P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 21-09-11, 08:35 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,011
Default Peer-To-Peer News - The Week In Review - September 24th, '11

Since 2002


































"We will get right to work." –Victorious German Pirate Party candidate Andreas Baum


"They should have taken care of something as silly as making sure a pot-smoking Elmo isn’t the owner of the Twitter account of their new service." – Brooke Hammerling



































September 24th, 2011




Center-Left Wins Berlin State Elections; Upstart Pirate Party Wins Seats
AP


Can you spot the Pirate?

Berlin voters gave Angela Merkel’s center-right coalition a drubbing in regional elections, returning the center-left Social Democratic mayor to his seat and welcoming a young, new party in Sunday balloting.

The technology-friendly Pirate Party made its debut in a German legislature, capturing 8.9 percent of the vote. Formed in 2006, the party was able to win widespread support from young Berliners. The Pirate Party has expanded its platform from its original push from file sharing and data protection on the Internet to include education and citizens rights.

“We will get right to work,” top Pirate candidate, Andreas Baum, told ZDF television after the preliminary result was published. “This is all new for us.”

The biggest losers were the Free Democrats, Merkel’s coalition partner at the national level. They won only 2 percent of the vote, far short of the 5 percent needed to win seats in the regional legislature, provisional official results showed. The loss in Berlin, which is both a city and a state, is its fifth loss at the regional level this year.

“We will retreat into a phase of reflection to figure out how to make the party attractive to the people who share our views,” Free Democrat general secretary Christian Lindner said after the election.

In the last week of the campaign, the Free Democrats focused on the unpopularity of bailouts for other eurozone countries, raising the possibility of an “orderly insolvency” for Greece — a move that created tension within Merkel’s government.

Lindner vowed that his party would continue its course at the national level, insisting the party seeks “stability for Europe,” although Merkel has warned members of her government to “choose their words carefully.”

The Christian Democrat candidate for Berlin, Frank Henkel, called the Free Democrats’ attempt to use the problems within the 17-member eurozone to garner support in Berlin “irresponsible.”

“This FDP needs to consider whether it wants to continue this populist course against Germany and against Europe,” Henkel said.

Merkel’s conservative Christian Democrats also experienced another setback, capturing only 23.2 percent of the vote, behind the center-left Social Democrats, who won 28.7 percent.

In third place were the pro-environment Greens, with 18.4 percent of the vote.

Although Mayor Klaus Wowereit is returning to his seat, he will have to build a new coalition in Berlin, after a weak showing by his previous partner, the Left party. They earned 11.5 percent.

Wowereit supporters chanted, “Wowi, Wowi” as he addressed the party following the vote.

Polls have indicated that Berlin citizens would welcome a coalition of the Social Democrats and the Greens.
http://www.washingtonpost.com/busine...dbK_story.html





Italy Proposes Law That Will Ban People From The Internet Based On Single Accusation Of Infringement From Anyone
Mike Masnick

Glyn Moody points us to a frightening analysis of a proposed copyright law in Italy that seems positively ridiculous, in that you could lose access to the internet based on a single accusation (which doesn't even have to come from the copyright holder):

1) citizens, outside of any judicial proceeding and without the right to appeal to the judicial authority, may be banned to access the Internet if ANYONE (a rightholder or an ordinary citizen) notifies a provider about alleged infringement of copyright or trademark or patent ("one strike" disconnections);

2) Internet service providers must comply to the blacklisting of citizens who are *suspected* of copyright or trademark or patent infringements ("proscription lists" to ban citizens from any access to the Net);

3) an Internet service provider must use preventive filters against services that infringe copyright, trademark or patents;

4) an Internet service provider must not promote or advertise, and must use preventive filters against, services that do not directly violate copyright, trademark or patents, but that *may* lead citizens to *think* that infringing services exist;

5) a provider or a hosting provider which does not use effective filters will be charged with civil liability.


The post notes that this law would be compliant with an early version of ACTA, and suggests that this was done on purpose. However, the report also notes that this proposed law would clearly not be compatible with current EU law. Either way, that's quite a wish list from the entertainment industry.
http://www.techdirt.com/articles/201...t-anyone.shtml





UK ISPs Being Forced to Block File Sharing Sites

Culture Sec urges 'boldness' in anti-piracy efforts
JKukiewicz

Jeremy Hunt, the UK Culture Secretary, has confirmed that court-ordered site blocking will form part of the new Communications Act. In a speech to the Royal Television Society, which primarily focused on plans to cement the place of the UK’s local media, Hunt outlined plans designed to streamline the site-blocking process: from identifying offending sites to ordering advertisers and payments providers to remove services from them.

Dido Harding, CEO of TalkTalk broadband, welcomed the news as an alternative to the Digitial Economy Act, which asks ISPs to police sites that violate copyright.

"We believe the measures set in the Digital Economy Act are grossly unfair and will result in innocent customers suffering and being presumed guilty," she said. "[The Culture Secretary] was at pains to point out that ISPs would only be asked to block access to sites which a court had determined carried unlawful content or promoted the distribution of unlawful content. We have long argued that it is for the courts to decide whether a site is infringing copyright.”

Along with BT, TalkTalk fought a long legal battle against the Digital Economy Act’s measures against illegal file-sharers. Their argument, that the "basic rights and freedoms" of internet users, as defined under several EU laws, weren’t protected by the act, were rejected in a judicial review in April this year and an appeal to the High Court in June failed too.

However, it isn’t just the two giants that are concerned about the act’s site-blocking provisions. The Internet Service Providers Association (ISPA), which represents 95% of the UK’s ISPs, agreed with TalkTalk that, “any decision about whether websites are unlawful should be made by a court.”

Almost every UK ISP has expressed concern about taking responsibility for blocking content at one time or another: for larger companies there’s the risk of legal action from sites which claim they’ve been unlawfully blocked; smaller providers fear the impact of the costs of taking such complex action. How successful such a process will be in practice, however, is another matter.

Earlier this year, after a successful High Court action by the Motion Picture Association, Newzbin2 became the recipient of the first court-ordered block. BT is due to shut out the site using its Cleanfeed system from next month, which has given the site plenty of time to find and distribute a workaround for the block in the form of software called Newzbin Client 1.0.0.127.

"We are pleased to announce the first Newzbin2 client software… targeted at UK users who are likely to get blocked in October. This first version is a bit rushed and so not very polished. As time goes by we shall improve it and add features," said Newzbin2′s Mr White.

Cleanfeed is the standard URL-blocking process ISPs currently use to comply with laws that outlaw the distribution of extreme content, particularly anything that concerns the sexual abuse of children. The offending Newzbin2 URLs will be added to Cleanfeed’s blacklist but, although Newzbin aren’t revealing exactly how, their client can effectively stem that process.

The use of Cleanfeed as a method of blocking file-sharing sites has been questioned by ISPs in the past. Ofcom’s report into the practicalities of site-blocking earlier this year noted that, among other concerns, “a blocking proxy server or other systems deployed for copyright infringement purposes would likely be targeted for hacking or malicious activity. Compromise of a dual use system puts at risk the activity related to the IWF [Internet Watch Foundation, i.e. the illegal content outlined above].”

A perk, perhaps the only one, of having your Government made up of ex-students from the country’s most exclusive private schools is getting the odd bit of classic literature with your digital news.

"It would be easy to be cautious," he said, "but with technology evolving rapidly, consumer behaviour shifting and the world economy suffering this would actually be the most dangerous thing we could do." "So we should recognise the wisdom of Shakespeare’s phrase from Cymbeline: Boldness be my friend."

It’s important to read Hunt’s words in context: a speech for an audience of rights holders and their supporters that drew plans for the new legislation in bold strokes. As soon as debate on the Communications bill begins, the edges of those broad assertions will necessarily become more blurry; whether ISPs, never mind consumers, will be able to support the end result is far from clear.
https://secure.dslreports.com/showne...05?nocomment=1





File-Sharing Protest Bomb Threat Video Lands Teenager in Court
enigmax

A teenager who appears to have taken his protest against an anti-piracy law a little too far will find himself in court tomorrow. The 18-year-old allegedly posted a video on YouTube protesting the legislation just passed by New Zealand. In it he claimed that websites would be hacked and that explosives had been planted in government buildings.

According to New Zealand Police, a teenager will appear in court tomorrow after posting a video to the Internet earlier this month.

The 18-year-old, who is reportedly an opponent of New Zealand’s just-introduced “3 Strikes” Copyright (Infringing File Sharing) Amendment Act 2011, allegedly took his anti-legislation demonstration too far, by announcing that websites were going to be hacked and that government buildings had been rigged with explosives.

The man from South Auckland was subsequently tracked down by local police with the assistance of the National Cyber Crime Centre and the Electronic Crime Laboratory.

He was charged with making Threats of Harm to People or Property under the Crimes Act 1961, an offense carrying a maximum sentence of 7 years in prison.

“Such threats are taken very seriously by Police and this investigation demonstrates Police has the expertise and resources to trace those who make such threats on the internet,” said Acting Detective Inspector Pete Jones.

Under the new anti-filesharing legislation, those who are discovered uploading copyright material are first sent two warnings via their ISP. On receipt of a third, copyright holders can take Internet account holders to the Copyright Tribunal where they will face fines of up to $15,000 and disconnection.

Unfortunately the evidence gathered by rights holders is only accurate enough to identify an ISP account from where an infringement took place, and is unable to identify actual infringers. The New Zealand government dealt with this eventuality by making account holders responsible for infringements even if they didn’t carry them out.

This has annoyed a wide cross-section of New Zealand society and generated a number of both peaceful and law-abiding protests. Inevitably though, in highly-charged situations and with a backdrop of the ‘Anonymous’-style direct action cyber-protests of recent months, some people will overstep the mark.

The facts of the case will be heard tomorrow when the 18-year-old appears in court, but considering the charges it seems clear the authorities believe that he had no intention of carrying out any threats.

On this basis it will be interesting to see how the man is dealt with. A man who made a 6 minute-long call to police in August claiming that an airplane passenger was carrying a bomb was said to be only facing a bill for the call and a charge of wasting police time.

An interesting footnote is that since the anti-filesharing legislation was introduced earlier this month, not a single warning has been sent out to Internet subscribers, reportedly because rightsholders haven’t paid up the required $25 per notice admin fee.
https://torrentfreak.com/file-sharin...-court-110920/





Damages Against File Sharer Reinstated, But Case Remanded to Weigh Remittitur
Anandashankar Mazumdar

A federal district court that drastically reduced a damages award against Harvard student Joel Tenenbaum for online file sharing erred in making its decision based on the Fifth Amendment without addressing Tenenbaum's motion for remittitur under common law, the U.S. court of Appeals for the First Circuit ruled Sept. 16 (Sony BMG Music Entertainment v. Tenenbaum, 1st Cir., No. 10-1883, 9/16/11).

Rejecting Tenenbaum's arguments regarding the constitutionality of the Copyright Act and its damages provision, the court said that there was no support in the text of the Copyright Act that infringement liability in general or statutory damages in particular were not applicable to “consumer infringers.”

The court also said that the lower court erred under the doctrine of constitutional avoidance in skipping over the remittitur issue and going straight to the constitutional due process question.

The court reinstated the original award but sent the matter back to the district court for reconsideration of Tenenbaum's motion for remittitur. Remittitur is a common law doctrine that permits a court to reduce an award by a jury that is grossly excessive, inordinate, shocking to the conscience of the court, or so high that it would be a denial of justice to permit it to stand.

Tenenbaum Raises Constitutional Issues

The Tenenbaum case began in 2007 when several record companies—Sony BMG Music Entertainment, Warner Bros. Records Inc., Arista Records LLC, Atlantic Recording Corp., and UMG Recordings Inc.—sued Joel Tenenbaum, a student at Boston University, seeking more than $1 million in statutory damages for his use of peer-to-peer file sharing software to download and disseminate copyright musical recordings. The court ultimately consolidated Tenenbaum's case with more than 100 similar cases filed by the music industry against students.

In 2009, the government filed a brief with the court defending as constitutional the Copyright Act's allowance of up to $150,000 in statutory damages for each act of infringement (57 PTD, 3/27/09). The court also denied Tenenbaum the opportunity to argue before the jury that his file sharing constituted fair use (144 PTD, 7/30/09).

In July 2009, a jury handed down a $675,000 judgment against Tenenbaum for infringement of 30 works. Capitol Records Inc. v. Alaujan, No. 1:03-cv-11661-NG (D. Mass., directed verdict ordered July 31, 2009) (146 PTD, 8/3/09). The court affirmed the jury's award (237 PTD, 12/14/09).

Tenenbaum challenged the jury award, contending that it was grossly excessive and violated the Due Process Clause, and he sought a new trial or remittitur, raising both common law and constitutional grounds.

Judge Nancy Gertner of the U.S. District Court for the District of Massachusetts ruled that the $675,000 award was unconstitutionally excessive because it was far greater than necessary to serve the government's legitimate interest in compensating copyright owners and deterring infringement. This was a violation of due process under the Fifth Amendment, given that Tenenbaum did not gain income from his infringement. the court said, reducing the award by a factor of 10 to $2,250 for each of the infringed works.

The record companies appealed, seeking reinstatement of the full award. Tenenbaum also appealed on the issues of liability and damages, challenging the constitutionality of the Copyright Act, and its applicability to his conduct. Tenenbaum also sought a new trial and further reduction of the damages.

Tenenbaum's History Reveals Knowledge of Law

Chief Judge Sandra L. Lynch first offered an extensive review of the facts and background of the case, detailing Tenenbaum's extensive infringement of thousands of musical recordings from about 1999 to 2007, at home and at school, and its continuation through a series of warnings from university officials, internet service providers, and others. The court also reviewed Tenenbaum's own admissions in court that he had repeatedly made false statements about his conduct in the run-up to the original trial.

“Before the trial, Tenenbaum also attempted to shift responsibility for his conduct to other individuals by claiming they could have used his computer in order to illegally download and distribute the copyrighted works,” the court noted. “These individuals included a foster child living in his family's home, burglars who had broken into the home, his family's house guest, and his own sisters.”

Feltner Argument Waived

Turning to the substantive issues, the court first rejected Tenenbaum's argument that the Copyright Act is unconstitutional under Feltner v. Columbia Pictures Television Inc.,523 U.S. 340, 46 USPQ2d 1161 (1998).

Feltner stated that a defendant in a copyright infringement case had the right to have a jury evaluate the appropriateness of a statutory damages award. Tenenbaum argued that this altogether invalidated the statutory damages provision of the Copyright Act, 17 U.S.C. §504(c).

According to the court, however, Tenenbaum had failed to “clearly make the argument” before the lower court and, therefore, this issue had been waived.

Nonetheless, the court addressed the substance of the argument, concluded that “it is both wrong and foreclosed by our circuit precedent.” The First Circuit and other federal appeals courts have held in a series of cases that Feltner did not strike down Section 504(c) as unconstitutional. This was also reflected in Supreme Court jurisprudence, the court said.

‘Consumer Copying' Argument Also Waived

Next, the court rejected the argument that Congress did not intend to impose liability or statutory damages for copyright infringement when the infringement in question was nothing more than “consumer copying.” Here again, Tenenbaum had failed to raise this issue properly before the district court and thus the issue was waived, the court said.

As before, the court still concluded that had the argument not been waived, it would still have failed. The court noted that there was no clear definition of “consumer-copier” offered by Tenenbaum. Regardless, Tenenbaum was not one. The court said:

He is not a consumer whose infringement was merely that he failed to pay for copies of music recordings which he downloaded for his own personal use. Rather, he widely and repeatedly copied works belonging to [the record companies] and then illegally distributed those works to others, who also did not pay …. Further, he received, in turn, other copyrighted works for which he did not pay.

The court also said that Tenenbaum could not claim to be making non-commercial use of the works in question.

“His use and distribution was for private gain and involved repeated and exploitative copying,” the court said.

The interpretation of the Copyright Act proposed by Tenenbaum was contrary to the plain language of the Copyright Act, the court said. The statute makes no mention of distinctions between consumer copying and other kinds of copying. The court said:

Instead, the Act renders those, like Tenenbaum, who use or distribute a copyrighted work without authorization liable in copyright. Indeed, the Act does not use the term “consumer” at all, much less as a term excluded from the category of infringers. Rather, the statute refers to “anyone” as potential infringers.”

Here, the court cited 17 U.S.C. §501(a), which says, “Anyone who violates any of the exclusive rights of the copyright owner … is an infringer of the copyright or right of the author, as the case may be.” The court noted that there is no provision that makes any exception for “consumer infringers” as a group.

The same kind of statutory language defeated Tenenbaum's argument that statutory damages did not apply to consumer infringers.

“The statute does not condition the availability of either set of damage calculations on whether the offending use was by a consumer or for commercial purposes or not,” the court said.

A lengthy discussion addressed the point that the text of the Copyright Act does make explicit exemptions, exclusions, and exceptions in circumstances in which Congress intended that they exist. Thus, there was no basis to infer that Tenenbaum's “consumer infringer” exception was a part of congressional intent.

Actual Harm Not Needed for Statutory Damages

Finally, the court rejected Tenenbaum's argument that Congress intended that statutory damages be available only upon a showing of actual harm.

As with Tenenbaum's other arguments, the plain text of Section 504, which provides for either actual damages or statutory damages, supported no such interpretation. Additionally, the statutory damages option has been repeatedly reaffirmed by Supreme Court decisions, the court said.

Furthermore, the court rejected the argument that there was insufficient evidence of harm presented in evidence. The court said:

Tenenbaum downloaded the thirty copyrighted works at issue and distributed those works to innumerable network users. [The record companies] presented extensive testimony regarding the loss in value of the copyrights at issue that resulted from Tenenbaum's conduct, and the harm of Tenenbaum's actions to itself and the recording industry, including reduced income and profits, and consequent job loss to employees.

Tenenbaum's numerous challenges to the district court's instructions to the jury were also rejected. Again, some of these arguments had been waived for failure to raise them properly before the district court.

District Court Erred in Bypassing Remittitur

The one instance in which the court rejected the lower court's ruling was in the bypassing of Tenenbaum's motion for remittitur in favor of slashing the damages under the due process clause of the Fifth Amendment.

The court rejected the lower court's conclusion that addressing the Fifth Amendment argument was “inevitable.” Specifically, if the award had been reduced through remittitur and the record companies had accepted that reduction, then the constitutional question need not have been reached.

This possibility should have been considered by the district court, even given the fact that the record companies opposed Tenenbaum's remittitur argument in court. In failing to follow this course, the court violated the doctrine of constitutional avoidance and “led the court to address questions that had not yet been fully developed.” In essence, the court was answering “hypothetical questions.”

Furthermore, had the remittitur path been taken, the district court would also have avoided an issue arising under the Seventh Amendment, namely, “whether a statutory damage award under the Copyright Act may be reduced without offering the plaintiffs a new trial.”

The court thus affirmed the finding of liability against Tenenbaum and the injunction imposed against him. The court also reversed the reduction of the jury's statutory damages award and reinstated the original award.

However, the matter was remanded for further consideration whether common law remittitur justified reduction of the damages as being excessive. Should the damages be thus reduced, the court said that the record companies had the right to demand a new trial. Finally, the court awarded costs to the record companies.

The court's opinion was joined by Judges Juan R. Torruella and Ojetta Rogeriee Thompson.

The record companies were represented by Paul D. Clement of King & Spalding, Washington, D.C. Supporting the record companies' brief was Jeffrey Clair of the U.S. Department of Justice, Washington, D.C. Tenenbaum was represented by Charles R. Nesson, a law professor at Harvard University. Amicus curiae the Electronic Frontier Foundation was represented by Julie A. Ahrens of the Center for Internet and Society, Stanford University, Stanford, Calif.
http://www.bna.com/damages-against-file-n12884903544/





Call It Your Online Driver’s License
Natasha Singer

WHO’S afraid of Internet fraud?

Consumers who still pay bills via snail mail. Hospitals leery of making treatment records available online to their patients. Some state motor vehicle registries that require car owners to appear in person — or to mail back license plates — in order to transfer vehicle ownership.

But the White House is out to fight cyberphobia with an initiative intended to bolster confidence in e-commerce.

The plan, called the National Strategy for Trusted Identities in Cyberspace and introduced earlier this year, encourages the private-sector development and public adoption of online user authentication systems. Think of it as a driver’s license for the Internet. The idea is that if people have a simple, easy way to prove who they are online with more than a flimsy password, they’ll naturally do more business on the Web. And companies and government agencies, like Social Security or the I.R.S., could offer those consumers faster, more secure online services without having to come up with their own individual vetting systems.

“What if states had a better way to authenticate your identity online, so that you didn’t have to make a trip to the D.M.V.?” says Jeremy Grant, the senior executive adviser for identity management at the National Institute of Standards and Technology, the agency overseeing the initiative.

But authentication proponents and privacy advocates disagree about whether Internet IDs would actually heighten consumer protection — or end up increasing consumer exposure to online surveillance and identity theft.

If the plan works, consumers who opt in might soon be able to choose among trusted third parties — such as banks, technology companies or cellphone service providers — that could verify certain personal information about them and issue them secure credentials to use in online transactions.

Industry experts expect that each authentication technology would rely on at least two different ID confirmation methods. Those might include embedding an encryption chip in people’s phones, issuing smart cards or using one-time passwords or biometric identifiers like fingerprints to confirm substantial transactions. Banks already use two-factor authentication, confirming people’s identities when they open accounts and then issuing depositors with A.T.M. cards, says Kaliya Hamlin, an online identity expert known by the name of her Web site, Identity Woman.

The system would allow Internet users to use the same secure credential on many Web sites, says Mr. Grant, and it might increase privacy. In practical terms, for example, people could have their identity authenticator automatically confirm that they are old enough to sign up for Pandora on their own, without having to share their year of birth with the music site.

The Open Identity Exchange, a group of companies including AT&T, Google, Paypal, Symantec and Verizon, is helping to develop certification standards for online identity authentication; it believes that industry can address privacy issues through self-regulation. The government has pledged to be an early adopter of the cyber IDs.

But privacy advocates say that in the absence of stringent safeguards, widespread identity verification online could actually make consumers more vulnerable. If people start entrusting their most sensitive information to a few third-party verifiers and use the ID credentials for a variety of transactions, these advocates say, authentication companies would become honey pots for hackers.

“Look at it this way: You can have one key that opens every lock for everything you might need online in your daily life,” says Lillie Coney, the associate director of the Electronic Privacy Information Center in Washington. “Or, would you rather have a key ring that would allow you to open some things but not others?”

Even leading industry experts foresee challenges in instituting across-the-board privacy protections for consumers and companies.

For example, people may not want the banks they might use as their authenticators to know which government sites they visit, says Kim Cameron, whose title is distinguished engineer at Microsoft, a leading player in identity technology. Banks, meanwhile, may not want their rivals to have access to data profiles about their clients. But both situations could arise if identity authenticators assigned each user with an individual name, number, e-mail address or code, allowing companies to follow people around the Web and amass detailed profiles on their transactions.

“The whole thing is fraught with the potential for doing things wrong,” Mr. Cameron says.

But next-generation software could solve part of the problem by allowing authentication systems to verify certain claims about a person, like age or citizenship, without needing to know their identities. Microsoft bought one brand of user-blind software, called U-Prove, in 2008 and has made it available as an open-source platform for developers.

Google, meanwhile, already has a free system, called the “Google Identity Toolkit,” for Web site operators who want to shift users from passwords to third-party authentication. It’s the kind of platform that makes Google poised to become a major player in identity authentication.

But privacy advocates like Lee Tien, a senior staff lawyer at the Electronic Frontier Foundation, a digital rights group, say the government would need new privacy laws or regulations to prohibit identity verifiers from selling user data or sharing it with law enforcement officials without a warrant. And what would happen if, say, people lost devices containing their ID chips or smart cards?

“It took us decades to realize that we shouldn’t carry our Social Security cards around in our wallets,” says Aaron Titus, the chief privacy officer at Identity Finder, a company that helps users locate and quarantine personal information on their computers.

Carrying around cyber IDs seems even riskier than Social Security cards, Mr. Titus says, because they could let people complete even bigger transactions, like buying a house online. “What happens when you leave your phone at a bar?” he asks. “Could someone take it and use it to commit a form of hyper identity theft?”

For the government’s part, Mr. Grant acknowledges that no system is invulnerable. But better online identity authentication would certainly improve the current situation — in which many people use the same one or two passwords for a dozen or more of their e-mail, e-tail, online banking and social network accounts, he says.

Mr. Grant likens that kind of weak security to flimsy locks on bathroom doors.

“If we can get everyone to use a strong deadbolt instead of a flimsy bathroom door lock,” he says, “you significantly improve the kind of security we have.”

But not if the keys can be compromised.
https://www.nytimes.com/2011/09/18/b...ies-risks.html





The Cyborg in Us All
Pagan Kennedy

“Fingers!” Gerwin Schalk sputtered, waving his hands around in the air. “Fingers are made to pick up a hammer.” He prodded the table, mimicking the way we poke at computer keyboards. “It’s totally ridiculous,” he said.

I was visiting Schalk, a 40-year-old computer engineer, at his bunkerlike office in the Wads#worth Center, a public-health lab outside Albany that handles many of New York State’s rabies tests. It so happens that his lab is also pioneering a new way to control our computers — with thoughts instead of fingers. Schalk studies people at the Albany Medical Center who have become, not by choice, some of the world’s first cyborgs.

One volunteer was a young man in his 20s who suffers from a severe form of epilepsy. He had been outfitted with a temporary device, a postcard-#size patch of electrodes that sits on the brain’s cortex, known as an electrocorticographic (ECoG) implant. Surgeons use these implants to home in on the damaged tissue that causes seizures.

Schalk took advantage of the implant to see if the patient could control the actions in a video game called Galaga using only his thoughts. In the videotape of this experiment, you see a young man wearing a turban of bandages with wires running from his head to a computer in a cart. “Pew, pew,” the ship on the computer screen whines, as it decimates buglike creatures. The patient flicks the spaceship back and forth by imagining that he is moving his tongue. This creates a pulse in his brain that travels through the wires into a computer. Thus, a thought becomes a software command.

On the day I stopped by his office, Schalk hit a button on his computer, and Pink Floyd blasted from his speakers. He was running an experiment to see what happens to people’s brains when they listen to “Another Brick in the Wall, Part 1” (a question that has occurred to any stoner who ever contemplated human consciousness in the glow of stereo lights). Weeks before, Schalk played the Pink Floyd song for some of his epileptic volunteers and recorded the activity in the parts of the brain that process sound. Schalk showed me a volume meter on his computer screen — this was a brain, tracking the roar of a guitar solo. It worked just like any other volume meter, but in one experiment, Schalk found that the brain did something unexpected. When he interrupted the Pink Floyd song with moments of silence, the brain’s volume meter continued to tremble up and down, as if the song were still playing. This, Schalk said, showed that the brain creates a model of what it expects to hear — a shadow song that plunks out its tune in the player piano of our auditory system.

“Isn’t this crazy?” he shouted over the thunder of the bass. “We’re close to being able to reconstruct the actual music heard in the brain and play it. If we had several times more electrodes, I bet we could do it.”

But for Schalk — and many others in the field — the ultimate goal is not music. It’s language. Schalk dreams of letting people speak with their neurons, issuing silent commands to their machines. You could imagine the word “cat,” say, and it would pop up on your computer screen. The areas involved with imagined speech take up just a few centimeters in the brain. With better implants, Schalk said, he might be able to pick up a word that his volunteer beams at the computer. Even with today’s implants, he and his colleagues are getting closer. One epilepsy patient moved a ball across a computer screen simply by imagining either an “ooh” sound or an “aah” sound. It marked one more step toward telepathy with machines.

For years, computers have been creeping ever nearer to our neurons. Thousands of people have become cyborgs, of a sort, for medical reasons: cochlear implants augment hearing and deep-brain stimulators treat Parkinson’s. But within the next decade, we are likely to see a new kind of implant, designed for healthy people who want to merge with machines. With several competing technologies in development, scientists squabble over which device works best; no one wants theirs to end up looking like the Betamax of brain wear. Schalk is a champion of the ECoG implant because, unlike other devices, it does not pierce brain tissue; instead it can ride on top of the brain-blood barrier, sensing the activity of populations of neurons and passing their chatter to the outside world, like a radio signal. Schalk says this is the brain implant most likely to evolve into a consumer product that could send signals to a prosthetic hand, an iPhone, a computer or a car.

“The burr hole in the skull will be small,” Schalk told me enthusiastically, as if urging me to get one of the plugs. The first dedicated trials in human beings, he says, are only a few years away.

Schalk first began working with the ECoG implant in 2003, when a surgeon at Washington University in St. Louis invited him to visit the epilepsy ward; four patients had been taken off their medication and had portions of their skulls removed so they could be implanted with ECoG devices.

The implants — usually worn for about a week — allow surgeons to study the aberrant brain patterns of patients as they go into seizure and then cut out the damaged brain tissue. Schalk camped out in the Missouri hospital to wait for the periods when patients were between seizures, at which point he would try to transform the brain signals emitted by their thoughts into software commands. He was, in effect, designing a button that the mind could push.

“We had no clue what we were doing,” Schalk says.

On the first day of the experiments, he sat beside a young man who gamely waited to follow instructions. As researchers rolled a monitor up to the bed, Schalk told the patient, “Now you’re going to move this cursor by thinking.” For a few minutes, the guy floundered. And then, Schalk says: “Boom, the cursor hit the target. Everyone was ecstatic.”

Now Schalk can get all the human brains he wants within walking distance of his office. In 2007, he discovered that the Albany Medical Center houses an epilepsy center, and he set up shop in his hometown, working closely with Anthony Ritaccio, a professor of neurology and neurosurgery at Albany Medical College.

When I met Ritaccio in front of the hospital, he also talked about the problems with fingers. “We’re always interested in doing things faster,” he said. “I remember the transition to an electric typewriter. We’re addicted to speed. But obviously the way we communicate with computers is rather comical. The way we interact with this blazing fast machine is to poke at it with a finger.”

Schalk and Ritaccio’s research has been underwritten by a $2.2 million Department of Defense grant. The project is part of a $6.3 million Army initiative to invent devices for telepathic communication — for instance, a “telepathy helmet” that would allow soldiers to beam thoughts to one another. Schalk seemed untroubled by the military applications. He said the grant allows him to do research that could, one day, let us all — civilians included — merge with our machines.

Justin Williams, a biomedical engineer at the University of Wisconsin, has already transformed the ECoG implant into a microdevice that can be installed with a minimum of fuss. It has been tested in animals for long periods of time — the micro ECoG stays in place and doesn’t seem to negatively affect the immune system. Williams said he hopes to try it in humans soon. “Our goal is to make devices that would require only an outpatient procedure,” he says. “Even if we could make it an overnight stay in the hospital, that would be good.” The implant, in humans, would be about the size of a quarter and sit like a plug in the skull, with a tiny antenna for wireless hookup between machine and brain.

The first to receive the implants would most likely be patients with serious illnesses or disabilities. “We’re targeting neuroprosthetics, spinal-cord injury, A.L.S., motor disorders,” Williams said. “And there’s a lot of interest in epileptic patients.” Williams said he hopes that the tiny implants might afford surgeons more ways to monitor what happens inside the skull. “There are a lot of brain injuries where we don’t understand what’s going on,” he said. But Schalk anticipates a much larger audience for the implants. In fact, he believes that the tiny implant will be a kind of gateway drug for people who choose to become, essentially, cyborgs.

I told Schalk that I was dubious: it was hard to imagine anyone opting for an enhancement that could become a spy-cam in the skull. He exploded with impatience at my lack of imagination, hands cutting the air, as he leaned forward from his perch on a desk. “A small opening in the skull, you plop a device in, wireless transmission and you’re done,” he said. “It sounds crazy. But if you have something that works, people will do it in a nanosecond. Breast augmentation is totally invasive compared to this — and how many people do that every year?”

Dean Pomerleau, an engineer based at Carnegie Mellon University who leads Intel’s brain-computer initiative, might be one of the first to volunteer for a brain implant. (Intel, he stressed, is investing in research but is not developing any kind of “thought chip.”) Pomerleau, speaking as a representative of himself rather than his company, said he was so excited about the cyborging of the human brain that he has taken radical steps to live longer to see it happen. He follows a strict diet, limiting himself to two vegan meals a day; he has eaten the same superfood salad at every meal for the last 10 years. He said that the miracle he is most eager to witness is a kind of mind-meld with other people: a “two-way direct-brain interface” that would “revolutionize human experience.”

Pomerleau and his colleagues are already using machines to let people transmit their silent thoughts — but in an extremely rudimentary fashion. In order to send a telepathic thought in their lab, you have to climb into an fMRI machine, a multimillion-dollar scanning device that delivers detailed maps of the mind in action. How does it work? Try this: Tomato. Tomato. Tomato. Each time you read that word, a specific pattern of neurons fires in several different neighborhoods of your brain. You’re doing more than just passing your eyes over a bunch of letters; you’re also remembering the tomato’s ruby flesh and the way fingers dimple the skin and the earthy smell of its stem.

Tom Mitchell, a brain scientist and Pomerleau’s colleague at Carnegie Mellon, said it was possible to use this kind of activity to send a telepathic message. First, you lie in the scanner, thinking about the words you see on a screen — “airplane,” “truck,” “hammer,” “apple.” As you do this, a software program studies the patterns in your neurons. “I can give you different nouns, like hammer, screwdriver and tomato, and then use our software program to distinguish which of those nouns you are thinking about,” Mitchell said. Most intriguing: the pattern of “tomato” in your brain is similar to the tomato in my brain — and even to the tomate in the brain of a Portuguese speaker.

“Can our program distinguish if you are thinking about three tomatoes or eight tomatoes?” Mitchell asked. “The answer is, yes it can.”

Mitchell is the first to admit that the fMRI will never evolve into a wearable device or a reasonable brain-#computer interface. Nonetheless, the machine is helping to push the technology forward. “If you want to build a good device,” one that is noninvasive and portable, “it’d be really helpful for you to know what is the real neural activity going on,” he said.

Pomerleau said they are “trying to show the world what amazing things you can do if you could get good brain signals out” of the skull.

Schalk is grappling with his own version of this question. In 2008, he published a paper in The Journal of Neural Engineering, which proposed a kind of Esperanto for man to converse with machine. Human beings could learn to think in patterns easily recognized by computers, to create bursts of thought that acted as software code. “This paper is not science fiction,” he insisted.

At Dartmouth College, the future seems to have already arrived. Researchers there are in the process of creating an iPhone connected to an EEG (electroencephalography) headset. The beauty of an EEG is that no skull drilling is required. Sensors glued to the scalp record the patterns of neurons. The drawback is that the human skull blocks most brain waves before they rise to the scalp, so the EEG signal tends to be weak and muddy.

I encountered what they call a NeuralPhone in a basement lab littered with Doritos bags. Matt Mukerjee, the grad student who put it together as part of his senior thesis, stood to shake my hand. He was wearing what appeared to be an octopus on his head — an EEG headset made by Emotiv Systems. Its black plastic tentacles curved above his forehead and disappeared into his mop of hair.

“I’m going to call Einstein,” he said. In its demo mode, the phone gave you a choice of six people — including President Obama, Steve Jobs and Albert Einstein — and let you pick one, telepathically. The NeuralPhone was meant to demonstrate that one day we might mind-control the contact lists on our phones. In a preliminary study, Mukerjee’s iPhone responded to the user’s thoughts with an accuracy rate that approached 90 percent — but only under ideal conditions.

Mukerjee hunkered down in his chair and meditated, as he glared at the phone. After a long pause, a photo of Einstein expanded to fill the screen on his iPhone.

Now it was my turn. Mukerjee removed the headset and moistened the tips of its electrodes with contact-lens fluid, then arranged the EEG device on top of my hair. The electrodes poked into my scalp like wet fingers. I held the iPhone in front of me and beamed a blast of willpower at it. “Steve Jobs, Steve Jobs, Steve Jobs, Steve Jobs,” I shouted inside my mind. The phone picked George Bush.

“You have a small head,” Mukerjee said accusingly. He slid the headset around, trying to force the electrodes to grasp my scalp more tightly, which didn’t work. He decided to cheat a little. He rearranged the electrodes so that they detected the movement of muscles on my forehead.

This time, the results were magical. As soon as I chose Bill Gates, a photo of Gates splashed onto the phone’s screen. I was not aware of blinking or moving the muscles of my face. The phone seemed to have merged with my body, to be as much a part of me as a finger or toe. I found myself laughing. I couldn’t stop saying, “This is freaky.” And it was.
https://www.nytimes.com/2011/09/18/m...in-us-all.html





Why Star Wars Should be Left to the Fans
Will Gompertz

Fans of Star Wars are not happy. Someone has been tampering with their movie history, altering elements of those intergalactic classics, which some feel is akin to an act of vandalism.

The fact that the perpetrator is George Lucas, the creator of Star Wars, only seems to make matters worse.

"Yes Darth says No" Lucasfilm recently confirmed, according to the New York Times , which corroborated the story by posting the scene from the movie in which the 'event' occurs.

For those of you not fully conversant with the drama that is Star Wars: Behind the Scenes - or The People v George Lucas as a recent documentary put it - there has been an ongoing furore about George Lucas meddling with his masterpieces.

It all started back in 1997 when he gave the three original films - Star Wars (1977), The Empire Strikes Back (1980) and Return of the Jedi (1983) - a bit of a makeover.

Not only did he clean up and repair the original prints; he also made several additions and alterations. Since when, an air of animosity between fans and founder has been circulating.

The latest revision by Lucas (putting the word "no" into Darth Vader's concealed mouth during a tense scene during which he had previously been mute) elicited this angry (and strongly-worded) Twitter response from Simon Pegg, the Shaun of the Dead writer and star. The self-proclaimed nerd, like many Star Wars fans, has been profoundly affected by the franchise as he explains in this short conversation with Richard Bacon on BBC Radio 5 Live.

It is this level of emotional connection to the original movies that has caused both Lucas and the movies' fans, so much grief.

Rewriting history

The fact that George Lucas has made changes to the original films is not the root of the problem (although there are plenty who wish he hadn't). It is the fact that he is not making those original versions available, which is causing all the fuss.
A Star Wars film fan dressed as a Tusken Raider Star Wars attracts a dedicated fan base

Lucas is quoted on the Save Star Wars website as saying in a 1997 interview with American Cinematographer magazine that he thought "the other versions will disappear". He said: "Even the 35 million [video] tapes out there wont last more than 30 or 40 years. A hundred years from now, the only version of the movie that anyone will remember will be the [Special Edition] version."

He argued, as quoted in the Guardian, that "films never get finished, they get abandoned" and that he thought it the "director's prerogative … to go back and reinvent a movie". Which it appears to mean replacing the old version, not adding a new one to complement it.

Han shot first

A 1997 alteration to a scene in the original Star Wars, featuring reckless space smuggler Han Solo and an alien bounty hunter called Greedo, is the focus of intense controversy and for some Star Wars' fans and film purists epitomises George Lucas' tinkering ways.

In the scene, a blaster-brandishing Greedo has finally caught up with Han at a bar and - like all movie baddies - is spending just a little too long relishing the moment.

But, unbeknownst to the reptilian bounty hunter, Han has stealthily retrieved his own blaster beneath the table.

In the original 1977 version Han shoots Greedo without the bounty hunter ever firing a shot. But in the 1997 remake Greedo shoots first, before Han responds in kind.

Further changes to the scene have been made in subsequent releases, but the 1997 tweak is still regarded by some as Lucas' biggest transgression, sparking online petitions, websites and t-shirts all bearing the slogan 'Han shot first'.

The changes remain in the most recent release, much to the annoyance of hardcore fans.

And yet the Save Star Wars website also says George Lucas made a speech to the US Congress in 1988 about the preservation of film in which he proclaimed: "American works of art belong to the American public; they are part of our cultural history... In the future it will become even easier for old negatives to become lost and be 'replaced' by new altered negatives.

"This would be a great loss to our society. Our cultural history must not be allowed to be rewritten."

Of course the idea of re-writing, updating or altering is not new. Authors do it all the time, presenting a revised second edition and letting the first edition slip quietly out of print. Nor is the idea of re-working old material, it happens all the time, even with classics. Kate Bush did just that with her album Director's Cut earlier this year.

But in most cases enterprising fans can find a copy of the original version, or, if there's enough consumer demand, original versions are made available by a publisher who will typically own the rights. Not so with Star Wars. The rights belong to George Lucas. But should they?

I'm not talking about the ins-and-outs of who did what on the early movies (of the three original films Lucas only directed the first, the other two were directed and co-written by others), but a broader question about the role the public play in the creation of a work of art.

Faltering vision

In 1957 Marcel Duchamp, the philosophical French artist (the urinal and all that), gave a lecture on this subject called The Creative Act. He starts it with this thought:

"Let us consider two important factors, the two poles of the creation of art: the artist on the one hand, and on the other the spectator who later becomes the posterity."

He then goes on to argue that the artist is merely the medium for his or her work; that he or she is not fully conscious of what is being produced, much of which derives from intuition.

This is a concept that I've heard many times from authors to artists, where they tell me that their words or thoughts come to them unconsciously or from an unknown source.

Building on this idea of artist-as-medium, Duchamp then introduces the idea that the audience has a vital role in validating something as an artwork:

"'The artist may shout from all the rooftops that he is a genius: he will have to wait for the verdict of the spectator in order that his declarations take a social value and that, finally, posterity includes him in the primers of Artist History."

In other words it's not for the artist to decide whether his or her work is any good, it is the job of the spectator, which in turn makes them part of the creative act.

Duchamp describes this as "transference": the moment when the artist hands over control of his or her artwork to an audience.

He also points out that there is an inevitable gap between intention and realisation.

This is George Lucas's argument for altering his original films; that the technology was not available for him to fully realise his vision (which doesn't account for adding to the script, but let's not dwell on that) in the late '70s early '80s.

Too late mate, according to Duchamp.

Profound view

The artist concludes with this:

"All in all, the creative act is not performed by the artist alone; the spectator brings the work in contact with the external world by deciphering and interpreting its inner qualification and thus adds his contribution to the creative act.

"This becomes even more obvious when posterity gives a final verdict and sometimes rehabilitates forgotten artists."

Such as Van Gogh for example, who was not remotely successful or sought after during his lifetime. Duchamp's argument is that the spectator is part of the creative act and therefore shares ownership - and authorship - of the artwork with the artist.

Duchamp would contest that Lucas didn't know what he had produced back in 1977; it wasn't for him to judge back then, it's not for him to judge now. And by denying the public access to a work of art that they helped create is not within his rights, even though he owns the rights.

Bob Dylan has always complained that people read too much into his songs, just as Chance The Gardener was bemused in the film Being There when society decided his simple utterances were profound aphorisms.

In short, the artist is probably not the best person to judge their own artwork, and - in my view - Lucas should probably listen to his fans and allow all versions of the films to be seen (even if that means spending a few quid digitising the originals).
http://www.bbc.co.uk/news/entertainment-arts-14944240





Inside Amazon’s Very Hot Warehouse
David Streitfeld

Amazon.com did not create the notion of buying things online, but it has done more than any other retailer to move the experience into the mainstream. It has exceeded its customers’ expectations so often it must constantly struggle to top itself. “At first people were incredulous that the mouse on their computer was connected to their doorbell,” the Amazon executive Russell Grandinetti said recently. “Now they say: ‘It’s been 12 hours. Where’s my stuff?’ ”

All that stuff doesn’t magically fly to your house, even if the goal is to have it seem that way. The Morning Call, a daily newspaper in Allentown, Pa., delivered a grim picture last weekend about what it is like to work in the local Amazon warehouse, sorting material for delivery to millions of eager customers. In eastern Pennsylvania, like just about everywhere else, jobs are lacking, and Amazon is one of the few places that is hiring. Many workers are brought on by a staffing company as temporary workers (“Are you interested in working in a fun, fast-paced atmosphere earning up to $12.25 per hour?” the ad asks.) This transient status gives them little incentive to complain, even as the heat boiled upward over the summer. The result was an environment that, one employee told the paper, resembled “working in a convection oven while blow-drying your hair.”

In a lengthy and heavily reported article, The Call said a warehouse employee contacted the Occupational Safety and Health Administration on June 2 to report that the heat index in the warehouse had reached 102 degrees, and that 15 workers had collapsed. The employee also said workers who were sent home because of the heat received disciplinary points.

Eight days later, the paper said, an emergency room doctor at a local hospital saw enough Amazon employees suffering from heat-related injuries to call OSHA and report “an unsafe environment.”

So many ambulances responded to medical assistance calls at the warehouse during a heat wave in May, the paper said, that the retailer paid Cetronia Ambulance Corps to have paramedics and ambulances stationed outside the warehouse during several days of excess heat over the summer. About 15 people were taken to hospitals, while 20 or 30 more were treated right there, the ambulance chief told The Call.

OSHA, which investigated conditions at the warehouse, told Amazon that the way the warehouse was run had “the potential to adversely impact” employee safety and health.

In a statement Monday, Amazon said, “the safety and well-being of our associates is our number one priority.” It stressed it took emergency actions during the various heat waves, including shutting down the warehouse three times, but did not specifically challenge any of The Call’s extensive reporting.

Investors were undaunted; in the challenging Internet economy, this is the exact way they want companies to be run. On a down day for the market, the retailer’s stock rose $2.39 on Monday to a new high of $241.69, giving Amazon a market value of $110 billion.
http://bits.blogs.nytimes.com/2011/0...hot-warehouse/





Amazon.Com Spends $2.4M on A/C at Sweltering Warehouses
Greg Lamm

Amazon.com says that it spent $2.4 million "urgently installing" industrial air conditioning units in four warehouses, including Amazon’s Breinigsville, Penn., facility that has been at the center of worker complaints and a PR challenge for the e-commerce giant.

Amazon’s statement posted on the company's website is in response to Amazon.com workers complaining about excessive heat inside the Pennsylvania warehouse. The complaints were outlined in a weekend article in The Morning Call of Allentown. The workers described a workplace where the thermometer soars above 100 degrees and where bosses pressure workers to clock in long days. Some workers sought medical attention for heat-related ailments.

The article went viral on the internet and the criticism has been harsh, with some bloggers accusing Amazon of running a "sweatshop," and others questioning whether consumers should shop at Amazon because of the working conditions.

In the company’s statement, Amazon acknowledged the criticism and said employee safety is a top priority:

“We welcome and embrace questions about our preparedness and planning, and indeed we routinely ask those internally, but those who know us well don’t doubt our intent or our focus on employee safety.”

Amazon said that the situation was made worse by a scorching summer in that part of the country. The company said the air-conditioning units were up and running by late July or early August. Amazon said it was not ordered by any government agency to install. In fact air conditioning remains an unusual practice in warehouses, Amazon said.

The company also responded to complaints that it employes a high number of temporary workers at the warehouse. Amazon said it relies on temporary employees to find good full-time workers and to manage the ebbs and flows in customer demand for retail goods.

Amazon said 1,381 full-time employees work in Breinigsville, all of whom receive full-time benefits including healthcare. Since January, Amazon asid 850 temporary employees in Breinigsville have been moved to full-time positions.
http://www.techflash.com/seattle/201...24m-on-ac.html





Latest Move Gets Netflix More Wrath
Jenna Wortham and Brian Stelter

Netflix, the company that changed the way tens of millions of people watch films and television shows, is quickly discovering that there’s a downside to having cultivated a passionate fan base.

After Reed Hastings, the company’s co-founder and chief executive, announced a plan — in a blog post and seemingly in a hurry a minute before midnight on Sunday — to split Netflix into two separate businesses, one for Internet streaming and one for DVDs by mail, the company’s Web site was inundated with angry messages.

In many of the 17,000 comments (so far), disgruntled consumers mocked the name of the new DVD company, Qwikster, and predicted its demise. They complained that they would soon have to pay for and manage two separate accounts. And they wondered why Mr. Hastings was apologizing for “arrogance” — but not for disrupting a service that they adore.

“I just got your e-mail, and, as a long-time customer, quite frankly found it to be offensive. And perhaps a devastating miscalculation for your business,” wrote David Isaacson, 47, of Chicago.

The lesson seems to be that all those customers who appreciate low prices, innovative products and lightning-fast customer service can swiftly turn when they feel slighted — perhaps because they know how responsive such companies have been in the past.

JetBlue, a cheery company by airline standards, was pummeled in 2007 when passengers were stranded on planes for up to 10 hours. Apple was battered last year when complaints about the antenna design of the iPhone 4 surfaced online.

Most such customer storms pass — Apple stock happened to close at a record high on Monday — and of course, the complaints ricocheting around the Web may not reflect the sentiment of all of Netflix’s customers.

“We have to take what we’re hearing through social media with a grain of salt,” said Russ Crupnick, an analyst for the NPD Group. “Netflix and Amazon are unchallenged in terms of how pleased customers are with their service. It’s easy to confuse the noisy with the silent majority.”

But in the short term, the risk to corporate reputations is palpable.

“People love Netflix,” said James L. McQuivey, an analyst at Forrester Research.

“What other media distributor adds two-plus million subscribers each quarter? Only Netflix and only because people are thrilled with it. But once you arouse such passions in people, you have to expect that they’ll be equally passionate when they feel betrayed. And that’s what has happened.”

Another customer, Aaron Tone, wrote on Netflix’s site: “it seems to me that companies that truly value their customers make the customer experience as helpful, seamless and easy to understand as possible.” What Netflix had done, he added, was “exactly the opposite.”

Netflix was considered a highflier of Silicon Valley and a business-school lesson in how to make a smooth transition from old technology (sending out DVDs by mail) to new (delivering streams of movies and shows on the Internet). But the company’s stock price has been hammered since it introduced an unpopular price increase — $6 more a month — for its Internet-plus-DVD service this summer.

Netflix cast the pricing scheme as a necessary step that would allow it to keep mailing DVDs and would give it more money to spend on licenses for streaming content.

The change, however, has spurred about a million of its 25 million customers in the United States to drop their subscriptions, the company indicated last week, just the second time in the company’s history that it experienced any drop, and its stock has fallen almost 52 percent since the change was announced.

In his blog post, Mr. Hastings suggested that the next step — breaking up the delivery systems into two separate companies — would allow each to grow and better serve customers. In an unusually personal way, he apologized for the way he handled the earlier announcement, which prompted a similar outpouring from customers. “I messed up,” he wrote, adding that at a time when Netflix was “evolving rapidly,” he did not communicate sufficiently with customers.

But that admission seemed only to increase the criticism and derision in some quarters. Netflix’s stock closed at $143.75 on Monday, down an additional 7.37 percent.

“I have a feeling the apologies are just beginning,” said Michael Gordon, the chief executive of Group Gordon, a corporate and crisis public relations firm in New York. “They’re catching customers off-guard by making huge changes and not providing a lot of explanation for them. It’s been handled poorly.”

Netflix said the Qwikster service would be up and running in a few weeks and would be headed by Andy Rendich, who runs DVD-by-mail now. The company will start renting video games for the first time.

Analysts said the separation reflected the fact that DVDs and online streams had different cost structures and consumer demographics. Still, Mike McGuire, an analyst with Gartner who keeps a close eye on the entertainment industry, described the move as “an unnecessary shift in brand.”

“The red envelope is what it is,” he said. “It doesn’t need fixing.”

Echoing the complaints of some customers, Mr. McGuire said Netflix had not yet delivered on the promise of making the selection of its streaming service as compelling as its DVD-by-mail catalog. “The streaming catalog still only offers a fraction of what is available on DVD,” he said. “Consumers aren’t going to change their behavior if it’s not a better service.”

Brooke Hammerling, the founder of the technology public relations firm Brew Media Relations, said the separation announcement felt as if it had been hastily pulled together.

On Monday afternoon, Netflix did not yet have an official Web site for Qwikster, just a holding page that promised it was “launching soon.”

Social networking users noticed that the owner of the name Qwikster on Twitter was not a DVD distributor but a man with an Elmo profile picture whose page was filled with foul language and drug use references.

“If they were really serious about this and had been planning it for a while, they would have dotted all the i’s and crossed all the t’s,” Ms. Hammerling said.

“They should have taken care of something as silly as making sure a pot-smoking Elmo isn’t the owner of the Twitter account of their new service.”
http://mediadecoder.blogs.nytimes.co...mpts-backlash/





Dish Network Goes After Netflix

The satellite TV provider will launch Blockbuster Movie Pass, a subscription service offering DVDs and video games by mail, plus titles for streaming. The price? What Netflix used to charge for both.
Ben Fritz

Dish Network is aiming to use its new Blockbuster unit to challenge now vulnerable Netflix, but not at the expense of its own satellite television business.

The company on Friday unveiled Blockbuster Movie Pass, a service that offers DVDs and video games by mail along with 3,000 movies and television shows available to stream on TV and an additional 1,000 for PCs. It will launch Oct. 1.

The service will cost $10 a month, the same price Netflix charged for a combined streaming and DVD service before it unexpectedly raised the price in July, sparking public outrage and the loss of an estimated 400,000 subscribers by the end of September.

"We're looking to get customers from Amazon, from Hulu, from Netflix and from Qwikster," said Dish Chief Executive Joe Clayton, referring to the three big players in subscription video on demand and Netflix's newly branded DVD-by-mail service.

Because the new offering is available only to people who subscribe to Dish for at least $39.99 a month, it may not appeal to those who are currently happy with their cable or DirecTV services or already use Netflix alone. Clayton said he hoped it would draw some existing Dish customers who already use other movie services, as well as people who pay for TV from another provider.

To entice new Dish subscribers, the Blockbuster Movie Pass will be free to them for the first year.

Dish Network, which has 14 million subscribers, acquired Blockbuster for $320 million in April at a Bankruptcy Court auction.

Michael Kelly, the president of Blockbuster, said the company would also announce plans for a stand-alone subscription service that targets people who don't subscribe to TV channels from Dish.

"We think this is a powerful offering to the great deal of the population that uses pay TV, but it's a first step," he said. Acquiring movies and TV shows for such a service is costly, as Netflix investors have learned. But because Blockbuster Movie Pass is tied to a Dish subscription, the company can offer content to which it already has the rights through program deals for its satellite TV business.

Netflix currently offers more than 12,000 movies and TV shows for its streaming subscribers, according to the website InstantWatcher.com, significantly more than Dish has. Netflix also has signed some exclusive agreements for TV series such as "Mad Men" and movies from independent studios such as Relativity Media.

But Blockbuster Movie Pass will have a key advantage: Walt Disney Studios and Sony Pictures movies from Starz, which recently announced it would end its Netflix agreement when it expires in February.

Blockbuster's TV shows will be supplied from networks including Fox, A&E, TNT and AMC.

In addition to DVDs, Blu-ray discs and video games through the mail, subscribers will be able to swap discs at the more than 1,500 Blockbuster stores still operating in the U.S.

Investors seemed to like the news, with Dish Network's stock price rising 5% on Friday to close at $26.71. Netflix shares were up 1% at $129.60, but are down 38% since the subscriber losses were disclosed Sept. 15.
http://www.latimes.com/business/la-f...,6837718.story





Comcast's $9.99 Internet for Low-Income Families Goes Nationwide
Nate Anderson

Comcast rolled out its Internet Essentials program nationwide today, offering low-income families in its service territory $10/month Internet connections and access to $150 computers.

Any family with at least one child who qualifies for the free lunch program at public schools can subscribe to a low-speed (1.5Mbps) Comcast Internet connection for $9.95 a month. Comcast guarantees that it won't raise the price and offers the plan without equipment rental or activation fees. Subscribers also cannot have "an overdue Comcast bill or unreturned equipment," and they can't have had Comcast Internet in the last 90 days.

Comcast has agreed to sign up families to the program for at least three years, and it also promises to provide free Internet and computer training to those who need it.

Internet Essentials has been rolled out in cities around the country throughout the year—it came to Chicago back in May—but the DC launch today was used to "officially" launch the national program. FCC Chairman Julius Genachowski was on hand to praise Comcast for helping overcome the "digital divide."

"Students increasingly need to go online to complete their homework assignments," he said. "But one-third of all students and a majority of low-income children can’t. It's not because there aren't countless kids trying to do their very best. We heard about a high school girl in Florida who does her homework in the parking lot of the local library each night, because the library’s wifi hot spot is the only way she can get online."

Every student in the US needs to be "digitally literate," Genachowski said, because it's their "ticket to a new job."

What kind of job, you ask? "I was recently in Indiana to announce the creation of 100,000 new jobs at customer service centers. These workers aren’t just talking on the phone any more. They are processing transactions; accessing records and information; e-mailing, live text chatting, and managing accounts. These activities don't require advanced degrees, but they do require broadband and digital literacy."

This isn't exactly "you can do anything you can dream!" rhetoric, but perhaps it's fitting for the Age of Recession. Still, Genachowski is certainly right to note that even entry-level jobs increasingly require at least some familiarity with computers and the Internet, and that job openings and applications are increasingly available online.

Though Comcast no doubt loves children and cares deeply about the digital divide, its Internet Essentials program was also a part of the conditions under which it was allowed to buy NBC earlier this year. The company pledged to reach 2.5 million low income households with high speed Internet for less than $10 a month, and to sell some sort of computer for $150 or less.
http://arstechnica.com/tech-policy/n...e-families.ars





US Net Neutrality Rules Finalized, in Effect November 20
Nate Anderson

Get ready, America—net neutrality finally comes to the Internet on November 20, 2011.

That's the plan, at least. The FCC has just filed its final "open Internet" rules (PDF) with the Federal Register, which will publish them tomorrow and make them official. The rules go into effect on November 20, nearly a year after they were passed over Republican opposition on a 3-2 vote. (One of the FCC Commissioners who voted against the rules now works for Comcast.)

But the plan will likely be derailed by lawsuits. Two, by Verizon and MetroPCS, were filed earlier this year but tossed because the rules had yet to be finalized. With tomorrow's printing in the Federal Register, the litigation floodgates will be thrown open and and complaints about the government overstepping its authority can start pouring in.

Those complaints might well meet with success, given how the FCC went about the whole process. Rather than reclassifying broadband services in such a way that the FCC has clear jurisdiction over them, the agency relied instead on its much weaker "ancillary jurisdiction." (The legal rationale for this begins on p. 77 of the final rules, and the FCC gamely makes a case that it has the proper authority.) As law professor James Grimmelmann noted today in our subscriber-only webchat, "The FCC is in a real tangle here. I think if they reclassified broadband service (long story), they'd have a better shot at getting their rules to stick."

As for the rules, they're the same modest regulations adopted back in December. Here's the FCC's own summary:

First, transparency: fixed and mobile broadband providers must disclose the network management practices, performance characteristics, and commercial terms of their broadband services. Second, no blocking: fixed broadband providers may not block lawful content, applications, services, or non-harmful devices; mobile broadband providers may not block lawful websites, or block applications that compete with their voice or video telephony services. Third, no unreasonable discrimination: fixed broadband providers may not unreasonably discriminate in transmitting lawful network traffic.

Mobile networks still have broad leeway to discriminate and throttle and even block certain apps, though some of the most obviously objectionable activities are forbidden.

On the miraculous off-chance that no lawsuits are filed, however, we'll have a side of net neutrality lite to accompany Thanksgiving's pumpkin pie. But ISPs don't like constraints, no matter how modest, so the matter will probably be decided by federal judges.
http://arstechnica.com/tech-policy/n...ovember-20.ars





AT&T vs. Verizon: LTE, Head-to-Head
Sascha Segan, David Pierce

Watch out, Verizon. There's a new fastest network in town: AT&T's LTE.

AT&T launched a super-speedy 4G LTE network in five cities on Sunday, and PCMag.com junior analyst David Pierce went to Houston, Texas to compare the network to the Verizon Wireless 4G LTE system.

We did eight rounds of testing and found that AT&T's Houston network is even faster than Verizon's. Of course, we're comparing a loaded Verizon network full of Droid Bionics and HTC Thunderbolts to a brand-new AT&T system just out of the wrapping paper. But the results still show that if AT&T takes good care of its LTE system, it's going to be downright screaming crazy fast.

The AT&T network averaged out with about 24Mbps downloads and peaked at 42.85Mbps, the fastest cellular connection we've ever seen. Just as exciting as the sheer download speeds were the connection quality results: Pingtest.net generally rated the network an A or a B, good enough for video chat or gaming.

How We're Testing
We tested in eight locations in central Houston, some of which we pre-checked with AT&T for coverage and some of which we left for surprises.

We're using three tests on a Dell Inspiron Windows 7 laptop to check out the networks. Speedtest.net, which we also used in our Fastest ISPs feature, gives a solid number for uploads, downloads and the time it takes to reach a testing server (ping). Its sibling Pingtest.net focuses on the streaming experience: whether a connection is good enough for video streaming, VOIP calling, or gaming. That's an area where LTE should do a lot better than other forms of 3G and 4G. Finally, we downloaded the home pages of five different Web sites using the "curl" command-line tool and averaged out both the time until the first byte of the site arrived, and the total download time.

Currently, AT&T has two USB modems (the Momentum 4G by Sierra Wireless and the Adrenaline by LG), a hotspot (the Elevate 4G by Sierra) and a tablet (the HTC Jetstream) able to run on its LTE network. The carrier has no LTE phones yet. And no, you can't use AT&T, Verizon, and MetroPCS LTE devices on each others' networks, as the companies spec out their radios to exclude each others' frequencies. Apparently, they don't want roaming.

Why LTE Matters
All the wireless carriers say they have 4G; heck, AT&T said it had 4G before this. But some 4Gs are more "4" than others. LTE is the true next-generation technology all the major carriers are headed towards. It's at least twice as fast as other forms of 4G, and it's one of the major reasons, if not the primary reason, AT&T says it wants to merge with T-Mobile.

To see the difference between LTE and other networks, check out our 21-city Fastest Mobile Networks tests. It's striking. AT&T's previous 3G network averaged 2.44 Mbps down in our nationwide tests, with a peak of 12.97 Mbps. That's respectable, and that's broadband, but we got more than nine times that average speed in our AT&T LTE tests in Houston.

That enables new uses, like reliable high-definition video calling and streaming. The faster response times mean a lot for social networking and multiplayer gaming. But one thing you can't do is use this as a primary home Internet connection; AT&T's data caps, like Verizon, are just too severe to handle the gigabytes of data home users typically go through in a month. AT&T has said the average user of its home DSL system consumes 18GB per month. At current rates, that would run $180/month for LTE wireless service.

One of AT&T's crowning arguments for the merger is that if it's allowed to merge with T-Mobile, it can cover 97 percent of the country with LTE. If it isn't, it'll only cover 80 percent of the country. Opinions differ rather sharply about what AT&T is actually capable of covering with LTE in its current state, with merger opponents saying that AT&T has more options than it lets on.

For its part, AT&T has put coverage maps on its pro-merger Web site showing what it's pledging to cover with LTE with and without the merger. Almost all of the southern half of Georgia, for instance, only gets LTE if the merger goes through, AT&T says.

Who's Stronger in AT&T's Cities?
This leaves AT&T in an interesting bind with its 4G LTE launch. The carrier insists that it's rolling out LTE as fast as it can, but you can't help wondering if the rollout would be more aggressive if the T-Mobile merger wasn't on the table. After all, if AT&T could easily blanket the USA with LTE all on its own, why should the government approve the merger?

AT&T has just launched five cities, promising to have 15 metro areas covering 70 million people by the end of the year. Verizon, of course, already covers 160 million people—more than half of the U.S. population. Sprint covers 120 million people with its slower 4G WiMAX, and T-Mobile covers over 200 million with its HSPA+ 42 network.

Big Blue's 4G is backstopped by faster 3G than Verizon's, though. AT&T's 3G system is on average three times faster than Verizon's 3G, according to our Fastest Mobile Networks tests, so drops from 4G LTE to 3G won't feel quite as hard on AT&T as on Verizon. Later this week, we'll look more into the current state of AT&T's pseudo-4G, kinda-3G HSPA+ network in New York City.

Comparing AT&T's and Verizon's 4G LTE coverage maps plays pretty neatly into stereotypes of where each carrier is stronger. Texas is AT&T's homeland. The current AT&T grew out of the former Southwestern Bell, headquartered in Dallas. If you look at AT&T's maps for Dallas, Houston and San Antonio, they cover more of those metro areas with LTE than Verizon does.

Atlanta is the headquarters of the former BellSouth, another AT&T component. There, too, AT&T embraces more of the metro area than Verizon does.

AT&T's weakest market so far is Chicago, the former haunt of AT&T component Ameritech. There, Verizon smacks down AT&T's coverage, with Verizon's 4G network extending seamlessly well into Wisconsin and Indiana.

There's a difference in speed and capacity between the AT&T cities, too, a company rep told us: in Chicago it's running on half of the spectrum Verizon is, using paired 5-MHz rather than 10-MHz blocks. (The company has paired 10-MHz blocks in Houston.) AT&T's solution for increasing capacity? Merging with T-Mobile, of course.

Full Reviews Coming
Later this week, we'll have full reviews of the first two AT&T modems as well as the LTE network's speed and pricing. Keep checking back at PCMag.com for more on AT&T's brand-new network.
http://www.pcmag.com/article2/0,2817,2393182,00.asp





Alcatel-Lucent Boost Superfast FTTC Broadband to 100Mbps via VDSL2 Vectoring
MarkJ

Global telecommunications firm Alcatel-Lucent has this morning announced the commercial launch of its VDSL2 Vectoring technology, which is expected to be used by some UK internet providers (ISP) to boost the maximum download speed of superfast Fibre-to-the-Cabinet ( FTTC ) broadband services up to and beyond 100Mbps (currently 40Mbps).

FTTC delivers a fast fibre optic cable to street level cabinets, while the remaining connection (between cabinets and homes) is done using VDSL2 via existing copper cable (similar to current ADSL broadband but faster over short distances). BT Group's £2.5bn rollout of superfast broadband, which should reach 66% of UK homes by 2015, is dominated by this method.

At present most UK FTTC solutions claim to offer maximum speeds of between 25Mbps and 40Mbps, although BT has already announced that it will start increasing FTTC's spectrum allocation (does not require new hardware / extra cost) towards the end of the year and thus boost speeds up to 80Mbps in 2012.

By contrast VDSL2 Vectoring, which can work on a single pair copper line, is seen as the next evolution beyond 80Mbps FTTC and works in a similar way to the "noise cancellation" technology employed by some headphones. In essence it works to cancel out background noise / interference (crosstalk) and can thus boost performance and reach by between 25% and 100%.

Rob Gallagher, Principal Analyst at Informa, said:

"Alcatel-Lucent's plan to make VDSL2 vectoring commercially available is very timely. Service providers and governments have stated their intent to boost broadband speeds to consumers and businesses alike, but the challenges associated with comprehensive fiber-to-the-home deployments have been a major obstacle.

VDSL2 Vectoring promises to bring speeds of 100Mbps and beyond to advanced copper/fiber hybrid networks and make superfast broadband speeds available to many more people, much faster than many in the industry had thought possible."

Dave Geary, President of Alcatel-Lucent's Wireline Division, said:

"With our enhanced broadband portfolio, including VDSL2 Vectoring and recent innovations in next-generation fiber, operators can deliver new services and generate new revenue, quickly. Our objective is to help operators – and nations - ‘get to fast, faster’. For operators this means shortening the time needed to recoup their investments, and making it easier for them to meet various national broadband goals."

Alcatel-Lucent appears to be the first-to-market with this technology, although others (e.g. Genesis Technical Systems, Huawei etc.) are working with similar solutions. So what of the UK ramifications? BT has already told ISPreview.co.uk that it is exploring the method for a future upgrade (here) to 100Mbps or possibly more.

Crucially Alcatel-Lucent recently secured a major five-year agreement (here) to create and maintain "an evolution" of BT's next generation UK 21st Century Network ( 21CN ). It should be said that BT also has deals with some other Vectoring developers, such as Huawei. Either way Vectoring will almost certainly be used by BT but probably not before 2013 as it will take most of 2012 to deploy the new 80Mbps upgrade first.
http://www.ispreview.co.uk/story/201...vectoring.html





US Survey: 1 in 5 Telecommuters Work an Hour or Less a Day

And a third of them stay in their PJs
Brid-Aine Parnell

Almost one in five Americans who work from home only clock in for an hour or less a day, according to a survey, while a third stay in their pyjamas.

Forty per cent of telecommuters say they work between four and seven hours, 17 per cent are doing the bare minimum and just 35 per cent are working eight or more hours, the CareerBuilder survey of 5,299 people revealed.

As bad as that sounds, it's much better than it was in 2007, when only 18 per cent were able to manage eight hours or more.

Stay-at-home workers also said getting dressed for the day was far too strenuous: 41 per cent of women and 22 per cent of men – a third in total – stayed in their PJs.

The top distraction for telecommuters is household chores, with 31 per cent succumbing to what must be the purest form of procrastination – doing other menial work to avoid the work you're supposed to be doing.

Other things that might drag the telecommuter away from his or her laptop are the TV (26 per cent) or pets (23 per cent), but only 15 per cent of the at-home workers listed children as a source of interruption.

"To avoid situations where telecommuters aren’t putting in the necessary time, managers need to be clear about expectations and establish daily objectives. The autonomy of working from home can be very rewarding so long as it doesn’t diminish productivity,” advised Rosemary Haefner, VP of human resources at CareerBuilder.

The survey also found that more Americans have been given the option of working from home post-recession, with 10 per cent telecommuting at least once a week, up from 8 per cent in 2007.

“With mass adoption of smartphones and advanced network technologies, telecommuters are connected to their offices like never before. As a result, we’re seeing more companies embrace the work-from-home option,” said Haefner.
http://www.theregister.co.uk/2011/09/20/pjs_every_day/





In Small Towns, Gossip Moves to the Web, and Turns Vicious
A. G. Sulzberger

In the small towns nestled throughout the Ozarks, people like to say that everybody knows everybody’s business — and if they do not, they feel free to offer an educated guess.

One of the established places here for trading the gossip of the day is Dee’s Place, a country diner where a dozen longtime residents gather each morning around a table permanently reserved with a members-only sign for the “Old Farts Club,” as they call themselves, to talk about weather, politics and, of course, their neighbors.

But of late, more people in this hardscrabble town of 5,000 have shifted from sharing the latest news and rumors over eggs and coffee to the Mountain Grove Forum on a social media Web site called Topix, where they write and read startlingly negative posts, all cloaked in anonymity, about one another.

And in Dee’s Place, people are not happy. A waitress, Pheobe Best, said that the site had provoked fights and caused divorces. The diner’s owner, Jim Deverell, called Topix a “cesspool of character assassination.” And hearing the conversation, Shane James, the cook, wandered out of the kitchen tense with anger.

His wife, Jennifer, had been the target in a post titled “freak,” he said, which described the mother of two as, among other things, “a methed-out, doped-out whore with AIDS.” Not a word was true, Mr. and Ms. James said, but the consequences were real enough.

Friends and relatives stopped speaking to them. Trips to the grocery store brought a crushing barrage of knowing glances. She wept constantly and even considered suicide. Now, the couple has resolved to move.

“I’ll never come back to this town again,” Ms. James said in an interview at the diner. “I just want to get the hell away from here.”

In rural America, where an older, poorer and more remote population has lagged the rest of the country in embracing the Internet, the growing use of social media is raising familiar concerns about bullying and privacy. But in small towns there are complications.

The same Web sites created as places for candid talk about local news and politics are also hubs of unsubstantiated gossip, stirring widespread resentment in communities where ties run deep, memories run long and anonymity is something of a novel concept.
A generation ago, even after technology had advanced, many rural residents clung to the party line telephone systems that allowed neighbors to listen in on one another’s conversations. Now they are gravitating toward open community forums online, said Christian Sandvig, an associate professor at the University of Illinois at Urbana-Champaign.

“Something about rural culture seems to make people want to have conversations in public,” said Mr. Sandvig, who has studied the use of social media sites in rural areas.

Topix, a site lightly trafficked in cities, enjoys a dedicated and growing following across the Ozarks, Appalachia and much of the rural South, establishing an unexpected niche in communities of a few hundred or few thousand people — particularly in what Chris Tolles, Topix’s chief executive, calls “the feud states.” One of the most heavily trafficked forums, he noted, is Pikeville, Ky., once the staging ground for the Hatfield and McCoy rivalry.

“We’re running the Gawker for every little town in America,” Mr. Tolles said.

Whereas online negativity seems to dissipate naturally in a large city, it often grates like steel wool in a small town where insults are not easily forgotten.

The forums have provoked censure by local governments, a number of lawsuits and, in one case, criticism by relatives after a woman in Austin, Ind., killed herself and her three children this year. Hours earlier she wrote on the Web site where her divorce had been a topic of conversation, “Now it’s time to take the pain away.”

In Hyden, Ky. (population 365), the local forum had 107 visitors at the same time one afternoon this month. They encountered posts about the school system, a new restaurant and local arrests, as well as the news articles and political questions posted by Topix.

But more typical were the unsubstantiated posts that identified by name an employee at a dentist’s office as a home wrecker with herpes, accused a gas station attendant of being a drug dealer, and said a 13-year-old girl was “preggo by her mommy’s man.” Many allegations were followed with promises of retribution to whoever started the post.

“If names had been put on and tied to what has been said, there would have been one killing after another,” said Lonnie Hendrix, Hyden’s mayor.

Topix, based in Palo Alto, Calif., is owned in part by several major newspaper companies — Gannett, Tribune and McClatchy — but has independent editorial control. It was initially envisioned as a hyperlocal news aggregator with separate pages for every community in the country. But most of its growth was in small cities and towns, and local commenters wanted to shift the conversation to more traditional gossip.

Mr. Tolles acknowledged the biggest problem at the site is “keeping the conversation on the rails.” But he defended it on free-speech grounds. He said the comments are funny to read, make private gossip public, provide a platform for “people who have negative things to say” and are better for business.

At one point, he said, the company tried to remove all negative posts, but it stopped after discovering that commenters had stopped visiting the site. “This is small-town America,” he said. “The voices these guys are hearing are of their friends and neighbors.”

Mr. Tolles also said the site played a journalistic role, including providing a place for whistle-blowing and candid discussion of local politics.

He noted that the Mountain Grove Forum, which had 3,700 visitors on a single day this month, had 1,200 posts containing the word “corruption,” though it was unclear how many of them were true. One resident used the site to rail against local officials, helping build support for a petition-driven state audit of town government.

Topix said it received about 125,000 posts on any given day in forums for about 5,000 cities and towns. Unlike sites like Facebook, which requires users to give their real name, Topix users can pick different names for each post and are identified only by geography. About 9 percent are automatically screened out by software, based on offensive content like racial slurs; another 3 percent — mostly threats and “obvious libel,” Mr. Tolles said — are removed after people complain.

After a challenge from more than 30 state attorneys general, Topix stopped charging for the expedited removal of offensive comments — which Jack Conway, the attorney general for Kentucky, said “smacked of having to pay a fee to get your good name back.”

Despite the screening efforts, the site is full of posts that seem to cross lines. Topix, as an Internet forum, is immune from libel suits under federal law, but those who post could be sued, if they are found.

The company receives about one subpoena a day for the computer addresses of anonymous commenters as part of law enforcement investigations or civil suits, some of which have resulted in cash verdicts or settlements.

But at Dee’s Place, Jennifer James said she did not have enough money to pursue a lawsuit. And even if she did, she said, it would not help.

“In a small town,” Ms. James said, “rumors stay forever.”
https://www.nytimes.com/2011/09/20/u...d-vicious.html





WSJ Social, For a World Where Facebook Is the New Internet
Jeff Bercovici

Is Facebook a friend of news companies, or is it a rival? No matter how much success publishers have piggybacking off its traffic, they can’t escape the cruel math: The more of their time consumers spend on Facebook and other social networking hubs, the less they have left over for news sites.

Now The Wall Street Journal has what it thinks is an answer to this problem. Called WSJ Social, it filters Journal content through the so-called social graph to yield a news product that lives entirely within the walls of Facebook. It launches Tuesday. Here’s what it looks like.

“The fundamental idea of it is super simple,” says Alisa Bowen, general manager of the WSJ Digital Network. “It’s about making [WSJ content] available where people are.”

But it’s also about reimagining newspaper reading as an inherently social experience. Users choose whose streams they want to follow — the official ones produced by the paper’s, and each other’s — and that determines what stories they see. The most-followed users can compare their rankings on a leaderboard and earn prizes — possibly including their own WSJ-style stipple portraits. “It’s really about the users being elevated to editors,” says Maya Baratz, the Journal’s head of new products.

Whatever it’s about, it dovetails nicely with the strategic aims of Facebook itself, which sees content as a way to bring people to the site and keep them there, interacting with each other, buying stuff and getting served ads. At its conference for developers this week, called F8, Facebook is expected to unveil a new media-sharing platform built for that purpose. Meanwhile, as I reported in July, Facebook has invited a dozen or so news outlets (including CNN, the Washington Post and the Huffington Post) to produce so-called Facebook editions.

The Daily, which, like the Journal, is owned by News Corp., is among the publications working on one, but Bowen says WSJ Social arose independently. “This is totally a Wall Street Journal initiative,” she says.

Yet the idea — treating Facebook as a self-contained universe rather than just another site — is similar, acknowledges Baratz: “It really is kind of like another internet.”

As far as the money part goes, the Journal keeps all the revenue from ads that appear within the borders of the app, while Facebook sells ad positions outside it. Content that’s behind a paywall on WSJ.com is still subscriber-only here, although a one-month sponsorship by Dell temporarily makes it free to all.
http://www.forbes.com/sites/jeffberc...-new-internet/





Animal Rights Group PETA to Launch Pornography Website

People for the Ethical Treatment of Animals (PETA), no stranger to attention-grabbing campaigns featuring nude women, plans to launch a pornography website in the name of animal rights.

The non-profit organisation, whose controversial campaigns draw criticism from women's rights groups, said it hopes to raise awareness of veganism through a mix of pornography and graphic footage of animal suffering.

"We're hoping to reach a whole new audience of people, some of whom will be shocked by graphic images that maybe they didn't anticipate seeing when they went to the PETA triple-X site," said Lindsay Rajt, PETA's associate director of campaigns.

PETA has been accused of campaigning for animal rights at the cost of exploiting women. A Facebook group, Real Women Against PETA, was launched after the organisation paid for a billboard showing an obese woman with the message: "Save the Whales. Lose the Blubber. Go Vegetarian."

Another critical Facebook group is called, "Vegans (and Vegetarians) Against PETA."

"PETA is extremely disingenuous," said Jennifer Pozner, executive director of the New York-based advocacy group Women In Media & News. "They have consistently used active sexism as their marketing strategy to garner attention. Their use of sexism has gotten more extreme and more degrading.

"This may be in their minds the only thing left at their disposal to lower the bar," she said.

PETA has filed paperwork to launch its pornography site when the controversial new. xxx domain becomes active in early December. While many non-profit and corporations are scrambling to protect their website names from being hijacked by a pornographer slapping on a. xxx domain, PETA is embracing the new domain as just another way to conduct business.

"We try to use every outlet that we can to speak up for animals," Rajt said. "We anticipated that this new triple-X domain name would be a hot topic and we immediately decided to use it and take advantage of it to try to promote the animal rights message."

Jill Dolan, director of the program in gender and sexuality studies at Princeton University, was critical of the PETA campaigns.

"Exploiting porn to get people's juices going seems lame; exploiting pornographic images only of women to make their point is retrograde and misogynist," Dolan said in an email. "Come on, PETA. Don't be Neanderthals."

Rajt denied that PETA has been insensitive to women.

"Our demonstrators, the models, all chose to participate in our campaigns ... It's not a very feminist thing to do to turn to women and tell them whether or not they can use their voices, their bodies to express their voice."

Visitors to the X-rated site will initially be presented with pornographic content as well as images from PETA's salacious ads and campaigns, Rajt said. Those images will be followed by pictures and video shot undercover of the mistreatment of animals. The site will also include links to vegetarian and vegan – using no animal products – starter kits as well as recipes.

PETA's ad campaigns have featured adult film stars Sasha Grey, Ron Jeremy and Jenna Jameson. In 2008, the organisation's YouTube account was temporarily shut down after showing videos of celebrities and others posing nude.

"When people first visit the site, it will be very enticing and once they go just a little bit deeper, that's when they'll be confronted with images that we hope will make them stop and think and get them talking and hopefully encourage them to make a lifestyle change to a plant-based diet," Rajt said.
http://www.telegraph.co.uk/news/news...y-website.html





After Disclosures by WikiLeaks, Al Jazeera Replaces Its Top News Director
David D. Kirkpatrick

Al Jazeera, the pan-Arab news network financed by Qatar, named a member of the Qatari royal family on Tuesday to replace its top news director after disclosures from the group WikiLeaks indicating that the news director had modified the network’s coverage of the Iraq war in response to pressure from the United States.

Al Jazeera is under intense scrutiny in the Middle East over its varying coverage of the Arab Spring revolts. Although the network is nominally independent — and its degree of autonomy was itself a revolution in the context of the region’s state-controlled news media when it began in 1996 — many people contend that its coverage of the region still reflects the views of its Qatari owners.

Al Jazeera played an early and influential role in covering — some would say encouraging — the unrest in Tunisia and Egypt last winter. It was even more aggressive in its focus on the regime of Col. Muammar el-Qaddafi and the struggles of what it called “freedom fighters” in Libya, where Qatar came to play a major role in supporting the rebellion.

But some people now cite what they see as a double standard in the network’s sensational coverage of the unrest in Syria on the one hand, and its relatively negligible coverage of the strife in Bahrain, Qatar’s Persian Gulf neighbor.

United States diplomatic cables disclosed recently by WikiLeaks appear to open a new window into the network’s interactions with Qatar and other governments.

A cable sent by the American ambassador, Chase Untermeyer, and dated October 2005, describes an embassy official’s meeting with Al Jazeera’s news director, Wadah Khanfar. According to the cable, the official handed Mr. Khanfar copies of critical reports by the United States Defense Intelligence Agency on three months of Al Jazeera’s coverage of the Iraq war; Mr. Khanfar said that the Qatari Foreign Ministry had already provided him with two months of the American reports, according to the cable, suggesting a close three-way consultation involving the two governments and the network.

He also urged American officials to keep his behind-the-scenes collaboration a secret.

He objected to an intelligence report’s written reference to an “agreement” between the United States and Al Jazeera.

“The agreement was that it was a non-paper,” Mr. Khanfar said, according to the cable. “As a news organization, we cannot sign agreements of this nature, and to have it here like this in writing is of concern to us.”

Senior United States officials often charged publicly during the Iraq war that Al Jazeera’s coverage inflamed anti-American sentiment, but in the cable Mr. Khanfar appeared eager to convince the American official that Al Jazeera was trying to be fair. He said he was preparing a written response to the points raised in the intelligence reports, according to the cable.

In at least one instance, involving a report on the network’s Web site, Mr. Khanfar said in the cable that he had changed coverage at the American official’s request. He said he had removed two images depicting wounded children in a hospital and a woman with a badly wounded face.

When the official raised other complaints, Mr. Khanfar “appeared to repress a Sigh,” according to the cable, “but said he would have the piece removed.”

“Not immediately,” he reportedly said, “because that would be talked about, but over two or three days.”

Mr. Khanfar, a former correspondent in Iraq and elsewhere for Al Jazeera, had been director for eight years before he resigned on Tuesday. He offered no explanation for his departure, but said on his Twitter account, “Entertained by all the rumors of why I have resigned.” His successor is Sheik Ahmad bin Jasem bin Muhammad Al-Thani, a businessman and member of the royal family.
https://www.nytimes.com/2011/09/21/w...-director.html





Hackers Break SSL Encryption Used by Millions of Sites

Beware of BEAST decrypting secret PayPal cookies
Dan Goodin

Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology [1] that serves as the internet's foundation of trust. Although versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he's visiting.

At the Ekoparty security conference [2] in Buenos Aires later this week, researchers Thai Duong and Juliano Rizzo plan to demonstrate proof-of-concept code called BEAST, which is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts. The exploit works even against sites that use HSTS, or HTTP Strict Transport Security [3], which prevents certain pages from loading unless they're protected by SSL.

The demo will decrypt an authentication cookie used to access a PayPal account, Duong said.

Like a cryptographic Trojan horse

The attack is the latest to expose serious fractures in the system that virtually all online entities use to protect data from being intercepted over insecure networks and to prove their website is authentic rather than an easily counterfeited impostor. Over the past few years, Moxie Marlinspike and other researchers have documented ways of obtaining digital certificates that trick the system into validating sites that can't be trusted.

Earlier this month, attackers obtained digital credentials for Google.com and at least a dozen other sites after breaching the security of disgraced certificate authority DigiNotar. The forgeries were then used to spy on people in Iran accessing protected GMail servers.

By contrast, Duong and Rizzo say they've figured out a way to defeat SSL by breaking the underlying encryption it uses to prevent sensitive data from being read by people eavesdropping on an address protected by the HTTPs prefix.

“BEAST is different than most published attacks against HTTPS,” Duong wrote in an email. “While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.”

Duong and Rizzo are the same researchers who last year released a point-and-click tool [4] that exposes encrypted data and executes arbitrary code on websites that use a widely used development framework. The underlying “cryptographic padding oracle” exploited in that attack isn't an issue in their current research.

Instead, BEAST carries out what's known as a plaintext-recovery attack that exploits a vulnerability in TLS that has long been regarded as mainly a theoretical weakness. During the encryption process, the protocol scrambles block after block of data using the previous encrypted block. It has long been theorized that attackers can manipulate the process to make educated guesses about the contents of the plaintext blocks.

If the attacker's guess is correct, the block cipher will receive the same input for a new block as for an old block, producing an identical ciphertext.

At the moment, BEAST requires about two seconds to decrypt each byte of an encrypted cookie. That means authentication cookies of 1,000 to 2,000 characters long will still take a minimum of a half hour for their PayPal attack to work. Nonetheless, the technique poses a threat to millions of websites that use earlier versions of TLS, particularly in light of Duong and Rizzo's claim that this time can be drastically shortened.

In an email sent shortly after this article was published, Rizzo said refinements made over the past few days have reduced the time required to under 10 minutes.

“BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection,” Trevor Perrin, an independent security researcher, wrote in an email. “If the attack works as quickly and widely as they claim it's a legitimate threat.”

Mozilla and OpenSSL: 'It's terrible, isn't it?'

Duong and Rizzo said the underlying vulnerability BEAST exploits is present in virtually all applications that use TLS 1.0, making it possible to apply the technique to monitor private communications sent through many instant messenger and Virtual Private Networking programs.

Although TLS 1.1 has been available since 2006 and isn't susceptible to BEAST's chosen plaintext attack, virtually all SSL connections rely on the vulnerable TLS 1.0, according to a recent research from security firm Qualys that analyzed the SSL offerings of the top 1 million internet addresses.

Chief culprits for the inertia are the Network Security Services [5] package used to implement SSL in Mozilla's Firefox and Google's Chrome browsers, and OpenSSL [6], an open-source code library that millions of websites use to deploy TLS. In something of a chicken-and-egg impasse, neither toolkit offers recent versions of TLS, presumably because the other one doesn't.

“The problem is people will not improve things unless you give them a good reason, and by a good reason I mean an exploit,” said Ivan Ristic, Qualys's director of engineering. “It's terrible, isn't it?”

While both Mozilla and the volunteers maintaining OpenSSL have yet to implement TLS 1.2 at all, Microsoft has performed only slightly better. Secure TLS versions are available in its Internet Explorer browser and IIS webserver, but not by default. Opera remains the only browser that deploys TLS 1.2 by default.

Support for TLS 1.1 and 1.2 is virtually non-existent, Qualys Director of Engineering Ivan Ristic says

Ristic, who presented his findings at the Black Hat security conference in August, has found additional evidence that websites often delay deploying upgrades that fix SSL security holes. His analysis found that as much as 35 percent of websites had yet to patch a separate TLS vulnerability discovered in November 2009 [7] that made it possible to inject text into encrypted traffic passing between two SSL endpoints.

Researches said upgrading TLS is proving surprisingly difficult, mostly because almost every fix breaks widely used applications or technologies. A technology recently added to Google Chrome [8] that significantly reduces the time it takes websites to establish encrypted connections with end-user browsers is just one example, said cryptographer Nate Lawson, principal of the Root Labs security consultancy.

Duong and Rizzo said there are many more examples.

"Actually we have worked with browser and SSL vendors since early May, and every single proposed fix is incompatible with some existing SSL applications," Duong wrote. “What prevents people is that there are too many websites and browsers out there that support only SSL 3.0 and TLS 1.0. If somebody switches his websites completely over to 1.1 or 1.2, he loses a significant part of his customers and vice versa.”
http://www.theregister.co.uk/2011/09...ts_paypal_ssl/





Google Preps Chrome Fix to Slay SSL-Attacking BEAST

20-line patch targets plaintext recovery exploit
Dan Goodin

Google has prepared an update for its Chrome browser that protects users against an attack that decrypts data sent between browsers and many websites protected by the secure sockets layer protocol.

The fix, which has already been added to the latest developer version of Chrome, is designed to thwart attacks from BEAST, proof-of-concept code that its creators say exploits a serious weakness in the SSL protocol that millions of websites use to encrypt sensitive data. Researchers Juliano Rizzo and Thai Duong said they've been working with browser makers on a fix since May, and public discussions on the Chromium.org website show Chrome developers proposing changes as early as late June.

It's hard to know how effective BEAST will be at quickly and secretly cracking the encryption protecting online bank passwords, social security numbers and other sensitive data, but Google appears to be taking no chances. Rizzo and Duong have released only limited details of their attack ahead of a presentation scheduled for Friday at the Ekoparty security conference in Buenos Aires.

Until recently, many cryptographers speculated it refined attacks described in 2004 and later in 2006 by researcher Gregory Bard. In a series of recent tweets, Duong discounted these theories, saying he and Rizzo read Bard's paper weeks after the genesis of BEAST. Instead, he said it was based on work by cryptographer Wei Dai.

Short for Browser Exploit Against SSL/TLS, BEAST performs what's known as a chosen plaintext-recovery attack against AES encryption in earlier versions of SSL and its successor TLS, or transport layer security. The technique exploits an encryption mode known as cipher block chaining, in which data from a previously encrypted block of data is used to encode the next block.

It has long been known that attackers can manipulate the process to make educated guesses about the contents of the plaintext blocks. If the attacker's guess is correct, the block cipher will receive the same input for a new block as for an old block, producing an identical ciphertext.

The change introduced into Chrome would counteract these attacks by splitting a message into fragments to reduce the attacker's control over the plaintext about to be encrypted. By adding unexpected randomness to the process, the new behavior in Chrome is intended to throw BEAST off the scent of the decryption process by feeding it confusing information.

The approach is similar to one introduced in 2002 by developers of the OpenSSL package that many websites use to implement SSL. That change added empty plaintext fragments to the the cipher block chain before sending the actual payload. The technique was effective in preventing the cracking of SSL-protected data sent from the server to browsers, but not the other way around. It was never widely adopted because many Microsoft products weren't compatible with it.

Like the unadopted change in OpenSSL, the Chrome fix is designed to protect SSL encryption against plaintext-recovery attacks while remaining compatible with TLS version 1. A quick review of Mozilla's developer website showed no signs that a similar fix is being planned for the Firefox browser.

Most of cryptographers who know the details of Rizzo and Duong's work have agreed not to disclose them ahead of Friday's talk. One of them is Adam Langley, a security researcher for Google. On Monday, shortly after publications including The Register previewed BEAST, he posted the following comment to the Hacker News website:

“I happen to know the details of this attack since I work on Chrome's SSL/TLS stack. The linked article is sensationalist nonsense, but one should give the authors the benefit of the doubt because the press can be like that.

Fundamentally there's nothing that people should worry about here. Certainly it's not the case that anything is 'broken'.”

He didn't elaborate, and so far Google has had nothing public to say about how BEAST might affect its users. With the discovery that the company's developers have spent the past three months working on a fix, we have some explanation for their insouciance.
http://www.theregister.co.uk/2011/09...tch_for_beast/





Researchers Find Mac OS X Malware Posing as PDF File
Ryan Naraine

Summary: The malware installs a backdoor that contacts a remote server for instructions and can be used to steal files or capture a screenshot of the infected computer system.

Researchers at F-Secure have discovered a Mac OS X malware file masquerading as a PDF file to lure users into installing a backdoor trojan.

The malware, flagged as a trojan dropper, installs downloader component that downloads a backdoor program onto the system, while camouflaging its activity by opening a PDF file to distract the user.

According to F-Secure, the PDF file contains Chinese-language text related to political issues, which some users may find offensive.

The use of a PDF file as a social engineering gimmick is widely used by malicious hackers on the Windows platform and F-Secure’s research team believes this is an attempt to copy the trick of opening a PDF file containing a “.pdf.exe” extension and an accompanying PDF icon.

“”The sample on our hand does not have an extension or an icon yet. However, there is another possibility. It is slightly different in Mac, where the icon is stored in a separate fork that is not readily visible in the OS. The extension and icon could have been lost when the sample was submitted to us. If this is the case, this malware might be even stealthier than in Windows because the sample can use any extension it desires,” the company said.

Once installed, the trojan dropper installs a backdoor program that gives a hacker full control of the infected Mac OS X machine.

The backdoor typically contacts a remote server for instructions and can be used to steal files or capture a screenshot of the infected computer system, which is then forwarded to the remote server.

F-Secure reports that the command-and-control of the malware is just a bare Apache installation that is not yet capable of communicating with the backdoor.
http://www.zdnet.com/blog/security/r...-pdf-file/9451





Skype for iPhone Vulnerability Allows Hackers to Steal Address Book Content from a Chat Message
Brian

If you are using Skype for iPhone or iPod Touch, the Address Book on your device can easily be stolen via a simple chat message.

How does it work?: Javascript commands are entered into the user names Skype account, a chat message is sent to the user who is using the newest version of Skype for iPhone, and a program is loaded onto a web server to receive the Address Book content.

The report claims there is two oversights that are allowing this to happen so easily:

• Failure by Skype to sanitize potentially dangerous JavaScript commands from the text that gets sent in chat messages
• iOS allows address book contents accessible to every app installed

Obviously Skype will need to address this issue quickly or Apple should pull it from the App Store until it is safe.
http://appleheadlines.com/2011/09/20...-chat-message/





'Stingray' Phone Tracker Fuels Constitutional Clash
Jennifer Valentino-Devries

For more than a year, federal authorities pursued a man they called simply "the Hacker." Only after using a little known cellphone-tracking device—a stingray—were they able to zero in on a California home and make the arrest.

Stingrays are designed to locate a mobile phone even when it's not being used to make a call. The Federal Bureau of Investigation considers the devices to be so critical that it has a policy of deleting the data gathered in their use, mainly to keep suspects in the dark about their capabilities, an FBI official told The Wall Street Journal in response to inquiries.

A stingray's role in nabbing the alleged "Hacker"—Daniel David Rigmaiden—is shaping up as a possible test of the legal standards for using these devices in investigations. The FBI says it obtains appropriate court approval to use the device.

Stingrays are one of several new technologies used by law enforcement to track people's locations, often without a search warrant. These techniques are driving a constitutional debate about whether the Fourth Amendment, which prohibits unreasonable searches and seizures, but which was written before the digital age, is keeping pace with the times.

On Nov. 8, the Supreme Court will hear arguments over whether or not police need a warrant before secretly installing a GPS device on a suspect's car and tracking him for an extended period. In both the Senate and House, new bills would require a warrant before tracking a cellphone's location.

And on Thursday in U.S. District Court of Arizona, Judge David G. Campbell is set to hear a request by Mr. Rigmaiden, who is facing fraud charges, to have information about the government's secret techniques disclosed to him so he can use it in his defense. Mr. Rigmaiden maintains his innocence and says that using stingrays to locate devices in homes without a valid warrant "disregards the United States Constitution" and is illegal.

His argument has caught the judge's attention. In a February hearing, according to a transcript, Judge Campbell asked the prosecutor, "Were there warrants obtained in connection with the use of this device?"

The prosecutor, Frederick A. Battista, said the government obtained a "court order that satisfied [the] language" in the federal law on warrants. The judge then asked how an order or warrant could have been obtained without telling the judge what technology was being used. Mr. Battista said: "It was a standard practice, your honor."

Judge Campbell responded that it "can be litigated whether those orders were appropriate."

On Thursday the government will argue it should be able to withhold details about the tool used to locate Mr. Rigmaiden, according to documents filed by the prosecution. In a statement to the Journal, Sherry Sabol, Chief of the Science & Technology Office for the FBI's Office of General Counsel, says that information about stingrays and related technology is "considered Law Enforcement Sensitive, since its public release could harm law enforcement efforts by compromising future use of the equipment."

The prosecutor, Mr. Battista, told the judge that the government worries that disclosure would make the gear "subject to being defeated or avoided or detected."

A stingray works by mimicking a cellphone tower, getting a phone to connect to it and measuring signals from the phone. It lets the stingray operator "ping," or send a signal to, a phone and locate it as long as it is powered on, according to documents reviewed by the Journal. The device has various uses, including helping police locate suspects and aiding search-and-rescue teams in finding people lost in remote areas or buried in rubble after an accident.

The government says "stingray" is a generic term. In Mr. Rigmaiden's case it remains unclear which device or devices were actually used.

The best known stingray maker is Florida-based defense contractor Harris Corp. A spokesman for Harris declined to comment.

Harris holds trademarks registered between 2002 and 2008 on several devices, including the StingRay, StingRay II, AmberJack, KingFish, TriggerFish and LoggerHead. Similar devices are available from other manufacturers. According to a Harris document, its devices are sold only to law-enforcement and government agencies.

Some of the gadgets look surprisingly old-fashioned, with a smattering of switches and lights scattered across a panel roughly the size of a shoebox, according to photos of a Harris-made StingRay reviewed by the Journal. The devices can be carried by hand or mounted in cars, allowing investigators to move around quickly.

A rare public reference to this type of technology appeared this summer in the television crime drama "The Closer." In the episode, law-enforcement officers use a gadget they called a "catfish" to track cellphones without a court order.

The U.S. armed forces also use stingrays or similar devices, according to public contract notices. Local law enforcement in Minnesota, Arizona, Miami and Durham, N.C., also either possess the devices or have considered buying them, according to interviews and published requests for funding.

The sheriff's department in Maricopa County, Ariz., uses the equipment "about on a monthly basis," says Sgt. Jesse Spurgin. "This is for location only. We can't listen in on conversations," he says.

Sgt. Spurgin says officers often obtain court orders, but not necessarily search warrants, when using the device. To obtain a search warrant from a court, officers as a rule need to show "probable cause," which is generally defined as a reasonable belief, based on factual evidence, that a crime was committed. Lesser standards apply to other court orders.

A spokeswoman with the Bureau of Criminal Apprehension in Minnesota says officers don't need to seek search warrants in that state to use a mobile tracking device because it "does not intercept communication, so no wiretap laws would apply."

FBI and Department of Justice officials have also said that investigators don't need search warrants. Associate Deputy Attorney General James A. Baker and FBI General Counsel Valerie E. Caproni both said at a panel at the Brookings Institution in May that devices like these fall into a category of tools called "pen registers," which require a lesser order than a warrant. Pen registers gather signals from phones, such as phone numbers dialed, but don't receive the content of the communications.

To get a pen-register order, investigators don't have to show probable cause. The Supreme Court has ruled that use of a pen register doesn't require a search warrant because it doesn't involve interception of conversations.

But with cellphones, data sent includes location information, making the situation more complicated because some judges have found that location information is more intrusive than details about phone numbers dialed. Some courts have required a slightly higher standard for location information, but not a warrant, while others have held that a search warrant is necessary.

The prosecution in the Rigmaiden case says in court documents that the "decisions are made on a case-by-case basis" by magistrate and district judges. Court records in other cases indicate that decisions are mixed, and cases are only now moving through appellate courts.

The FBI advises agents to work with federal prosecutors locally to meet the requirements of their particular district or judge, the FBI's Ms. Sabol says. She also says it is FBI policy to obtain a search warrant if the FBI believes the technology "may provide information on an individual while that person is in a location where he or she would have a reasonable expectation of privacy."

Experts say lawmakers and the courts haven't yet settled under what circumstances locating a person or device constitutes a search requiring a warrant. Tracking people when they are home is particularly sensitive because the Fourth Amendment specifies that people have a right to be secure against unreasonable searches in their "houses."

"The law is uncertain," says Orin Kerr, a professor at George Washington University Law School and former computer-crime attorney at the Department of Justice. Mr. Kerr, who has argued that warrants should be required for some, but not all, types of location data, says that the legality "should depend on the technology."

In the case of Mr. Rigmaiden, the government alleges that as early as 2005, he began filing fraudulent tax returns online. Overall, investigators say, Mr. Rigmaiden electronically filed more than 1,900 fraudulent tax returns as part of a $4 million plot.

Federal investigators say they pursued Mr. Rigmaiden "through a virtual labyrinth of twists and turns." Eventually, they say they linked Mr. Rigmaiden to use of a mobile-broadband card, a device that lets a computer connect to the Internet through a cellphone network.

Investigators obtained court orders to track the broadband card. Both orders remain sealed, but portions of them have been quoted by the defense and the prosecution.

These two documents are central to the clash in the Arizona courtroom. One authorizes a "pen register" and clearly isn't a search warrant. The other document is more complex. The prosecution says it is a type of search warrant and that a finding of probable cause was made.

But the defense argues that it can't be a proper search warrant, because among other things it allowed investigators to delete all the tracking data collected, rather than reporting back to the judge.

Legal experts who spoke with the Journal say it is difficult to evaluate the order, since it remains sealed. In general, for purposes of the Fourth Amendment, the finding of probable cause is most important in determining whether a search is reasonable because that requirement is specified in the Constitution itself, rather than in legal statutes, says Mr. Kerr.

But it is "odd" for a search warrant to allow deletion of evidence before a case goes to trial, says Paul Ohm, a professor at the University of Colorado Law School and a former computer-crime attorney at the Department of Justice. The law governing search warrants specifies how the warrants are to be executed and generally requires information to be returned to the judge.

Even if the court finds the government's actions acceptable under the Fourth Amendment, deleting the data is "still something we might not want the FBI doing," Mr. Ohm says.

The government says the data from the use of the stingray has been deleted and isn't available to the defendant. In a statement, the FBI told the Journal that "our policy since the 1990s has been to purge or 'expunge' all information obtained during a location operation" when using stingray-type gear.

As a general matter, Ms. Sabol says, court orders related to stingray technology "will include a directive to expunge information at the end of the location operation."

Ms. Sabol says the FBI follows this policy because its intent isn't to use the data as evidence in court, but rather to simply find the "general location of their subject" in order to start collecting other information that can be used to justify a physical search of the premises.

In the Rigmaiden example, investigators used the stingray to narrow down the location of the broadband card. Then they went to the apartment complex's office and learned that one resident had used a false ID and a fake tax return on the renter's application, according to court documents.

Based on that evidence, they obtained a search warrant for the apartment. They found the broadband card connected to a computer.

Mr. Rigmaiden, who doesn't confirm or deny ownership of the broadband card, is arguing he should be given information about the device and about other aspects of the mission that located him.

In the February hearing, Judge Campbell said he might need to weigh the government's claim of privilege against the defendant's Fourth Amendment rights, and asked the prosecution, "How can we litigate in this case whether this technology that was used in this case violates the Fourth Amendment without knowing precisely what it can do?"
http://online.wsj.com/article/SB1000...723197574.html





OnStar Begins Spying On Customers’ GPS Location For Profit
Jonathan Zdziarski

I canceled the OnStar subscription on my new GMC vehicle today after receiving an email from the company about their new terms and conditions. While most people, I imagine, would hit the delete button when receiving something as exciting as new terms and conditions, being the nerd sort, I decided to have a personal drooling session and read it instead. I’m glad I did. OnStar’s latest T&C has some very unsettling updates to it, which include the ability to sell your personal GPS location information, speed, safety belt usage, and other information to third parties, including law enforcement. To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling.

The complete update can be found here (PDF). Not surprisingly, I even had to scrub the link as it included my vehicle’s VIN number, to tell OnStar just what customers were actually reading the new terms and conditions.

The first section explains the information that’s collected from the vehicle. No big deal. Sounds rather innocuous and boring. I imagine most people probably drool out and close the window by the time they get this far. Your contact information, billing information, etc. is collected. Nobody cares about tire pressure and crash information being collected – after all, that’s what OnStar is there for. Toward the end, you’ll read about how GPS data is collected, including vehicle speed and seat belt status. Again, in an emergency, this is very useful and most customers want an emergency services business to collect this information - when necessary. And the old 2010 terms and conditions only allowed OnStar to collect this information for legitimate purposes, such as recovering a stolen vehicle, or when needed to provide other OnStar services to customers on demand. As you scroll down the list of information collected, you see that once you get past important emergency services (what we pay OnStar for), OnStar now has given themselves the right to also use this information to stuff their pockets. OnStar has granted themselves the right to collect this information “for any purpose, at any time, provided that following collection of such location and speed information identifiable to your Vehicle, it is shared only on an anonymized basis.” – This provides carte blanche authority for OnStar to now track and collect information about your current GPS position and speed any time and anywhere, instead of only in the rare, limited circumstances the old contract outlined.

Anonymized GPS data? There’s no such thing! We’ve all seen this before – anonymized searches, for example, that were not-so-quite anonymized. But in this case, it’s impossible to anonymize GPS data! If your vehicle is consistently parked at your home, driving down your driveway, or taking a left or right turn onto your street, its pretty obvious that this is where you live! It’s like trying to say that someone’s Google Map lookup from their home is “anonymized” because it doesn’t have their name on it. It still shows where they live! What’s unique even more-so to OnStar is that the data they claim they sell as part of their business model is useless unless it’s specific; that is, not diluted to the nearest 10 mile radius, etc. This combination of analytics, and their prospective customers (law enforcement, marketers, etc) requires the data be disturbingly precise. Anyone armed with Google can easily do a phone book or public records search to find the name and address that resides at any given GPS coordinate.

So the GPS location of your vehicle and your vehicle’s speed are likely going to be collected by OnStar and sold to third parties. What kind of companies are interested in this data? OnStar would have you believe that respectable agencies, like departments of transportation and various law enforcement agencies (for purposes of “public safety or traffic services” – A.K.A ticket writing). I can imagine this data COULD be used for good, to create traffic based analytics to improve future road construction or even emergency response. But given that those types of decisions are only made once a decade in most cities, OnStar isn’t likely to benefit much financially from “respectable” companies.

What is more profitable to OnStar that your personal GPS data could be used for? Hmm, well how about the obvious – tracking you and your vehicle. It would be extremely profitable to be able to identify all vehicles within OnStar’s network that frequently speed, and provide law enforcement “traffic services” the ability to trace them back to their homes or businesses, as well as tell them where to set up speed traps. Or perhaps insurance companies who want to check and make sure you’re wearing your seat belt, or automatically give you rate increases if you speed, even if you’re never in an accident? How about identifying all individuals who shop at certain stores, and using that to determine whose back yard to put the next God-awful Wal-Mart store? How about employers who purchase these records from these third parties to see where their employees (or prospective employees) travel to (and how fast), sleaze bag lawyers who want to subpoena these records to use against you if you’re ever sued, government agencies who want to monitor you, marketing firms who want to spam you, and a long list of other not-so-squeaky-clean people who use (and abuse) existing online, credit card, financial, credit, and other analytics to destroy our privacy?

Add to this OnStar’s use policy of your personal information – the stuff that does identify who you are and ties it to your GPS records. While I have no problem using my personal information in events of an emergency, OnStar also uses my information to “allow us, and our affiliates, your Vehicle Maker, and Vehicle dealers, to offer you new or additional products or services; and for other purposes“. So not only is OnStar going to sell my vehicle’s GPS location data to a number of third parties, but they’re also going to use it and my personal information for marketing purposes. Imagine your personal data being sold to any number of their “affiliates”, and a few months later, you start to receive targeted, location-specific advertising based on where you’ve traveled. Go to Weight Watchers every week? Expect an increase in the amount of weight loss advertising phone calls. Go to the bar frequently? Anticipate a number of sleazy liquor ads to show up in your mailbox. Sneak out to Victoria Secret for something special for your lover? You might soon be inundated with adult advertising in your mailbox.

OnStar’s new T&C continues, explaining that part of the company may at some point be sold, and all of your information with it. It sounds as though OnStar is poising part of their analytics department to be purchased by a large data warehousing company, such as a Google, or perhaps even an Apple. Do you trust such companies with unfettered access to the entire GPS history of your vehicle?

This is too shady, especially for a company that you’re supposed to trust your family to. My vehicle’s location is my life, it’s where I go on a daily basis. It’s private. It’s mine. I shouldn’t have to have a company like OnStar steal my personal and private life just to purchase an emergency response service. Taking my private life and selling it to third party advertisers, law enforcement, and God knows who else is morally inept. Shame on you, OnStar. You disgust me.

To make matters even more insulting, it was difficult to ensure the data connection was shut down after canceling. I still have no guarantee OnStar did what they were supposed to. I had to request the data connection be shut down repeatedly, after the OnStar rep attempted to leave it on and ignore my requests.

When will our congress pass legislation that stops the American people’s privacy from being raped by large data warehousing interests? Companies like OnStar, Google, Apple, and the other large abusive data warehousing companies desperately need to be investigated.

These terms don’t go into effect until December 2011, and it takes up to 10 days to have the account fully cancel, and another 14 days for the data connection to be shut down… so if you want to get out of these new terms and conditions, you’ll need to do it soon.

Update:

Since writing this article, OnStar has reportedly told a few individuals that the contract requires them to obtain the customer’s consent in order to provide this information to anyone. Not true. In fact, the only mention of the word consent in their updated T&C is below:

We will comply with all laws regarding notifying you and obtaining your consent before we collect, use or share information about you or your Vehicle in any other way than has been described in this privacy statement.

Two points to make: first, this clause only applies to collecting and sharing information in any way that is not described in the privacy statement. All of the nefarious uses for your personal data are, quite clearly, described in the privacy statement, and so no consent would be required. Secondly, this paragraph makes it clear that they will only comply with all laws requiring consent, not that they will actually obtain your consent. I’m not a lawyer, but as far as I know, there are no such laws on the books in most (if not all) states that protect the consumer from having their private information shared or sold to third parties, especially when such sharing is disclosed in a contract. In other words, the above paragraph seems to do nothing to require OnStar to obtain your consent to do any of this – and it’s my firm belief that OnStar’s only real interest is in OnStar. If you doubt this, the older version of the terms and conditions had two more consent clauses that are no longer part of the new terms and conditions.

Old Consent Clauses – Now Removed:

In General, we do not share your personal information with third-party marketers, unless we have asked for and obtained your explicit consent.

Of course, we will notify you, and where required, ask for your prior consent if our collection, use, or disclosure of your personal information materially changes.

http://www.zdziarski.com/blog/?p=1270





NIS Admits to Packet Tapping Gmail

If proven, international fallout could occur over insecurity of the HTTP Secure system
Noh Hyung-woong 

It has come to light that the National Intelligence Service has been using a technique known as “packet tapping” to spy on emails sent and received using Gmail, Google’s email service. This is expected to have a significant impact, as it proves that not even Gmail, previously a popular “cyber safe haven” because of its reputation for high levels of security, is safe from tapping.

The NIS itself disclosed that Gmail tapping was taking place in the process of responding to a constitutional appeal filed by 52-year-old former teacher Kim Hyeong-geun, who was the object of packet tapping, in March this year.

As part of written responses submitted recently to the Constitutional Court, the NIS stated, “Mr. Kim was taking measures to avoid detection by investigation agencies, such as using a foreign mail service [Gmail] and mail accounts in his parents’ names, and deleting emails immediately after receiving or sending them. We therefore made the judgment that gathering evidence through a conventional search and seizure would be difficult, and conducted packet tapping.”

The NIS went on to explain, “[Some Korean citizens] systematically attempt so-called ‘cyber asylum,’ in ways such as using foreign mail services (Gmail, Hotmail) that lie beyond the boundaries of Korea‘s investigative authority, making packet tapping an inevitable measure for dealing with this.”

The NIS asserted the need to tap Gmail when applying to a court of law for permission to also use communication restriction measures [packet tapping]. The court, too, accepted the NIS’s request at the time and granted permission for packet tapping.

Unlike normal communication tapping methods, packet tapping is a technology that allows a real-time view of all content coming and going via the Internet. It opens all packets of a designated user that are transmitted via the Internet. This was impossible in the early days of the Internet, but monitoring and vetting of desired information only from among huge amounts of packet information became possible with the development of “deep packet inspection” technology. Deep packet inspection technology is used not only for censorship, but also in marketing such as custom advertising on Gmail and Facebook.

The fact that the NIS taps Gmail, which uses HTTP Secure, a communication protocol with reinforced security, means that it possesses the technology to decrypt data packets transmitted via Internet lines after intercepting them.

“Gmail has been using an encrypted protocol since 2009, when it was revealed that Chinese security services had been tapping it,” said one official from a software security company. “Technologically, decrypting it is known to be almost impossible. If it turns out to be true [that the NIS has been packet tapping], this could turn into an international controversy.”

“The revelation of the possibility that Gmail may have been tapped is truly shocking,” said Jang Yeo-gyeong, an activist at Jinbo.net. “It has shown once again that the secrets of people’s private lives can be totally violated.” Lawyer Lee Gwang-cheol of MINBYUN-Lawyers for a Democratic Society, who has taken on Kim’s case, said, “I think it is surprising, and perhaps even good, that the NIS itself has revealed that it uses packet tapping on Gmail. I hope the Constitutional Court will use this appeal hearing to decide upon legitimate boundaries for investigations, given that the actual circumstances of the NIS’s packet tapping have not been clearly revealed.”
http://english.hani.co.kr/arti/engli...al/496473.html





New Law Bans Warrantless Cell Phone Searches
Amy Gahran

If you get arrested in California for any reason, the photos, e-mails and other personal data on your cell phone are now a bit safer from prying police eyes. A new law now requires law-enforcement officers in that state to obtain a warrant before searching the cell phone of a person placed under arrest.

This law overrides a January ruling by the California Supreme Court. According to California Sen. Mark Leno, who sponsored the legislation, this ruling had "legalized the warrantless search of cell phones during an arrest, regardless of whether the information on the phone is relevant to the arrest or if criminal charges are ever filed."

The new California law unanimously passed in the state Assembly. Today the office of Gov. Jerry Brown confirmed that since the governor did not make a specific decision on this legislation, it became automatically enrolled as a law this week.

Under this legislation, California law enforcement officers must first obtain a search warrant when there is probable cause to believe a suspect's portable electronic device contains evidence of a crime.

The Peace Officers Research Association of California, which opposed the law, argued: "Restricting the authority of a peace officer to search an arrestee unduly restricts their ability to apply the law, fight crime, discover evidence valuable to an investigation and protect the citizens of California."

The California legislature disagreed, finding that "once in the exclusive control of the police, cellular telephones do not ordinarily pose a threat to officer safety." Furthermore, lawmakers found that existing practices -- including confiscating the phone (without searching it) or promptly applying to a judge for a search warrant -- alleviate concerns about destruction of evidence.

This isn't just about cell phones. The wording of this law specifically refers to "portable electronic devices," defined as: "any portable device that is capable of creating, receiving, accessing, or storing electronic data or communications."

So in addition to cell phones this might conceivably cover tablet computers, laptops, netbooks, e-readers, media players, gaming devices, digital cameras, audio recorders, external hard drives, flash drives and other devices available now or in the future.

The new law can strengthen the rights to freedom of speech and assembly in California. The prior court ruling -- though aimed mainly at gathering evidence about criminal activity such as drug deals or prostitution -- also could be used by police to gain intelligence about the identities or activities of people at protests or other public or private gatherings.

Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation, explained why law-abiding citizens should worry about warrantless cell phone searches. "It's really easy to pick on people who have been arrested and charged with crimes. But that subset could get expanded to cover everyone. Also, an arrest is not the same as a conviction."

The new law also strengthens California's protections for journalists and their sources, according to the California Newspaper Publishers Association. The state's "shield law," which prohibits the state or other litigants from subpoenaing reporters' unpublished notes or other sensitive information related to their work.

Many reporters keep such information on their cell phones and other devices, and it's not unheard of for journalists to get arrested in California.

Fakhoury noted that once police do obtain a warrant to search an arrestee's phone or other portable electronic device, it's possible that everything on that device might become fair game for law enforcement or prosecution.

"If they have a search warrant, depending on its scope, it might be tough to restrict what information on phones they get and how they use it," he said. "Courts are divided on this. They recognize that there must be limits to searches -- but they also know that incriminating evidence can be anywhere, and it's likely to be hidden."

In recent months the issue of warrantless cell phone searches has arisen in several states with varying results. For instance, the Ohio Supreme Court barred warrantless cell phone searches, but lower courts in Georgia and Florida have upheld such searches.

And in May the Oregon Supreme Court declined to hear the case of James Tyler Nix, which could have disallowed warrantless cell phone searches in that state.

Fakhoury of EFF believes that California's new law sends a strong message to other courts and legislatures around the U.S. -- including the U.S. Supreme Court.

"I certainly see this issue ending up in the U.S. Supreme Court at some point," said Fakhoury. "None of the cases involved relied solely on state law. They all raised constitutional issues. There would be no reason for the Supreme Court not to get involved."
http://edition.cnn.com/2011/09/20/te...ne-search-law/





Yahoo Blocked E-Mails About Wall Street Protests
Charles Cooper

Yahoo apologized yesterday after people using its e-mail service were prevented from sending messages about anti-Wall Street demonstrations over the weekend.

The company said that an external spam filter had blocked the messages but maintained that it was inadvertent. It said that the problem has since been resolved, though there may be some residual issues.

ThinkProgress, which first noticed the problem, posted the following video of someone being blocked from e-mailing a message inviting their friends to visit the "Occupy Wall St." campaign Web site.

After typing in to the text field a message suggesting a visit to the Occupywallstreet.org Web site for more on the protests, the system kicked back the following message:

Your message was not sent
Suspicious activity has been detected on your account. To protect your account and our users, your message has not been sent.
If this error continues, please contact Yahoo! Customer Care for further help.
We apologize for the inconvenience.

A spokeswoman for Yahoo said that the company had not purposely blocked the messages. She said Yahoo initially became aware on Sunday "that some folks sending e-mail were getting the weird bounceback" but that Yahoo has since taken steps to resolve the problem.
http://news.cnet.com/8301-1023_3-201...=2547-1_3-0-20





DigiNotar Goes Bankrupt After Hack

The Dutch CA goes into bankruptcy following the significant hacks claimed by ComodoHacker.
Tom Brewster

DigiNotar, the Dutch certificate authority (CA) which was recently at the centre of a significant hacking case, has been declared bankrupt.

The CA discovered it was compromised on 19 July, leading to 531 rogue certificates being issued. It was only in August that the attacks became public knowledge.

Such fake certificates can be used by hackers to intercept web communications and in this case had allegedly been used to watch over Gmail accounts. A fraudulent certificate for an MI6 website was also seen.

Parent company VASCO Data Security International confirmed today DigiNotar had filed for bankruptcy yesterday and processes have already been put in place to see it through bankruptcy.

A ‘trustee’ appointed by the Haarlem District Court has taken over management of the company.

T Kendall Hunt, VASCO’s chairman and chief executive (CEO), pointed to the events which had led to DigiNotar’s troubles in distancing the parent company from its Dutch subsidiary.

“Although we are saddened by this action and the circumstances that necessitated it, we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology,” Hunt said.

“The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business.”

He said VASCO would continue to work with the trustee and the judge presiding over the case “to bring the affairs of DigiNotar to an appropriate conclusion for its employees and customers.”

Jan Valcke, VASCO’s president and chief operating officer, said the company was not planning to re-enter the CA business “in the near future.”

Cliff Bown, VASCO’s executive vice president and chief financial officer, admitted the financial losses associated with the demise of DigiNotar would be “significant.”

VASCO claimed it would still be able to get value out of DigiNotar’s technology.

“We expect that a significant portion of the value assigned to the intellectual property acquired from DigiNotar to continue to have value as we incorporate the technology into our existing product line,” Brown added.

Responsibility for the attacks was claimed by a hacker going by the name of ComodoHacker. The compromise again raised doubts over the CA system and its security failings.

Others in the industry claimed the DigiNotar hack would prove more significant than the hugely sophisticated piece of malware Stuxnet, which was seen targeting Iranian nuclear facilities last year.
http://www.itpro.co.uk/636244/digino...upt-after-hack





One Third Under 10’s in UK Own a Mobile Phone
Ravi Mandalia

Nearly everyone is aware of the influence of technology, specifically that of the new-generation telephonic devices on our society. But, when one in every 3 under-ten kids start having their own mobile phones, only then we come to realize how deep rooted the influence really is - yes, that’s what a new report claims.

According to the latest findings by the cloud security outfit Westcoastcloud, near about 33 percent of all UK’s under-ten kids are currently in possession of a mobile phone.

The study by Westcoastcloud saw the firm asking 2000 under - 10 kids (and their parents) about the gadgets they owned. Surprisingly, 3 out of every ten kids answered that they were currently using a mobile phone.

The study also found that one in every 10 parents thought it was okay for their young children to be in possession of a mobile device.

"It's great that youngsters are interested and engaged with the latest technology, but children owning their own phones as young as four does seem unnecessary," said Bill Strain, director of Westcoastcloud.

"Kids will always be able to gain access to their parents' phones and laptops but when primary school age children gain access to the internet on these devices, parents need to be aware,” he added.
http://www.itproportal.com/2011/09/2...#ixzz1Yh2In3UZ





Gang Used 3D Printers for ATM Skimmers
Brian Krebs

An ATM skimmer gang stole more than $400,000 using skimming devices built with the help of high-tech 3D printers, federal prosecutors say.

Before I get to the gang, let me explain briefly how ATM skimmers work, and why 3D printing is a noteworthy development in this type of fraud. Many of the ATM skimmers profiled in my skimmer series are carefully hand-made and crafted to blend in with the targeted cash machine in both form and paint color. Some skimmer makers even ask customers for a photo of the targeted cash machine before beginning their work.

The skimmer components typically include a card skimmer that fits over the card acceptance slot and steals the data stored on the card’s magnetic stripe, and a pinhole camera built into a false panel that thieves can fit above or beside the PIN pad. If these components don’t match just-so, they’re more likely to be discovered and removed by customers or bank personnel, leaving the thieves without their stolen card data.

Enter the 3D printer. This fascinating technology, explained succinctly in the video below from 3D printing company i.materialise, takes two dimensional computer images and builds them into three dimensional models by laying down successive layers of powder that are heated, shaped and hardened.

3D printing in action from i.materialise on Vimeo.

Apparently, word is spreading in the cybercrime underworld that 3D printers produce flawless skimmer devices with exacting precision. Last year, i-materialise blogged about receiving a client’s order for building a card skimmer. The company said it denied the request when it became clear the ordered product was a fraud device.

3D printer firm i.materialise received and promptly declined orders for this skimmer device - a card acceptance slot overlay

In June, a federal court indicted four men from South Texas whom authorities say had reinvested the profits from skimming scams to purchase a 3D printer. According to statements by the U.S. Secret Service, the gang’s leader, Jason Lall of Houston, was sent to prison for ATM fraud in 2009. Lall was instrumental in obtaining skimming devices, and the gang soon found themselves needing to procure their own skimmers. The trouble is, skimmer kits aren’t cheap: They range from $2,000 to more than $10,000 per kit.

Secret Service agents said in court records that on May 4, 2011, their undercover informer engaged in a secretly taped discussion with the ring’s members about a strategy for obtaining new skimmers. John Paz of Houston, one of the defendants, was allegedly the techie who built the skimming devices using a 3-D printer that the suspects purchased together. The Secret Service allege they have Paz on tape explaining the purchase of the expensive printer.

“When [Lall was] put in jail, we asked, ‘What are we going to do?’ and we had to figure it out and that’s when we came up with this unit,” Paz allegedly told the undercover officer.

The government alleges Paz also was the guy who encoded the stolen card data onto counterfeit cards. The feds say Albert Richard of Missouri City, Texas prepared ATMs at numerous banks where the skimming devices were installed, by covering the ATM cameras or spray-painting over them, and by acting as a lookout.

A fourth defendant, John Griffin, is alleged to have used the counterfeit cards to withdraw funds at different ATMs around Texas. Prosecutors allege the group stole more than $400,000 between Aug. 2009 and June 2011. Prior to their arrest this summer, the gang started making decent money but they split the profits amongst them. Federal prosecutors say the men stole $57,808.14 in month of April 2011 alone (yes, that’s an odd amount to have come out of ATMs, but I digress).

The court documents don’t say how much the men spent on the 3D printer, nor do they include pictures of the fraud devices. The Secret Service declined to offer more details, citing an ongoing investigation. But i.materialize’s Franky De Schouwer said a high quality 3D printer can be had for between $10,000 and $20,000.

“Just looking at the idea of 3D printing a potential skimming device, a criminal could invest in buying a desktop 3D printer,” De Schouwer wrote in an email to KrebsOnSecurity. “Not a kit printer in the line of a Makerbot or a RepMan but a desktop printer of a high end manufacturer of 3D printers like Objet, 3D Systems or Stratasys (HP). You could get one of those between $10,000 – $20,000 and they will print a high quality skimming device that, including some post finishing, will look like the real thing.”

De Schouwer said his company thankfully hasn’t had any more requests to print ATM skimming devices. But that doesn’t mean the demand has gone away.

“We do notice that some people end up on our blog with the keywords ‘I want to buy an ATM skimming device,” he said.

A copy of the original complaint in this case is available here (PDF).
https://krebsonsecurity.com/2011/09/...-atm-skimmers/





Is Printing A Gun The Same As Buying A Gun?
John Biggs

There’s an interesting back-and-forth going on at Thingiverse, a site founded by Makerbot to share 3D projects. Two designers have made two parts for the AR-15 rifle platform. The first part is a standard rifle magazine complete with spring but the second part is AR-15 lower receiver.

Why are these parts important? Well, the magazine is just on the edge of Thinigverse’s implied (but not concrete) “no weapons” philosophy but the lower receiver is something else entirely. It is the only part of the AR-15 that you need a license to buy. Here’s what the creator, KingLudd, has to say about it:

The Lower Receiver is the frame that holds together all the other pieces of the firearm. In the States, all the other pieces can be purchased without a permit – over the counter or through the post. The Lower Receiver is the only part which requires a background check or any other kind of paperwork before purchase.

Typically this part is made of aluminium. A rifle with a Lower Receiver made of plastic can be perfectly functional.


Is it a weapon? Is it a part? Is it illegal or legal?

The question, in short, is at what point is a “part” a weapon? If you buy all of the other pieces in metal – pieces that were made in much the same way this piece was made – are you breaking the law by building your own, final piece. Is this akin to building your own dum-dum bullets or is it more like “unlocking” a deadly weapon with a what amounts to a copied key?

Bre Pettis, founder of Makerbot, said that he’s dealt with this before and that the answer is never clear-cut. “We’ve already been through a few flame wars around what a weapon is. Our take is that we’d rather you not upload weapons, but we’re not going to regulate it… unless it’s illegal. Which it isn’t.”

I find it fascinating that we’re even asking these questions at this point. The fact that we are now able to manufacture usable weapon parts is an important step in the evolution of fabrication and manufacture and, if I were a weapons giant, I’d start rethinking my sales strategies. When a company of rebels can print their own AK-47s (a concept that is still a ways off), whose fault is it? The person who made the plans? The fabricator? The company whose rifles they copied?

In the end, a thing is just a thing. After all, the same site that helps you build an AR-15 also lets you put a flower into the barrel of one.
http://techcrunch.com/2011/09/20/is-...-buying-a-gun/





Julius Blank, Who Built First Chip Maker, Dies at 86
Paul Vitello

Julius Blank, a mechanical engineer who helped start a computer chip company in the 1950s that became a prototype for high-tech start-ups and a training ground for a generation of Silicon Valley entrepreneurs, died on Saturday in Palo Alto, Calif.. He was 86.

His death was confirmed by Cynthia Small Blank, his daughter-in-law.

Mr. Blank was one of eight computer scientists who in 1957 founded the seminal Palo Alto company Fairchild Semiconductor Corporation. He was one of only two in the group who had experience in manufacturing.

So after the scientists’ initial research to find an inexpensive way to make silicon computer chips — a breakthrough that persuaded an investor to stake them $1.5 million — the task of building the machinery to mass-produce them fell to Mr. Blank and another engineer in the group, Eugene Kleiner.

The two scrounged parts, improvised equipment and tooled a set of machines that essentially became the first assembly line for the basic building blocks of the electronic world: electronic circuits made from wafers of silicon, or silicon chips.

“In those days you couldn’t go out and buy these things off the shelf,” said David C. Brock, who, with Christophe Lécuyer, wrote “Makers of the Microchip,” a 2010 history of Fairchild Semiconductor. “They had to build everything, starting with the equipment for growing silicon crystals.”

Mr. Blank and his partners — who included Robert N. Noyce and Gordon E. Moore, the future founders of the Intel Corporation — began their venture as scientist-entrepreneurs in the wake of a mutiny of sorts against their common previous employer, the Nobel Prize-winning physicist William B. Shockley.

Dr. Shockley, who became a lightning rod for racial tensions years later when he advocated a form of race-based genetic engineering known as eugenics, had recruited the eight scientists from around the country in 1956 to work in his own semiconductor lab in nearby Mountain View, Calif.

The group left en masse the next year because of what its members described as Dr. Shockley’s authoritarian management style and their differences with him over his scientific approach. Dr. Shockley called it a betrayal.

Fairchild’s founders came to be branded in the lore of Silicon Valley as the “Traitorous Eight.” How that happened remains something of a mystery.

“We never could track it down,” said Mr. Brock, the author of the company’s history. But the epithet, wherever it came from, was attached to their names in almost every news account of the company’s success for years afterward.

Mr. Blank, in an interview with The San Jose Mercury News this year, said they had never betrayed Dr. Shockley. But, with an engineer’s bent for the realistic, he added, “Once it got into print, it’s hard to erase.”

Julius Blank was born in Manhattan on June 2, 1925, the youngest of three children of Charles and Gussie Blank, Jewish immigrants from Russia and Austria, respectively. They lived on the Lower East Side. His father made luggage and musical instrument cases, and worked on the side as a Russian translator.

Mr. Blank graduated from Erasmus Hall High School, and served in the Army in World War II. He graduated from City College with a bachelor’s degree in mechanical engineering in 1950.

In 1952 he joined the engineering group at AT&T’s Western Electric plant in Kearney, N.J., where he helped develop machinery for making the first circuitry used by callers to dial long distance without an operator. He met Mr. Kleiner at the Kearney plant. The two left together in 1956 for Dr. Shockley’s lab.

Mr. Blank is survived by two sons, Jeffrey and David, and two grandsons. His wife, Ethel, died in 2008.

When he left Fairchild in 1969 — he was the last of the eight founding partners to depart — Mr. Blank became an investor and consultant to start-up companies and helped found the technology firm Xicor, which was sold in 2004 for $529 million to Intersil.

His former partners, in addition to founding Intel, had started Advanced Micro Devices and National Semiconductor. Mr. Kleiner had founded a venture capital firm that became an early investor in hundreds of technology companies, including Amazon.com, Google and AOL. Still, the greatest pleasure of his working life, Mr. Blank said in a 2008 interview for the archives of the Computer History Museum, a project in Silicon Valley, came with the uncertainty and camaraderie of “the early years, building something from nothing.”

Mr. Blank described a moment in the first days of Fairchild, just before production began in its factory built from nothing, when the ducts and plumbing and air-conditioning were set, and the new crystal growers and one-of-a-kind chip making machines were ready to be installed.

“I remember the day we finally got the floor tile laid,” he said. “And that night, Noyce and the rest of the guys came out and got barefoot and rolled their pants up and were swabbing the floors. I wish I had a picture of that.”
https://www.nytimes.com/2011/09/23/t...ies-at-86.html





Berlin's New Pirate Party Might be Here to Stay

The party's campaign in Berlin was a success

After state elections in Berlin, the Pirate Party has gained representation in a German state parliament for the first time. But what is the Pirate Party, and what does it stand for?

Exit polls from elections in the city-state of Berlin indicate the Pirate Party received around 8.6 percent of the vote, clearing the way for representation in the Berlin parliament. It's the first time the Pirate Party has won representation in a state legislature, and it marks the growing popularity of the young party in Germany.

The Pirate Party in German was established five years ago and has since grown to 13,000 members nation-wide. The biggest boost to the party's popularity came in 2009 during a political debate about blocking child pornography on the Internet. Many saw the idea of blocking such sites as censorship of the Internet, and feared that it could set a precedent for blocking other sites.

The conflict provided a spark to the party's popularity, much as a similar debate resonated with voters in Sweden when the original Pirate Party was created.

In that case, members of the Pirate Party argued that not everyone who downloaded music and movies from the internet platform 'Pirate Bay' should be considered a criminal. Pirates world-wide argued that the new paradigm is access, and not possession.

An accessible party

In Germany, part of what sets the Pirate Party apart is their familiarity to the online world, which they say is lacking among the established parties. This is one reason in particular why the Pirate Party is especially popular among younger voters.

Political scientist Oscar Niedermeyer says that while there are members of the established parties that know their way around the Internet, they haven't quite got it completely down.

"There are many people in these parties that attempt to use this medium but who haven't really mastered it," he said.

Christoph Lauer, one of the Pirate Party's top officials in Berlin, says there is a "good amount of ineptitude among the established parties" when it comes to the online world.

"We know our way around much better," he said.

Lauer adds that in general, the time is right for a new party in Germany.

"There is a new generation on their way toward changing the political system," he said. "In my opinion, that's a natural process that repeats itself every 20 or 30 years."

Making voices heard

One of the main tenets of the Pirate Party is the attempt to establish more transparent politics. Andreas Baum, the party's top candidate in Berlin, says citizens should have a say in shaping their government in ways they aren't used to.

Andreas BaumBaum is the party's top candidate of the Berlin vote"[It should be] different than it has been, and supported by new tools in the Internet," he said.

Baum adds that, for example, citizens' initiatives often fail to achieve real results and are frustrated when a group of people comes together and takes a position, only to have that position ignored when it reaches the upper echelons of government.

Christoph Lauer even goes so far as to say street protests are wasted energy.

"These efforts by citizens need to be used more constructively," he said.

Protesters on a train stationThe Pirate Party thinks protest efforts could be put to better useLauer adds that thanks to the Internet, young people are used having their questions answered with little turn-around time. Politics as it stands, he says, lacks this feedback, and functions in an unsatisfactory way for many people.

This is part of the reason the Pirate Party is gaining in popularity, says political analyst Karl-Rudolf Korte. People who vote for the Pirates often do so in protest.

"They articulate this protest by giving a party that doesn't come across as part of the establishment their vote," Korte said.

The right to Internet

In the Berlin elections, the Pirate Party presented itself as a social party, calling for access to education, knowledge, and participation in public life in the city. This applies to everyone, no matter their social situation. For the Pirates, the subway should be free, as well as Internet access in a city-wide wireless network. The guiding principle of the Internet - the free flow of information - is to be applied to real life in the city.

But it isn't just about opening citizens up to an online world - the Pirate Party is also for raising awareness about the risks and dangers of life online.

Now that the Berlin elections are over and the Pirate Party has gained enough support to enter Berlin's parliament, they will be faced with the challenge of walking the talk.

It won't, however, be the first time. Some members of the Pirate Party are already involved in local governments. So far, they have survived these trials by fire, which could be an indication that their popularity will only continue to grow.

Author: Kay-Alexander Scholz / mz
Editor: Andreas Illmer
http://www.dw-world.de/dw/article/0,,15397528,00.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

September 17th, September 10th, September 3rd, August 27th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Old 26-09-11, 04:08 PM   #2
chefws
Registered User
 
chefws's Avatar
 
Join Date: Aug 2000
Posts: 1,362
Default

Man, a lot of those stories are really depressing. I'm getting tired of my privacy being eroded by technology. I even got an email today at my yahoo account for an American Express card. Just for giggles, I clicked on it to apply. The application was completely filled out with my personal information, excluding my SS#. Where in the hell did they get that information? It's not in my yahoo profile, I used aliases for that. It's too creepy. I'm about to become totally unplugged and off the grid.
Big Brother, indeed.
__________________
Finally got rid of that old sig :P
chefws is offline   Reply With Quote
Old 26-09-11, 04:15 PM   #3
napho
Dawn's private genie
 
napho's Avatar
 
Join Date: May 2001
Location: the Canadian wasteland
Posts: 4,461
Default

Quote:
Originally Posted by chefws View Post
Man, a lot of those stories are really depressing. I'm getting tired of my privacy being eroded by technology. I even got an email today at my yahoo account for an American Express card. Just for giggles, I clicked on it to apply. The application was completely filled out with my personal information, excluding my SS#. Where in the hell did they get that information? It's not in my yahoo profile, I used aliases for that. It's too creepy. I'm about to become totally unplugged and off the grid.
Big Brother, indeed.
Are you sure that info wasn't local, as in Roboform or Keypass or in your cookies from similar forms being filled out?
napho is offline   Reply With Quote
Old 26-09-11, 04:31 PM   #4
chefws
Registered User
 
chefws's Avatar
 
Join Date: Aug 2000
Posts: 1,362
Default

Actually, I got a redirect virus yesterday and did a total drive wipe and reinstall. I always get rid of cookies if I fill out a form, which I haven't done in weeks. Once I caught the virus, I didn't log onto mail.
The only explanation I can come up with is that I had an Amex in the 80's, and they used some sort of info service to connect the dots. I dunno.
__________________
Finally got rid of that old sig :P
chefws is offline   Reply With Quote
Old 26-09-11, 08:09 PM   #5
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,011
Default

Quote:
Originally Posted by chefws View Post
Man, a lot of those stories are really depressing. It's too creepy. I'm about to become totally unplugged and off the grid.
Big Brother, indeed.
what with facebook monitoring your cookies after sign out for "safety and protection" purposes (right), the all-powerful director of ICE shilling for corporate content with the decade old chestnut "downloading's the same as physical shoplifting" and the creator of FireFox claiming the web is on its way to becoming "a footnote in history," shadows certainly seem to be lengthening chefws.

then from somewhere unexpected a light shines, like a pirate party picking up seats (in germany no less) and the shadows recede. maybe you should stick around. i think the best is ahead.

- js.
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 05:18 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)