In Spain last year, it was the same: they sat in a circle on the beach and encircled the hotel with love. This year, people gathered at midnight on Saturday, with candles and lanterns, and sang birthday songs to Rockefeller.

"For he's a jolly good fellow, which nobody can deny ..."

I'm not saying there wasn't a note of irony in the song, but nobody threw their shoes. It was far too wet.

If you're not on the list you're not getting in

We knew that already, but this year for the first time, elected public representatives are queueing up to find out what's going on in their turf. An Italian MEP (a member of the European parliament's Committee on Civil Liberties, Justice and Home Affairs), Mario Borghezio, was beaten up and arrested by Bilderberg private security. The next day Swiss MP Dominique Baettig was denied entry for after dinner drinks. He probably had an inkling he wasn't going to share a cognac with Kissinger that evening, but it spoke volumes that he tried.

Bilderbergers don't do airport security

Helicopters and private jets have been haring up and down the Engadine, but with all this air traffic I shouldn't think a single Bilderbag has been scanned, let alone searched. They're barely glanced at. We watched as billionaire Alexei Mordashov's bags went from speeding people-carrier to private jet without so much as touching security:

Not that I think Alexei Mordashov has been nicking the cutlery from the conference venue in order to melt it down into car parts, but it does slightly stick in my craw that as airport security for the average citizen gets ever tighter, airport security for the likes of the oligarch Mordashov barely exists. It's a two-tier system, and to think it's ok – that it's rational, and suitable – one really has to do a lot of mindbending. The best I can do is that it's ok because he's a busy man. He's got important stuff to do. Billionaire stuff.

The rationale is basically this: you want to check his bags? Come on! Get out of the way! Billionaire coming through!

Anonymity is for Bilderbergers, not for the public

The police and secret services keep the cameras at bay. The pegged-up shower curtain hides the hotel. Blackened windows and security escorts protect the delicate, quivering participants from the horror of being identified. The coyest are never seen at all, and never make the delegate list.

Now compare that with your life. CCTV cameras with face-recognition software scan your daily life. Travel cards log your journeys. And online, you'll have noticed – particularly in the last year – how your accounts are all being linked, and how you're having to constantly prove your identity. Anonymity is a sin. Anonymity is what terrorists do.

And here's the irony. In secret, with no public oversight, a group of politicians, billionaires and corporate CEOs are discussing (we're told): Social Networks: Connectivity and Security Issues.

The global policy concerning the transparency of our social life is being thrashed out in an untransparent forum by people whose "social network" includes people like Henry Kissinger and the chairman of Goldman Sachs International. It also includes people we don't even know are there (this happens every year, names emerge that were never admitted to).

It's not wrong to want to know more

Thomas Jefferson said: "Whenever the people are well-informed, they can be trusted with their own government." And: "If once they [the people] become inattentive to the public affairs, you and I, and Congress, and Assemblies, Judges, and Governors, shall all become wolves."

Without the people's attention to government, government grows fangs; but: "Enlighten the people generally, and tyranny and oppressions of body and mind will vanish like evil spirits at the dawn of day."

And then we have Bilderberg. A massive great, sniper-armed, window-tinted, helicoptering slap in the face to any concept of enlightened democracy. Shrouded, misty and removed. A place where "Congress and Assemblies, Judges, and Governors" sit about in secret and do business with bank bosses and the chairmen of corporations, and policemen stand guard lest the citizenry become too informed.

Bilderberg is a backwards step, heading in wholly the wrong direction when "transparency of government" is something we're all clawing towards. It's a dinosaur. A childish, irritating dinosaur. It's Godzuki.

Bilderberg is the very opposite of a bulwark of a democracy, whatever the opposite of a bulwark is. (A siege engine?)

Anyone who wants to be a good Jeffersonian and be part of an enlightened populace must become attentive to public affairs, and should pay particular attention to their public officials when they're skulking about in the mist with big business. And if the press won't pay attention to it, then the citizenry must.

Fortunately for all of us, that's exactly what the citizenry are doing.

Enjoy a free internet while you can

Speaking of personality disorders – when Peter Mandelson, who pushed through the digital economy bill, sits down with Keith Alexander – the director of the NSA and head of United States Cyber Command to discuss "Social Networks: Connectivity and Security Issues" you can be pretty sure they aren't hammering out how best to preserve the freedom of the internet.

Add a liberal sprinkling of cyber power in the form of Mark Hughes (Facebook), Eric Schmidt (Google) and Craig Mundie (Microsoft) and you have the perfect formula for a lock-down. Let's hope Neelie Kroes, the European commissioner for digital agenda, got to push her "No Disconnect Strategy". I'd pay good money to have heard the head of the NSA's views on that one.

The Bilderberg website is a disgrace

The Bilderberg summit is a gathering of the richest, most powerful people in the western world. They can afford helicopters, hundreds of police, security personnel, secret servicemen, floodlights, fencing, portacabins, limousines, chauffeurs, chefs, catering, entertainment, and the hire of a massive luxury hotel for an entire week …
But they spent, what, fifty quid on their web design? Sixty tops. They haven't even proof read it.

Now, it's certainly a good and healthy sign that Bilderberg said a tentative "hello" to the world half-way through last year's meeting with its website, but it just isn't good enough.

For a start, look at the agenda. There are people who say: "Look, Bilderberg is being open and transparent! They've published exactly what they discuss! There's no secrecy here!" Then you look at what they publish. Here's a snippet:

So they discussed "China". Care to be a bit more specific? No – just "China". I wouldn't exactly describe their agenda as "information rich". They might as well have listed: "important stuff; things; other things; areas of interest; topics and assorted other subjects".

But more importantly, the website is full of inaccuracies, gaps, and outright lies. The delegate list is never complete, it's just a list of people who don't mind admitting they've been. Some prefer to keep their names out of Bilderberg history. (Tony Blair never admitted going, he even lied to parliament about it, although it's well documented that he attended).

Then it claims that: "Participants attend Bilderberg in a private and not an official capacity." Just not true. We know from the Treasury that Osborne has been in St Moritz in his official role as chancellor.

But a few moments digging around documents and history books, and you realise how the Bilderberg conference actually works. The annual conference bit, whilst being hugely important, is only the "public" bit of the organisation. The steering committee (which has on it, amongst others, our lord chancellor, Kenneth Clarke MP) meets throughout the year. It's extremely active, but even more secretive still.

For example, see if you can find this 1958 conference of the 'Extended Steering Group' in the official Bilderberg history …

Bilderberg steering group

I notice that Sir Colin Gubbins attended. (Budding historians of Bilderberg, get Googling).

The Swiss love a bit of history

I found that many of the Swiss activists were keen to flag up (often with giant flags) the shady roots of the Bilderberg group. It's perhaps wrong to judge present delegates on Bilderberg's past, but the Swiss seemed particularly attuned to this aspect of the group's history: that it was founded in the early 1950s by Prince Bernhard of the Netherlands, a former SS officer and executive in IG Farben's notorious NW7 Berlin espionage centre. That's the IG Farben that manufactured Zyklon B and bankrolled Hitler.

Look to the hosts, and you find Bernhard's daughter Beatrix running Bilderberg, alongside "philanthropist" banker David Rockefeller and the saviour of world football (and wanted war criminal) Henry Kissinger.

Look to the delegates, and inside the same conference you've got two people with the nickname "The Prince of Darkness": Lord Mandelson, and Richard Perle (the Washington uber-hawk). Read up about the chairman of Nestlé. Then read Jon Ronson's important new book on psychopaths. Ronson has dragged a particular discourse into the mainstream without which it is pretty much impossible to understand what's going on here.

The British press simply isn't doing its job

The Swiss press have been reporting Bilderberg with gusto. Russia Today sent a film crew, the Italian media is here, Alex Jones sent a team, the Canadian Broadcasting Company are doing interviews, there's even a French journalist somewhere, I'm told.

But from Britain? Not so much.

In 2008, when George Osborne, as a private individual, hangs out in Corfu with a Russian oligarch (Oleg Deripaska), Nat Rothschild and Peter Mandelson, the British press has a field day with the gossip – Mandelson "dripping poison" about Osborne, and allegations that Osborne was grubbing around for party funds.

But in 2011, when Osborne spends four days, in his official role as chancellor of the exchequer, cooped up with Lord Mandelson, a Russian oligarch (Alexei Mordashov), and the former vice-chairman of Rothschild Europe (Franco Bernabè) – along with the president of the World Bank, the president of the European Central Bank, the Greek minister of finance, the queen of Spain, the chairman of Royal Dutch Shell, the governor of the Belgium National Bank, the chairman of Goldman Sachs International, and the chief executive of Marks and Spencer …

This isn't news.

As you might have noticed by now, I beg to differ.
http://www.guardian.co.uk/world/2011...-tipping-point





European Council: Creating Hacking Tools Should Be Criminal Across EU

Ministers want Europe-wide legal net for cybercrookery
OUT-LAW.COM

The making of hacking tools and computer viruses should be a criminal act across Europe, EU ministers have said.

The EU's Council of Ministers has backed the extension of criminal sanctions to tool—makers in response to European Commission plans to update EU laws tackling attacks against computer systems.

Responding to European Commission plans to create a new anti-hacker Directive, the Council has said that the making of hacking tools should be criminalised, adding this to the list of currently criminal practices.

"The following new elements [should include] penalisation of the production and making available of tools (eg, malicious software designed to create 'botnets' or unrightfully obtained computer passwords) for committing the offences [of attacks against computer systems]," the Council of Ministers said in a statement.

"The term botnet indicates a network of computers that have been infected by malicious software (computer virus)," the Council statement said.

"Such network of compromised computers ('zombies' may be activated to perform specific actions such as attacks against information systems (cyberattacks). These 'zombies' can be controlled – often without the knowledge of the users of the compromised computers – by another computer," the Council statement said.

The creation of the kinds of tools outlined in the new plans is already a criminal offence in the UK. The Computer Misuse Act says that making, supplying or obtaining articles for use in hacking is a criminal offence and carries a maximum prison term of up to two years and a fine.

Under the Act a person is guilty of an offence if he "makes, adapts, supplies or offers to supply any article intending it to be used to commit, or to assist in the commission of, [a hacking offence]." The word "article" is defined in the Act to include "any program or data held in electronic form".

Illegal interception of computer data will also become a criminal offence under the Council's plans, the statement said.

The proposals also suggest that there should be an obligation for EU countries to report computer system attacks within eight hours to existing contact points to improve European cooperation in criminal matters.

It should be a mandatory requirement for EU countries to collect basic statistical data on cybercrimes, the Council also said in its proposals.

The new measures should add to existing laws for penalising computer system attacks, the Council said.

"The new rules would retain most of the provisions currently in place – namely the penalisation of illegal access, illegal system interference and illegal data interference as well as instigation, aiding, abetting and attempt to commit those criminal offences," the Council said in its statement.

Criminal penalties for computer system attacks should be increased, the Council said.

"The new rules would raise the thresholds if the attack has been committed by an organised criminal group, or has caused serious damage, eg, through the use of a 'botnet', or has affected a critical IT system, to a maximum term of imprisonment of at least five years," the Council said.

General cases of computer system attacks should result in offenders facing a maximum jail sentence of at least two years, and punishment for offences committed against a "significant number" of systems should be a maximum of at least three years jail time, the Council said.

"These new forms of aggravating circumstances are intended to address the emerging threats posed by large scale cyberattacks, which are increasingly reported across Europe and have the potential to severely damage public interests," the Council said in its statement.

The Council, which is formally called the Council of the European Union, is made up of 27 ministers representing each EU state. Ministers share law-initiating duties with members of the European Parliament. The Council will use the general proposals as the basis of negotiations with the Parliament over what exactly should be included in the new laws, the Council's statement said.

The UK and Ireland must implement the new rules of the new Directive into national law but Denmark will not be bound by them, the Council said.
http://www.theregister.co.uk/2011/06..._eu_ministers/





Legislation Criminalizing Creation of Computer Viruses Enacted

Japan's parliament enacted legislation Friday criminalizing the creation or distribution of computer viruses to crack down on the growing problem of cybercrimes, but critics say the move could infringe on the constitutionally guaranteed privacy of communications.

With the bill to revise the Penal Code passing the House of Councillors by an overwhelming majority, the government intends to conclude the Convention on Cybercrime, a treaty that stipulates international cooperation in investigating crimes in cyberspace.

Japanese investigative authorities have so far had trouble pursuing a series of cyberattacks on government offices, corporations and individuals in the absence of a domestic law specifically designed to punish virus creation and other harmful acts on computer networks.

The legislation makes the creation or distribution of a computer virus without a reasonable cause punishable by up to three years in prison or 500,000 yen in fines, and the acquisition or storage of one punishable by up to two years in prison or 300,000 yen in fines.

It also makes it punishable to send e-mail messages containing pornographic images to a random number of people.

The law controversially allows data to be seized or copied from computer servers that are connected via online networks to a computer seized for investigation.

It also enables authorities to request Internet service providers to retain communications logs, such as the names of e-mail senders and recipients, for up to 60 days.

Because of concerns that keeping such communication logs could violate the privacy of communications guaranteed under the Constitution, the upper house's Judicial Affairs Committee attached to the legislation a resolution calling for the authorities to apply the law appropriately.

The government submitted similar legislation to the Diet in 2003 and 2005, but the move failed each time because of strong opposition to a concurrently proposed clause that sought to make it an act of conspiracy for a group of people to simply conceive of committing a crime.

The latest legislation has no such clause, which had originally been intended to combat organized crimes.

The Convention on Cybercrime, which was adopted by the Council of Europe in November 2001, took effect in 2004, with 31 countries having ratified it so far. It requires parties to make it criminal to have unauthorized access to computer systems, store images of child pornography and infringe on copyrights, among others.

Japan approved the convention at the Diet in 2004, but has not concluded the treaty in the absence of a domestic law.
http://mdn.mainichi.jp/mdnnews/news/...dm013000c.html





Under Worm Assault, Military Bans Disks, USB Drives
Noah Shachtman

The Defense Department’s geeks are spooked by a rapidly spreading worm crawling across their networks. So they’ve suspended the use of so-called thumb drives, CDs, flash media cards, and all other removable data storage devices from their nets, to try to keep the worm from multiplying any further.

The ban comes from the commander of U.S. Strategic Command, according to an internal Army e-mail. It applies to both the secret SIPR and unclassified NIPR nets. The suspension, which includes everything from external hard drives to "floppy disks," is supposed to take effect "immediately." Similar notices went out to the other military services.

In some organizations, the ban would be only a minor inconvenience. But the military relies heavily on such drives to store information. Bandwidth is often scarce out in the field. Networks are often considered unreliable. Takeaway storage is used constantly as a substitute.

The problem, according to a second Army e-mail, was prompted by a "virus called Agent.btz." That’s a variation of the "SillyFDC" worm, which spreads by copying itself to thumb drives and the like. When that drive or disk is plugged into a second computer, the worm replicates itself again — this time on the PC. "From there, it automatically downloads code from another location. And that code could be pretty much anything," says Ryan Olson, director of rapid response for the iDefense computer security firm. SillyFDC has been around, in various forms, since July 2005. Worms that use a similar method of infection go back even further — to the early ’90s. "But at that time they relied on infecting floppy disks rather than USB drives," Olson adds.

Servicemembers are supposed to "cease usage of all USB storage media until the USB devices are properly scanned and determined to be free of malware," one e-mail notes.

Eventually, some government-approved drives will be allowed back under certain "mission-critical," but unclassified, circumstances. "Personally owned or non-authorized devices" are "prohibited" from here on out.

To make sure troops and military civilians are observing the suspension, government security teams "will be conducting daily scans and running custom scripts on NIPRNET and SIPRNET to ensure the commercial malware has not been introduced," an e-mail says. "Any discovery of malware will result in the opening of a security incident report and will be referred to the appropriate security officer for action."

"The USB ban should be effective in stopping the worm," Olson says. Asked if such a wide-spread measure was a bit of over-kill, Olson responded, "I don’t know."

"I know this [is an] inconvenience," e-mails one Michigan Army National Guardsman. "This has been briefed to the CoS [Chief of Staff] of the ARMY. This is not just a problem for Michigan, and is effecting operations around the world. This is a very serious threat and should be treated as such. Please understand that this is a form of attack, and we need to have patience in dealing with this issue."
http://www.wired.com/dangerroom/2008...my-bans-usb-d/





Exclusive: China Software Bug Makes Infrastructure Vulnerable
Jim Finkle

Software widely used in China to help run weapons systems, utilities and chemical plants has bugs that hackers could exploit to damage public infrastructure, according to the Department of Homeland Security.

The department issued an advisory on Thursday warning of vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology Co that hackers could exploit to launch attacks on critical infrastructure.

Sunway's products, widely used in China, are also deployed to a lesser extent in other countries including the United States, DHS's Industrial Control Systems Cyber Emergency Response Team said in its advisory.

"These are vulnerabilities that hackers could leverage to cause destruction," said Dillon Beresford, a researcher with private security firm NSS Labs, who discovered the bugs.

The DHS advisory comes amid a wave of high-profile cyberattacks on institutions ranging from the International Monetary Fund to Citigroup Inc and Sony Corp. The attacks focused primarily on stealing data; only in a few instances has critical infrastructure been attacked.

Last year the Stuxnet computer worm surfaced, targeting industrial control systems manufactured by Siemens. Security experts widely believe that the worm was built as part of a state-backed attack on Iran's nuclear program.

Iran said the worm was used to attack computers at its Bushehr nuclear reactor. There has been widespread speculation that Stuxnet actually damaged the plant, something Iran denies.

Fixing Bugs

Beresford has worked with Sunway, Chinese authorities and the DHS to fix the bugs he found. Sunway has developed software patches to plug the holes, but it could take customers months to install those patches, Beresford said.

That gives hackers a window of time in which to exploit those vulnerabilities.

"Customers need to be notified and given proper time to patch," said Beresford, who also discovered security bugs in industrial control management systems from Siemens. The German company addressed those vulnerabilities in an advisory it released last week.

Representatives for Sunway could not immediately be reached for comment.

The Sunway software flaws highlight growing concerns about the safety of supervisory control and data acquisition (SCADA) computer systems that are used to monitor and control processes in a wide variety of facilities, including nuclear power plants, chemical factories, water distribution networks and pharmaceutical plants.

SCADA systems -- designed before Internet use became widespread -- were not built to withstand Web-based attacks.

Security systems to deal with Web threats have been bolted on rather than incorporated into SCADA systems, leaving holes that hackers can penetrate.

Beresford said that there are other vulnerabilities in SCADA systems that have yet to be documented by security experts and plugged by the manufacturers.

"The point of my putting this information out and getting it into the public domain is so that we can pressure the vendors to actually patch the vulnerabilities instead of sitting on them because these systems are inherently flawed by design," he said.

(Reporting by Jim Finkle; Editing by Tiffany Wu, Phil Berlowitz)
http://www.reuters.com/article/2011/...75G0CV20110617





China's Cell Phone Pirates Are Bringing Down Middle Eastern Governments
Greg Lindsay

In the latest installment of Butterfly Effect, we examine China's cheap knockoff cell phones. After being forced out of China and India, Chinese counterfeiters brought their product to the Middle East, where the sudden availability of information had unintended consequences for the region--and for China itself.

1. Enter The Shanzhai

In 2004, a Taiwanese electronics firm named MediaTek unveiled its latest product--a cell-phone-in-a-box aimed at manufacturers, equipped with everything they needed to make the guts of a working phone on one chipset. Write some software, add features, and snap a plastic case on the front and you've produced a new model. It was an immediate hit with China’s notorious counterfeiters, the shanzhai.

In 2004, MediaTek sold 3 million of its chips; six years later, its sales had soared to 500 million, more than a third of the worldwide market. Nearly half of those went to shanzhai. The sudden ability to design, manufacture, and ship millions of dirt-cheap handsets in total secrecy led to an explosion in Internet-enabled devices in China. “Five years ago, there were no counterfeit phones,” the sales manager at a Chinese component manufacturer told The New York Times in 2009. “You needed a design house. You needed software guys. You needed hardware design. But now, a company with five guys can do it.”

After conquering China, smuggled shanzhai phones made spectrum so valuable that India’s telcos allegedly bribed government ministers to get their hands on it for $40 billion less than it was worth, triggering an ongoing scandal that might bring down the government. Once India cracked down, however, the shanzhai were forced to look for new markets further afield, to the Middle East--where the glut of cheap phones would help enable the Arab Spring.

2. “Nckias” And “Blockberrys”

The key to the cheap phones was the combination of MediaTek’s chipsets and the vast component bazaars of Shenzhen. While MediaTek’s engineers focused on adding software features such as touchscreen recognition and instant messaging to their chips, shanzhai tricked out basic models with speakers, telescopic photo lenses, and flashlight-strength LEDs. Before long, “Nckias” and “Blockberrys” began appearing across Shenzhen and Shanghai.

With their tiny production runs, shanzhai could manufacture a thousand phones, seed the local markets, see if they caught on, and then crank out some more. Established players like Nokia were soon crying foul, even as they scrambled to keep up. Development cycles collapsed from 9 to 12 months to as little as three months. Instead of knockoffs, the counterfeiters were churning out innovation and forcing large companies to play catch up.

The research firm iSuppli expects China’s gray-market mobile phone shipments to rise to 255 million this year, up 12% from 2010. Shanzhai phones are a leading reason why China’s mobile Internet users more than tripled from 50 million to 180 million between 2007 and 2009, according to a report by the Boston Consulting Group. Chinese teenagers fall asleep every night instant messaging friends via QQ on their shanzhai phones.

3. India's Broadband Scandal

What proved to be the fatal flaw in MediaTek’s chipsets is that they don’t support 3G, a much trickier set of technologies. After both the iPhone and Android smartphones arrived in China, the phone bandits began looking for new customers who didn't mind the outdated technology to keep shanzhai phone production churning.

India, with its low PC penetration, high fixed-broadband costs, and proximity to China, was a natural fit. In 2009, shanzhai phones began flooding the market, offering “good functionality at a fraction of the cost of established brands,” according to BCG. The sudden infusion of handsets sparked a brutal price war among carriers like Bharti Airtel and Reliance Communication, which drove the cost of calls down to $.006 per minute even as the companies collectively raced to sign up 20 million new subscribers per month.

That they could afford that race to the bottom may have something to do with the strange way India’s mobile spectrum was auctioned off in 2008. A last-minute rule change in the auction declared that licenses would be granted on a first-come, first-served basis to anyone with completed paperwork and $355 million in cash. Teams sprinted through the building and down stairs to reach the official clerk--a haphazard process that netted only $2.7 billion in licensing fees and may have left $39 billion on the table, according to outside auditors.

An investigation eventually followed, resulting in the April indictments of India’s former telecom minister, two other officials, and six telecom executives charged with criminal conspiracy, forgery, and fraud. The New York Times has described the burgeoning scandal as “India’s equivalent of Teapot Dome.”

4. The Arab Spring

Today, the shanzhai market has moved beyond China, and even India. Of the 235 million chipsets MediaTek shipped last year, 140 million were bound for overseas. They’ve captured half the Ghanian market, for example, and last fall, The National--the state-financed newspaper of the United Arab Emirates--warned “some analysts believe China’s bandit phone makers may now be targeting the GCC region,” referring to the Gulf Cooperation Council and its members: the UAE; Qatar; Kuwait, Saudi Arabia, Oman, and Bahrain.

A few months later, half its members were embroiled in the turmoil of the Arab Spring. Although no one has drawn a straight line between the appearance of shanzhai phones in the region and the protests that followed, The National presciently noted at the time that “these cut-price clones are not only saturating markets such as India but are starting to appear on the streets of Los Angeles and are thought to be being targeted at the Middle East region, too, which has large numbers of consumers in cities such as Cairo as well as high-end users in countries such as the UAE.”

And while they’re not equipped to run Facebook or Twitter, the current list of features for MediaTek’s phone includes everything else a budding revolutionary needs to evade or expose government repression, including video cameras, Skype, and Bluetooth--just the thing for sharing government crackdown videos over your State Department-sponsored mesh network--all for as little as $50.

The irony is that the Arab Spring has triggered a paroxysm of repression within China (sparked by the rumblings of a “Jasmine Revolution”) which has made life harder for its cell phone bandits, who were previously hiding in plain sight. But China's crackdown can't put the phones back in the box: China's cheap and easy manufacturing has helped usher in mass cell phone ownership in places where it once was a luxury. And with phones comes the free exchange of information that causes revolutions. If Beijing is looking for a cause of the uprisings that has them so scared, it's in the cheap alternatives that fuel China's economy.
http://www.fastcompany.com/1758927/h...he-middle-east





LulzSec Opens Hack Request Line
BBC

The hacker group Lulz Security has opened a telephone request line so its fans can suggest potential targets.

It claims to have launched denial of service attacks on several websites as a result, although it did not detail which ones.

The unspecified hacks formed part of a wave of security breaches that the group called Titanic Takeover Tuesday.

LulzSec has risen to prominence in recent months by attacking Sony, Nintendo and several US broadcasters.

The group publicised the telephone hotline on its Twitter feed.

Callers to the US number are met with a recorded message, in a heavy French accent, by an individual calling themself Pierre Dubois.

While the 614 area code appears to relate to the state of Ohio, it is unlikely that this is its real location.

Lulz Security said it had used distributed denial of service attacks (DDoS) against eight sites suggested by callers.

It also claimed to have hit the websites of gaming magazine The Escapist, and multiplayer games EVE Online and League of Legends.

DDoS attacks typically involve crashing a website by inundating it with requests from computers under the attacker's control.

It is unclear, in this instance, if LulzSec went beyond overloading the sites and sought to gain access to information stored on their servers.

Protest groups

Lulz Security attacks

May 7: US X Factor contestant database
May 10: Fox.com user passwords
May 15: Database listing locations of UK cash machines
May 23: Sonymusic Japan website
May 30: US broadcaster PBS. Staff logon information
June 2: Sonypictures.com user information
June 3: Infragard website (FBI affiliated organisation)
June 3: Nintendo.com
June 10: Pron.com pornographic website
June 13: Senate.gov - website of US Senate
June 13: Bethesda software website. User information
June 14: EVE Online, League of Legends, The Escapist and others

Little is known about Lulz Security, other than their apparent "hacktivist' motivation.

The organisations and companies that it targets are often portrayed as having acted against the interests of citizens or consumers.

Its high profile attack on SonyPictures.com exposed, Lulz claimed, the company's ongoing inability to secure users' personal data.

Along with Anonymous, LulzSec has raised the profile of hacker groups as a potential threat to online services.

Hacktivists see their role as staging valid protests in the most high profile way possible, according to Peter Wood, founder of security consultancy First Base.

"The things they are exploiting at the moment are the sort of mistakes that organisations seem to have been making ever since they connected to the internet.

"Finally there are some players out there who are using them as a means to protest. Whether everyone agrees with them is a different question."
http://www.bbc.co.uk/news/technology-13777129





Spanish Police Website Hit by Cyber Attack: Report
Judy MacInnes



Access to the website of Spain's national police force was blocked for over an hour late on Saturday in a reprisal attack by the hackers' group Anonymous, the newspaper El Mundo said on its website Sunday.

El Mundo said the group had warned police in a statement that it planned to disable the website at some time Saturday. The website was down for at least an hour from 2130 GMT, the paper said.

Spanish police arrested three suspected members of the group Friday on charges of cyber attacks against targets including the websites of Sony Corp, governments, businesses and banks -- but not the massive hacking of PlayStation gamers that Sony has reported in recent weeks.

Sunday, a spokesman for the police said access to the website www.policia.es had been blocked at 2 a.m. Sunday, but that the cause had not yet been established.

"A website can collapse if too many people try to access it at once. I cannot confirm the link with the Anonymous group," the spokesman said.

In a statement cited in a later article in El Mundo, Anonymous denied that the three arrested suspects were a 'core group', as stated by the police.

"They did not arrest any core group ... because we don't have a core group," El Mundo cited the statement as saying.

Anonymous is a loose grouping of activists lobbying for Internet freedom who frequently try to shut down the websites of businesses and other organizations that they oppose.

Members cripple websites by overwhelming them with traffic in what are commonly known as "denial of service" attacks.

The group has attacked Turkish government websites in a protest against Internet censorship.

In a separate development, the International Monetary Fund became the latest known target of a major cyber attack on Saturday.

Jeff Moss, a self-described computer hacker and member of the Department of Homeland Security Advisory Committee, said he believed that attack had been conducted on behalf of a country trying to either steal sensitive information about key IMF strategies or embarrass the organization to undermine its clout.

(Reporting by Judy MacInnes; Editing by Kevin Liffey)
http://www.reuters.com/article/2011/...75B2IT20110612





Turkish Police Detain 32 Suspects Allegedly Linked to Anonymous
Mike Lennon



Following the arrest of three alleged "Anonymous" members by Spanish authorities on Friday, Turkey's state-run news agency has reported that police have detained 32 individuals allegedly linked to the hacktivist group.

The Anatolia news agency said today that the suspects were taken into custody after conducting raids in a dozen cities for suspected ties to Anonymous.

The group recently targeted Web sites of the country's telecommunications watchdog, the prime minister's office and parliament as a protest to Turkey's plans to introduce Internet filters.

Despite claims from the Spanish Police that they have broken up the top of the Anonymous organization in Spain, Anonymous responded, suggesting that the arrests would have little impact on the organizations’ continuing hacktivist efforts. “Regardless of how many times you are told, you refuse to understand. There are no leaders of Anonymous. Anonymous is not based on personal distinction,” the group posted in a statement. “You have not detained three participants of Anonymous. We have no members and we are not a group of any kind. You have, however, detained three civilians expressing themselves.”

The Spanish police said three members were arrested in Barcelona, Valencia and Almeria.

In addition to downplaying the arrests, the group defended its most popular method of disruption, saying that DDoS attacks are not much different than other forms of protest. “DDoSing is an act of peaceful protest on the Internet,” the group wrote. “The activity is no different than sitting peacefully in front of a shop denying entry. Just as is the case with traditional forms of protest.”

As opposed cybercriminals profiting from data theft, hacktivism isn’t motivated by money. Hacktivist groups like Anonymous are motivated by revenge, politics, and a desire to humiliate victims, with profit typically not a motive.
http://www.securityweek.com/turkish-...nked-anonymous





Hacking Senate.gov: Boss Lulz or Famous Last Words?

LulzSec kicks sand in the face of Anonymous -- and every door-kicker in the .gov
Kevin Fogarty

Here's a great way to make friends in high places: Hack their server.

LulzSec -- which has been making inroads into Anonymous' griefer market share with aggressively promoted attacks on Sony, PBS, affiliates of the FBI, porn sites, and Bethesda Softworks and Brink (sites they like) – just posted data that looks like it was taken from an internally facing server belonging to the U.S. Senate.

Nice.

The data is routing log info, but includes logins for (presumably) the sysadmins, structure of the files on the SunOS server and IP addresses for various machines inside Senate.gov.

There is no confirmation the hack is genuine, and not much genuinely valuable information was sucked out.

There are some toes that don't take much stepping on to generate a response, though.

Members of the Senate itself might not be that impressed; most wouldn't know they'd been hacked unless their photos of their personal equipment showed up online without their having Tweeted it first.

An awful lot of people work for those Members, though. People who would take even a tiny breach as a major offense. People that like hanging victory pelts above the door. People that probably don't get a lot of lulz.

The LulzSec guys called this a "just-for-kicks release of some internal data from Senate.gov – is this an act of war, gentlemen? Problem?"

The Honorable Members probably can't be bothered to answer.

The hard-asses who want to impress them won't either. Not right away.

Boss hack, LulzSec. Don't stand too close to your doors. Someone might be getting ready to kick them in.
http://www.itworld.com/security/1737...us-last-worlds





26,000 Sex Website Passwords Exposed by LulzSec
Graham Cluley

Red light districtThe notorious LulzSec hacking group has published login passwords for almost 26,000 users of an x-rated porn website.

The hackers compromised the database of the hardcore website (called "Pron"), exposing not only the email addresses and passwords of over 25,000 members but also the credentials of 55 administrators of other adult websites.

Furthermore, LulzSec drew particular attention to various government and military email addresses (.mil and .gov) that appeared to have accounts with the porn website.

That must be an embarrassing one to explain to the boss..

To add insult to injury, the LulzSec group called on its many recent Twitter followers to exploit the situation, by logging into Facebook with the email/password combinations and tell the victim's Facebook friends and family about their porn habit.

Porn passwords

It should go without saying that logging into someone else's account without their permission is against the law in most countries around the world.

Fortunately, it's reported that Facebook's security team responded quickly to the threat - and reset the passwords for all of the accounts it had which matched the email addresses exposed. Of course, it's still possible that those email address/password combinations are being used on other websites.

If anything should be a reminder to internet users of the importance of using different passwords for different websites, this should be it.

The danger is that once one password has been compromised, it's only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain or, in this case, potential embarrassment.

If you believe there might be a chance that your username/password were exposed, or if you're simply in the habit of using the same password for multiple websites - now is the time to change your habits.
http://nakedsecurity.sophos.com/2011...ed-by-lulzsec/





Anonymous’ Operation India Removed from Facebook and Twitter

After all the activities Anonymous carried out last week, it seems like the ‘hacktivist’ group is now on the receiving end of censorship from Facebook and Twitter.

Anonymous, which started its Indian operations very recently, had setup a Facebook page and a Twitter account to propagate its agenda among Indians and call for volunteers to join its campaign.

However, it seems like both the accounts have now gone missing. Its Twitter account has been suspended and its Facebook page now redirects to the Facebook news feed, indicating that the page has been removed by Facebook.

The latest tweet from @OperationIndia, the Twitter account setup by Anonymous, seems to be 17 hours ago and its latest entry on Facebook seems to be 11 hours ago before the page was presumably removed.

We have contacted Facebook and Twitter for more information on this matter, we will update as soon as we get a response.
http://thenextweb.com/in/2011/06/12/...k-and-twitter/





Facebook Photo Tagging: Cool or Creepy?
Mitch Lipka

If your face is among the hundreds of millions of images on Facebook — by your own doing or not — you’ve got a stake in a worldwide debate over a technical change that has privacy advocates in a lather.

The colossal social network has been adding facial recognition software to its arsenal to automate the practice known as tagging, or adding people’s names to photos. Facebook already possesses a massive database of images connected to names that would continue to grow from the photos you add and the names you associate unless you specifically reject the practice.

Facebook has already acknowledged it is cooperating with regulators in the European Union, who have raised questions. And now the company is facing a call for an investigation by the U.S. Federal Trade Commission.

The Electronic Privacy Information Center (EPIC) and other privacy groups have joined together to file a complaint with the FTC after Facebook said it was using biometrics and had been rolling out the technology for months.

Facebook say there’s nothing wrong with what it’s doing and that for any user concerned about privacy issues there’s an easy out.

“We launched Tag Suggestions to assist people when they are tagging their friends in photos. We announced the tool in December 2010, and it was covered widely,” the company said in a statement. “Now that we have begun to roll this out more widely, we are notifying people of its availability, and how it works. Tag Suggestions are only made to people when they add new photos to the site, and only friends are suggested. No action is taken on a person’s behalf, and all suggestions can be ignored. ”

The company said the feature has already led to the addition of “hundreds of millions of tags. This data, and the fact that we’ve had almost no user complaints, suggests people are enjoying the feature and are finding it useful.”

Even though Facebook has defended its new tool and says opting out is simple, critics suggest that it shouldn’t be on users to back out, but their choice to opt in.

One of the biggest risks is how the extraordinary amount of information “on Facebook can be used for unintended and unimagined purposes,” said Kurt Roemer, chief security strategist at Citrix Systems. “Data, such as profile information, friends, preferences and relationships are collected, correlated and interpolated. The result is an erosion of privacy and the very real possibility that you are labeled.”

What if, Roemer asked, you went to a restaurant and a security camera spotted you and then checked you in? Cool? Or scary?

“Imagine someone taking your picture on the street. If they’re a ‘friend of a friend’ — and connected to a Facebooker who leaves their profile rather open — that random stranger who was interested in you can easily find out who you are, who you hang out with, where you go, and what your routine is — basically anything shared online,” he said. “Find someone walking down the street and instantly know everything about them? It’s creepy.”

The privacy issues will only compound, Roemer said, once police and lawyers start to try to access the information to search for certain people by their descriptions.

“The possibilities for using this information are boundless,” he said.

Privacy advocates also raise the alarm over control, or more specifically, your lack of it — particularly if you’re not a Facebook user.

You can set Facebook’s controls to stop tagging photos of you, but you can’t click a button to take back what has already been done or stop Facebook from compiling it all on its own. Facebook in its FAQ does include a provision that allows consumers to email the company to remove “photo summary information” about themselves.

Critics say Facebook has stacked the deck against consumers, taking away too much control and allowing the company to all these identified and cataloged images to its already staggering collection of personal information.

EPIC said the photo practices is a deceptive trade practice and has asked the FTC to suspend Facebook’s collection of the data and launch a full investigation into the practice. “Users could not reasonably have known that Facebook would use their photos to build a biometric database in order to implement a facial recognition technology under the control of Facebook,” EPIC said in its complaint.

A spokesman for the FTC said the agency received the complaint, but would have no further comment.

If you’re feeling a little uncomfortable with the whole idea, you can, at a minimum, disable the tagging function so Facebook’s robots aren’t running around tagging your name on photos they spot. Here’s how to do it:

• Go to “Account” on the upper right side of Facebook and choose “Privacy Settings” from the drop-down menu.
• Choose “Customize Settings.”
• Then pick “Suggest photos of me to friends.”
• Click “Edit Settings” and choose “Disabled” and click “Okay.”

While you’re in your privacy settings, have a look, for the sake of your privacy. You’ll see just how freely your information can flow. Can everyone see it or just your friends? Can others “check you in” to places and show where you are? This is where you’ll find all that info and where you can dial it back if you care to.

Just remember that today a quick search of a person’s name can deliver a lot information, including a photo of you at that party last Saturday doing something you might not remember. And, by the way, the company you’d like to work for is looking at it right now.

Make sure you know what your privacy settings are so that sort of scenario doesn’t crop up and bite you as it has so many others who haven’t realized how many people could see their personal information.
http://blogs.reuters.com/reuters-wea...ool-or-creepy/





Connecticut AG To Facebook: Don’t Tag My Photo!
Jennifer Moire

Connecticut Attorney General George Jepsen wants meet with Facebook over privacy concerns linked to the photo-recognition system that’s the basis of the tag suggestions feature.

Facebook’s Manager of Public Policy Communications, Andrew Noyes, said in an email:

Quote:
We have been in contact with Attorney General Jepsen’s office and are eager to provide clarification about tag suggestions and answer any questions he may have. We launched tag suggestions to assist people when they are tagging their friends in photos. We announced the tool in December 2010, and it was covered widely. Now that we have begun to roll this out more widely, we are notifying people of its availability, and how it works. Tag suggestions are only made to people when they add new photos to the site, and only friends are suggested. No action is taken on a person’s behalf, and all suggestions can be ignored. if for any reason someone doesn’t want their name to be suggested to their friends, they can disable the feature in their privacy settings. Since last December, we’ve been gradually rolling out the same feature and millions of people have used it to add hundreds of millions of tags. This data, and the fact that we’ve had almost no user complaints, suggests people are enjoying the feature and are finding it useful. For those who don’t, we made turning off tag suggestions easy and explained how to do so on our blog, in our help center, and within the interface.
Jepsen, in a statement reported in the Wall Street Journal, says that consumers need to know Facebook’s technology is linking their faces with other user information:

Quote:
The lack of an opt-in process for Facebook users is troubling because unknowing consumers may have their photos tagged and matched using facial recognition software without their express consent, potentially exposing them to unwelcome attention and loss of privacy.
Facebook started rolling out the new photo tagging feature in December with almost no complaints, the company states. In an email to the Wall Street Journal, Facebook said it is “eager to provide clarification about tag suggestions and answer any questions he may have.”

The automatic, opt-in nature of tag suggestions in a sore point for lawmakers. Last week Massachusetts Congressman Ed Markey, co-chair of the Congressional Privacy Caucus, criticized Facebook’s decision to make the feature automatic.

For the record, users can opt out of the feature if privacy is a concern — here are directions to opt-out of the tag suggestions feature on Facebook.
http://www.allfacebook.com/connectic...-photo-2011-06





Facebook Sees Big Traffic Drops in US and Canada as It Nears 700 Million Users Worldwide
Eric Eldon

Facebook is still growing towards 700 million users, having reached 687 million monthly actives by the start of June, according to our Inside Facebook Gold data service.

Most of the new users continue to come from countries that are relatively late in adopting Facebook, as has been the trend for the past year.

But overall growth has been lower than normal for the second month straight, which is unusual.

The company gained 11.8 million more people over May, following 13.9 million over April. In contrast, it grew by at least 20 million new users over the typical month in the past 12; while there have been a few months that have registered lower growth numbers, they have not been back to back.

Why the drop? Most prominently, the United States lost nearly 6 million users, falling from 155.2 million at the start of May to 149.4 million at the end of it. This is the first time the country has lost users in the past year. Canada also fell significantly, by 1.52 million down to 16.6 million, although it has been fluctuating around that number for the past year. Meanwhile, the United Kingdom, Norway and Russia all posted losses of more than 100,000. If these countries — most of whom had adopted Facebook many years ago — had not lost users, and instead posted even small gains, Facebook would have had a much more typical month.

Going forward, we’ll be watching closely to see what longer-term trends emerge. Bugs in the Facebook advertising tool that we draw this information from, seasonal changes like college graduations, and other short-term factors, can influence numbers month to month and obscure what’s really happening.

Still, by the time Facebook reaches around 50% of the total population in a given country (plus or minus, depending on internet access rates in that country), growth generally slows to a halt, as we’ve noted before. So far, Facebook has been able to make up stalls and losses with big gains in heavily-populated developing countries like Mexico, Brazil, India and Indonesia. As you can see in the table above of the ten countries that gained the most users over May, this continues to be the case.

But how much further can it go if it is to reach its goal of 1 billion monthly active users? At least without getting into China — a move that as we and many others have noted, could both give it access to hundreds of millions of users and compromise its reputation in the US and many other countries around the world.
http://www.insidefacebook.com/2011/0...ers-worldwide/





Facebook Users Have More Close Friends [STUDY]
Stan Schroeder

A new study by the Pew Internet & American Life Project reveals some interesting details about social networking users, debunking the myth that people who hang on Facebook a lot tend to have less real-life friends and contacts.

Someone who uses Facebook several times per day, the study found, has on average “9% more close, core ties in their overall social network compared with other internet users.” Furthermore, Facebook users tend to get more emotional support, companionship as well as instrumental aid (meaning they’re more likely to get help when sick, etc). Finally, Facebook users tend to friend other users with whom they’ve actually met in real life; the average Facebook user has never met only 7% of his/hers Facebook friends.

Since the study was conducted during the November 2010 elections, it revealed that Facebook users also tend to be more politically active than other internet users. A Facebook user that interacts with the site multiple times per day was two and half times more likely to attend a political rally, 43% more likely to have said they would vote, and 57% more likely to persuade someone on their vote.

The study also shows that Facebook is, by far, the most engaging social platform out there, as 52% of Facebook users engage with the site daily. For comparison, 33% of Twitter users engage with the service every day, while only 7% of MySpace and 6% of LinkedIn users do the same.

The report is based on data from telephone interviews conducted by Princeton Survey Research Associates International from October 20 to November 28, 2010 on a sample of 2,255 adults, age 18 and older.

Read the full report here.
http://mashable.com/2011/06/16/faceb...-real-friends/





Risk Taking and Social Networking in the New Broadband Era

Part two of Q and A with intellectual property lawyer Rick Shera
Stephen Bell

In the second part of Computerworld's Q and A interview with intellectual property laywer Rick Shera he discusses privacy and the opportunities that may arise from the Ultra Fast Broadband and Rural Broadband Initiative.

What are your clients telling you about the change in the law, excluding software patents?

I have clients that have software patents and others that are relaxed about it and wouldn’t bother to get a patent if they could. It is a question of horses for courses. I think what really needs changing is the ability to get patents on “innovations” that are not really new.

Are there any other current areas of concern on the nexus of law and ICT?

I think privacy issues are bubbling up now in a way they haven’t in the offline world as data itself becomes such a valuable commodity.

Privacy will rise in people’s concerns, and when people are concerned the law tends to follow. The Law Commission has been conducting a body of work over the past two years on the subject; you’re seeing privacy commissioners, including our own, taking much stronger action against people who have infringed privacy laws or privacy expectations.

You made a point with Google about privacy and IPv6.

Quite a senior person from Google was here [during Privacy Awareness Week] and there was a discussion on Google’s storage of IP addresses. She was saying they only kept part of the address so it didn’t identify an individual; I was saying when we get to [widespread use of] IPv6 and depending on how it is rolled out – whether every device in your household will have its own address — my expectation is that it will be much easier to burrow down to a particular piece of technology and hence identify the person using it. What are the privacy concerns around that?

That’s an issue that both the Privacy Commissioner and the Google representative recognised as something that will need to be dealt with.

Do you have a view on the UFB and RBI broadband arrangements?

The difficulty with these fundamental changes is that you never know until they are bedded in whether there are going to be functional problems and a likelihood of market failure. I had clients in the electricity industry when that was restructured. [The reforms] were supposed to introduce a competitive element and bring lower prices. I think it is still not clear whether that has worked and the transactional costs of the change were substantial.

Now we have Telecom splitting in two, with impact on its shareholders and on the industry; all this is substantial too and we don’t know until it is bedded down whether it is going to work.

But from my point of view, as someone peripherally involved in the industry and as a user, fibre is clearly the gateway to the future, so anything that can get fibre to as many people in New Zealand as possible is a good thing.

Do you think we will know what to do with it when we get it?

It is a question of “build it and they will come”. You won’t know all you can do with it until you can experiment using it.

There are no doubt people out there with bright ideas that will just remain ideas until we have got [broadband] and they can test it. We are used to what we have got. It is hard to think outside the square if you don’t even know what the square is.

But [it means] proper symmetric speeds for voice, video and efficiently working from home; that sounds ho-hum but could have a dramatic impact on the way we work, our transport systems, all of those things. It is hard to see the flow-on effects, but I am sure they will come.

What is the biggest thing holding New Zealand back from being a successful high-tech economy?

Sometimes I wonder whether New Zealanders are sufficient risk-takers. We are very good at creating ideas, but the risks that must be taken in commercialisation are perhaps not so much part of our national psyche – with obvious notable exceptions.

In particular the risk and knowledge to take things overseas seems scarce. We are great travellers but not so good at taking our ideas overseas.

You are a user of social networking tools; do you think we have found the best way for business to use them?

It is another channel; I don’t see any great difference from any other channel in the way people use it, nor do I think there is any one right way for business to use it. It is just a way to disseminate and gain information.

I find Twitter, for example hugely beneficial in terms of finding out what’s going on in the areas I am interested in and being in touch with some of the top people in those fields.
http://computerworld.co.nz/news.nsf/...hLight=2,shera





Assange Says WikiLeaks Work Hampered
Jill Lawless

After six months under virtual house arrest, WikiLeaks founder Julian Assange acknowledged Thursday that his detention is hampering the work of the secret-spilling site. His supporters accused Britain of subjecting him to "excessive and dehumanizing" treatment.

The 39-year-old Australian is living at a supporter's rural estate as he fights extradition to Sweden, where he is wanted for questioning over claims of rape and sexual molestation made by two women.

Assange's bail conditions require him to observe an overnight curfew, wear an electronic tag and report to police daily.

His supporters released a video to The Associated Press condemning the conditions. In it, WikiLeaks associate Sarah Harrison accuses authorities of treating Assange "like a caged animal."

British prosecutors, who initially opposed bail, say the strict conditions are necessary because the claims against Assange are serious and he is a flight risk.

Barrister and legal commentator Carl Gardner said that although Assange's freedom of movement is constrained, "he can move around, he can make public appearances. He is at liberty in the most basic sense of the phrase."

The video also claims police have set up surveillance cameras near the house to record license plates of visiting cars.

Vaughan Smith, who owns the 600-acre (240-hectare) property in eastern England, called it a "pretty intrusive regime" and said three cameras had appeared near the property since Assange came to stay.

Assange, who roamed the globe before his arrest in December, told the AP that he had become "a fixed target" for snoopers.

"It is easy to conduct surveillance against me and anyone I talk to," Assange said. "We take steps against this, but it is costly and time-consuming."

He said his house arrest had been "the single largest impediment to our work, with the possible exception of the illegal blockade being conducted by the major U.S. financial institutions against us."

Some U.S.-based banks and financial services have refused to handle payments to WikiLeaks.

U.S. authorities are investigating whether Assange and WikiLeaks violated American laws by releasing tens of thousands of secret government documents, including daily logs from the Iraq war and classified diplomatic cables from U.S. missions around the world.

Prosecutors have convened a grand jury near Washington to probe the WikiLeaks disclosures.

"A lot of our resources are tied up in dealing with the situation in the United States and the grand jury and this Swedish extradition case and the banking blockade placed on us by Visa, Mastercard, Bank of America and so on," Assange said. "So, while we are still producing publications every day, a lot of those resources have been taken away to deal with these events."

On July 12, the High Court in London will hear Assange's appeal against a judge's order that he be extradited to Sweden to face allegations of rape and sexual molestation against two women. Assange denies the charges, which he claims are politically motivated.

He said that if he lost the appeal, he could go to Britain's Supreme Court or the European Court of Human Rights. He said he was confident he would be cleared.

"I feel that the Swedish authorities will drop the case," Assange said. When asked why, he replied only that "there are many players in the Swedish situation."

Swedish prosecutors did not immediately return calls seeking comment.
http://www.newstimes.com/business/ar...ed-1426978.php





U.S. Pressing Its Crackdown Against Leaks
Scott Shane

Stephen J. Kim, an arms expert who immigrated from South Korea as a child, spent a decade briefing top government officials on the dangers posed by North Korea. Then last August he was charged with violating the Espionage Act — not by aiding some foreign adversary, but by revealing classified information to a Fox News reporter.

Mr. Kim’s case is next in line in the Obama administration’s unprecedented crackdown on leaks, after the crumbling last week of the case against a former National Security Agency official, Thomas A. Drake. Accused of giving secrets to The Baltimore Sun, Mr. Drake pleaded guilty to a minor charge and will serve no prison time and pay no fine.

The Justice Department shows no sign of rethinking its campaign to punish unauthorized disclosures to the news media, with five criminal cases so far under President Obama, compared with three under all previous presidents combined. This week, a grand jury in Virginia heard testimony in a continuing investigation of WikiLeaks, the antisecrecy group, a rare effort to prosecute those who publish secrets, rather than those who leak them.

The string of cases reflects a broad belief across two administrations and in both parties in Congress that leaks have gotten out of hand, endangering intelligence agents and exposing American spying methods.

But Steven Aftergood, director of the project on government secrecy at the Federation of American Scientists, said the fizzling of the Drake prosecution “ought to be a signal to the government to rethink its approach to these cases.” He said the government had many options for punishing leaks: stripping an official’s security clearance, firing him or pursuing a misdemeanor charge. Instead, it “has been leaping to the most extreme response, felony charges,” he said.

In particular, critics of the leak prosecutions question the appropriateness of using the Espionage Act, a World War I-era statute first applied to leaks in the Pentagon Papers case in 1971. They say it is misleading and unfair to lump the likes of Mr. Drake and Mr. Kim with traitors like Aldrich Ames or Robert P. Hanssen, who sold secrets to the Soviet Union.

Few have taken a tougher public line against leaks than Gabriel Schoenfeld, whose 2010 book “Necessary Secrets” argues that the news media are far too cavalier about publishing classified information. But he, too, called the espionage label unfortunate.

“You’re accusing someone who’s doing something irresponsible and wrong,” said Mr. Schoenfeld, of the Hudson Institute in Washington. “But he might be a well-intentioned civil servant and he’s not trying to betray his country.”

Stephen I. Vladeck, a law professor at American University, said the best option would be a new statute tailored to fit leaks to the media, perhaps allowing defendants to argue that information disclosed should never have been classified in the first place. But he said no such law could pass in the current climate.

The problems of perception that plagued the government’s pursuit of Mr. Drake, who claimed to be a whistle-blower exposing a costly National Security Agency boondoggle, may crop up again with Mr. Kim. His personal story as a brainy, up-by-the-bootstraps immigrant is compelling, even if the government is able to prove that he was far too candid in talking to a reporter about intelligence in 2009 and then lied to F.B.I. agents about the episode.

Arriving with his family from Seoul and settling in the Bronx at the age of 8, Mr. Kim excelled academically, earning degrees from Georgetown and Harvard and a doctorate from Yale. He worked for Lawrence Livermore National Laboratory, the Defense Department and the State Department, focusing on North Korea’s weapons programs and briefing then-Vice President Dick Cheney, among others.

“I had the highest regard for him,” said Paula A. DeSutter, Mr. Kim’s boss when she was an assistant secretary of state in the Bush administration. “He had native Korean language and he’d been doing this work forever.”

Mr. Kim rarely spoke with reporters and sometimes expressed alarm about leaks, colleagues say. But in March 2009, a State Department press officer asked Mr. Kim to speak about North Korea to a Fox News reporter, James Rosen, and the two began to talk and exchange e-mails. Mr. Kim sent some e-mails under an online pseudonym, “Leo Grace.”

On June 11, 2009, Mr. Rosen reported that “the Central Intelligence Agency has learned, through sources inside North Korea,” that Pyongyang was likely to respond to a United Nations resolution condemning its nuclear and missile tests with more tests and other measures. The news was no surprise, but C.I.A. officials were furious that a top-secret analysis had been leaked almost instantly, according to a former government official. (A Fox News spokesman said Mr. Rosen declined to comment.)

When F.B.I. agents questioned Mr. Kim, he claimed he had spoken to Mr. Rosen only once. He admitted to more contacts only after agents confronted him with evidence, according to court filings. His trial is probably months away; if convicted, Mr. Kim, 43, could be sentenced to 15 years in prison.

If there were any doubts inside the administration about proceeding with the leak crackdown, they appear to have evaporated with the rise to prominence last year of WikiLeaks, which invites disclosures by the terabyte. The group’s efforts have only hardened officials’ conviction that leaks must be deterred with the threat of prison.

Lisa O. Monaco, a Justice Department official awaiting Senate confirmation as head of the department’s national security division, testified last month that “it would be my priority to continue the aggressive pursuit of these investigations” because leaks do “tremendous damage.” She noted that “twice as many” cases had been pursued in 18 months than in all previous administrations. No committee member questioned the effort.

For Mr. Kim’s sister, Yuri Lustenberger-Kim, a corporate lawyer, the charges against her brother are bitter recompense for his long service to American national security, and the espionage label is especially painful.

“My brother has spent all of his professional life trying to be a help to his country,” she said. “The idea that the prosecutors would think he would do, or did do, anything to hurt the United States is the farthest thing from reality they could charge.”

No matter what happens, she said, the charges already have been devastating for Mr. Kim, who has an 11-year-old son, and the rest of his proud immigrant family.

“This has sent my parents into deep sadness and anxiety, put more strains on Stephen’s marriage than a couple can bear, and ruined all he has worked for over his life,” she said.
https://www.nytimes.com/2011/06/18/u...cs/18leak.html





WSJ and Al-Jazeera Lure Whistleblowers With False Promises of Anonymity
Legal Analysis by Hanni Fakhoury

The success of Wikileaks in obtaining and releasing information has inspired mainstream media outlets to develop proprietary copycat sites. Al-Jazeera got into the act first, launching the Al-Jazeera Transparency Unit (AJTU), an initiative meant to "allow Al-Jazeera's supporters to shine light on notable and noteworthy government and corporate activities which might otherwise go unreported." AJTU assures users that "files will be uploaded and stored on our secure servers" and that materials "are encrypted while they are transmitted to us, and they remain encrypted on our servers."

On May 5, the Wall Street Journal (WSJ), a subsidiary of Dow Jones & Co., Inc., launched its own site, SafeHouse. That same day, the Atlantic published a story describing SafeHouse as a “secure uploading system” with “separate servers,” two layers of encryption, and a policy of discarding information about uploaders “as quickly as possible.” You can “keep yourself anonymous or confidential, as needed,” the SafeHouse site promises, as you “securely share documents with the Wall Street Journal.”

Immediately after its launch, however, online security experts ripped SafeHouse apart. The Atlantic published its story online at noon on May 5 and by 5 p.m., the page was updated with a link directing readers to the Twitter feed of Jacob Appelbaum, a security researcher and Wikileaks volunteer, who had already exposed an embarrassing number of security problems with SafeHouse.

EFF’s review of the legal side of these websites doesn't fare any better. While some of the more egregious technical problems with SafeHouse have been fixed since its launch, its terms of use haven't changed. We read through the Terms of Service for both SafeHouse and AJTU. Don't fall for the false promises of anonymity offered by these sites. Here's what you should know.

They Reserve the Right to Sell You Out

Despite promising anonymity, security and confidentiality, AJTU can “share personally identifiable information in response to a law enforcement agency’s request, or where we believe it is necessary.” SafeHouse’s terms of service reserve the right “to disclose any information about you to law enforcement authorities” without notice, then goes even further, reserving the right to disclose information to any "requesting third party,” not only to comply with the law but also to “protect the property or rights of Dow Jones or any affiliated companies” or to "safeguard the interests of others.” As one commentator put it bluntly, this is “insanely broad.” Neither SafeHouse or AJTU bother telling users how they determine when they'll disclose information, or who's in charge of the decision.

Whistleblowing by definition threatens "the interests of others." Every time someone uploads a scoop to SafeHouse, they jeopardize someone's interest in order to inform the public of what’s actually going on. That's the whole point. In the United States, submitting documents to journalists is protected speech under the First Amendment. But people in totalitarian countries cannot expose the secrets of their governments without breaking those governments' laws. And neither news outlet acknowledges that governments might abuse their police power to find out who leaked damaging information -- even here in the good old U.S. of A.

You Have to Make Promises No Whistleblower Can Keep

By uploading to SafeHouse, you represent that your actions "will not violate any law, or the rights of any person." By uploading to AJTU, you represent that you "have the full legal right, power and authority" to give them ownership of the material, and that the material doesn't "infringe upon or violate the right of privacy or right of publicity of, or constitute a libel or slander against, or violate any common law or any other right of, any person or entity."

This isn't a representation most whistleblowers can make honestly. The whole point of a leak is to expose internal information to the public. Even if your documents aren't stolen, you might be violating someone's rights.

SafeHouse further requires users to agree that WSJ can transfer the material to any country where Dow Jones does business. This means that the “law enforcement authorities” provision could even implicate laws of other countries with more intense internet monitoring, laws with which the whistleblower is unfamiliar. That makes it pretty hard to honestly claim that the content does not violate "any law."

Communications are Neither Anonymous Nor Confidential

Despite their public claims to the contrary, both SafeHouse and AJTU disclaim all promises of confidentiality, anonymity, and security.

SafeHouse offers users three upload options: standard, anonymous, and confidential. The “standard” SafeHouse upload "makes no representations regarding confidentiality." Neither does the “anonymous” upload which, as Appelbaum pointed out, couldn't technically provide it anyway. For “confidential” submissions, a user must first send the WSJ a confidentiality request. The request itself, unsurprisingly, is neither confidential nor anonymous. And until the individual user works out a specific agreement with the paper, nothing is confidential.

Similarly, AJTU makes clear that "AJTU has no obligation to maintain the confidentiality of any information, in whatever form, contained in any submission." Worse, AJTU's website by default plants a trackable cookie on your web browser which allows them “to provide restricted information to third parties.” So much for anonymity!

These Sites Don't Deliver What They Promise

It's understandable that news organizations would want to have access to news scoops provided by whistleblowers. That sort of competition is great. But these websites are misleading and based on our review of the fine print, use of them by people who risk prosecution or retaliation for bringing sunshine to corruption, illegal behavior, or other topics worthy of whistleblowing, is risky at best and dangerous at worst.

This article was co-authored by Leafan Rosen, law student at Rutgers Camden School of Law.
https://www.eff.org/deeplinks/2011/0...eblowers-false





When Hard Books Disappear

Hard books are on their way to extinction.

Biologists maintain a concept call a "type specimen." Every species of living organism has many individuals of noticeable variety. There are millions of Robins in America, for instance, all of them each express the Robin-ness found in the type of bird we have named Turdus migratorius. But if we need to scientifically describe another bird as being "like a Robin" or maybe "just a Robin" which of those millions of Robins should we compare it to?

Biologists solve this problem by arbitrarily designating one found individual to be representative and archetypical of the entire species. It is the archetype, or the "type specimen," of that form. There is nothing special about that chosen specimen; in fact that's the whole idea: it should be typical. But once chosen this average specimen becomes the canonical example that is used to compare other forms. Every species in botany and zoology has a physical type specimen preserved in a museum somewhere.

Books and other media creations are now getting their type specimen archive. The same guy who has been backing up the internet (yes the entire web!), and is racing Google to scan all books into digital files, has recently become concerned about the lack of a physical archive for all these digitized books. That guy is Brewster Kahle, the founder of the Internet Archive. Brewster noticed that Google and Amazon and other countries scanning books would cut non-rare books open to scan them, or toss them out after scanning. He felt this destruction was dangerous for the culture.

We are in a special moment that will not last beyond the end of this century: Paper books are plentiful. They are cheap and everywhere, from airports to drug stores to libraries to bookstores to the shelves of millions of homes. There has never been a better time to be a lover of paper books. But very rapidly the production of paper books will essentially cease, and the collections in homes will dwindle, and even local libraries will not be supported to house books -- particularly popular titles. Rare books will collect in a few rare book libraries, and for the most part common paper books archives will become uncommon. It seems hard to believe now, but within a few generations, seeing a actual paper book will be as rare for most people as seeing an actual lion.

Brewster decided that he should keep a copy of every book they scan so that somewhere in the world there was at least one physical copy to represent the millions of digital copies. That safeguarded random book would become the type specimen of that work. If anyone ever wondered if the digital book's text had become corrupted or altered, they could refer back to the physical type that was archived somewhere safe.

But where? The immediate answer is: in cardboard boxes, stacked five high on a pallet wrapped in plastic, stored 40,000 strong in a shipping container, inside a metal warehouse on a dead-end industrial street near the railroad tracks in Richmond California. In this nondescript and "nothing valuable here" building, Brewster hopes to house 10 million books -- about the contents of a world-class university library. The containers are stacked two high and are plumbed to remain at 30% humidity. Together with their triple waterproofing (plastic, steel container, steel roof), they will remain dry even in short periods of neglect.

But he is archiving more than just the paper books. Even digital versions are physical in some way. So the Internet Archive is also storing in these interior shipping containers the tapes of the previous versions of digital scans, and the hard discs of today's scans, leaving room for the physical form of whatever media platform is next. There will be a next, Brewster says: "When they were making microfilm of books, they thought they would never have to rescan them. When they were being scanned at 300 dpi, they thought they would never have to scan them again. We know someday these books will be rescanned. They will be waiting here in boxes."

The big idea that EVERY digital form ultimately rests in a physical form is a deep truth that needs to be understood more widely. From Brewster's summary of the project:

Quote:
As the Internet Archive has digitized collections and placed them on our computer disks, we have found that the digital versions have more and more in common with physical versions. The computer hard disks, while holding digital data, are still physical objects. As such we archive them as they retire after their 3-5 year lifetime. Similarly, we also archive microfilm, which was a previous generation’s access format. So hard drives are just another physical format that stores information. This connection showed us that physical archiving is still an important function in a digital era.
The books are not meant to be retrieved one by one, but as a collection, by the pallet full, say. But they are stored with the idea that they will be needed eventually.

The specs of this multilayered system:

Quote:
Books are cataloged, and have acid free paper inserts with information about the book and its location. Boxes store approximately 40 books with labeling on the outside. Pallets hold 24 boxes each. Modified 40′ shipping containers are used as secure and individually controllable environments of 50 or 60 degrees Fahrenheit and 30% relative humidity. Buildings contain shipping containers and environmental systems. Non-profit organizations own and protect the property and its contents. Buildings contain shipping containers and environmental systems.
This past Sunday this long-term archive for paper books was opened to visitors. The current capacity is about half a million books. Many of the books were bought for almost nothing on the used book market, and others were collections of books donated by book lovers. The Archive is looking for more collections to scan and store. It costs about ten cents per page to track, catalog and scan a book. One advantage owning the books they scan is that it gives them a small edge in claiming the right of fair use for the digital copy they make. They try to have scans of only books they own.

A prudent society keeps at least one specimen of all it makes, forever. It still amazes me that after 20 years the only publicly available back up of the internet is the privately funded Internet Archive. The only broad archive of television and radio broadcasts is the same organization. They are now backing up the backups of books. Someday we'l realize the precocious wisdom of it all and Brewster Kahle will be seen as a hero.
http://www.kk.org/thetechnium/archiv...hard_books.php





Why Content Isn’t King

How Netflix became America’s biggest video service—much to the astonishment of media executives and investors
Jonathan A. Knee

Netflix famously engenders fierce loyalty from its ever-growing customer base. This year, it even beat out reigning champion Apple, among 528 other brands, in Brand Keys’ annual survey of customer loyalty. In more-rarefied circles, however, the company provokes equally intense but quite different emotional reactions. Among traditional-media executives and investors who like to bet on the fall of high-flying stocks, Netflix’s continual share-price appreciation and accelerating subscriber growth have sparked aggravation and even anger. Last December, Time Warner CEO Jeff Bewkes famously likened the relentless march of Netflix to the Albanian army’s trying to “take over the world.” That same month, in a widely read 7,000-word missive, the respected investor Whitney Tilson provided an exhaustive justification for making a huge bet against Netflix, and then had to cover his short position after the stock reached a new high a couple of months later.

Netflix recently announced that with nearly 23 million U.S. users, it is now the largest video service in the country. Most observers expect the company to have more than 30 million subscribers by the end of the year, generating well over $3 billion in annual revenues. Arguments abound about why Netflix should not be as successful and as highly valued as it is. But the animating force of the perceived Netflix Paradox is disbelief that a company that does what Netflix does can thrive amid the wreckage of the media industry. Netflix is primarily in the business of aggregating entertainment content created by other companies and selling access to it as a subscription service to consumers. In a media culture committed to the proposition that “Content is king,” the robust success of a mere redistributor is something incomprehensible and, frankly, a little unnerving, especially while those responsible for the creative lifeblood that flows through its veins struggle for profitability.

In fact, the dirty little secret of the media industry is that content aggregators, not content creators, have long been the overwhelming source of value creation. Well before Netflix was founded in 1997, cable channels that did little more than aggregate old movies, cartoons, or television shows boasted profit margins many times greater than those of the movie studios that had produced the creative content. It is no coincidence that although, say, 90 percent of the public discourse surrounding Comcast’s recent $30 billion acquisition of NBC Universal involved the Conan O’Brien drama or the shifting fortunes of Universal Pictures, in reality, 82 percent of the new company’s profits come in through the cable channels.

The economic structure of the media business is not fundamentally different from that of business in general. The most-prevalent sources of industrial strength are the mutually reinforcing competitive advantages of scale and customer captivity. Content creation simply does not lend itself to either, while aggregation is amenable to both.

Take scale. Because making a blockbuster movie is expensive, people assume that it is a scale business—that is, the bigger you are, the more cheaply you can produce something. But the defining characteristic of scale is high fixed costs that can be spread most efficiently by the largest player. Moviemaking is not this kind of business. The cost of a blockbuster does not vary based on the size of the studio producing it. Creating hit-driven content in any medium does not require significant fixed costs. Some series-based or other kinds of continuously produced content may have a larger fixed-cost component, but they are the exception, not the rule. Aggregation, on the other hand, by its nature requires a large fixed-cost infrastructure to collect, manage, market, and redistribute content. This is why a cable channel with 20 million subscribers loses money but an identical one with 100 million subscribers might have 50 percent margins.

Customer captivity—the “stickiness” of the company-to-consumer relationship—is similar. If Universal had a successful slate of movies last year, customers aren’t more likely to seek out Universal films this year. Again, series or franchise films may be slightly different, but even with that content, the company is much less likely than the talent to be able to reap the benefits of captivity. Just ask the producer at Lionsgate responsible for negotiating with Mad Men mastermind Matthew Weiner, or the Sony executive in charge of enticing Tobey Maguire to make Spider-Man 4, or whoever at Viacom has the unenviable task of discussing new contract terms with the cast of Jersey Shore. Contrast the lack of customer captivity among pure content companies with the leverage cable companies seem to enjoy, by virtue of their loyal viewership, when they threaten to pull their signal from a cable operator.

Time was when the content giants in the movie, music, and book industries could earn superior returns. But their ability to do so had nothing to do with content’s being king. It was a function of the scale and captivity inherent in their aggregation business: the massive marketing and distribution networks that they rented out to smaller, independent content producers, often at usurious rates. The decline of these enterprises does not reflect any change in the nature of content generation—it was as unattractive a business then as it is now. Instead, their decline reflects the loss of their advantages in aggregation—a loss resulting from a combination of external forces and self-inflicted wounds.

The obvious external force has been advances in technology. One reason that every major book publisher owns huge, half-empty warehouse and distribution facilities is that more books are being delivered electronically. The impact of technology on the music industry is the stuff of legend at this point, but even if companies had discovered a sustainable piracy-free pricing model for digital distribution, the business would still be less attractive than before. Without the fixed-cost requirements associated with producing and distributing CDs and managing racks at Tower Records, the barriers to entry into music-selling are not what they used to be. The detriment of increased competition from newcomers simply outweighs the benefit to established businesses of lower fixed costs.

It would be a mistake to give media managers a pass based on technological developments beyond their control. In industries like media, where a few large players share the same advantages of scale, the key to long-term success is avoiding destructive competition in pricing, costs, and capacity. In the mostly forgotten era of the MCA/Universal chief Lew Wasserman, being a media mogul meant enforcing a culture of informal cooperation, where the bottom line mattered more than one-upping your peers. Wasserman was not literally “the Last Mogul,” as multiple biographers have dubbed him, but he may have been the last one who didn’t think the defining genius of moguldom was out-bidding all the other moguls for the hottest talent, technology, or property of the moment. While technology has certainly accelerated the challenges of the book industry, the mindless race to build more and better warehouse and distribution facilities ensured chronic industry overcapacity, even before the advent of Amazon or e-book readers. Similarly, a culture that rewards “stealing” established authors from competitors the old-fashioned way—by overpaying—will never earn its shareholders a decent return, regardless of the technological environment.

Netflix’s success in streaming video is therefore hardly paradoxical. The company sits squarely in the tradition of the most-successful media businesses: aggregators with strong economies of scale and customer captivity. Netflix used its leading position in its legacy subscription business to quickly develop scale in the streaming business. The company had fewer than 9 million subscribers in 2008, when it began offering video streaming directly to the TV for its existing customers. That move has spurred 10 consecutive quarters of accelerating subscriber growth, and it supported the introduction of a streaming-only service last November. Netflix’s ability to spread the fixed costs of content, marketing, and technology across a subscriber base vastly larger than any other competitor’s is continually reinforced by superior customer service, a powerful recommendation engine, and a great, habit-forming product.

Even if the Netflix business model is not original, some cultural and structural aspects do distinguish it from most media companies. Culturally, it is a remarkably well-run company that takes pride in both its operating efficiency and its customer focus. CEO Reed Hastings’s 128-slide PowerPoint presentation on Netflix corporate culture has been viewed by well over 720,000 people, presumably not all employees. By contrast, media-content companies seem to feel that efficiency necessarily suggests a lack of commitment to artistic integrity. Media-distribution companies, particularly in the cable and telephony markets, have among the worst customer relations in any industry: J. D. Power ranked the cable companies 18th out of 19 industries in service. And most media aggregators, such as cable channels, structurally act as wholesalers, whose customers are not the individual consumers but the cable operators who manage the pipe to the home. Netflix is the rare aggregator that manages the direct customer relationship itself, which allows it both to excel in customer service and to perfect the product by harnessing customer feedback.

These company characteristics are unusual, and yet they hardly constitute a puzzle. But whenever the evidence contradicts conventional media-industry wisdom, the media cognoscenti aggressively resist any reassessment. Better to dismiss any uncomfortable fact as a “paradox” and move on. The media analyst Craig Moffett coined the term “Dumb Pipe” Paradox to describe the fact that a shift of consumer habits from cable television to online video streaming could actually help the economics of the cable operators. Moffett correctly pointed out that cable companies would be far better off if they could charge customers based on direct bandwidth usage from video streaming without having to invest in cable boxes. Only in the media industry, however, would it seem a paradox that owning the exclusive broadband pipe into the home at a time of exploding usage makes for a good business. Relying on dumb pipes instead of expensive content or talent is always the smart bet.

Netflix may indeed be overvalued: as the company acknowledges in its candid public filings, it is certain to face more rather than less competition. Retailers like Walmart, various content companies with their Hulu joint venture, distribution companies like Dish Network, and Internet stalwarts like Amazon have either launched or announced a competing subscription product. In each case, the company involved is starting way behind, and in most cases it’s had limited experience either managing subscribers or developing compelling aggregated entertainment. Consider Amazon’s recent foray: its Amazon Prime product has far fewer subscribers than Netflix (estimates are around 5 million). Furthermore, those subscribers are largely paying for “free” shipping of books and electronics, so they make up a different market from those who are primarily interested in a video-streaming service. Amazon Prime provides much less content and saves a user who’s primarily interested in streaming video just over $1 a month from what Netflix charges. As the subscriber base supporting the Netflix marketing machine gets larger, offering consumers a competitive proposition of price and product will only become harder.

Some have pointed to Netflix’s recent announcement that it will finance a new original series as an indication that the company knows the jig is up. Content providers will come to their senses and no longer sell Netflix so many of their valuable streaming rights, the argument goes, and that’s why Netflix is going into the content business. Netflix has always relied on a deep inventory of long-tail content, sprinkled with some newer material, and a great recommendation engine. The company’s willingness to finance a new original series, as part of the tapestry that makes up the Netflix experience, does not make it primarily a content player—any more than the exclusive 101 Network makes DirecTV one. Netflix needs to offer only a very small portion of newer releases to support its overall value proposition; those who would compete with it for exclusive streaming rights do so with far fewer subscribers funding the bid. Netflix will very likely be able to secure more than enough content to keep its customers happy.

Investors and media companies who write off Netflix’s success as ephemeral—a function of a one-off content deal that will not be renewed, or of short-term user euphoria, for instance—will be disappointed. Netflix flourishes because of deep-seated competitive advantages fully appreciated and exploited by superior management. Media companies that fail to recognize the true size of the barriers to entry in aggregated streaming video are likely to make matters worse for themselves. Rather than denying the relevance of this new force, they should focus on how to manage it. Investors looking for media companies to bet against would probably do better to focus on those that dismiss Netflix rather than on Netflix itself.
http://www.theatlantic.com/magazine/...7-t-king/8551/





Netflix Sued for Lack of Captions on Streaming Videos
Ryan Lawler

CNN isn’t the only company being targeted by rights activists for lack of captions in its video streams; Netflix also is being taken to court over not providing accessible videos for the hearing impaired. In a lawsuit filed Thursday, the National Association of the Deaf (NAD) accused Netflix of violating the Americans with Disabilities Act (ADA) by not providing captions for most of its streaming videos.

According to the lawsuit, the ADA requires that all “places of entertainment” provide “full and equal enjoyment” for people with disabilities. The NAD seeks to classify Netflix’s streaming website and associated consumer electronics applications under those terms, making it in violation of Title III of the ADA.

The lawsuit was filed despite work Netflix has done over the last several years to add captions to its streaming titles. It first announced the availability of captions on a limited number of streaming titles last spring, but it has been slow going: In February, Netflix announced it had added captions to titles that account for about 30 percent of all streaming, with plans to expand to 80 percent by the end of the year.

In a statement, Arlene Mayerson, Directing Attorney of the Disability Rights Education and Defense Fund said:

“There is no excuse for Netflix to fail to provide captions so that deaf and hard of hearing customers have access to the same movies and TV shows as everyone else… Netflix admits that there is no technological issue. For people who are deaf and hard of hearing, captions are like ramps for people who use wheelchairs.”

Netflix might disagree with the characterization, as it has been pretty vocal about the technological barriers that exist to adding captions. Two years ago Netflix Chief Product Officer Neil Hunt outlined the difficulty it faced in adding Synchronized Accessible Media Interchange (SAMI) files to its video assets, for instance.

Client support is better now, enabling Netflix to reach PCs as well as the Sony PlayStation 3, Nintendo Wii, Google TV-powered TVs, Blu-ray players and set-top boxes and the Boxee Box. But it still has a challenge in adding subtitles to new devices. While Netflix’s iPad and iPhone apps recently added captions, support for other CE devices — like the Microsoft Xbox 360 and Roku box — won’t be available until later this year.

Netflix isn’t the only streaming provider that is being hit with such a lawsuit: Earlier this week, the Greater Los Angeles Agency on Deafness (GLAD) and four individual plaintiffs filed suit against CNN for violating California’s Civil Rights Act by not providing captions. That lawsuit seeks class action status for all deaf and hard of hearing residents in California, and is seeking statutory damages from CNN parent Time Warner.

The Netflix lawsuit was filed on behalf of the 36 million Americans that are either deaf or hard of hearing. In addition to NAD, the Western Massachusetts Association of the Deaf and Hearing Impaired and Lee Nettles, a deaf Massachusetts resident, were also named as plaintiffs in the suit, which was filed in U.S. District Court in the District of Massachusetts, Western Division.

Netflix has declined comment on the lawsuit, saying it doesn’t comment on legal issues.
http://gigaom.com/video/netflix-captions-lawsuit/





Watch It Later: Squrl Is Your Video Queue on the Web, iOS & Apple TV
Jennifer Van Grove

Those who appreciate the on-demand and platform-agnostic news-reading experience engineered by Instapaper or Read It Later may come to find immense utility in Squrl, a video curation platform for watching videos on your own time.

Squrl, which refers to itself as a “watch-later” video service, is updating its web and mobile offering Tuesday to make it even easier for users to collect, organize and access videos on the web, using the iOS app or via Apple TV.

With the update, Squrl users will have access to a host of updates including better video discovery tools, new community and sharing features, the ability to access their existing YouTube playlists and a “Play All” option in the iPad app for continuous playback of videos in a playlist.

“Users can unlock a powerful video curation platform that makes it easy to discover community-driven video galleries across a wide range of topics, and the ability to watch video through the eyes and collections of others,” explains Mark Gray, co-founder and CEO of Squrl.

App users can also now minimize videos and continue watching them while also browsing through the application. Plus, video playlists in the iOS apps are AirPlay-compatible, meaning users can push their curated playlists to their television sets and watch them via second generation Apple TV.

Squrl is a bootstrapped startup with free apps for web, iPhone and iPad. Apps will also be available for several Android tablets.
http://mashable.com/2011/06/14/squrl/





Study: DVR, Set-Top Box Use Most Energy at Home
Erica Ogg

The Natural Resources Defense Council has ranked the biggest energy hogs in the home, and the thing that's gobbling up the most is probably not what you think: the pairing of your digital video recorder and set-top box.

The environmental monitoring group released a study today that says that a high-definition cable or satellite set-top box when combined with a high-definition DVR uses up 446 kilowatt hours per year. That's more than a new Energy Star rated 21 cubic-foot refrigerator, which uses 415 kWh per year, according to the NRDC's data.

The combination of an HD DVR and an HD cable or satellite box in a house wastes many hours of energy even when not in use, the group found. The study reports that it costs American consumers more in electricity bills per year when they're not using their DVR and set-top box than when they are: $2 billion a year versus $1 billion a year collectively.

The group estimates that there are 160 million set top boxes currently installed in U.S. homes, and together they emit 16 million metric tons of carbon dioxide every year.

Among the different types of set-tops the NRDC tested, streaming only devices (Roku, Apple TV), and standard-definition receivers consumed much less power than HD receivers and HD DVRs.

The problem, the NRDC says, is that many of these set-tops do not have a low-power mode, like a cell phone or a laptop. Hitting the "off" button will typically dim the clock or display, but will not actually turn the device off or even reduce a significant amount of power that it's using in "sleep mode."

"We've improved the efficiency of all sorts of electronics--from TVs to video game consoles," said Noah Horowitz, senior scientist and director of the Center for Energy Efficiency. "It's just as possible to improve the efficiency of our DVRs and other pay TV boxes. But they're not going to build a better mousetrap unless we, the consumers, demand it."

Horowitz suggests consumers can ask their TV service providers that issue set-top boxes, Comcast, DirecTV, Dish Network, Time Warner, and others for Energy Star 4.0-rated devices in order to cut back on electricity use and save money on their monthly bill.
http://news.cnet.com/8301-31021_3-20...nergy-at-home/





TV Time Tied to Diabetes, Death

People who spend more hours in front of the television are at greater risk of dying, or developing diabetes and heart disease, with even two hours of television a day having a marked effect, according to a U.S. study.

Every day, U.S. residents spend an average of 5 hours watching television, while Australians and some Europeans log 3.5 to 4 hours a day, said researchers led by Frank Hu, at the Harvard School of Public Health.

"The message is simple. Cutting back on TV watching is an important way to reduce sedentary behaviors and decrease risk of diabetes and heart disease," Hu said.

People who sit in front of the television are not only exercising less, they are likely eating unhealthy foods, he added.

"The combination of a sedentary lifestyle, unhealthy diet and obesity creates a 'perfect breeding ground' for type 2 diabetes and heart disease."

This is not the first study to associate TV time with ill effects. Many studies have found a strong link to obesity, and one 2007 report found that more TV time was associated with higher blood pressure in obese children.

Another study that same year found that overweight children who watch food advertisements tend to double their food intake.

For the new study, published in the Journal of the American Medical Association, Hu and his team reviewed 8 studies examining the link between television time and diseases, that in total followed more than 200,000 people, for an average of 7 to 10 years.

Hu and his colleagues found that for every two hours of daily television that people watched, their risk of diabetes increased by 20 percent, while their risk of heart disease rose by 15 percent.

Each two hours of television per day increased the risk of dying by 13 percent.

Based on those results, Hu and his team estimated that, among a group of 100,000 people, reducing daily television time by 2 hours could prevent 176 new cases of diabetes, 38 cases of fatal cardiovascular disease, and 104 premature deaths -- every year.

All of the studies in the analysis made sure that participants didn't have a chronic disease, because people who were generally less well might be more likely both to watch many hours of TV and to experience diabetes, heart disease or premature death.

But Hu and his team cautioned that it's possible some people had undetected forms of disease at the start of the studies, influencing the findings.

The study cannot prove that TV watching alone raises the disease risk, nor can it identify what about TV watching might have an impact.

"It's true that people who watch a lot of TV differ from those who watch less, especially in terms of diet and physical activity levels," Hu said.

He added that people who watch a lot of television are more likely to eat junk food. But unhealthy diet and inactivity are also consequences of prolonged television watching, so they explain some of the adverse effects of the sedentary behavior. SOURCE: bit.ly/4HWZ7 (Reporting by Alison McCook at Reuters Health, editing by Elaine Lies)
http://www.reuters.com/article/2011/...7HF05420110615





Security Alert: Malware Found Targeting Custom ROMs (jSMSHider)
Tim Strazzere

Recently we discovered a new Trojan in the wild, surfacing in alternative Android markets that predominately target Chinese Android users. This Trojan, which we’ve dubbed jSMSHider due to the name used inside the APK, predominantly affects devices with a custom ROM. Custom ROMs are custom built versions of Android, which have been released by third-party groups. The manufacturer or carrier do not traditionally endorse custom ROMs. (If you do not know what a custom ROM is, and do not think you’ve downloaded a custom ROM, you are probably not affected.)

Who is Affected

To date, we have identified eight separate instances of jSMSHider and because the distribution is limited to alternative app markets targeting Chinese Android users, the severity for this threat is low. This Trojan, jSMSHider, predominantly affects devices where the owner has downloaded a custom ROM or rooted phone.

Due to where the malware was found and the limited number of devices the malware could infect, we believe the impact to be limited. All Lookout users are automatically protected from this malware.

How it works

The application follows the common pattern of masquerading as a legitimate application, though a few extra permissions have been added. At first glance, it appears like other recent Android Trojans that tries to take control over the mobile phone by rooting the phone (breaking out of the Android security container), but instead jSMSHider exploits a vulnerability found in the way most custom ROMs sign their system images. The issue arises since publicly available private keys in the Android Open Source Project (AOSP) are often used to sign the custom ROM builds. In the Android security model, any application signed with the same platform signer as the system image can request permissions not available to normal applications, including the ability to install or uninstall applications without user intervention.

In the case of jSMSHider, it installs a secondary payload onto the ROM, giving it the ability to communicate with a remote server and receive commands. If a device is signed with a same platform signer found in the AOSP, the malware can transparently install the second stage payload without user intervention. If the signers do not match, then the application will request the root permission, which on most custom ROMs will prompt the user to grant permission to the application.

If jSMSHider successfully installs the second stage payload, we mapped the capabilities that the malware can perform, which include:

• The ability to read, send and process incoming SMS messages (potentially for mTAN interception or fraudulent premium billing subscriptions)
• Installing apps transparently on ROMs with a platform signer from the AOSP
• Communication with a remote server using DES encryption and base64 encoding with a custom alphabet
• Dynamic C&C server addresses and check-in frequency
• Download an application from a URL and perform a silent install or update of the APK
• Open a URL silently in the background (using the device’s default User-Agent)

To connect to its command and control server, the malware uses multiple subdomains, including:

• xmstsv.com
• namely srv.xmstsv.com
• srv1.xmstsv.com
• srv2.xmstsv.com.

In three of the samples found, we saw that if jSMSHider cannot successfully install the secondary payload, it can still send SMS messages and open a URL silently in the background. We will update this post with a link to the full teardown.

How to Stay Safe

Lookout Free and Premium users are automatically protected from this threat and do not need to take further action. If you have downloaded a custom ROM, you may be at risk to this threat or future threats that use this vulnerability to gain access to your phone. We recommend that you update your custom ROM if an update is available. We contacted and have worked with developers of some prominent custom ROMs to help them patch this issue. Again, if you don’t know what a custom ROM is you probably don’t have one and are safe.
http://blog.mylookout.com/2011/06/se...oms-jsmshider/





IBM Didn’t Invent the Personal Computer But They Don’t Know That.
Robert Cringely

We’ve been away for a few days celebrating Fallon’s fifth birthday in Orlando where the preferred destination has shifted from Disney to Universal Studios, source of all things Harry Potter. While we were away, IBM celebrated its 100th birthday by claiming, among other things, to have invented the personal computer, soiling the legacy of Ed Roberts and pissing-off all real geeks in the process. Here’s a video in which you’ll see IBM’s VP of Innovation innovating his way to this completely bogus claim at the 2:37 milepost.

This sin shall not go unpunished.

Among his milestones IBM’s VP of Innovation completely forgets to mention the company having helped automate the Third Reich.

And while IBM was celebrating other noteworthy achievements, a reader pointed out to me what he thought was an IBM data breach:

“My wife and I are Health Net customers. A month or so ago we received a letter from Health Net saying that their contractor, IBM, had been hacked and that our medical records including SS# had been stolen… You can imagine how I feel about it. I’m in favor of the bin Laden treatment for the hackers and serious bitch slapping for everyone else concerned, from the pointy haired managers to the OS pukes who have refused to create secure systems despite knowing how to do it. The people who have resisted IPv6, which provides authentication, over the last decade are another good target for serious bitch slapping. Someone said that the primary reason the computer industry advances is ridicule of second rate technology. Ridicule of insecure systems and networks is desperately needed.”

To be fair to Big Blue, it appears their system wasn’t hacked in the manner we’ve been discussing lately and IPv6 had nothing to do with it. Rather, in March IBM discovered nine disk drives were physically missing from the Health Net data center it runs in Rancho Cordova, CA. The drives contained personal and health data on 1.9 million of Health Net’s six million customers.

We’ve grown so unsensitized to these data losses that 1.9 million doesn’t seem a very big number anymore. And this particular data loss, since it doesn’t involve some invisible hand reaching through the wire, seems somehow less invasive. That surely must have been the way Health Net felt about it, given this particularly callous sentence from their press release about the loss: “While the investigation continues, Health Net has made the decision out of an abundance of caution to notify the individuals whose information is on the drives.”

Doesn’t this imply that Health Net believes that informing us of the loss of our medical data is optional?

Time for all you HIPAA lawyers out there to tell us what right we have to know when our personal health data has been stolen. Was Health Net just trying to spin this story in a smarmy direction or do they actually have no obligation to tell us?

As for IBM, this loss happened on their watch so what did they do about it? HealthNet outsourced its IT to IBM. IBM outsourcing involves a long check list of things to do to each server to lock it down and make it easier to support. IBM techs install support tools like antivirus and backup. Since they inherit network and application designs from the customer, IBM doesn’t guarantee they are hack proof.

Did you know that? I didn’t.

IBM tries to find problems, I’m told, bring them to everyone’s attention and they try to fix them. Sometimes a problem can’t be fixed or won’t be fixed in which case IBM writes a “risk letter” documenting Big Blue’s concerns and the business risks to the customer.

That’s what is supposed to happen. What really happens is usually a bit different. These days most IBM contracts are under funded to the point of being irresponsible. There may not be time or funding to do basics like securing the servers. With offshoring on top of outsourcing, very inexperienced people in foreign locations are doing much of the support work remotely.

But you can’t blame the physical theft of nine disk drives in Rancho Cordova on an entry-level support guy in Pakistan. This story appeared in Computerworld back in March and then quickly disappeared. I’d like to know what the Hell happened? Wouldn’t you?
As far as I can tell IBM never said a word on the subject.
http://www.cringely.com/2011/06/ibm-...ont-know-that/





Is This the Golden Age of Hacking?

Stewart Mitchell reveals how guerrilla groups, a recession and ever more complex networks are creating a boom time for hackers

Hacking dates back to the pre-internet era, but with a seemingly continuous wave of attacks hitting the public and commercial sectors there has never been a more prodigious period for hackers.

In only the past few weeks, Sony alone has been breached no fewer than 16 times, CitiGroup has seen its servers hacked and Google has pointed the finger at China for targeted attacks on Gmail.

That’s not all. A recent breach of RSA’s verification system led to further attacks on defence company Lockheed Martin, while in the past few days the International Monetary Fund has admitted its network was breached and the NHS saw its security flaws exposed by a hacker group posting details on Twitter.

Where mainstream alerts used to be rare, they are now daily news fare. But what is behind this unprecedented level of attacks? Security professionals warn of a perfect storm of better-informed hackers, more accessible networks and corporate cost cutting – never before has it been so hard to secure a network. And that's without an outbreak of state-driven cyber warfare. Are we embarking on a golden age of hacking?

Rise of the Social Hacker

Hackers use social networks and bulletin boards to club together into groups such as Anonymous and Lulz Security – and from these platforms they publicise their work, highlight vulnerabilities and exploit a WikiLeaks-inspired wave of public civil disobedience.

“It is something of a golden age because there are so many issues and people are highlighting those issues more than ever,” said Kevin Wharram, a senior security consultant at the Financial Services Authority. “A lot of this stems from WikiLeaks, because people suddenly realised there's much more information around and they're interested in what information they can get.”

Ease of access to tools has also led to an explosion in the numbers of people actively looking for companies with weakened defences; whereas a break-in might previously have been opportunistic, current attacks are far more methodical.

“In the past, there might have been lot of houses in the street with the same vulnerability, but no-one was going along and knocking on all those doors,” said Wharram. “But now they have been highlighted, so people are looking to expose more data.”

Twitter has also provided a highly visible noticeboard for hackers, many of whom are primarily motivated by the kudos of being the first to discover a vulnerability and expose companies that haven't patched publicised weaknesses. Lulz Security, for example, was virtually unheard of until it hacked into Sony Pictures at the beginning of June and now boasts 130,000 followers. Perfect fodder for anyone with an appetite for attention and a set of hacking skills they wish to show off.

Security experts remain suspicious of hacking groups because they cannot be sure of their motives, and even suspect they might be connected to other security companies. “You wouldn't even know who it is – it's just like a front,” said Wharram. “The Anonymous guys are a group, but they are claiming to be anonymous so they can work around the world.

“For all we know, it could be security people that are involved - you could have someone saying to the NHS 'You have a security problem', and then a security company going in and saying they can fix it. You actually never know.”

The hackers are aided by a support network that sees the latest vulnerabilities posted and traded on forums, with tools available to automatically sweep networks to see whether they are protected against certain attacks.

“Hackers use Twitter and Facebook, but also IRC and bulletin boards, and there are loads of sites that make it easy to discover information about current threats,” said Jonathan Care, director of security company Lacunae Risk. “It's often automated and the system will scan for information about current weaknesses and post it – there's more information available to hackers.”

Huge Rewards

The rose-tinted portrayal of hackers is that they highlight security issues to embarrass companies into rectifying problems. Yet, there's an equally active – if less vocal – breed of hacker that is in it purely for the money and shuns the limelight.

Whether it's harvesting and selling credit-cards details – such as those reportedly stolen in the 77 million-account strike on Sony - or stealing corporate information to order, a successful attack can be hugely lucrative for its perpetrators.

“I suspect the rewards these days are higher,” said Paul Bradbury, an independent security consultant. “Who would have thought that Sony's stock price could be impacted so heavily by a hacking attack? [It fell by almost 4% in the week following the initial attack.] That may well be funded by a competitor or commercial motivation.”

“As the rewards from hacking increase, there will be more hacking,” added Bradbury. “However, the term 'hacking' is too much of a pleasantry for what is really going on here - plain old-fashioned extortion and theft.”

With the rewards increasing, hackers are willing to play the long game, taking weeks or months to put together a multi-layered attack. The RSA attack is a prime example: the company admitted to a security breach that may have left details of its two-tier authentication products in the hands of hackers, who could then target other companies.

“If the rumours around the lifting of the RSA data for security devices are correct, then we are seeing 'strategic co-ordinated' hacking attacks,” said Bradbury. “Lifting tools from RSA to enable a targeted hack on Lockheed Martin... this is much more sinister than a group of geeks breaking into a central system and leaving a message alerting people to security flaws. We are talking the difference between casually walking across someone's lawn and deliberately breaking and entering and stealing from their house.”

Recession Bites Security Budgets

The biggest complaint levelled at Sony during this surge in attacks has been that it doesn’t take security seriously enough, but it is far from alone. One of the key catalysts for the increase in hacking stems from senior management being unwilling to spend money on security because there’s no tangible gain.

“It's all about cost. It's not enough to have a firewall and a burglar alarm - you need people to monitor them and they cost money too, and at the moment companies don't want to spend money on security,” said Care. “If there is spare money for IT, then bosses would rather see it spent on a faster database that does something for the company than on security, which isn't so visible.”

It's the extension of an old problem in which the boardroom fails to recognise the needs of the IT department – and it gets worse in a recession. “It all comes down to senior management,” said Wharram. “No matter what you do at the bottom level, it's not going to work if they don't give you the backing and support. And often it's not a priority – more a case of tick-box compliance.”

That makes life frighteningly easy for hackers to gain access to corporate systems, and although the rash of show-and-tell hacks from groups such as Lulz and Anonymous might cause embarrassment, the alternative is worse.

“With someone like Lulz, where they are posting their findings, there's not that much for them to gain,” said Wharram. “It's the attacks that aren't made public that are more worrying, because they are from people that might do more damage.”

“A lot of organisations have been infiltrated and they don't even know it. If you look at the Stuxnet attack, that was around for nine months before they even knew about it, and that was for a nuclear programme.”

For a company that relies on intellectual property or product development, such a stealth attack could prove catastrophic. “These incidents could bring down a company,” said Wharram. “Take a company developing a game, for example, and think about how much it costs to develop. If somebody steals it and brings it to market quickly, then they might catch the intellectual property before it's protected and that could bring them [the games company] down. Corporate espionage is very hard to manage.”

Global Hacker Conventions

The lack of global law enforcement is another key incentive. Hackers operating in Asia can launch an attack on the West with impunity (and vice versa), knowing that cross-border legal processes are likely to keep them safe.

Although some countries are quick to share information and deport or extradite suspects, other states, particularly China, stand accused of actively assisting hackers. Others lack either the motivation, funding or technical expertise to clamp down on high-tech crime.

And it’s not only foreign countries who aren’t adequately equipped to investigate e-crime. “The Ministry of Defence is recruiting experienced cyber professionals, but there aren't enough cyber security experts in this country,” said Care. “The police here are making an effort but cross-border enforcement is a real challenge, especially where foreign authorities don't seem interested.”

The Gmail attack was just the latest in a series of acts of alleged cyberwar. Government departments in the US, Britain, France and China have all blamed foreign sovereign states for attacks on various departmental systems.

The global threat posed by state-sponsored attacks is exacerbated by the fact that well-educated IT professionals have been left jobless as a result of the worldwide recession. “The recession has had a double-edged effect – there's less spending on security and a bigger threat,” said Wharram. “The reason that so many East Europeans are in hacking is because there are no jobs and so they are looking for money from selling the data.”

“The most popular trojans come from Russia, Eastern Europe and China, which really isn't so much looking for financial gain, but is looking for information. With Russian and Eastern Europe it's more financial.”

Networks Beyond Control

If access to vulnerability data and financial rewards give hackers every reason to go after company networks, infrastructure managers are making it even easier for the data thieves.

“We are building increasingly complex and integrated systems that use information from disparate data sources and the more complex the systems, the more opportunities there are for a hacker to find a loophole,” said Care.

He cites multiple internal servers and services that companies want to make available online – either internally or externally - as well as outposts of data collection from infrastructure monitors, as potential backdoors for hackers. “When you have environmental control systems, for example, it's cheaper because you can log into them from your office rather than going out to check on their status, but so can anyone else if the security's not right.”

The pace of change, and the pressure to get systems up and running as quickly as possible also means that networks aren't locked down as tightly as they should be, which can leave back doors open for hackers.

“Because of the pace of development there is a tendency to throw something up temporarily to get it working, but then its ends up being permanent,” said Care. “And there are often web services on these makeshift systems that draw on data from other web services.”

IT departments can also inadvertently highlight the fact they are vulnerable, posting “please help” requests online that act like a candle to a moth.

“I see people posting on bulletin boards or forums, using a company email address and they're saying: 'I'm having trouble deploying this program or that program’. That lets anyone else with access to that forum know they are deploying it and it's probably in a vulnerable state,” said Care.
http://www.pcpro.co.uk/features/3680...age-of-hacking





Deploying New Tools to Stop the Hackers
Christopher Drew and Verne G. Kopytoff

Trying to secure a computer network is much like trying to secure a building — the challenge is trying to screen out real threats without impeding the normal traffic that needs to go in and out.

And as the recent hacking attacks against Citigroup, RSA Security and Lockheed Martin show, even sophisticated security systems can be breached.

“We’re seeing an inflection point where the attackers are extremely smart, and they are using completely new techniques,” said Nir Zuk, the chief technology officer at Palo Alto Networks, a firewall company based in Santa Clara, Calif. “Every piece of content that you receive can attack you.”

Historically, the first line of computer defense, the firewall, is like the guard desk at a building. It scrutinizes the traffic going in and out of the system, looking for obviously suspicious characters.

Virtually every company also has antivirus software, which typically keeps an eye out for anything on a “black list” of well-known malware and prevents it from entering the computer system or causing havoc once inside. A more rare type of security grants access only to programs on a “white list” of safe software— the equivalent of allowing employees with ID cards to come and go as they please but preventing anyone else from entering.

But as hackers unleash ever-sneakier attacks, big corporations and government agencies are scrambling to deploy new tools and procedures to deal with all the delicate gray areas in between — the cool-looking new smartphone app, the funny Facebook link, the unknown foreign Web site. The flood of malicious software is also prompting renewed debate over how to balance access and protection.

“Right now, if an application is not known, we let it run,” said Peter Firstbrook, an analyst at Gartner, a research firm, referring to the prevailing view in most companies. “That’s the wrong thing to do.”

Companies like Symantec, the giant Internet security firm, are introducing services that assess the “reputation” of software, weighing factors like how old it is and how widely it is used to decide if it is safe. Other vendors are selling enhanced firewalls and products that can sniff out impersonators by detecting unusual file-usage patterns.

Nearly everyone agrees that a mix of defenses is vital, and that even so, some hackers will still slip through. Experts also say that the proliferation of smartphones, the growing workplace use of Facebook and other social media tools, and the shift toward storing more data in a computing cloud are providing new avenues for attackers.

Symantec’s chief executive, Enrique Salem, acknowledged at a conference in February that traditional antivirus scans “long ago failed to keep up.” As points of entry into corporate and government networks “proliferate on this seemingly insane trajectory,” he added, “so do the threats they attract.”

The growth in malicious software has been staggering, as criminal organizations seek to ferret out credit card numbers and other ways to make money and hackers in China and Russia are believed to be seeking national security secrets.

Last year, Symantec discovered 286 million new and unique threats from malicious software, or about nine per second, up from 240 million in 2009. The company said that the amount of harmful software in the world passed the amount of beneficial software in 2007, and as many as one of every 10 downloads from the Web includes harmful programs.

Unlike past blitzes of spam with clunky sales pitches, today’s attacks often rely on a familiar face and are extremely difficult to stop. In a practice known as spear phishing, hackers send e-mails that seem to come from co-workers or friends and include attachments that can release malware to steal passwords and other sensitive data. In other cases, malware can be activated when a Web link is clicked.

Some security experts say companies can better protect themselves against such attacks by expanding the use of “white lists,” which are currently in place in only 10 to 20 percent of the computers in large organizations.

Bit9, a Massachusetts company that offers such a white-list service, says it has millions of approved applications in its registry. Federal agencies, retailers, Wall Street firms and technology companies use its real-time monitoring services, which can be set to block unknown software or simply issue alerts about it.

Harry Sverdlove, Bit9’s chief technology officer, said its monitoring system stopped an attack on a national defense laboratory in March that was almost identical to the hacking that month at RSA Security, which eventually compromised the electronic security tokens that RSA sells to Lockheed and other corporations around the world.

Mr. Sverdlove said the attack on the lab came via an e-mail attachment with a heading implying that it was from the human resources department. He said a malicious file was embedded in the attachment, but the monitoring system stopped it when it noticed unauthorized activity.

Another strategy used to deflect attacks is to rate software based on its reputation. The technique, championed by Symantec, is supposed to be more flexible than strict white or black lists.

Symantec’s strategy is to rate software based on a number of factors including the file’s age and source. The company also checks data it collects from users about the kind of software they have on their computers. Software used by 100,000 people is more likely to be good, while a file that no one else has is more likely to be bad.

“You probably don’t want to be the guinea pig,” said Carey Nachenberg, a fellow with Symantec.

Reputational technology is available in Symantec’s consumer products and will be deployed for corporate customers sometime later this year. The software, when used in conjunction with other techniques like black lists and monitoring for unusual activity, is 99 percent effective, Mr. Nachenberg said.

But security vendors like Mr. Zuk of Palo Alto Networks say that in real life, people are being bombarded with all kinds of links, and a security threat can be hidden in any one of them. “It’s about clicking on a link or a presentation about how to improve your golf play,” he said.

New security technology should protect against all sources of malicious files, whether they come in by old-fashioned e-mail, a LinkedIn feed or a Twitter link, Mr. Zuk said.

He said stronger firewalls, which monitor computer networks for suspicious traffic, could also help.

Security experts say companies must also adapt their security systems to protect against attacks through smartphones and tablet computers. Although such mobile devices increase convenience for workers, they essentially a create a new door into the network, which then needs its own security watchdogs.

Mr. Firstbrook, the Gartner analyst, said that devices that run Google’s Android software, which is open to all applications, were riskier than Apple iPhones and iPads, in which every application is screened by the company before it is allowed into the App Store.

And humans remain a prime weakness in all computer networks that no security system can completely offset, said Mark Hatton, chief executive of Core Security Technologies, a company based in Boston that tests corporate networks for security holes.

“You tell the guy not to click on the link to the free iPad, and he still always clicks on the link to the free iPad,” he said.
https://www.nytimes.com/2011/06/18/t...8security.html





What LulzSec Logins Reveal About Bookworms

Today the hacking group LulzSec posted 62,000 hacked email usernames and passwords online. But don’t panic: I’ve been through the list and I can confirm that none of my details have been compromised. So far.

Not everyone has been so lucky, though. As I write this, unscrupulous voyeurs around the globe are sifting through these compromised email accounts looking for… well, whatever they can find. We’ve heard of people finding login details for social-networking sites, online-dating services and even porn sites.

Here at PC Pro we can’t condone such behaviour, fascinating though it would doubtless be to gain such an insight into a stranger’s private life. Happily, the email addresses and passwords themselves are quite revealing.

Where the passwords came from

LulzSec hasn’t said where these credentials came from – in fact, it’s explicitly said they’re “random assortments from a collection.” But the email domains to which the passwords grant access break down as follows:

Nothing too shocking there, except an unexpected skew towards Brazil. More revealing, perhaps, are the usernames and passwords that people have chosen for themselves.

Email usernames

Email accounts must be unique within their domain, so there’s not much repetition. And, unsurprisingly, many people seem to use some variation of their real name: the addresses contain hundreds of Johns, Roberts and Marys (and just as many Diegos and Felipes).

But many more fanciful terms also come up repeatedly in the LulzSec archive. Of 62,000 leaked leaked addresses, 29 include the word “goddess”, while 37 users identify as some sort of “vamp” or “vampire”. Sixty two call themselves either a prince or princess, while 68 call themselves king and a whopping 85 go by queens.

On a similar theme, 77 users have the word “dragon” in their email address, while 127 go with “bear”. Closer to home, 135 of the email addresses include the term “sex”, and 204 of them refer to “love”. Over 300 referred, in some way or other, to “lady”.

Surprisingly, though, the most popular term I could find was “book”, featuring in 326 different usernames.

Why is that? Mikko Hyppönen of F-Secure theorised on his Twitter feed that many of these credentials must have come from a community for aspiring authors. And when we look at the passwords that people have chosen for themselves, that seems a very plausible surmise.

Bookish passwords

Of the 62,000 passwords released by LulzSec, the most-used is “123456”, which comes up 568 times. The next most common password is “123456789”, with 184 occurrences. So far so predictable, and the next hit – “password”, at 133 occurrences – is no more surprising.

The next most common password, however, is “romance”, at 88 occurrences (tying with the rather more prosaic “102030”). After that, with 67 occurrences, is “mystery”.

The theme continues: skipping over some more variations on the numeric theme, other popular passwords include “shadow” (62), “bookworm” (54), “reader” (52), “reading” (47), “booklover” (33) and “library” (26). It all points in a clear direction; and if you’re still doubtful, perhaps the smoking gun is the fact that 30 people have chosen “writerspace” as their password.

What have we learnt?

Clearly, this is a back-of-an-envelope breakdown of a mixed mass of unverified data. But for all that, it gives a fascinating glimpse of some other people’s lives. And it gives an interesting insight into the way people choose their passwords: in this case, apparently, on a theme that reflects the nature of the site they’re visiting.

If you’d like to study the leaked information further – but don’t want to get involved in dodgy downloads – I’ve put together a stripped list of the passwords. I’ve removed the usernames and domains so this data can’t be used for nefarious purposes, but you can still carry out whatever analysis you like, and I’m sure there are plenty more interesting patterns to tease out (I’ve noticed a distinct Disney theme, for example). I’d be delighted to hear your findings.

Also, I’d be very happy to hear if anyone can explain why the seventh most common password in the data file – apparently shared by 62 users – is “ajcuivd289”.
http://www.pcpro.co.uk/blogs/2011/06...out-bookworms/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

June 11th, June 4th, May 28th, May 21st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black
JackSpratts is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - February 13th, '10 JackSpratts Peer to Peer 0 10-02-10 07:55 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 23rd, '10 JackSpratts Peer to Peer 0 20-01-10 09:04 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 10:40 AM.

Contact Us - www.p2p-zone.com - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)