P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 04-04-18, 07:56 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - April 7th, ’18

Since 2002































April 7th, 2018




Piracy as Marketing Tool? ‘The Man from Earth: Holocene’ Producers Have Made $45,000 From Self-Pirating Their Movie
Todd Spangler

If you can’t beat them, join them.

That’s what the independent producers of “The Man From Earth: Holocene” concluded about the inevitable piracy of their sci-fi film, a sequel to the 2007 cult hit “The Man From Earth.”

More than two months before its April 3 release on digital and DVD, they uploaded it to The Pirate Bay — available in up to 1080p HD format — and it spread to other services. The video is book-ended by an appeal from director-producer Richard Schenkman to consider donating some money if they watched the movie. “If you like it, support it, and remember that sharing is caring,” reads the note they included with the digital versions they distributed on piracy networks.

Since “self-pirating” their movie on Jan. 15, according to Schenkman and producer Eric D. Wilkinson, they’ve received nearly $45,000 in donations via their site, manfromearth.com, from fans and supporters around the world including China, Brazil and Europe.

“I’m not a proponent of piracy,” Wilkinson told Variety. “But at the same time, we have to figure out a way to live with it.”

The plan to first release “The Man From Earth: Holocene” on piracy networks, according to Wilkinson, was part of their strategy to make the film profitable — a decision informed by what happened 10 years ago, with the first “Man From Earth” movie, penned by the late sci-fi writer Jerome Bixby.

Prior to the release of “The Man From Earth” by Starz/Anchor Bay Entertainment, it hit piracy networks. At first Wilkinson was distraught. Then he noticed that the prerelease piracy resulted in the movie shooting up dramatically in IMDb’s user ratings — to become the fifth-highest ranked movie on the service. As a result, the team set up a donation link on their website (at the suggestion of Schenkman’s ex-wife) and eventually collected $20,000 in donations, close to 20% of the film’s budget.

“Ten years ago we were being reactive, and this time we wanted to be proactive,” Wilkinson said. The first film was profitable, he said, “in spite of the piracy.”

To be sure, Schenkman and Wilkinson still expect the bulk of the revenue for “Holocene” to come from legitimate channels. The producers spent a little over $300,000 on “The Man From Earth: Holocene,” which was shot over 12 days in June 2016 in and around L.A.

Currently, the movie is available worldwide on Vimeo (to rent for $4.99 or purchase for $9.99) as well as MovieSaints (which promises refunds to customers who don’t like it). The movie is also on iTunes and Amazon Video, and on DVD from Amazon and Walmart.

It also remains — with the producers’ official blessing — available on piracy networks. Through March 28, “The Man From Earth: Holocene” had been downloaded 388,915 times via peer-to-peer file sharing, the producers said. That doesn’t include streaming piracy sites, which if factored in would likely push up the total to more than 1 million views or downloads, according to Schenkman.

The self-pirating move certainly runs counter to the prevailing attitude among most in the movie biz — if not across all industries that rely on intellectual property. Isn’t it tantamount to negotiating with terrorists? Not according to Schenkman. Content pirates, he said, are different from terrorists “because if you’re honest with them they respond.”

“It’s a global experiment in the honor system,” he said. “We realized no matter what we did, it would be big in the pirate ecosystem.”

The producers said they wanted to get a high-quality version of “Holocene” into the wild themselves, before someone else ripped a copy, so that it would include the call-to-donate pitch. Plus, the thinking goes, piracy really helped the original movie get widely noticed. “There’s an argument to be made that the piracy of the first film is what made it a phenomenon,” Schenkman said. That echoes the comment of Time Warner CEO Jeff Bewkes a few years ago that piracy of “Game of Thrones” was “better than an Emmy” at buzz-building.

“The Man From Earth: Holocene” stars David Lee Smith (pictured above), who reprises his role as protagonist John Oldman in the first movie. The cast includes Michael Dorn, Vanessa Williams, Akemi Look, Brittany Curran, Carlos Knight and Sterling Knight.

In the movie, Oldman — who is a 14,000-year-old caveman — has assumed life as a history professor at a college in Chico, Calif. The story’s conceit: He has to change identities every 10 years lest his virtually immortal existence is discovered. But in “Holocene,” he is finally starting to age, and four of his students uncover the truth and confront him.

Schenkman co-wrote “The Man From Earth: Holocene” with Jerome Bixby’s son, Emerson Bixby, who also serves as executive producer through his Falling Sky Entertainment banner, based on a story by Schenkman and Wilkinson.

The sequel hasn’t fared as well with fans as its predecessor. “Holocene” has a 31% audience approval score on Rotten Tomatoes, compared with 85% for the original “Man From Earth.” Wilkinson shrugged off the tepid reception: “There are people who are inevitably going to think, ‘It’s sacrilege — you ruined the first movie,'” he said.

In any case, Schenkman said, he’s been amazed by the generosity of those who have nabbed “Holocene” from piracy sources.

“People are giving us $5 to $10, a lot of people are giving us $20 — some are donating $50 or $100 because they shared it with friends,” Schenkman said. “And we’ve had people saying, ‘I haven’t watched your movie but I believe in what you’re doing. Here’s five bucks.'”

As for what’s next, the filmmakers are hoping to sell a TV series based on the storyline of the two movies. “The original idea was to make ‘The Man From Earth’ basically feature-length pilot,” Schenkman said. “Now I need to get in the room with the powers that be and pitch the series.”
http://variety.com/2018/digital/news...ns-1202745999/





Porn Video Website Sues Local Residents Over Pirated Material
Terrie Morgan-Besecker

A company that operates an adult pornographic video website filed federal copyright infringement lawsuits against nine area residents Friday, including four people from Lackawanna, Luzerne and Wayne counties.

Malibu Media Inc. of Westlake Village, California, alleges the defendants, who are not identified by name, used BitTorrent programs to illegally download videos from its subscription-based website, X-Art.com, without paying for the content.

The lawsuits join thousands of other federal lawsuits the company filed nationwide, including 100 in the Middle District of Pennsylvania since 2014.

“My client takes this very seriously,” said attorney Christopher Fiore of Harleysville, who represents the firm in the Pennsylvania lawsuits. “(The owner) has testified Malibu Media invests significant time and financial resources. ... It must enforce its copyrights to continue to grow its subscriber base.”

The lawsuits identify the defendants as “John Doe” and by their Internet Protocol addresses because their names have not yet been determined. The company also filed a motion seeking permission to issue subpoenas to the defendants’ internet service providers to obtain their identities.

Exhibits filed with the lawsuits show the two Lackawanna County defendants live in Scranton and Olyphant; the Luzerne County defendant is from Hazleton; and the Wayne County defendant resides in Honesdale. They are accused of downloading seven to eight videos each.

Jeffrey Antonelli, a Chicago-based attorney who has represented more than 700 people sued by Malibu Media, said the company has come under fire for its aggressive approach. While some defendants do illegally download the company’s property, some people who did nothing wrong also have been targeted.

Antonelli cited the use of “spoofing” software, which allows a person to use an IP address and make it appear as if it’s a different IP address.

“People spoofing an IP address can be anywhere in the world and pretend to be me,” he said. “It’s like a fake driver’s license.”

Even if a person is innocent, there’s a strong incentive to settle the cases because of the high cost to defend them and potential for damages, which can range from $750 to $150,000 per video, he said.

“Critics believe they are trying to use litigation as a revenue tool rather than trying to fight piracy,” Antonelli said. “I can’t make a judgment on what goes on inside their minds.”

Fiore defended the company’s practices. He noted the firm typically targets people who have downloaded multiple videos over a long period of time.

He said the company hopes the latest round of lawsuits sends a clear message to anyone considering pirating its videos.

“We are letting all infringers know, we are out there,” he said. “This is important to us, and we are going to enforce our copyrights.”
http://thetimes-tribune.com/news/por...rial-1.2322879





EU Makes Borderless Streaming of TV, Movies a Reality
Robert Hackwill

Going on holiday but don't want to miss out on watching your favourite show? Well, from April 1st you can stream without borders within the EU.

It is all thanks to the portability regulation, meaning content providers like Netflix or Amazon Prime have to allow access to shows from their local subscription, in a foreign EU country on a temporary basis.

"Many consumers would not only like to benefit from subscriptions when they travel, but they would also like to have access to foreign digital content which is offered to consumers in other countries. If you're from a certain country of origin, you want to see what is going on at home, you want to have access to your TV so to speak in your previous country, and this is not possible today," says BEUC's Deputy-Director-General Ursula Pachl.

This is the dream of the digital single market, making all content accessible throughout the EU, rather than geo-blocking, something which a German MEP from the Pirate Party is fighting to abolish.

"We have learned from the music industry that the best way to counter copyright infringement is to have an attractive legal offer that is worldwide, where people can for a fair price access any content they want. The film industry has still not understood this, it still insists on bring movies at different times in different countries, or not to allow streaming at all in certain countries and this makes people upet because even if they are willing to pay there is no legal offer for them," says German Pirate Party MEP Julia Reda.

Getting Hollywood on board may prove a lot more difficult. While the USA does not have a monopoly on must-watch TV, it is dominant in cinema and jealously guards that position.

"One series that I very much like is Broadchurch, and there is the third season that unfortunately is not available on Netflix Belgium, nor Netflix Germany, so I'm afraid that the portability regulation won't solve the problem for me," says Reda.

In this case the EU legislation has been modelled on ideas from British Liberal Democrat leader Vince Cable. When, a few years ago the EU made a big fuss about the difference in streaming content availability in its respective member states, and decided it wanted to do something about it, an outright ban on geo-blocking was suggested. But it turns out Cable was on the money with rules to make your home content 'portable'.

The idea is to make life easier for EU citizens, and reduce the temptation of pirating content when they're abroad. So if you go to France, you should still be able to access UK-only Netflix content, sport streams, and so on, the same way you would if you were at home. Any paid service you can access at home has to be available for you if you travel within the EU, though the rules don't strictly define the length of what constitutes a temporary visit - meaning the specifics will need to be laid out by the content providers themselves.

Netflix spokesperson Rut Rey told Euronews: "While our catalogues do differ from country to country due to licences and local preferences, Netflix originals like The Crown, Black Mirror, Stranger Things, Narcos, Bright etc. are all available everywhere ... so for the most part, there is little difference for a UK subscriber between accessing the UK or local catalogue."

The portability rules don't apply to free services or public service broadcasters, though, and the BBC has confirmed there won't be any changes to iPlayer. So no watching Newsnight while you sit by a Spanish pool.

Free-to-air services can make the feature available, but the rules say they have to inform users who will than have to login to the service - thereby verifying their home country. Providers also aren't allowed to charge users for this privilege, though the upside is that they don't necessarily have to purchase rights to content within host countries.

The EU believes providers are ready for Sunday's rule change, so you should be able to access the many things Netflix, Amazon, Sky, et al have to offer when you take your next European holiday. Enjoy it while it lasts, though. Theresa May has made it clear the UK will not be staying within the digital single market after Brexit, so these rules have about a year before they become totally irrelevant to the Brits.
http://www.euronews.com/2018/04/01/e...vies-a-reality





Municipal Broadband Expected to Get Support from More Colorado Towns after Tuesday’s Vote

So far 86 cities and towns in the state have cast off state restrictions on municipal broadband
John Aguilar

A years-long effort to expand access to high-speed internet to all corners of the state, especially far-flung rural areas, will likely get a boost once the ballots from Tuesday’s statewide election are tallied.

Voters from a half dozen Colorado cities and towns — Firestone, Frisco, Lake City, Limon, Lyons, and Severance — went to the ballot box Tuesday to decide whether to cast off a 2005 state law that restricts municipal governments from providing broadband internet service.

Final results from the election were still being compiled Tuesday night.

If the vote goes as expected — 86 cities and towns and more than 30 counties have already overturned the law in just the past decade — it will mean more options for deploying a service that many now equate to water and electricity in terms of its critical role in economic vitality.

“If an area doesn’t have reliable, good broadband access and availability, that area is not going to thrive,” said Jud Hollingsworth, a town trustee with Lake City, a mountain town of several hundred residents that is among the most remote in Colorado. “Residents here are saying if they could have some competition in that area, they would welcome that.”

Across the state in Limon, town manager Dave Stone said residents in his eastern plains community have been less than pleased with the internet service they get now.

“We continually hear from people who have difficulty getting the broadband service they need,” he said. “They certainly feel there’s a need for competition in town.”

How that competition might play out in Lake City and Limon is something neither Hollingsworth nor Stone would venture to guess, but they know their residents want more ways to widen the pipe to the online world. Examples of cities and counties taking different approaches to expanding broadband opportunities abound in Colorado.

Several, including Fort Morgan and Wray, are teaming up with the private sector, like local telephone providers, to get people hooked up to high-speed internet service. Others, like Longmont and Rio Blanco County, have taken a more autonomous approach to providing robust speeds that can reach a blazing fast 1 gigabit per second.

Tony Neal-Graves, executive director of the Colorado Broadband Office, said the state still has a goal of providing 85 percent of Colorado’s rural areas with broadband internet access by the end of the year. The coverage is currently at 77 percent.

One thing that will help, Neal-Graves said, is the bill that was signed into law by Gov. John Hickenlooper on Monday.

Senate Bill 2 will take money collected from fees levied on phone lines and divert it toward building broadband service that operates at a minimum 10 megabits per second. In 2019, 60 percent of the money will go toward broadband, with that portion increasing in 2023 to 100 percent, or roughly $27 million a year, according to a legislative analysis.

“The good news is that everybody gets the fact that broadband is essentially like water and electricity,” Neal-Graves said.

The American Civil Liberties Union last week released a report urging cities and towns to provide internet service “as a utility.” The basis for the organization’s report: the Federal Communications Commission’s recent rollback of net neutrality rules.

“Municipal governments still have the option of providing broadband service themselves and implementing the net neutrality and privacy protections that are no longer required of private companies by federal policies,” the ACLU said in a news release last week.

Neal-Graves said some municipal leaders in Colorado were “spooked” by the FCC’s December ruling and want to make sure they have more than just one choice of internet provider, no matter where they might be located in the state.
https://www.denverpost.com/2018/04/0...ction-results/





Software Bug Behind Biggest Telephony Outage in US History
Catalin Cimpanu

A software bug in a telecom provider's phone number blacklisting system caused the largest telephony outage in US history, according to a report released by the US Federal Communications Commission (FCC) at the start of the month.

The telco is Level 3, now part of CenturyLink, and the outage took place on October 4, 2016.

Software sees empty field as wildcard selector

According to the FCC's investigation, the outage began after a Level 3 employee entered phone numbers suspected of malicious activity in the company's network management software.

The employee wanted to block incoming phone calls from these numbers and had entered each number in fields provided by the software's GUI.

The problem arose when the Level 3 technician left a field empty, without entering a number. Unbeknownst to the employee, the buggy software didn't ignore the empty field, like most software does, but instead viewed the empty space as a "wildcard" character.

As soon as the technician submitted his input, Level 3's network began blocking all telephone calls.

Level 3 telephony network goes down for 84 minutes

The event had massive repercussions, affecting the entire US. For 84 minutes between 10:06 and 11:30 AM Eastern Daylight Time (EDT), Level 3's network blocked all calls, a massive number of 111 million calls, 109 million of which where VoIP-based.

Approximately 29.4 million VoIP users and around 2.3 million wireless users were affected.

FCC said the event had "nationwide impact" and called it "the largest [outage] reported in the Federal Communications Commission’s Network Outage Reporting System (NORS)" history.

Calls to 911 were also blocked, but due to the emergency system's redundancy, only 15 of 117 calls failed to connect to a public safety answering point (PSAP).

The outage could have been more prolonged if Level 3 didn't have systems in place that alerted operators of abnormal activity. FCC says Level 3 became aware of the incident four minutes after it started.

FCC blames software supplier

"The technician was unaware of the consequences of leaving a field in the network management software blank," the FCC concluded in its report, absolving the employee and company of guilt. "Level 3 personnel had not previously observed or experienced this behavior in their network management software. According to Level 3, this was the first time that anti-fraud operations in network equipment caused an outage."

The FCC report also mentions that Level 3 used "vendor-supplied network management software," but did not name the supplier.

As part of subsequent corrective measures, Level 3 now uses a provisioning system to handle phone number bans and the company also removed over 800 technician accounts that had access to various networking systems they shouldn't.
https://www.bleepingcomputer.com/new...in-us-history/





Sinclair Tells Stations to Air Media-Bashing Promos - and Criticism Goes Viral

Sinclair Broadcast Group is America's biggest owner of local TV stations.
Local journalists chafe at new campaign
Brian Stelter

Sinclair Broadcast Group's corporate mandates are exacerbating tensions between the company's local stations and its management.

Journalists in local US markets are chafing at the company's requirements, including a new promotional campaign that echoes President Donald Trump's anti-media rhetoric.

The promos, first reported by CNNMoney last month, went viral over the weekend after Deadspin edited dozens of them together to show how anchors across the country were told to read the same script.

"It sickens me the way this company is encroaching upon trusted news brands in rural markets," an investigative reporter at Sinclair told CNNMoney on condition of anonymity.

The reporter and other Sinclair employees in several different markets described tense conversations in their newsrooms and anger directed at the company's Hunt Valley, Maryland, headquarters.

Sinclair is the biggest owner of local television stations in the United States, owning or operating 173 of them.

A person in Sinclair management confirmed that tensions are on the rise.

The company's conservative-leaning politics have come down to Sinclair's stations through "must runs" — stories local producers are told to air during their newscasts. The "Terrorism Alert Desk" is a recurring segment. Pro-Trump commentaries by former Trump campaign adviser Boris Epshteyn are another "must-run" feature.

The new promo campaign took it to another level, causing even more consternation in local newsrooms.

Scott Livingston, the company's senior vice president of news, directed stations to have anchors read a script about "fake stories" and "personal bias" plaguing the media, according to a memo obtained by CNNMoney. The script — reminiscent of Fox News' old "fair and balanced" tagline — cast Sinclair's stations as the antidote.

Sinclair's political bent has been a factor in its pending acquisition of Tribune Media, which is under review by federal regulators. The deal would add dozens more stations to its portfolio.

The Sinclair employees who originally contacted CNNMoney about the promo shoot said they felt it advanced the company's agenda at the expense of their own credibility.

The employees said they felt they needed to speak anonymously because they were worried they could lose their jobs if identified.

After CNN's initial story in early March, others expressed concern and frustration.

"I try everyday to do fair, local stories, some Trump-related, but it's always washed out by this stuff they do at a national level," one local reporter said.

Another employee came forward and told CNN that "as a producer who finds it unethical, I will refuse to run it."

The promos started airing in late March. It is unclear if any stations have refused to broadcast them.

An all-newsroom email from one station news director read: "Let me be absolutely clear here... These MUST Run. If they do not, my job is on the line. I don't say that to scare you by any means but I do say this so you understand how serious SBG is about this project."

SBG is the corporate abbreviation for Sinclair.

A Sinclair spokeswoman did not respond to requests for comment on Sunday.

In his memo to stations, Livingston described a "Trust and Truth research" project the company did involving a well-known consulting firm called Magid.

"Trust is the fundamental issue with connecting to news consumers. And we are a trusted news source," he wrote, describing the promos — "the local anchor message on Journalistic Responsibility" — as a followup.

But some outsiders see it as irresponsible. In a sign of Sinclair's controversial stature, Deadspin's compilation of the promos — making the anchors in various markets sound like robots — went viral on Saturday. It has been picked up by political activists, journalists and comedians, among others.

"This is extremely dangerous to our democracy," late night host Jimmy Kimmel tweeted Sunday.

Media investor Peter Chernin, who held high-ranking positions at Rupert Murdoch's News Corporation for two decades, tweeted, "This is insidious. The first key to stopping it is to call on advertisers who support this propaganda and express your objections."

Some of the concerned Sinclair staffers said they appreciated the national attention, but they're more worried about how local viewers are reacting. They pointed out that station Facebook pages and Twitter feeds are receiving criticism about the promos.

"I feel bad because they're seeing these people they've trusted for decades tell them things they know are essentially propaganda," one local anchor said.

The person, who has been in touch with counterparts in other markets, said anchors are especially bothered "because they have all this experience in news, and now they're being degraded like this."
https://www.local10.com/news/sinclai...ism-goes-viral





Russian Bots are Tweeting their Support of Embattled Fox News Host Laura Ingraham
Laura Ingraham

Embattled Fox News host Laura Ingraham has found some unlikely allies: Russian bots.

Russian-linked Twitter accounts have rallied around the conservative talk-show host, who has come under fire for attacking the young survivors of the Parkland school shooting. According to the website Hamilton 68, which tracks the spread of Russian propaganda on Twitter, the hashtag #IstandwithLaura jumped 2,800 percent in 48 hours this weekend. On Saturday night, it was the top trending hashtag among Russian campaigners.

The website botcheck.me, which tracks 1,500 "political propaganda bots," found that @ingrahamangle, @davidhogg111 and @foxnews were among the top six Twitter handles tweeted by Russia-linked accounts this weekend. "David Hogg" and "Laura Ingraham" were the top two-word phrases being shared.

Wading into controversy is a key strategy for Russian propaganda bots, which seize on divisive issues online to sow discord in the United States. Since the Feb. 14 Parkland shooting, which claimed 17 lives, Russian bots have flooded Twitter with false information about the massacre.

Researchers who follow the issue found that in the days after the shooting, #Parkland, #guncontrolnow, #Florida and #guncontrol were among the top hashtags used by Russia-linked accounts. (Previously, those accounts had been focused on special counsel Robert Mueller's investigation of Russian interference in the 2016 U.S. presidential election.)

"This is pretty typical for them, to hop on breaking news like this," Jonathon Morgan, chief executive of New Knowledge, a company that tracks online disinformation campaigns, told the New York Times. "The bots focus on anything that is divisive for Americans. Almost systematically."

Ingraham came under harsh criticism after she mocked Parkland shooting survivor David Hogg, who had spoken out about his disappointment at not being accepted by four University of California schools, including UCLA. Hogg has a 4.2 GPA and a 1270 SAT score.

Ingraham's criticism came amid a broader effort by gun rights activists to discredit Parkland teens pushing for stronger gun-control laws.

In response, Hogg took to Twitter to call on the companies that advertise on Ingraham's Fox New program to pull their ads. Within days, Johnson & Johnson, Nestlé, Hulu, Jos. A. Bank, Jenny Craig, Ruby Tuesday, Miracle-Ear and several other
http://www.courant.com/nation-world/...402-story.html





“Trump Is Like, ‘How Can I F--k with Him?’”: Trump’s War with Amazon (and The Washington Post) Is Personal

With the West Wing finally calm, Trump is contemplating a multi-front campaign against Jeff Bezos.
Gabriel Sherman

For the first time in Donald Trump’s presidency, the West Wing soap opera appears to be in hiatus, with many of its starring characters (Gary Cohn, Hope Hicks) either permanently offstage or with much reduced roles (John Kelly, Jared Kushner). Currently, there’s one star—a situation Trump is obviously enjoying—and his new freedom is used to focus ever more closely on his perceived enemies and obsessions. Amazon, whose owner, Jeff Bezos, also owns The Washington Post, is currently the main target. Trump has ripped into Amazon in recent days, claiming in a series of tweets that Jeff Bezos’s tech giant benefits from billions in subsidies from the U.S. Post office while skirting sales taxes. “Unlike others, they pay little or no taxes to state & local governments, use our Postal System as their Delivery Boy (causing tremendous loss to the U.S.), and are putting many thousands of retailers out of business!” Trump tweeted. On Monday, he wrote: “Only fools, or worse, are saying that our money losing Post Office makes money with Amazon. THEY LOSE A FORTUNE, and this will be changed. Also, our fully tax paying retailers are closing stores all over the country . . . not a level playing field!” The tweets caused Amazon’s stock to plunge 5 percent on Monday.

Now, according to four sources close to the White House, Trump is discussing ways to escalate his Twitter attacks on Amazon to further damage the company. “He’s off the hook on this. It’s war,” one source told me. “He gets obsessed with something, and now he’s obsessed with Bezos,” said another source. “Trump is like, how can I fuck with him?”

According to sources, Trump wants the Post Office to increase Amazon’s shipping costs. When Trump previously discussed the idea inside the White Hose, Gary Cohn had explained that Amazon is a benefit to the Postal Service, which has seen mail volume plummet in the age of e-mail. “Trump doesn’t have Gary Cohn breathing down his neck saying you can’t do the Post Office shit,” a Republican close to the White House said. “He really wants the Post Office deal renegotiated. He thinks Amazon’s getting a huge fucking deal on shipping.”

Advisers are also encouraging Trump to cancel Amazon’s pending multi-billion contract with the Pentagon to provide cloud computing services, sources say. Another line of attack would be to encourage attorneys general in red states to open investigations into Amazon’s business practices. Sources say Trump is open to the ideas. (The White House did not respond to a request for comment.)

Even Trump’s allies acknowledge that much of what’s fueling Trump’s rage toward Amazon is that Amazon C.E.O. Jeff Bezos owns The Washington Post, sources said. “Trump doesn’t like The New York Times, but he reveres it because it’s his hometown paper. The Washington Post, he has zero respect for,” the Republican close to the White House said. While the Post says that Bezos has no involvement in newsroom decisions, Trump has told advisers he believes Bezos uses the paper as a political weapon. One former White House official said Trump looks at the Post the same way he looks at the National Enquirer. “When Bezos says he has no involvement, Trump doesn’t believe him. His experience is with the David Peckers of the world. Whether it’s right or wrong, he knows it can be done.”
https://www.vanityfair.com/news/2018...st-is-personal





Homeland Security to Compile Database of Journalists, Bloggers
Cary O'Reilly

• Seeks contractor that can monitor 290,000 global news sources

• ‘Media influencer’ database to note `sentiment’ of coverage

The U.S. Department of Homeland Security wants to monitor hundreds of thousands of news sources around the world and compile a database of journalists, editors, foreign correspondents, and bloggers to identify top “media influencers.”

It’s seeking a contractor that can help it monitor traditional news sources as well as social media and identify “any and all” coverage related to the agency or a particular event, according to a request for information released April 3.

The data to be collected includes a publication’s “sentiment” as well as geographical spread, top posters, languages, momentum, and circulation. No value for the contract was disclosed.

“Services shall provide media comparison tools, design and rebranding tools, communication tools, and the ability to identify top media influencers,” according to the statement. DHS agencies have “a critical need to incorporate these functions into their programs in order to better reach federal, state, local, tribal, and private partners,” it said.

The DHS wants to track more than 290,000 global news sources, including online, print, broadcast, cable, and radio, as well as trade and industry publications, local, national and international outlets, and social media, according to the documents. It also wants the ability to track media coverage in more than 100 languages including Arabic, Chinese, and Russian, with instant translation of articles into English.

The request comes amid heightened concern about accuracy in media and the potential for foreigners to influence U.S. elections and policy through “fake news.” Nineteen lawmakers including Reps. Josh Gottheimer (D-N.J.), Lee Zeldin (R-N.Y.), Ron DeSantis (R-Fla.), and Sen. Ted Cruz (R-Texas), sent a letter to Attorney General Jeff Sessions last month, asking whether Qatar-based Al Jazeera should register as a foreign agent because it “often directly undermines” U.S. interests with favorable coverage of Hamas, Hezbollah and al-Qaeda’s branch in Syria.

The DHS request says the selected vendor will set up an online “media influence database” giving users the ability to browse based on location, beat, and type of influence. For each influencer found, “present contact details and any other information that could be relevant, including publications this influencer writes for, and an overview of the previous coverage published by the media influencer.”

A department spokesman didn’t immediately return a phone call and email seeking comment.

Responses are due April 13. Seven companies, mainly minority- or women-owned small businesses, have already expressed interest in becoming a vendor for the contract, according to the FedBizOpps web site.

— With assistance from Daniel Snyder
https://biglawbusiness.com/homeland-...ists-bloggers/





Tech Thinks It Has a Fix for the Problems It Created: Blockchain
Nathaniel Popper

Worried about someone hacking the next election? Bothered by the way Facebook and Equifax coughed up your personal information?

The technology industry has an answer called the blockchain — even for the problems the industry helped to create.

The first blockchain was created in 2009 as a new kind of database for the virtual currency Bitcoin, where all transactions could be stored without any banks or governments involved.

Now, countless entrepreneurs, companies and governments are looking to use similar databases — often independent of Bitcoin — to solve some of the most intractable issues facing society.

“People feel the need to move away from something like Facebook and toward something that allows them to have ownership of their own data,” said Ryan Shea, a co-founder of Blockstack, a New York company working with blockchain technology.

The creator of the World Wide Web, Tim Berners-Lee, has said the blockchain could help reduce the big internet companies’ influence and return the web to his original vision. But he has also warned that it could come with some of the same problems as the web.

Blockchain allows information to be stored and exchanged by a network of computers without any central authority. In theory, this egalitarian arrangement also makes it harder for data to be altered or hacked.

Investors, for one, see potential. While the price of Bitcoin and other virtual currencies have plummeted this year, investment in other blockchain projects has remained strong. In the first three months of 2018, venture capitalists put half a billion dollars into 75 blockchain projects, more than double what they raised in the last quarter of 2017, according to data from Pitchbook.

Most of the projects have not gotten beyond pilot testing, and many are aimed at transforming mundane corporate tasks like financial trading and accounting. But some experiments promise to transform fundamental things, like the way we vote and the way we interact online.

“There is just so much it can do,” said Bradley Tusk, a former campaign manager for Michael R. Bloomberg, the former mayor of New York, who has recently thrown his weight behind several blockchain projects. “I love the fact that you can transmit data, information and choices in a way that is really hard to hack — really hard to disrupt and that can be really efficient.”

Mr. Tusk, the founder of Tusk Strategies, is an investor in some large virtual currency companies. He has also supported efforts aimed at getting governments to move voting online to blockchain-based systems. Mr. Tusk argues that blockchains could make reliable online voting possible because the votes could be recorded in a tamper-proof way.

“Everything is moving toward people saying, ‘I want all the benefits of the internet, but I want to protect my privacy and my security,’” he said. “The only thing I know that can reconcile those things is the blockchain.”

Blockchains assemble data into so-called blocks that are chained together using complicated math. Since each block is built off the last one and includes information like time stamps, any attempt to go back and alter existing data would be highly complicated. In the original Bitcoin blockchain, the data in the blocks is information about Bitcoin wallets and transactions. The blocks of data in the Bitcoin blockchain — and most of its imitators — are kept by a peer-to-peer computer network.

The novel structure allows people to set up online accounts that can securely hold valuable personal information without having to trust a single entity that can hoard, abuse or lose control of the data, as happened with Facebook and the consumer credit reporting agency Equifax.

A range of corporations and governments are trying to apply the blockchain model — for projects from the prosaic to the radical. Various departments of the United Nations now have blockchain experiments looking to tackle climate change, the delivery of humanitarian aid and the identity challenges faced by stateless people. Coca-Cola and the State Department recently announced a project to register foreign employees on a blockchain in an attempt to eliminate forced labor.

These experiments have drawn skepticism from Bitcoin aficionados, who say blockchains are being applied to problems that could be more easily solved with old-fashioned databases.

Other critics say the rapid pace of blockchain development could lead to the same problem facing the broader tech industry: a willingness to disrupt and overthrow old systems before the replacement has been thoroughly tested.

“The blockchain industry is ready and waiting to say, ‘Yes, we are the solution,’ and they have every incentive to do so,” said Angela Walch, a research fellow at the Center for Blockchain Technologies at University College London. “But somebody needs to ask the question: ‘Is it actually better? Is it measurably better?’”

Many blockchain projects opened themselves to criticism and regulatory scrutiny by raising money through so-called initial coin offerings last year. These fund-raising campaigns often brought in tens of millions of dollars in minutes with little regulatory oversight.

But new blockchain efforts continue apace, motivated in no small part by concerns about the emergence of internet giants like Facebook and YouTube.

Most of the biggest internet companies make their money from collecting personal information and using it to sell targeted advertisements. This kind of massive data collection makes them vulnerable to hackers and outsiders who want to leverage the data — as was evident when Cambridge Analytica improperly gained access to 50 million Facebook profiles. And start-ups are using the blockchain in an attempt to pry control of all that data out of their hands.

Blockstack has built a way to record the basic details about your identity on a blockchain database and then use that identity to set up accounts with other online projects that are built on top of it.

The animating force behind the project is that users — rather than Blockstack or any other company — would end up in control of all the data they generate with any online service.

Blockstack is one of several blockchain-based projects hoping to create a new generation of online services that don’t rely on having unfettered access to our personal information.

The idea has gained enough steam that in the days after news of Facebook’s relationship with Cambridge Analytica broke, Twitter was filled with people calling for blockchain-based alternatives.

As Facebook is collapsing we need to replace it with a blockchain based, decentralized platform! https://t.co/lgFGh3bHLi
— Gerd Moe-Behrens (@GerdMoeBehrens) March 19, 2018

“As Facebook is collapsing we need to replace it with a blockchain based, decentralized platform!” one user, @GerdMoeBehrens, wrote.

50 m Facebook profiles harvested for in major data breach | News | The Guardian #blockchain WE NEED U NOW!!! https://t.co/P0twwKsu2g
— Andy Martin (@andymartin46) March 17, 2018

“#blockchain WE NEED U NOW!!!” wrote another, @andymartin46.

But Mr. Berners-Lee has warned that the development of the blockchain could come with unintended consequences, like more activity from criminals operating outside the oversight of governments.

Even blockchain advocates say the hype has conditioned people to think that good answers are close at hand, when it could take five or 10 years for the technology to properly develop.

In fact, most blockchain projects are still plagued by concerns about privacy. For example, the widely used Bitcoin blockchain allows certain data — details of the transactions between users — to be seen by anyone, even if other data — the users’ identities — remains obscured. Voting start-ups have solved this by encrypting the data before putting it on a blockchain, but there are questions about whether this will solve other privacy concerns.

Blockchain-based accounts also rely on users keeping their own passwords or private keys, which people are famously bad at doing. With Bitcoin, when people lose their private key they lose access to the money in their account — if someone lost the private key to a blockchain-based online account, they could lose access to their identity.

“We’re not saying that tomorrow you can flip the switch and a blockchain is going to solve these problems,” said Michael Casey, a co-author of “The Truth Machine,” a new book on the blockchain. “What’s important is how it opens the door to a new way of thinking about the problems we face.”
https://www.nytimes.com/2018/04/01/t...hain-uses.html





Meh

Generation Z Is Already Bored by the Internet

Today’s teens are still bored, often incredibly so. They’re just more likely to experience a new type of boredom: phone bored.
Taylor Lorenz

Teenagers today have unprecedented access to technology, and yet many report that they’ve never been so bored.

There is a notion among older people that teens, with their smartphones and unlimited internet access, never experience boredom. CNN and other media outlets have repeatedly declared that smartphones have killed boredom as we know it. “Today, we don’t have time to daydream. Waiting in the doctor’s office or standing in line, we can check our email, play Angry Birds, or Twitter,” a media consultant once declared in HuffPost.

But today’s teens are still bored, often incredibly so. They’re just more likely to experience a new type of boredom: phone bored.

As members of what has been dubbed “Generation Z,” a cohort that spans those born roughly between the years 1998 and 2010, today’s teens and tweens have had unparalleled access to technology. Many have had smartphones since elementary, if not middle school. They’ve grown up with high-speed internet, laptops, and social media.

It’s tempting to think that these devices, with their endless ability to stimulate, offer salvation from the type of mind-numbing boredom that is so core to the teen experience. But humans adapt to the conditions that surround them, and technical advances are no different. What seemed novel to one generation feels passé to the next. To many teens, smartphones and the internet have already lost their appeal.

Phone boredom occurs when you’re technically “on your phone,” but you’re still bored out of your mind. It’s that feeling when you’re mindlessly clicking around, opening and closing apps, looking for something to do digitally and finding the options uninteresting.

Whereas previous generations may have scrolled through channels on the radio, wandered into different rooms in their house, or flicked through countless TV channels, today’s teens say they’ll sometimes open and close up to 20-30 apps, hoping that something, anything, will catch their attention.

“When I’m bored while I’m on my phone and I’m switching between different apps... I’m just searching for something to do,” said Addie, a 15-year-old in Long Island. “It’s like walking around your house in circles.” Often, they’ll find nothing on their phone entertaining and simply zone out and daydream.

To a parent or the casual observer, a phone-bored teen may appear engaged. After all, they’re on their phone, which many people consider an inherently engaging activity. In reality, they’re bored out of their mind.

“I can be in my bed for hours on my phone, and that’s me being bored,” said Maxine Marcus, a 17-year-old and founder of The Ambassadors Company, a teen consulting business. “You think that we’re so entertained because we’re on our phones all the time, but just because we’re on it, doesn’t mean we’re engaged or excited. I get bored on my phone all the time.

“When you’re bored on your phone, you’re just sitting with your own thoughts. You’re on it, but it’s just an action so your brain still goes wherever it wants to go. You get bored and you start thinking and daydreaming,” she added.

It’s important to note that the majority of time users spend on their phones, they spend engaged. Tech companies go to exorbitant lengths to keep users active and attentive. If you’re posting photos, liking, commenting, reading, or watching something on your phone, you’re not phone bored.

Phone boredom hits when you’ve cycled through everything there is to do on your device and you’re left feeling stranded.

Sarah, a 14-year-old in New York, describes it this way: “I’ll go on Insta and it’s just people all talking about the same things. I’m like, I already heard that or I already saw that. It’s like, when you’ve seen everything there is to see in your Insta feed or on the internet. We see the same lip gloss, the same eyebrow style, the same meme like 14 times. It all gets old and then you get bored.”

“Sometimes I feel like I’ve seen everything there is to see on the internet,” echoed Violet, a 15-year-old in the U.K. “I’ll circle around on different sites or apps. Sometimes I feel like I’ve reached the end of the internet, I’ll just watch the same videos on YouTube until eventually I’m so bored I start clicking random things on my phone.”

Arianna, a 14-year-old in Florida said she thinks phone boredom disproportionately strikes teens, since she and others like her have grown up with social media and mobile phone technology.

She said she got her first phone in 6th grade and after a few months it began to get old.

“When you first get social media your first initial thoughts are like, whoa this is so cool, you’re commenting, liking, following pages, interacting, you’re not bored and it’s a great distraction. Over time you get used to the feeling and scrolling and viewing people’s pics and posts and stories, and that makes you feel bored after a while,” she said. “You start looking for other things to do or just letting your mind wander.”

There are several ways to relieve phone boredom.

Obviously the most simple solution would be to log off, put your phone away and, as parents love to say, “go outside.” And many teens do just that or get involved in other offline projects.

Sarah said she got so bored by her phone once that she logged off and made some taglines for her grandfather’s ribbon company, one of which got used by the company in a national magazine ad.

But often, phone-bored teens seek a solution on their phones themselves. Like anyone, they’ll text and hit up friends, post in group chat, or come up with weird, new creative projects to excite their mind. This could take the form of a new themed Instagram or Twitter account, or creating elaborate new types of memes.

Maddie, a 15-year-old in Texas, said she started her popular meme page while deep in the midst of phone boredom.

“I was just refreshing my personal Instagram account over and over like, I’m so bored I hate this, I want to find a new community to get into,” she said. She eventually set up a new meme page, and “found new topics and people and ideas to explore” so that she was no longer bored.

Other teens spoke about creating art on their phones, or making video or music remixes using various apps in order to alleviate phone boredom.

There is, however, a fine line between phone boredom and engaging in the type of unhealthy behavior on social media that can leave users feeling depressed and drained. This behavior includes the type of mindless scrolling that can lead to boredom and according to Facebook, encompasses browsing un-meaningful content without engaging. As groups like the “time well spent” movement gain traction even Facebook itself is working to revamp its product to create more “meaningful social interactions” and curb borderline phone boredom.

But Arianna and other teens said that they hate when parents tell them that the amount of time they’re spending on their phone is unhealthy. She admitted that, yes, sometimes she’s not using her phone in the most productive way, but she said that it has also opened up an entire new world and brought “so much good stuff” into her life.

When she gets phone bored, zones out and stares at her screen, she doesn’t freak out about it. “Older people don’t really like technology, they’re always trying to put it down or not accept it,” she said.

“It’s so important that older generations realize we are not just obsessed with our phones, it’s so much more than that,” she added. “Older people think that our world will end because we have all this access to social media and technology that our minds are going to stop evolving or something. I’ve heard that many times. It’s not true at all.”

As any parent or school teacher can tell you, teens aren’t just phone bored, they also experience all the more traditional types of boredom too.

Adam Perkins, a researcher and lecturer in the Department of Psychological Medicine at King’s College in London, said that phone boredom may even be a good thing sometimes. He said that it could potentially stop children from engaging in more destructive thought patterns or daydreaming, which can lead to unhappiness.

He also cautioned worried adults from jumping to conclusions about smartphones ruining kids’ brains. Certainly technology can be addictive and has certain undeniable effects, but are those worse than things previous generations dealt with? Debatable.

“Evolution takes a long time to catch up with technology,” Perkins said. “Smartphones came out 10 years ago, it’s not enough time to change kids’ evolution of their brains… I think I’m quite optimistic about the benefits of smartphones, they’re a good thing.”

“Boredom should be redefined with our generation,” Marcus said. “Boredom is not what it used to be because tech is so involved. But I still get bored all the time.”

Ingrid, a 16-year-old in Minnesota agreed. “Each generation has their own thing,” she said. “Older people criticize us because phones were not the way they got distracted, so there’s a generational bias.”

“Boredom might not manifest itself in the same way it did when my parents were kids, but it definitely still happens to us,” said Addie a 15-year-old in Long Island. “Online, we’re constantly connected but we’re still bored. But I still put my phone down, I still read books.”
https://www.thedailybeast.com/genera...y-the-internet





'Being Cash-Free Puts Us at Risk of Attack': Swedes Turn Against Cashlessness

Sweden’s central bank governor has called for public control over its payment system. Others say a fully digital system is vulnerable to fraud and attack
David Crouch

It is hard to argue that you cannot trust the government when the government isn’t really all that bad. This is the problem facing the small but growing number of Swedes anxious about their country’s rush to embrace a cash-free society.

Most consumers already say they manage without cash altogether, while shops and cafes increasingly refuse to accept notes and coins because of the costs and risk involved. Until recently, however, it has been hard for critics to find a hearing.

“The Swedish government is a rather nice one, we have been lucky enough to have mostly nice ones for the past 100 years,” says Christian Engström, a former MEP for the Pirate Party and an early opponent of the cashless economy.

“In other countries there is much more awareness that you cannot trust the government all the time. In Sweden it is hard to get people mobilised.”

There are signs this might be changing. In February, the head of Sweden’s central bank warned that Sweden could soon face a situation where all payments were controlled by private sector banks.

The Riksbank governor, Stefan Ingves, called for new legislation to secure public control over the payments system, arguing that being able to make and receive payments is a “collective good” like defence, the courts, or public statistics.

“Most citizens would feel uncomfortable to surrender these social functions to private companies,” he said.

“It should be obvious that Sweden’s preparedness would be weakened if, in a serious crisis or war, we had not decided in advance how households and companies would pay for fuel, supplies and other necessities.”

The central bank governor’s remarks are helping to bring other concerns about a cash-free society into the mainstream, says Björn Eriksson, 72, a former national police commissioner and the leader of a group called the Cash Rebellion, or Kontantupproret.

Until now, Kontantupproret has been dismissed as the voice of the elderly and the technologically backward, Eriksson says.

“When you have a fully digital system you have no weapon to defend yourself if someone turns it off,” he says.

“If Putin invades Gotland [Sweden’s largest island] it will be enough for him to turn off the payments system. No other country would even think about taking these sorts of risks, they would demand some sort of analogue system.”

In this sense, Sweden is far from its famous concept of lagom – “just the right amount” – but instead is “100% extreme”, Eriksson says, by investing so much faith in the banks. “This is a political question. We are leaving these decisions to four major banks who form a monopoly in Sweden.”

No system based on technology is invulnerable to glitches and fraud, says Mattias Skarec, 29, a digital security consultant. Yet Sweden is divided into two camps: the first says “we love the new technology”, while the other just can’t be bothered, Skarec says. “We are naive to think we can abandon cash completely and rely on technology instead.”

Skarec points to problems with card payments experienced by two Swedish banks just during the past year, and by Bank ID, the digital authorisation system that allows people to identify themselves for payment purposes using their phones.

Fraudsters have already learned to exploit the system’s idiosyncrasies to trick people out of large sums of money, even their pensions.

The best case scenario is that we are not as secure as we think, Skarec says – the worst is that IT infrastructure is systemically vulnerable.

“We are lucky that the people who know how to hack into them are on the good side, for now,” he says. “But we don’t know how things will progress. It’s not that easy to attack devices today, but maybe it will become easier to do so in the future.”

The banks recognise that digital payments can be vulnerable, just like cash.

“Of course there are people trying to abuse them, but they are no more vulnerable than any other method of payment,” says Per Ekwall, a spokesperson for Swish, the immensely popular mobile payments system owned by Sweden’s banks.

“From a macro perspective Swish has made it safer, and cheaper,” he says. There is little point in fighting a trend that customers themselves are driving, the banks argue.

But an opinion poll this month revealed unease among Swedes, with almost seven out of 10 saying they wanted to keep the option to use cash, while just 25% wanted a completely cashless society. MPs from left and right expressed concerns at a recent parliamentary hearing. Parliament is conducting a cross-party review of central bank legislation that will also investigate the issues surrounding cash.

The Pirate Party – which made its name in Sweden for its opposition to state and private sector surveillance – welcomes a higher political profile for these issues.

Look at Ireland, Christian Engström says, where abortion is illegal. It is much easier for authorities to identify Irish women who have had an abortion if the state can track all digital financial transactions, he says. And while Sweden’s government might be relatively benign, a quick look at Europe suggests there is no guarantee how things might develop in the future.

“If you have control of the servers belonging to Visa or MasterCard, you have control of Sweden,” Engström says.

“In the meantime, we will have to keep giving our money to the banks, and hope they don’t go bankrupt – or bananas.”
https://www.theguardian.com/world/20...t-cashlessness





Suit to Let Researchers Break Website Rules Wins a Round
Joe Uchill

Anyone following Facebook’s recent woes with Cambridge Analytica might be surprised to hear that there's a civil liberties argument for swiping data from websites, even while violating their terms of service. In fact, there's a whole world of situations where that thinking could apply: bona fide academic research.

What's new: On Friday, a judge in a D.C. federal court ruled that an American Civil Liberties Union-backed case trying to guarantee researchers the ability to break sites' rules without being arrested could move forward, denying a federal motion to dismiss.

"What we’re talking about here is research in the public interest, finding out if there is discrimination,” Esha Bhandari, an ACLU attorney representing the academics, told Axios.

The details: A handful of researchers and First Look Media (which operates The Intercept and other sites) would like to use bots and create dummy accounts to test the behavior of employment and real estate websites.

• The researchers are studying whether machine-learning algorithms on employment and real estate websites might have developed gender or racial bias. To do that, they would set up multiple similar accounts, changing only minority or gender status between them, and apply for jobs or housing.
• That might violate the sites’ terms of service — and doing so, some courts have ruled, constitutes a violation of the Computer Fraud and Abuse Act (CFAA), the major U.S. anti-hacking law.

Why it matters: Knowing whether or not websites are biased against women and minorities is a public good. But sites aren’t always eager to help researchers reach those kinds of conclusions about them. The Department of Justice is not currently using the CFAA to bludgeon researchers who expose discrimination online. But that’s only by internal policy. Without courts clarifying the law (or legislators changing it), that threat could hang over researchers and their work.

The decision: Judge John D. Bates denied the Justice Department’s argument that the researchers had no guaranteed legal right to access data on a publicly visible website.

Why this outrages people less than Cambridge Analytica: The results of the study will be for public consumption. And — obviously — no data will be used to target ads.

What the case doesn’t decide: The CFAA is not the only impediment to this kind of research. Many academic publishers bar studies that depend on data accessed in violation of terms of service. Without a place to publish, there’s often no incentive to do the research.

• Terms of service can defend sites' intellectual property and user privacy, but can also be used to protect a site's reputation and hide misbehavior. The CFAA allows for civil lawsuits, and a company could sue researchers producing research it doesn't like. The civil aspects of the law are not part of this case.

https://www.axios.com/suit-to-let-re...9b29d7220.html





They Tried to Boycott Facebook, Apple and Google. They Failed.
Jack Nicas

Ryan Knight, a Democratic activist in Los Angeles, called for a boycott of Apple in February because it hadn’t responded to calls to delete a channel from the National Rifle Association from its streaming-video service after the Parkland, Fla., school shooting.

“Dear @Apple,” Mr. Knight wrote on Twitter. “Your silence is deafening. #BoycottApple.” More than 330 accounts retweeted the message.

How did Mr. Knight post the message? He used an iPhone.

As the reach and influence of Silicon Valley’s tech giants have increased, so have the calls to boycott their products and services. The problem is that pulling off a boycott is not exactly easy: The tech companies’ products are so pervasive that they are difficult to avoid.

That issue was crystallized in recent weeks with Facebook. Hundreds of people deleted their accounts after revelations that the political-data firm Cambridge Analytica had improperly harvested the information of 50 million Facebook users. Yet many of those same people promptly instructed their friends to find them on Instagram, which is owned by — you guessed it — Facebook.

“It’s exactly the same company. I realize it’s ridiculous,” said Sachi Cunningham, a documentary filmmaker in San Francisco who deactivated her Facebook last week and shifted her attention to Instagram, where, she said, the conversation is less toxic.

Ms. Cunningham, who has freelanced for The New York Times, added that she had immediately begun missing Facebook as a research tool for her documentaries. “I don’t know if I can get out of the ecosystem,” she said.

People looking to punish major tech companies by abstaining from their products have been bedeviled time and again by the difficulty in escaping them. After Google fired an engineer, James Damore, for criticizing the company’s diversity efforts last year, hundreds of people on social media called for a boycott of the company. But an analysis of nearly 7,000 tweets using the hashtag #BoycottGoogle since August showed that 26 percent of the tweets came from devices using Google’s Android software, according to Keyhole, a social-media research firm.

One Twitter account named Milton Prescott tweeted on Aug. 8: “Google’s firing of James Damore proves his point completely. I will no longer be using Google for any services. #BoycottGoogle.” The tweet came from an Android device. A message to the account went unreturned.

Google's firing of James Damore proves his point completely. I will no longer be using Google for any services.#BoycottGoogle
— Milton Prescott (@milton_prescott) Aug. 8, 2017

Even Breitbart is running into the same dilemma. The conservative website is planning to host a panel on how tech platforms like Facebook suppress conservative voices — and it said it would livestream the discussion on Facebook. Breitbart didn’t respond to a request for comment.

Marisa Richardson, a program manager at a life-sciences company, said she began boycotting Amazon recently after learning that it offered the NRA channel on its streaming-video service. So when she needed laundry detergent, she avoided the e-commerce site and instead braved the crowds and traffic — and spent a few dollars more — at a nearby Target.

But a few days later she shopped at the Whole Foods near her home in Oakland, Calif. “I completely forgot that they’re owned by Amazon,” she said.

After the shooting in Parkland in February, gun-control activists called for a boycott of certain Apple and Amazon services because they hosted the NRA channel.

People used the hashtag #March1NRABoycott to spread the message on social media. An analysis of about 58,500 tweets with the hashtag showed that nearly half came from an iPhone or an iPad, according to Keyhole. Those included popular tweets using the #March1NRABoycott hashtag from the actress Alyssa Milano.

TODAY#march1NRABoycott https://t.co/YtIMtAVL99
— Alyssa Milano (@Alyssa_Milano) March 1, 2018

“Had I sent the same tweets from an Android phone, the same issue would apply. There is an NRATV app for Android phones,” Ms. Milano said through a spokeswoman. “We are only just beginning to understand how these companies have infiltrated not only our ideologies, but also our lives in the most in-depth way imaginable.”

Nearly a third of the 4,700 tweets using the #BoycottApple hashtag since August came from iPhones, according to Keyhole.

“I do have an iPhone, but as a customer of Apple’s, am I not allowed to hold them accountable?” Mr. Knight, the activist who used an iPhone to call for an Apple boycott, said in an interview.

Eddy Cue, a senior executive at Apple, recently said that the NRA channel didn’t violate the company’s policies. Facebook, Google and Amazon didn’t respond to requests for comment.

Many of those who recently abandoned their Facebook accounts are still in the company’s orbit, not only with Instagram but also with the company’s popular messaging apps WhatsApp and Messenger.

When Cher recently deleted her Facebook page, she said on Twitter, “2day I did something VERY HARD 4 me.” But her Instagram account, with 768,000 followers, was still active.

Likewise, Elon Musk, chief executive of SpaceX and Tesla, deleted the Facebook pages of both companies — but left their pages and his personal account active on Instagram. The photo-sharing platform, he said on Twitter, is fine “so long as it stays fairly independent.”

Instagram’s probably ok imo, so long as it stays fairly independent. I don’t use FB & never have, so don’t think I’m some kind of martyr or my companies are taking a huge blow. Also, we don’t advertise or pay for endorsements, so … don’t care.
— Elon Musk (@elonmusk) March 23, 2018

Stephen Cox, 39, a woodworker in Los Angeles, recently posted on Facebook that he was deactivating his account in favor of Instagram. When someone commented that the two sites were owned by the same company, he replied, “It’s a double-edged sword, but for me one edge is slightly more blunt than the other.”

Instagram has proved an effective hedge for Facebook against people losing interest or trust in its main site. While the percentage of American adults who use Facebook has remained flat at 68 percent since 2016, according to a January survey of 2,002 American adults by the Pew Research Center, Instagram use rose to 35 percent from 28 percent over that period. Instagram is also more popular with younger people than older people, according to the survey.

Rayven Bruzzese, 26, a sign-language student in Philadelphia, said she had been a frequent user of Facebook for years but deleted her account in March because she found it upsetting and a drain on her time. Now she spends her time on Instagram.

While she acknowledged the irony of moving to another Facebook-owned service, she said her options were limited. Few of her friends are on Twitter, and many have stopped using Snapchat.

“Where am I supposed to go?” she said. “I wish there was something else.”
https://www.nytimes.com/2018/04/01/b...le-failed.html





Europe is Dealing with Facebook in a Way the U.S. Hasn't
Christopher Brennan

Facebook’s efforts to save face over its data policy may be less about responding to outrage and more because it has been forced to by European lawmakers who tackled the digital economy when the U.S. wouldn’t.

Critics have called on Facebook for more transparency — and additional regulation from Congress — since the Cambridge Analytica scandal, where a consulting firm that worked with President Trump was able to harvest the data of 50 million users, many without their consent.

Founder Mark Zuckerberg blamed old policies for the scandal, and the California-based tech giant offered its own solution this week by announcing that it will make privacy tools for users easier to find and give users a means of controlling how their data is used.

Facebook said the changes came after it heard the digital yells of its billions of users, though the measures it proposes are in line with privacy demands from the European Union that must be implemented in the coming months.

Nine million New Yorkers victims of data breach in 2017, AG says

The EU’s General Data Protection Regulation, a vast and wide-reaching law about data and people's rights online, will come into effect in late May, and affect any company that handles the data of Europeans, including those based in the U.S.

Central parts of the law for individuals include a requirement that sites such as Facebook explain what data they are collecting in clear, non-lawyer terms, the right to erase one’s data and “purpose limitation” that restricts data from being used for anything other than what it was originally collected for, such as location data on Google Maps being used only to help someone get from A to B.

Data violations were previously punishable by smaller fines, though the new law will allow authorities to wallop companies for up to 4% of global annual turnover — in Facebook's case, more than $1 billion.

Also importantly, according to groups such as the privacy and data protection organization European Digital Rights (EDRi), it helps acknowledge a set of rights for people in the relatively lawless online world dominated by a small number of multinational companies.

“Ideally in 10 or 20 years from now all of the standards we have we’ll ask ‘How did we not have this before?’ I think that’s the next generation question, them saying ‘I heard about Cambridge Analytica in a history book, that’s crazy,’” said Diego Naranjo, a Spanish policy adviser to EDRi at its office in Brussels.

GDPR faces uncertainty about what it will look like when it is implemented and enforced by national governments in Berlin, Paris or Rome.

A common counterargument is that more regulation will stifle innovation and deter newcomers lacking the army of lawyers employed by big tech firms.

The law, which applies to governments as well as businesses, also makes a distinction for sensitive personal data, including someone's religion, political views and health. It is not clear how precise platforms such as Facebook will be in allowing users to control the data that is the center of its business model.

The law, which applies to governments as well as businesses, makes a distinction for sensitive personal data, including someone's religion, political views and health. It is not clear how precise platforms such as Facebook will be in allowing users to control the data that is the center of its business model.

The social media platform did not reply to a question about what the controls will look like, though said in a statement that “We'll make sure Facebook's products and services comply with the GDPR” and pointed to a speech from COO Sheryl Sandberg that her company would go beyond what's required in the law.

Facebook also did not answer a question about whether it would make its entire platform compliant with the new regulation or have different standards for Europe and for users in countries such as the United States, where there is no general data law.

The Obama administration made multiple attempts for a "Consumer Privacy Bill of Rights" that fizzled in Congress, and many data issues, such as an investigation into Facebook and Cambridge Analytica, are handled by the Federal Trade Commission rather than a specific data authority like those in Europe.

“One model is the U.S. model where you don't really have a data protection law and then the best example of a comprehensive data law is GDPR,” said Amba Kak, a policy fellow for Mozilla who is advocating for the passage of a data protection law in India.

A committee in India is currently drafting a law and looking at other countries for examples, though the leadership the U.S. has shown in creating technologies has been lacking when it comes to developing proper guidelines for the technology's use.

Dr. Brent Mittelstadt, a researcher at the Oxford Internet Institute, said that some mixture of self-regulation and state regulation is necessary to avoid situations such as with Cambridge Analytica, where users' data was unknowingly used for political purposes.

“You can't take the benefits of self-regulation and simultaneously make the claim, ‘Hey we were operating within the confines of the law, sorry if you have a problem with it,’” he said.

Experts say the tougher laws may be necessary because the average person should not have to be a techie to know that their data is safe online.

“When you use the elevator you were not checking the safety regulations for people who make elevators, you were just pressing the button and going in. That should be the same thing for the rest of our technologies,” Naranjo said.
http://www.nydailynews.com/news/worl...icle-1.3904827





It's Not Just Facebook. Thousands of Companies are Spying on You
Bruce Schneier

In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos, things we type and delete without posting, and things we do while not on Facebook and even when we're offline. It buys data about us from others. And it can infer even more: our sexual orientation, political beliefs, relationship status, drug use, and other personality traits -- even if we didn't take the personality test that Cambridge Analytica developed.

But for every article about Facebook's creepy stalker behavior, thousands of other companies are breathing a collective sigh of relief that it's Facebook and not them in the spotlight. Because while Facebook is one of the biggest players in this space, there are thousands of other companies that spy on and manipulate us for profit.

Harvard Business School professor Shoshana Zuboff calls it "surveillance capitalism." And as creepy as Facebook is turning out to be, the entire industry is far creepier. It has existed in secret far too long, and it's up to lawmakers to force these companies into the public spotlight, where we can all decide if this is how we want society to operate and -- if not -- what to do about it.

There are 2,500 to 4,000 data brokers in the United States whose business is buying and selling our personal data. Last year, Equifax was in the news when hackers stole personal information on 150 million people, including Social Security numbers, birth dates, addresses, and driver's license numbers.

You certainly didn't give it permission to collect any of that information. Equifax is one of those thousands of data brokers, most of them you've never heard of, selling your personal information without your knowledge or consent to pretty much anyone who will pay for it.

Surveillance capitalism takes this one step further. Companies like Facebook and Google offer you free services in exchange for your data. Google's surveillance isn't in the news, but it's startlingly intimate. We never lie to our search engines. Our interests and curiosities, hopes and fears, desires and sexual proclivities, are all collected and saved. Add to that the websites we visit that Google tracks through its advertising network, our Gmail accounts, our movements via Google Maps, and what it can collect from our smartphones.

That phone is probably the most intimate surveillance device ever invented. It tracks our location continuously, so it knows where we live, where we work, and where we spend our time. It's the first and last thing we check in a day, so it knows when we wake up and when we go to sleep. We all have one, so it knows who we sleep with. Uber used just some of that information to detect one-night stands; your smartphone provider and any app you allow to collect location data knows a lot more.

Surveillance capitalism drives much of the internet. It's behind most of the "free" services, and many of the paid ones as well. Its goal is psychological manipulation, in the form of personalized advertising to persuade you to buy something or do something, like vote for a candidate. And while the individualized profile-driven manipulation exposed by Cambridge Analytica feels abhorrent, it's really no different from what every company wants in the end. This is why all your personal information is collected, and this is why it is so valuable. Companies that can understand it can use it against you.

None of this is new. The media has been reporting on surveillance capitalism for years. In 2015, I wrote a book about it. Back in 2010, the Wall Street Journal published an award-winning two-year series about how people are tracked both online and offline, titled "What They Know."

Surveillance capitalism is deeply embedded in our increasingly computerized society, and if the extent of it came to light there would be broad demands for limits and regulation. But because this industry can largely operate in secret, only occasionally exposed after a data breach or investigative report, we remain mostly ignorant of its reach.

This might change soon. In 2016, the European Union passed the comprehensive General Data Protection Regulation, or GDPR. The details of the law are far too complex to explain here, but some of the things it mandates are that personal data of EU citizens can only be collected and saved for "specific, explicit, and legitimate purposes," and only with explicit consent of the user. Consent can't be buried in the terms and conditions, nor can it be assumed unless the user opts in. This law will take effect in May, and companies worldwide are bracing for its enforcement.

Because pretty much all surveillance capitalism companies collect data on Europeans, this will expose the industry like nothing else. Here's just one example. In preparation for this law, PayPal quietly published a list of over 600 companies it might share your personal data with. What will it be like when every company has to publish this sort of information, and explicitly explain how it's using your personal data? We're about to find out.

In the wake of this scandal, even Mark Zuckerberg said that his industry probably should be regulated, although he's certainly not wishing for the sorts of comprehensive regulation the GDPR is bringing to Europe.

He's right. Surveillance capitalism has operated without constraints for far too long. And advances in both big data analysis and artificial intelligence will make tomorrow's applications far creepier than today's. Regulation is the only answer.

The first step to any regulation is transparency. Who has our data? Is it accurate? What are they doing with it? Who are they selling it to? How are they securing it? Can we delete it? I don't see any hope of Congress passing a GDPR-like data protection law anytime soon, but it's not too far-fetched to demand laws requiring these companies to be more transparent in what they're doing.

One of the responses to the Cambridge Analytica scandal is that people are deleting their Facebook accounts. It's hard to do right, and doesn't do anything about the data that Facebook collects about people who don't use Facebook. But it's a start. The market can put pressure on these companies to reduce their spying on us, but it can only do that if we force the industry out of its secret shadows.
https://www.cnn.com/2018/03/26/opini...ier/index.html





A Radical Proposal to Keep Your Personal Data Safe

The surveillance imposed on us today is worse than in the Soviet Union. We need laws to stop this data being collected in the first place
Richard Stallman

Journalists have been asking me whether the revulsion against the abuse of Facebook data could be a turning point for the campaign to recover privacy. That could happen, if the public makes its campaign broader and deeper.

Broader, meaning extending to all surveillance systems, not just Facebook. Deeper, meaning to advance from regulating the use of data to regulating the accumulation of data. Because surveillance is so pervasive, restoring privacy is necessarily a big change, and requires powerful measures.

The surveillance imposed on us today far exceeds that of the Soviet Union. For freedom and democracy’s sake, we need to eliminate most of it. There are so many ways to use data to hurt people that the only safe database is the one that was never collected. Thus, instead of the EU’s approach of mainly regulating how personal data may be used (in its General Data Protection Regulation or GDPR), I propose a law to stop systems from collecting personal data.

The robust way to do that, the way that can’t be set aside at the whim of a government, is to require systems to be built so as not to collect data about a person. The basic principle is that a system must be designed not to collect certain data, if its basic function can be carried out without that data.

Data about who travels where is particularly sensitive, because it is an ideal basis for repressing any chosen target. We can take the London trains and buses as a case for study.

The Transport for London digital payment card system centrally records the trips any given Oyster or bank card has paid for. When a passenger feeds the card digitally, the system associates the card with the passenger’s identity. This adds up to complete surveillance.

I expect the transport system can justify this practice under the GDPR’s rules. My proposal, by contrast, would require the system to stop tracking who goes where. The card’s basic function is to pay for transport. That can be done without centralising that data, so the transport system would have to stop doing so. When it accepts digital payments, it should do so through an anonymous payment system.

Frills on the system, such as the feature of letting a passenger review the list of past journeys, are not part of the basic function, so they can’t justify incorporating any additional surveillance.

These additional services could be offered separately to users who request them. Even better, users could use their own personal systems to privately track their own journeys.

Black cabs demonstrate that a system for hiring cars with drivers does not need to identify passengers. Therefore such systems should not be allowed to identify passengers; they should be required to accept privacy-respecting cash from passengers without ever trying to identify them.

However, convenient digital payment systems can also protect passengers’ anonymity and privacy. We have already developed one: GNU Taler. It is designed to be anonymous for the payer, but payees are always identified. We designed it that way so as not to facilitate tax dodging. All digital payment systems should be required to defend anonymity using this or a similar method.

What about security? Such systems in areas where the public are admitted must be designed so they cannot track people. Video cameras should make a local recording that can be checked for the next few weeks if a crime occurs, but should not allow remote viewing without physical collection of the recording. Biometric systems should be designed so they only recognise people on a court-ordered list of suspects, to respect the privacy of the rest of us. An unjust state is more dangerous than terrorism, and too much security encourages an unjust state.

The EU’s GDPR regulations are well-meaning, but do not go very far. It will not deliver much privacy, because its rules are too lax. They permit collecting any data if it is somehow useful to the system, and it is easy to come up with a way to make any particular data useful for something.

The GDPR makes much of requiring users (in some cases) to give consent for the collection of their data, but that doesn’t do much good. System designers have become expert at manufacturing consent (to repurpose Noam Chomsky’s phrase). Most users consent to a site’s terms without reading them; a company that required users to trade their first-born child got consent from plenty of users. Then again, when a system is crucial for modern life, like buses and trains, users ignore the terms because refusal of consent is too painful to consider.

To restore privacy, we must stop surveillance before it even asks for consent.

Finally, don’t forget the software in your own computer. If it is the non-free software of Apple, Google or Microsoft, it spies on you regularly. That’s because it is controlled by a company that won’t hesitate to spy on you. Companies tend to lose their scruples when that is profitable. By contrast, free (libre) software is controlled by its users. That user community keeps the software honest.
https://www.theguardian.com/commenti...h-surveillance





Here’s How To Plug One Of The Biggest Privacy Holes In The Internet

An upgrade to DNS, the internet’s address book, would make it harder for ISPs to know where you surf, and for hackers to hijack your traffic.
Sean Captain

Last March, Congress gave internet service providers the green light to collect user data–without their consent–when it abolished an FCC regulation aimed at strengthening internet privacy. While a few states are struggling to enact their own ISP privacy laws, private companies, academics, and nonprofits are coming up with technical workarounds that would diminish the ability of ISPs to eavesdrop on their customers.

Two new projects have just launched that seek to do that by upgrading DNS, the internet’s address book, so ISPs can’t easily see what web page you’re navigating to. The projects will also make everyone safer from hackers who want to hijack your web traffic. Today, Mozilla and Cloudflare fired up a privacy remedy using a new encrypted version of DNS. Meanwhile, researchers at Princeton have proposed another DNS tweak to further obfuscate your surfing.

Patching The Internet’s Leaky Plumbing

DNS, the domain name system, translates easy-to-remember addresses of websites, like Google.com, to the numerical representations (IP addresses) that the internet uses, such as 172.217.7.196. You’re automatically connected to an ISP’s own DNS server when you log on to a home router or public hotspot, or when your cell phone connects to the network. In the process, the ISP gets a log of everywhere you go online.

But you can plug the IP address of a different DNS server into your computer’s or phone’s operating system. Google, for instance, operates a free DNS service at IP address 8.8.8.8 that’s helped people get online when repressive regimes try to thwart connectivity by sabotaging other DNS servers.

Now Cloudflare is launching a free, privacy-focused DNS at the address 1.1.1.1, and it’s partnering with Mozilla to support an encrypted connection bwith the Firefox web browser. Cloudflare is one of the big content delivery networks that sit between websites and the open internet, shielding them from cyberattacks and speeding up delivery of their content. But 1.1.1.1 is available to any user or site, not just Cloudflare customers.

Setting It Up

You first need to set your device to use Cloudflare’s DNS servers. The company provides instruction videos on the service’s landing page for the Windows, macOS, Android, and iOS operating systems. Even taking this step will provide a modicum of privacy. In bypassing your ISP’s DNS servers, it won’t be collecting your page requests automatically.

For better security, you need to set up an encrypted connection between Cloudflare and your web browser or app, using a new technology standard called DNS over HTTPS. Like the encrypted connection that protects data you exchange with your bank’s website, this new tech encrypts the identity of the site you are visiting. Firefox is the first major web browser to offer this, not in the standard download version, but in the beta versions offered on its site.

An ISP’s routing system does need to know what website to connect your computer to. So it could still sniff out the IP addresses of the pages it delivers to you, look up what sites they belong to, and build a user web-surfing profile. But that requires a lot more work than just reading the logs from its own DNS server.

Who Can You Trust?

“What this system is doing is shifting trust from your ISP to another party. You have to decide if you’d rather trust them instead,” says Nick Feamster, a Princeton computer science professor who specializes in networking technology.

Cloudflare has faced criticism over free-speech absolutism that allows nasty customers like the Daily Stormer, a neo-Nazi site, to use its service. (Cloudflare finally booted the site last year.) But the company also has a positive image for supporting net neutrality and fighting censorship. Its Project Galileo, for instance, protects sites with humanitarian and politically dissenting content from cyberattacks by governments or vigilantes.

“[W]e have to have privacy policies that insure that we will not retain or give away or sell information that we receive from this,” says Cloudflare CEO Matthew Prince. To back that up, Cloudflare is hiring a third-party auditor, KPMG, to certify that it doesn’t keep any of the information about people’s web surfing that passes through its servers.

Feamster says he thinks third-party audits could “add a level of credibility.” So does Ernesto Falcon, legislative counsel at the Electronic Frontier Foundation, a group that tends to be very circumspect in assessing tech companies.

The partnership with the Mozilla Foundation, maker of the Firefox browser, adds another level of cred. “We have a contract, an actual legal agreement,” that Firefox users’ data will not be retained by Cloudflare, says Selena Deckelmann, a senior director of engineering at Mozilla.

So what is Cloudflare getting out of the deal? “The craven business reason that we’re doing this is not around [monetizing customer] data,” says Prince. “The benefit for us is that it makes all of our customers a little bit faster for people who are using [our DNS service].” Cloudflare’s DNS service is currently ranked as the world’s fastest, according to analytics site DNSPerf.

“When you’re running a [content delivery network] it’s super helpful to run the DNS as well,” says Feamster. “It totally makes sense why they would benefit and why they would have no need to keep [customer data] and sell it for advertising.”

Nevertheless, Feamster would prefer that no one have even the capability to know what web pages people are requesting. He’s just introduced a proposed fix, called Oblivious DNS, that keeps everyone in the dark. It’s rather hairy to explain, but the upshot is that it uses a further layer of encryption to separate the IP address of the person requesting a web page from the address of the actual page they are requesting. No single party could connect the two bits of information. Oblivious DNS would be compatible with what Cloudflare and Mozilla are doing, says Feamster, as another layer of security.

“It’s exciting to see that Cloudflare is the one that is going ahead and building this,” says Erica Portnoy, staff technologist at EFF. “What would be great to see is every DNS [service] starting doing something to protect [users].”

The DNS-over-HTTPS technology is not exclusive to Cloudflare and Mozilla. It’s an evolving technical standard that anyone can adopt, and it would boost security for the entire internet.

The decades-old DNS system wasn’t designed with security in mind. “By default, all your DNS queries are sent over an unencrypted connection,” says Prince, “which means the hotel you’re staying in, the coffee shop your surfing the web from, your ISP, anyone who’s on the line can see every site that you’re visiting.” That means hackers listening in on the network can intercept DNS requests and modify the results to direct you somewhere you hadn’t intended, such as a website hosting malware.

“This is one of the biggest security holes that we’ve been trying to patch for 20 or 30 years,” says EFF’s Portnoy, expressing enthusiasm for DNS over HTTPS. “This is finally something that might actually work, which is honestly amazing.”
https://www.fastcompany.com/40551457...n-the-internet





FBI Could Have Gotten Into the San Bernardino Shooter’s iPhone, But Leadership Didn’t Say That
Nate Cardozo and Andrew Crocker

The Department of Justice’s Office of the Inspector General (OIG) last week released a new report that supports what EFF has long suspected: that the FBI’s legal fight with Apple in 2016 to create backdoor access to a San Bernardino shooter’s iPhone was more focused on creating legal precedent than it was on accessing the one specific device.

The report, called a “special inquiry,” details the FBI’s failure to be completely forthright with Congress, the courts, and the American public. While the OIG report concludes that neither former FBI Director James Comey, nor the FBI officials who submitted sworn statements in court had “testified inaccurately or made false statements” during the roughly month-long saga, it illustrates just how close they came to lying under oath.

From the onset, we suspected that the FBI’s primary goal in its effort to access to an iPhone found in the wake of the December 2015 mass shootings in San Bernardino wasn’t simply to unlock the device at issue. Rather, we believed that the FBI’s intention with the litigation was to obtain legal precedent that it could compel Apple to sabotage its own security mechanisms. Among other disturbing revelations, the new OIG report confirms our suspicion: senior leaders within the FBI were “definitely not happy” when the agency realized that another solution to access the contents of the phone had been found through an outside vendor and the legal proceeding against Apple couldn’t continue.

By way of digging into the OIG report, let’s take a look at the timeline of events:

• December 2, 2015: a shooting in San Bernardino results in the deaths of 14 people, including the two shooters. The shooters destroy their personal phones but leave a third phone—owned by their employer—untouched.

• February 9, 2016: Comey testifies that the FBI cannot access the contents of the shooters’ remaining phone.

• February 16, 2016: the FBI applies for (and Magistrate Judge Pym grants the same day) an application for an order compelling Apple to develop a new method to unlock the phone.

As part of that application, the FBI Supervisory Special Agent in charge of the investigation of the phone swears under oath that the FBI had “explored other means of obtaining [access] . . . and we have been unable to identify any other methods feasible for gaining access” other than compelling Apple to create a custom, cryptographically signed version of iOS to bypass a key security feature and allow the FBI to access the device.

At the same time, according to the OIG report, the chief of the FBI’s Remote Operations Unit (the FBI’s elite hacking team, called ROU) knows “that one of the vendors that he worked closely with was almost 90 percent of the way toward a solution that the vendor had been working on for many months.”

Let’s briefly step out of the timeline to note the discrepancies between what the FBI was saying in early 2016 and what they actually knew. How is it that senior FBI officials testified that the agency had no capability to access the contents of the locked device when, the agency’s own premier hacking team knew capability was within reach? Because, according to the OIG report, FBI leadership doesn’t ask the ROU for its help until after testifying that FBI’s techs knew of no way in.

The OIG report concluded that Director Comey didn’t know that his testimony was false at the time he gave it. But it was false, and technical staff in FBI’s own ROU knew it was false.

Now, back to the timeline:

• March 1, 2016: Director Comey again testifies that the FBI has been unable to access the contents of the phone without Apple’s help. Before the government applied for the All Writs Act order on February 11, Comey notes there were “a whole lot of conversations going on in that interim with companies, with other parts of the government, with other resources to figure out if there was a way to do it short of having to go to court.”

In response to a question from Rep. Daryl Issa whether Comey was “testifying today that you and/or contractors that you employ could not achieve this without demanding an unwilling partner do it,” Comey replies “Correct.”

• March 16, 2016: An outside vendor for the FBI completes its work on an exploit for the model in question, building on the work that, as of February 16, the ROU knew to be 90% complete.

The head of the FBI’s Cryptologic and Electronics Analysis Unit (CEAU)—the unit whose initial inability to access the phone led to the FBI’s sworn statements that the Bureau knew of no method to do so—is pissed that others within FBI are even trying get into the phone without Apple’s help. In the words of the OIG report, “he expressed disappointment that the ROU Chief had engaged an outside vendor to assist with the Farook iPhone, asking the ROU Chief, ‘Why did you do that for?’”

Why is the CEAU Chief angry? Because it means that the legal battle is over and the FBI won’t be able to get the legal precedent against Apple that it was looking for. Again, the OIG report confirms our suspicions: “the CEAU Chief ‘was definitely not happy’ that the legal proceeding against Apple could no longer go forward” after the ROU’s vendor succeeded.

• March 20, 2016: The FBI’s outside vendor demonstrates the exploit for senior FBI leadership.

• March 21, 2016: On the eve of the scheduled hearing, the Department of Justice notifies the court in California, that, despite previous statements under oath that there were no “other methods feasible for gaining access,” they’ve now somehow found a way.

In response to the FBI’s eleventh-hour revelation, the court cancels the hearing and the legal battle between the FBI and Apple is over for now.

The OIG report comes on the heels of a report by the New York Times that the Department of Justice is renewing its decades-long fight for anti-encryption legislation. According to the Times, DOJ officials are “convinced that mechanisms allowing access to [encrypted] data can be engineered without intolerably weakening the devices’ security against hacking.”

That’s a bold claim, given that for years the consensus in the technical community has been exactly the opposite. In the 90’s, experts exposed serious flaws in proposed systems to give law enforcement access to encrypted data without compromising security, including the Clipper Chip. And, as the authors of the 2015 “Keys Under Doormats” paper put it, “today’s more complex, global information infrastructure” presents “far more grave security risks” for these approaches.

The Department’s blind faith in technologists’ ability to build a secure backdoor on encrypted phones is inspired by presentations by several security researchers as part of the recent National Academy of Sciences (NAS) report on encryption. But the NAS wrote that these proposals were not presented in “sufficient detail for a technical evaluation,” so they have yet to be rigorously tested by other security experts, let alone pass muster. Scientific and technical consensus is always open to challenge, but we—and the DOJ—should not abandon the longstanding view, backed by evidence, that deploying widespread special access mechanisms present insurmountable technical and practical challenges.

The Times article also suggests that even as DOJ officials tout the possibility of secure backdoors, they’re simultaneously lowering the bar, arguing that a solution need not be “foolproof” if it allows the government to catch “ordinary, less-savvy criminals.” The problem with that statement is at least two-fold:

First, according to the FBI, it is the savvy criminals (and terrorists) who present the biggest risk of using encryption to evade detection. By definition, less-savvy criminals will be easier for law enforcement to catch without guaranteed access to encrypted devices. Why is it acceptable to the FBI that the solutions they demand are necessarily incapable of stopping the very harms they claim they most need backdoors in order to stop?

Second, the history in this area demonstrates that “not foolproof” often actually means “completely insecure.” That’s because any system that is designed to allow law enforcement agencies all across the country to expeditiously decrypt devices pursuant to court order will be enormously complex, raising the likelihood of serious flaws in implementation. And, regardless of who holds them, the keys used to decrypt these devices will need to be used frequently, making it even harder to defend them from bad actors. These and other technical challenges mean that the risks of actually deploying an imperfect exceptional access mechanism to millions of phones are unacceptably high. And of course, any system implemented in the US will be demanded by repressive governments around the world.

The DOJ’s myopic focus on backdooring phones at the expense of the devices’ security is especially vexing in light of reports that law enforcement agencies are increasingly able to use commercial unlocking tools to break into essentially any device on the market. And if this is the status quo without mandated backdoor access and as vendors like Apple take steps to harden their devices against hacking, imagine how vulnerable devices could be with a legal mandate. The FBI likes to paint encryption in an apocalyptic light, suggesting that the technology drastically undermines the Bureau’s ability to do its job, but the evidence from the Apple fight and elsewhere is far less stark.
https://www.eff.org/deeplinks/2018/0...ship-didnt-say





Russia Files Lawsuit to Block Telegram Messaging App

Russia’s state communications watchdog said on Friday it had filed a lawsuit to limit access to the Telegram messaging app after the company refused to give Russian state security services access to its users’ secret messages.

Ranked as the world’s ninth most popular mobile messaging app, Telegram is widely used in countries across the former Soviet Union and Middle East. Active users of the app reached 200 million in March.

As part of its services, Telegram allows users to communicate via encrypted messages which cannot be read by third parties, including government authorities.

But Russia’s FSB Federal Security service has said it needs access to some messages for its work, including guarding against terrorist attacks. Telegram has refused to comply with its demands, citing respect for user privacy.

Russia’s Roskomnadzor communications watchdog said it had filed a lawsuit at a Moscow court on Friday “with a request to restrict access on the territory of Russia to the information resources of ... Telegram Messenger Limited Liability Partnership.”

It said the suit was connected to statements by the FSB that Telegram was not complying with its legal obligations as an “organizer of information distribution.”

A spokesman for Telegram did not immediately respond to a request for comment.

Telegram founder and CEO Pavel Durov said on Twitter in March: “Threats to block Telegram unless it gives up private data of its users will not bear fruit. Telegram will stand for freedom and privacy.”

The Russian court decision will be closely watched by investors as Telegram is also undertaking the world’s biggest initial coin offering - a private sale of tokens which could be traded as an alternative currency, similar to Bitcoin or Ethereum.

The company has so far raised $1.7 billion in pre-sales via the offering, according to media reports.

Reporting by Jack Stubbs; Editing by Richard Balmforth
https://www.reuters.com/article/us-r...-idUSKCN1HD143





US Suspects Cellphone Spying Devices in DC
Frank Bajak

For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages.

The use of what are known as cellphone-site simulators by foreign powers has long been a concern, but American intelligence and law enforcement agencies — which use such eavesdropping equipment themselves — have been silent on the issue until now.

In a March 26 letter to Oregon Sen. Ron Wyden, the Department of Homeland Security acknowledged that last year it identified suspected unauthorized cell-site simulators in the nation's capital. The agency said it had not determined the type of devices in use or who might have been operating them. Nor did it say how many it detected or where.

The agency's response, obtained by The Associated Press from Wyden's office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among U.S. police departments. The Federal Communications Commission, which regulates the nation's airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly.

The devices work by tricking mobile devices into locking onto them instead of legitimate cell towers, revealing the exact location of a particular cellphone. More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware.

They can cost anywhere from $1,000 to about $200,000. They are commonly the size of a briefcase; some are as small as a cellphone. They can be placed in a car next to a government building. The most powerful can be deployed in low-flying aircraft.

Thousands of members of the military, the NSA, the CIA, the FBI and the rest of the national-security apparatus live and work in the Washington area. The surveillance-savvy among them encrypt their phone and data communications and employ electronic countermeasures. But unsuspecting citizens could fall prey.

Wyden, a Democrat, wrote DHS in November requesting information about unauthorized use of the cell-site simulators.

The reply from DHS official Christopher Krebs noted that DHS had observed "anomalous activity" consistent with Stingrays in the Washington area. A DHS official who spoke on condition of anonymity because the letter has not been publicly released added that the devices were detected in a 90-day trial that began in January 2017 with equipment from a Las Vegas-based DHS contractor, ESD America.

Krebs, the top official in the department's National Protection and Programs Directorate, noted in the letter that DHS lacks the equipment and funding to detect Stingrays even though their use by foreign governments "may threaten U.S. national and economic security." The department did report its findings to "federal partners" Krebs did not name. That presumably includes the FBI.

The CEO of ESD America, Les Goldsmith, said his company has a relationship with DHS but would not comment further.

Legislators have been raising alarms about the use of Stingrays in the capital since at least 2014, when Goldsmith and other security-company researchers conducted public sweeps that located suspected unauthorized devices near the White House, the Supreme Court, the Commerce Department and the Pentagon, among other locations.

The executive branch, however, has shied away from even discussing the subject.

Aaron Turner, president of the mobile security consultancy Integricell, was among the experts who conducted the 2014 sweeps, in part to try to drum up business. Little has changed since, he said.

Like other major world capitals, he said, Washington is awash in unauthorized interception devices. Foreign embassies have free rein because they are on sovereign soil.

Every embassy "worth their salt" has a cell tower simulator installed, Turner said. They use them "to track interesting people that come toward their embassies." The Russians' equipment is so powerful it can track targets a mile away, he said.

Shutting down rogue Stingrays is an expensive proposition that would require wireless network upgrades the industry has been loath to pay for, security experts say. It could also lead to conflict with U.S. intelligence and law enforcement.

In addition to federal agencies, police departments use them in at least 25 states and the District of Columbia, according to the American Civil Liberties Union.

Wyden said in a statement Tuesday that "leaving security to the phone companies has proven to be disastrous." He added that the FCC has refused to hold the industry accountable "despite repeated warnings and clear evidence that our phone networks are being exploited by foreign governments and hackers."

After the 2014 news reports about Stingrays in Washington, Rep. Alan Grayson, D-Fla, wrote the FCC in alarm. In a reply, then-FCC chairman Tom Wheeler said the agency had created a task force to combat illicit and unauthorized use of the devices. In that letter, the FCC did not say it had identified such use itself, but cited media reports of the security sweeps.

That task force appears to have accomplished little. A former adviser to Wheeler, Gigi Sohn, said there was no political will to tackle the issue against opposition from the intelligence community and local police forces that were using the devices "willy-nilly."

"To the extent that there is a major problem here, it's largely due to the FCC not doing its job," said Laura Moy of the Center on Privacy and Technology at Georgetown University. The agency, she said, should be requiring wireless carriers to protect their networks from such security threats and "ensuring that anyone transmitting over licensed spectrum actually has a license to do it."

FCC spokesman Neil Grace, however, said the agency's only role is "certifying" such devices to ensure they don't interfere with other wireless communications, much the way it does with phones and Wi-Fi routers.
https://apnews.com/d716aac4ad744b4cae3c6b13dce12d7e

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

March 31st, March 24th, March 17th, March 10th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is online now   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 30th, '11 JackSpratts Peer to Peer 0 27-07-11 06:58 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 06:56 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)