P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 08-11-17, 08:18 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - November 11th, ’17

Since 2002


































"It's a social-validation feedback loop ... exactly the kind of thing that a hacker like myself would come up with, because you're exploiting a vulnerability in human psychology." – Sean Parker


"You can't see it. You can't control it. It's just humming away there, running your computer." – Steven J. Vaughan-Nichols






































November 11th, 2017




German Investigators Shut Down Illegal File-Sharing Site

German investigators shut down an illegal file-sharing site with around 27,000 members as part of a police sting targeting 42 suspects across Germany, the Frankfurt attorney general’s office said on Friday.

The file-sharing site, usenetrevolution.info, was used to share bootleg copies of movies, music, computer games and e-books, causing at least 2.9 million euros ($3.4 million) of financial damage to copyright owners.

State police and public prosecutors searched suspects’ homes in 13 of Germany’s 16 states on Wednesday and Thursday, seizing computers and hard drives as evidence of the suspected illegal use of copyrighted material for commercial purposes, prosecutors said in a statement.

In the state of Hesse, where Frankfurt is based, the investigation is targeting a 49-year-old man suspected of having been an administrator of the illegal file-sharing site.

Other suspects are believed to have organized, or at least aided, operations of the site by acting as moderators or so-called “uploaders”, it said.

($1 = 0.8578 euros)

Reporting by Maria Sheahan, editing by Ed Osmond
https://www.reuters.com/article/us-e...KBN1D934D?il=0





US Court Grants ISPs and Search Engine Blockade of Sci-Hub
Ernesto

Sci-Hub, often referred to as the "Pirate Bay of Science," has suffered another blow in a US federal court. The American Chemical Society has won a default judgment of $4.8 million for alleged copyright infringement against the site. In addition, the publisher was granted an unprecedented injunction which requires search engines and ISPs to block the platform.

Earlier this year the American Chemical Society (ACS), a leading source of academic publications in the field of chemistry, filed a lawsuit against Sci-Hub and its operator Alexandra Elbakyan.

The non-profit organization publishes tens of thousands of articles a year in its peer-reviewed journals. Because many of these are available for free on Sci-Hub, ACS wants to be compensated.

Sci-Hub was made aware of the legal proceedings but did not appear in court. As a result, a default was entered against the site.

In addition to millions of dollars in damages, ACS also requested third-party Internet intermediaries to take action against the site.

The broad request was later adopted in a recommendation from Magistrate Judge John Anderson. This triggered a protest from the tech industry trade group CCIA, which represents global tech firms including Google, Facebook, and Microsoft, that warned against the broad implications. However, this amicus brief was denied.

Just before the weekend, US District Judge Leonie Brinkema issued a final decision which is a clear win for ACS. The publisher was awarded the maximum statutory damages of $4.8 million for 32 infringing works, as well as a permanent injunction.

The injunction is not limited to domain name registrars and hosting companies, but expands to search engines, ISPs and hosting companies too, who can be ordered to stop linking to or offering services to Sci-Hub.

“Ordered that any person or entity in active concert or participation with Defendant Sci-Hub and with notice of the injunction, including any Internet search engines, web hosting and Internet service providers, domain name registrars, and domain name registries, cease facilitating access to any or all domain names and websites through which Sci-Hub engages in unlawful access to, use, reproduction, and distribution of ACS’s trademarks or copyrighted works,” the injunction reads.

There is a small difference with the recommendation from the Magistrate Judge. Instead of applying the injunction to all persons “in privity” with Sci-Hub, it now applies to those who are “in active concert or participation” with the pirate site.

The injunction means that Internet providers, such as Comcast, can be requested to block users from accessing Sci-Hub. That’s a big deal since pirate site blockades are not common in the United States. The same is true for search engine blocking of copyright-infringing sites.

It’s clear that the affected Internet services will not be happy with the outcome. While the CCIA’s attempt to be heard in the case failed, it’s likely that they will protest the injunction when ACS tries to enforce it.

Previously, Cloudflare objected to a similar injunction where the RIAA argued that it was “in active concert or participation” with the pirate site MP3Skull. Here, Cloudflare countered that the DMCA protects the company from liability for the copyright infringements of its customers, limiting the scope of anti-piracy injunctions.

However, a Florida federal court ruled that the DMCA doesn’t apply in these cases.

It’s likely that ISPs and search engines will lodge similar protests if ACS tries to enforce the injunction against them.

While this case is crucial for copyright holders and Internet services, Sci-Hub itself doesn’t seem too bothered by the blocking prospect or the millions in damages it must pay on paper.

It already owes Elsevier $15 million, which it can’t pay, and a few million more or less doesn’t change anything. Also, the site has a Tor version which can’t be blocked by Internet providers, so determined scientists will still be able to access the site if they want.



The full order is available here (pdf) and a copy of the injunction can be found here (pdf).
https://torrentfreak.com/us-court-gr...ci-hub-171106/





Report: 6.5% US Households Pirating TV Monthly
Colin Mann

According to Global Internet Phenomena Spotlight, a report focusing on paid subscription television piracy services from network intelligence specialist Sandvine, reveals that 6.5 per cent of households in North America are accessing pirated live television services each month, an adoption rate that may cost Communication Service Providers (CSPs) over $4 billion in revenue in 2017.

The report is based on data collected from multiple fixed access networks in North America and examines the mechanics, economics, and usage drivers of pirated television services. Other highlights from the report include:

• Pirate television services could generate over $800 million annually for the operators
• Many pirate television configurations stream 24/7, whether users are watching or not, resulting in many users generating over 1TB of ‘phantom bandwidth’ across their network each month
• The Mayweather vs MacGregor boxing match in August accounted for 80 per cent of all pirate streams the evening it occurred, and the event may have been watched by 1 per cent of all households in North America
• Premium television, live sports, news, and international content are the main drivers of pirate television usage

“Continued adoption of pirate video and television streaming services could lead to increased cord-cutting and create ‘cord-nevers’, people who never sign-up for a standard TV subscription. This will significantly impact CSPs’ revenue and profitability, undermining the business models that keep them operating,” said Lyn Cantor, CEO, Sandvine. “The active network intelligence that Sandvine provides can help CSPs monitor the threat that pirate television services pose, while also supporting law enforcement and regulatory efforts aimed at preventing the proliferation of illegal streaming services.”
http://advanced-television.com/2017/...ng-tv-monthly/





'We're Told to be Grateful We Even have Readers': Pirated Ebooks Threaten the Future of Book Series

With 4m or 17% of all online ebooks being pirated, novelists including Maggie Stiefvater and Samantha Shannon say theft by fans puts their books at risk
Alison Flood

The bestselling American fantasy novelist Maggie Stiefvater is leading a chorus of writers warning readers that if they download pirated ebooks, then authors will not be able to continue writing because they will be unable to make a living.

Stiefvater, author of the Shiver and Raven Cycle series, raised the issue after she was contacted on Twitter by a reader who told her: “I never bought ur books I read them online pirated.” On her website, Stiefvater later explained that, when ebook sales for the third book in the Raven Cycle – Blue Lily, Lily Blue – “dropped precipitously”, her publisher decided to cut the print run of the next book in the series to less than half of its predecessors.

“This is also where people usually step in and say, but that’s not piracy’s fault. You just said series naturally declined, and you just were a victim of bad marketing or bad covers or readers just actually don’t like you that much,” wrote Stiefvater, who had seen fans sharing pdfs online and was “intent on proving that piracy had affected the Raven Cycle”. So she and her brother created a pdf of The Raven King, which consisted of just the first four chapters, repeated, and a message explaining how piracy affected books.

“The effects were instant. The forums and sites exploded with bewildered activity. Fans asked if anyone had managed to find a link to a legit pdf. Dozens of posts appeared saying that since they hadn’t been able to find a pdf, they’d been forced to hit up Amazon and buy the book. And we sold out of the first printing in two days.”

Stiefvater revealed that she is now writing three more books set in the Raven Cycle world, but that the new trilogy “nearly didn’t exist because of piracy”. “And already I can see in the tags how Tumblr users are talking about how they intend to pirate book one of the new trilogy for any number of reasons, because I am terrible or because they would ‘rather die than pay for a book’,” she wrote. “As an author, I can’t stop that. But pirating book one means that publishing cancels book two. This ain’t 2004 anymore. A pirated copy isn’t ‘good advertising’ or ‘great word of mouth’ or ‘not really a lost sale’.”

According to the Intellectual Property Office’s latest study of online copyright infringement, 17% of ebooks read online are pirated – around 4m books.

Ebook piracy is “a very significant issue and of great concern” to publishers, said Stephen Lotinga of the Publishers Association, which works to take down and block pirated ebooks links and sites. “As an industry we’ve not had the situation that the music and film industries have gone through,” Lotinga said. “But that obviously is 4m ebooks that authors and publishers aren’t getting paid for, and should be getting paid for, and it’s a particular worry for publishers at a time when ebook sales are slightly in decline.”

Last week, a poll on piracy from Hank Green, the brother of the bestselling novelist John Green, was responded to by more than 35,000 people. Just over a quarter (26%) said they had pirated books in the past, while 5% said they currently pirate books.

Samantha Shannon, author of the Bone Season series, said that attempting to stay on top of pirated editions of her books was “a Sisyphean task”. “I think all authors experience it to some degree, unfortunately. It’s a reality of modern publishing,” she said. “I don’t often look for pirated copies of my books, as I find it too dispiriting, but I do batch-send links to my publisher now and again in the hope that they can remove some of them.”

Shannon wrote on Twitter that “the thing that’s really exhausting about piracy is that authors are often not allowed to be upset by theft of their work. If we ask people not to do it, no matter how courteously, we’re told we should have more compassion or be grateful we even have readers. Outside the creative industry, people broadly dislike theft. Within the creative industry, it becomes a grey area where people aren’t sure.”

“Authors who ask you not to pirate are not attacking people who are too poor to afford books, or people who genuinely can’t access libraries,” wrote Shannon – but Lotinga at the Publishers Association said that those people were not often the perpetrators. Ebook pirates “tend to be from better-off socio-economic groups, and to be aged between 31 and 50-something. “It’s not the people who can’t afford books,” he said. “It’s not teenagers in their rooms.”

Novelist Laura Lam wrote on Twitter: “I’m personally not bothered by the small percentage of readers who pirate because they have no access to books any other way. But of readers, I think that’s a small percentage. I’m more heartbroken by those who can easily afford books but pirate anyway. Any sales lost via those readers will have a very real impact on my career.”

According to a survey carried out by the Authors Licensing and Collecting Society, the median income of a professional author in 2013 was £11,000, a drop of 29% on 2005.

Lam said that she had a trilogy cancelled through her first publisher three weeks after book two came out. “That’s an instance where if even a couple hundred had pirated instead of buying, it had repercussions. Long-term, that publisher went bankrupt and I re-sold it to my new publisher, but it was still a challenge at the time. Not everyone gets a second chance.”

Fantasy novelist Tom Pollock said that readers needed to be “aware of the consequences of pirating … In an economy based on market signals, the signal being sent if people pirate rather than buy or borrow is: ‘Nobody wants this’.”

He added: “There’s an argument that you sometimes see that ‘a download is not equal to a lost sale, because that person wouldn’t have bought it anyway’, and there’s varying evidence on that, but it’s very much a static analysis of a dynamic problem, because if you normalise the practice of pirating books, you erode incentive for people to pay for them, so eventually, people who would have bought them stop doing so.”
https://www.theguardian.com/books/20...gie-stiefvater





Internet Association Endorses Internet Censorship Bill
Elliot Harmon

A trade group representing giants of Internet business from Facebook to Microsoft has just endorsed a “compromise” version of the Stop Enabling Sex Traffickers Act (SESTA), a bill that would be disastrous for free speech and online communities.

Just a few hours after Senator Thune’s amended version of SESTA surfaced online, the Internet Association rushed to praise the bill’s sponsors for their “careful work and bipartisan collaboration.” The compromise bill has all of the same fundamental flaws as the original. Like the original, it does nothing to fight sex traffickers, but it would silence legitimate speech online.

It shouldn’t really come as a surprise that the Internet Association has fallen in line to endorse SESTA. The Internet Association doesn’t represent the Internet—it represents the few companies that profit the most off of Internet activity.

It’s shameful that a small group of lobbyists with an agenda of censorship have presented themselves to lawmakers as the unanimous experts in sex trafficking. It’s embarrassing that it’s worked so well.

Amazon and eBay would be able to absorb the increased legal risk under SESTA. They would likely be able to afford the high-powered lawyers to survive the wave in lawsuits against them. Small startups, including would-be competitors, would not. It shouldn’t pass our attention that the Internet giants are now endorsing a bill that will make it much more difficult for newcomers ever to compete with them.

IA also doesn’t represent Internet users. It doesn’t represent the marginalized voices who’ll be silenced as platforms begin to over-rely on automated filters (filters that will doubtless be offered as a licensed service by large Internet companies). It doesn’t represent the LGBTQ teenager in South Dakota who depends every day on the safety of his online community. It doesn’t represent the sex worker who will be forced off of the Internet and onto a dangerous street.

The Internet Association can tell itself and its members whatever it wants—that it held its ground for as long as it could despite overwhelming political opposition, that the law will motivate its members to make amazing strides in filtering technologies—but there is one thing that it simply cannot say: that it has done something to fight sex trafficking.

Again and again and again, experts in sex trafficking have spoken out to say that SESTA is the wrong solution, that it will put trafficking victims in more danger, that it will remove the very tools that law enforcement uses to rescue victims. It’s shameful that a small group of lobbyists with an agenda of censorship have presented themselves to lawmakers as the unanimous experts in sex trafficking. It’s embarrassing that it’s worked so well.

A serious problem calls for serious solutions, and SESTA is not a serious solution. At the heart of the sex trafficking problem lies a complex set of economic, social, and legal issues. A broken immigration system and a torn safety net. A law enforcement regime that puts trafficking victims at risk for reporting their traffickers. Officers who aren’t adequately trained to use the online tools at their disposal, or use them against victims. And yes, if there are cases where online platforms themselves directly contribute to unlawful activity, it’s a problem that the Department of Justice won’t use the powers Congress has already given it. These are the factors that deserve intense deliberation and debate by lawmakers, not a hamfisted attempt to punish online communities.

The Internet Association let the Internet down today. Congress should not make the same mistake.
https://www.eff.org/deeplinks/2017/1...ensorship-bill





'Thor: Ragnarok' Rumbles to $121M Box-Office Debut
Jake Coyle

"Thor: Ragnarok" thundered to one of the year's best box-office debuts, opening with an estimated $121 million in North American theaters.

The robust debut for the third "Thor" movie was a welcome shot in the arm for Hollywood and theater owners who have just suffered through a terrible October at the box office.

"Thor: Ragnarok" also bucked the trend of diminishing returns for sequels. The 2011 "Thor" debuted with $65.7 million; 2013's "Thor: The Dark World" opened with $85.7 million.

The big opening cements the unlikely breakthrough of New Zealand director Taika Waititi, who shepherded the $180 million production to Marvel's best reviews since 2008's "Iron Man."

The weekend's other new nationwide release was the holiday-themed comedy sequel "A Bad Mom's Christmas." It grossed $17 million over the weekend.
http://www.courant.com/entertainment...105-story.html





U.S., AT&T at Odds Over CNN in Time Warner Deal
Jessica Toonkel, David Shepardson

U.S. antitrust regulators and AT&T Inc sparred on Wednesday over whether the wireless carrier would be required to sell Time Warner Inc’s CNN cable network as a condition of approval of its deal to buy the media company.

The U.S. Department of Justice has demanded significant asset sales in order to approve the $85.4 billion (£65.13 billion) deal, sources told Reuters on Wednesday, and asked AT&T to sell CNN-parent Turner Broadcasting or its DirecTV satellite TV operation in discussions on Monday.

AT&T offered to sell CNN, the sources said. AT&T denied that version of events of the meeting with Justice Department officials.

“I have never offered to sell CNN and have no intention of doing so,” AT&T Chief Executive Randall Stephenson, said in a statement on Wednesday. Stephenson is set to appear at an event in New York City on Thursday and will likely face questions about the deal.

Reports that the Justice Department is pushing for significant asset sales and conflicting reports of its discussions with AT&T cast new doubt on the deal on Wednesday. Shares of Time Warner closed down 6.5 percent at $88.50.

The dispute is the latest twist in a deal which took on broader political significance immediately after its inception in October 2016. U.S. President Donald Trump, a frequent critic of CNN, attacked the deal on the campaign trail last year, vowing that as president his Justice Department would block it. He has not commented on the transaction since taking office in January.

The White House declined comment.

AT&T wants to buy Time Warner, which owns the premium channel HBO and movie studio Warner Bros along with Turner Broadcasting, so it can bundle mobile service with video entertainment and take online advertising from Facebook Inc and Alphabet Inc.

Both companies have struggled to keep younger viewers from flocking to online services like Netflix Inc and Amazon.com Inc’s Prime Video.

CHANGE OF COURSE

Until recently the vertical deal - which in theory should not reduce competition among the two companies’ direct rivals - was considered by antitrust experts as likely to be approved with no major concessions.

But regulators’ desire for asset sales will complicate negotiations. AT&T said earlier on Wednesday it was now uncertain when the deal would be completed. It had previously said the acquisition would close by the end of this year.

The discussion of a potential sale of CNN has politicized the situation. Trump has repeatedly tangled with CNN, calling the network’s coverage “fake news.”

Senator Al Franken, a Minnesota Democrat, said on Wednesday he opposed the mega-merger but was also worried about political implications of any divestiture of CNN.

“I am deeply concerned with the notion that the Justice Department may be pressuring the companies to consider spinning off CNN’s parent company Turner Broadcasting as a path forward towards approval of the acquisition, given the president’s repeated public complaints about CNN’s coverage of him,” Franken said. “Any indication that this administration is using its power to weaken media organizations it doesn’t like would be a profoundly disturbing development.”

There are many ways to resolve concerns about the deal, a Justice official said on Wednesday, adding that no decision had been made and that conversations with AT&T were continuing.

AT&T is prepared to fight any divestitures required to win regulatory approval of the deal, according to sources familiar with the matter.

The Justice Department could file a lawsuit as early as this month to challenge the deal, sources familiar with the negotiations told Reuters.

TOO MUCH POWER

The deal is opposed by an array of consumer groups and smaller television networks on the grounds that it would give AT&T too much power over the content it would distribute to its wireless customers.

The new concessions suggest the head of the Justice Department’s antitrust division, Makan Delrahim, has changed his view of AT&T’s plan to buy Time Warner, since giving an interview in 2016 where he declared it not “a major antitrust problem.”

Delrahim was subsequently nominated by U.S. President Donald Trump to head the Justice Department’s antitrust division and was confirmed in September. A further sticking point in discussions is the length of time that the U.S. government wants to impose conditions on what AT&T can and cannot do after a deal. Two people briefed on the talks told Reuters the government has sought as long as 10 years for such conditions while AT&T has pressed for a shorter period.

AT&T also said it would invest an additional $1 billion in the United States next year if Trump signed into law the provisions in the current House of Representatives tax bill.

“By immediately lowering the corporate tax rate to 20 percent, this bill will stimulate investment, job creation and economic growth in the United States,” said Randall Stephenson, AT&T chief executive.

Reporting by David Shepardson, Diane Bartz and Jeff Mason in Washington, Greg Roumeliotis, Jessica Toonkel and Anjali Athavaley in New York, and Arjun Panchadar in Bengaluru; Editing by Chris Sanders and Bill Rigby
https://uk.reuters.com/article/uk-br...-idUKKBN1D9009





DOJ Set To Block AT&T Takeover Of Time Warner
David Folkenflik

All Things Considered, • The U.S. Justice Department has informed AT&T that it will block the telecommunications giant's planned $85 billion takeover of Time Warner unless it sells off CNN — a network frequently targeted for derision by President Trump. The move has therefore triggered concerns within CNN that the administration is taking action against a media outfit simply because it has angered the president with its coverage, raising First Amendment implications.

The government's stance seemingly flies in the face of decades of precedent: Federal authorities routinely approve deals involving so-called vertical integration — the consolidation of companies in related fields that are not competitors. And it contradicts the current federal antitrust chief's past statements a year ago after this deal was announced.

The government's position was first reported by the Financial Times. NPR confirmed the development in interviews with three people with knowledge of negotiations with the government who spoke on condition of anonymity because they were not authorized to speak about the deal. Justice Department antitrust officials offered AT&T a choice to keep the deal alive: Get rid of Time Warner's Turner Broadcasting division, which includes CNN, or dispose of DirecTV, AT&T's giant satellite television provider. But the sticking point appears to have been CNN, according to two informed sources at Turner Broadcasting.

"I am just frankly mystified by the rationale here," said University of Pennsylvania law professor Herbert Hovenkamp, a leading authority on antitrust issues. "You need to know where competitive harm is threatened. So far, I don't see it."

Trump previously indicated he might seek to thwart the AT&T-Time Warner deal over antitrust concerns. Yet Trump has been far more vocal about his anger at CNN — both as a candidate and as president. For example, earlier this year, at a formal press conference in Poland with that nation's president, Trump said, "They have been fake news for a long time. They have been covering me in a dishonest way."

As a result, within Time Warner, the Trump administration's stance is being seen as a direct strike against CNN. "There isn't any precedent," says one executive at Turner Broadcasting, the television subsidiary that would have to be sold off. "It's one thing to say, 'Fake news'! It's another to reverse governmental policy because you object to a company's journalism."

AT&T Chairman and CEO Randall Stephenson said Wednesday the company never offered to sell CNN and has no intention of doing so to win approval of the Time Warner deal.

Without Turner Broadcasting, which includes such channels as TNT, TBS and the Cartoon Network, the deal would be a nonstarter; according to the company's 2016 annual report to shareholders, Turner Broadcasting contributed nearly 60 percent of Time Warner's profits. (Turner does not include HBO, Time Warner's premium cable channel.)

The Justice Department would not confirm its stance, saying it does not discuss matters under review. Federal regulators are separately reviewing Sinclair Broadcasting's proposed acquisition of Tribune Media, which would give it control of more than 200 stations nationally. And John Malone's Discovery Communications is in the process of acquiring Scripps Network Interactive Inc., which would combine two families of cable networks. Those deals are "horizontal integration" — the blending of competitors — which is usually given far rougher scrutiny. Yet the concessions demanded by the federal government for the AT&T package are significantly greater than those expected to face the Sinclair or Discovery deals. Indeed, the Federal Communications Commission changed regulations that make it easier to approve the deal for Sinclair, a conservative chain of local stations that has emerged with coverage and commentaries supportive of the president.

"The one reason that doesn't fly for blocking the deal is, 'Don't approve it because it's CNN, and CNN annoys the president,' " said Craig Aaron, president and CEO of the consumer advocacy group Free Press. "It's legitimate for the federal government to say this is just too big. The only question is: Is this legal reasoning? And I think there's an antitrust case to make there."

"If the reason that's coming down is, 'Punish CNN,' then that's a real problem," Aaron told NPR. "We don't really know, and because of everything Trump has said, you can't help but ask the question."

The head of the department's antitrust division is Makan Delrahim, who served as deputy to the antitrust chief under President George W. Bush. That Justice Department blocked a small number of horizontal integration deals blending competitors — such as the thwarted merger of US Airways and United. Republican administrations are typically even less willing to intervene in corporate actions.

In an interview with a Canadian television network when it was proposed, Delrahim discouraged talk that the AT&T-Time Warner deal would be a tough sell.

"Just the sheer size of it and the fact that it's media I think will get a lot of attention," Delrahim told BNN in October 2016. "However, I don't see this as a major antitrust problem."

AT&T has signaled that it intends to challenge the administration in court over the requirement.
http://text.npr.org/s.php?sId=562898390





“This Is Political”: CNN Sees Trump’s Hand in Justice Department’s Merger Crackdown

The D.O.J. threw a huge wrench in AT&T’s long-planned deal to buy Time Warner. Is it about anti-trust? Or the president’s least-favorite network?
by
Joe Pompeo

On Monday, November 6, AT&T C.E.O. Randall Stephenson was in Washington, D.C., for a meeting with Makan Delrahim, the Justice Department’s new anti-trust chief, who was confirmed by the Senate in late September. They were there to discuss AT&T’s long-awaited purchase of Time Warner, which has been in the final stages of a protracted regulatory review. According to three people briefed on the conversation, Delrahim told Stephenson that if AT&T wanted the D.O.J. to green-light the $85 billion mega merger, he would have to either sell Turner Broadcasting, the parent entity of CNN, which AT&T would acquire as part of the deal, or sell DirecTV, the satellite provider AT&T acquired in 2015.

To Stephenson, both choices were thoroughly unpalatable: ditch the company you’ve spent the past two years painstakingly integrating into your business, or ditch the portfolio of premium broadcast brands—which in addition to CNN includes TBS, TNT, N.B.A. and March Madness games, and other prominent television assets—that accounts for more than half of the profits of the company you’ve spent the past year gearing up to own. Stephenson’s response, according to the people briefed on the interaction with Delrahim, was more or less: We’ll see you in court. (The Financial Times first reported on Wednesday, citing three unnamed sources with knowledge of the negotiations, that “AT&T has been told by the U.S. Department of Justice that it needs to sell CNN to get its $84.5bn acquisition of the media company approved.”)

Few people I spoke to at AT&T or Time Warner believe that anti-trust concerns are driving this hard bargain. Rather, they believe it’s about politics, and CNN in particular. CNN is media-enemy No. 1 for President Donald Trump, who had expressed his distaste for the AT&T-Time Warner merger early on. He even threatened to kill it, and had reportedly toyed with the idea of using CNN as a bargaining chip. The Justice Department’s late-stage requirements for the merger seemed to confirm people’s fears.

In response to an account that was circulating on Wednesday, apparently from the Department of Justice, that AT&T had offered to divest itself of CNN to let the deal go through, Stephenson, through a spokesperson, was unequivocal. “Until now, we’ve never commented on our discussions with the D.O.J. But given D.O.J.’s statement this afternoon, it’s important to set the record straight,” he told Vanity Fair. “Throughout this process, I have never offered to sell CNN and have no intention of doing so.” Stephenson is scheduled to appear at The New York Times’s DealBook conference tomorrow. On-air talent at CNN has been informed that there will be extensive merger coverage on Wednesday evening. Time Warner declined to comment. A D.O.J. spokesman said: “The Department is committed to carrying out its duties in accordance with the laws and the facts. Beyond that, the Department does not comment on any pending investigation.”

Inside CNN, the mood was as charged as you’d expect it to be. “This is political, this is unprecedented, and the only explanation is political pressure from the White House,” a CNN employee told me. “There’s a contingent here that felt like, you have a litigious, vindictive commander in chief with the opportunity to take a poke at a network he believes covers him unfairly. How did we think this is gonna end? It’s outrageous.” Another insider told me that people throughout the Turner portfolio are “freaking out.” They’d finally gotten their heads around the idea that they would soon be owned by AT&T, a Dallas-based operation with no media or entertainment experience. Today’s news “caught 99 percent of the people at the company by surprise,” the source said. “Everybody’s like, what the fuck?”

The first curveball had come on November 2, in the form of a Wall Street Journal story reporting that the D.O.J. was “laying the groundwork for a potential lawsuit challenging” the merger, which would marry a telecom titan that owns more than 100 million smartphones, and the Midtown Manhattan-centered parent entity of media and entertainment stalwarts including CNN, HBO and Warner Bros., whose premium content offerings are ripe for its suitor’s mobile devices.

Both parties were blindsided by news of the potential lawsuit, according to sources familiar with the matter—“shocked,” is how one of them put it—but no one was hitting the panic button just yet. Of course, there was always the specter of interference from CNN-hating Big Bad Wolf Trump. But surely, people involved in the deal and those watching it closely both figured, the leak about the possible lawsuit—to a newspaper owned by Trump ally Rupert Murdoch, it’s worth noting—must just be a negotiating tactic as the two sides go back and forth to clear the final regulatory hurdle. Or maybe it was just that Delrahim, fresh on the job, didn’t want it to seem like he was going to just rubber stamp a year’s worth of work that had taken place prior to the start of his tenure. “That’s the best-case scenario,” a person close to the deal told me earlier this week. “The worst case is that they’re going to try to extract something.”

Indeed, that seemed to be the state of play by Wednesday morning, when Reuters reported that the D.O.J. was “pushing AT&T Inc for ‘structural remedies’ in order to satisfy antitrust concerns.” (As Reuters noted, “structural remedies” is anti-trust jargon for getting rid of assets.) The news came shortly after AT&T Chief Financial Officer John Stephens told the audience at a Wells Fargo conference in New York, “We are in active discussions with the D.O.J. Those are continuing on. I can’t comment on those discussions. But with those discussions, I can now say that the timing of the closing of the deal is now uncertain.”

Amplifying people’s worries about meddling was the fact that Delrahim had initially signaled that the acquisition wouldn’t be problematic, in his opinion as an anti-trust expert. Last fall, when the deal was announced, Delrahim, then a Pepperdine University law professor, said during a television interview that he didn’t see any major problems with it: “This is what we would call a vertical merger—content with distribution, rather than two competitors merging. . . . The sheer size of it, and the fact that it’s media, I think will get a lot of attention. However, I don’t see this as a major antitrust problem.”

AT&T is confident they would prevail in court because there isn’t strong precedent for blocking vertical mergers like this one. (In other words, an apple company acquiring a banana company, as opposed to two apple companies or two banana companies merging.) One person close to the deal posited to me that the D.O.J. could maybe try to make a case that common ownership of both Turner and DirecTV would create a scenario whereby Turner could leverage DirecTV against other distributors to seek higher rates for them. But as David Faber noted on CNBC Wednesday morning, “In 40 years, there has not been a vertical integration that has been blocked. Forty years. . . . Politics seems to at least be something people want to talk about when it comes to the perceived opposition from the Department of Justice.”

Multiple sources I spoke with noted Delrahim’s apparent 180, and questioned whether he was being strong-armed, telling me it would be a bad look for him to go to court and lose. “If you’re the new head of the D.O.J. and the first thing you do is lose a major lawsuit, that’s a major embarrassment," one of these people said. "If this is political and it really is about CNN, the media is just going to slaughter the Trump administration. It would be a bad political move, and it would be really bad for AT&T to agree to that.”
https://www.vanityfair.com/news/2017...rger-crackdown





Fox, Facing New Competitors, Clings Tighter to Trump

The network that sparred with him as a candidate now rarely questions him.
Jason Schwartz

During the Republican primary contest, Donald Trump feuded frequently with Fox News, going after Megyn Kelly and, at the height of his pique, even skipping one of the network’s debates. That now seems like eons ago. When staunch Trump supporter Laura Ingraham launched her new 10 p.m. show last week, it represented a capstone in the yearlong remaking of Fox News in Trump’s image.

It also signaled that Fox fears increasing competition on its right flank.

The network’s new prime-time lineup, featuring Ingraham, Sean Hannity and Tucker Carlson, who was added in April, forms a three-hour nightly block of solid Trump cheerleading. Factor in the Trump-friendly morning show, “Fox & Friends,” on from 6 a.m. to 9 a.m., and during the network’s most-watched hours, seldom is heard a discouraging Trump word.

“I’ve read the stories about how the Murdochs have soured on Donald Trump, but you would not know it from their programming decisions,” said Charlie Sykes, the longtime conservative radio host and MSNBC contributor. “It certainly reflects the business model of conservative media right now. Pro-Trump viewers want a safe space. They want a reliable outlet that will defend the president and attack his critics and Fox has apparently decided that it’s going to give them that.”

As if to drive the point home, Fox News made waves over the weekend by pulling from its air an ad calling for the president’s impeachment. Networks typically run ads of all political stripes, regardless of ideology, but the 60-second impeachment spot, funded by liberal billionaire Tom Steyer, proved too offensive to too many of the network’s viewers. “Due to the strong negative reaction to their ad by our viewers, we could not in good conscience take their money,” Jack Abernethy, co-president of Fox News, said in a statement.

On Tuesday night and Wednesday, Fox hosts uniformly downplayed the idea that Trump was a factor in the Democratic victories in Virginia and New Jersey, taking pains to drive home the president’s assertion that Virginia GOP gubernatorial nominee Ed Gillespie had erred in not embracing him closely enough.

Chris Ruddy, CEO of rival conservative platform Newsmax and a Trump ally, said even he has been taken aback by Fox hosts’ unwillingness to criticize the president. If Fox has shifted to protect itself on the right, Ruddy believes there’s now an opening for a conservative outlet that feels less reflexively defensive of Trump.

“Newsmax is very supportive of the president, but we also will publish things that are critical of him time to time,” Ruddy said. “Fox seems to have decided to become very closely aligned, which seems unnatural, and it doesn’t seem consistent.

“It’s just bizarre and I think they lose their credibility as a news organization,” he continued.

Fox News declined additional comment for this story.

Though Fox News remains tops in the ratings, competition is swirling around the network. The conservative Sinclair Broadcast Group is working to complete a $3.9 billion takeover of Tribune Broadcasting, which would allow its free broadcasts to reach 72 percent of U.S. households. Ruddy’s Newsmax TV currently has nowhere near Fox’s reach, but it is also looking to grow. POLITICO has reported that it recently signed a deal with DISH Network to increase its distribution.

And Ruddy was scheduled to meet with Bill O’Reilly this week in New York to discuss a potential spot on the network. Rumors have also linked O’Reilly and Sinclair, though its CEO and president, Chris Ripley, has denied any interest.

Beyond the TV world, there are a host of sites — starting with Breitbart — that threaten Fox News’ primacy over discourse on the right.

“There’s a lot of conservative media out there,” said Joseph Bonner, a senior analyst for communications and technology at Argus Research. “If Fox thinks the threat is from the right or the Trumpists, however you want to put it, to inoculate against that threat, you want to have that point of view.”

Less than a year ago, the Fox News prime-time lineup featured O’Reilly and Kelly, in addition to the ardently pro-Trump Sean Hannity. While neither O’Reilly nor Kelly’s shows were exactly bastions of liberal politics, Kelly famously took on Trump. And though a Trump supporter, O’Reilly, who was forced out of Fox News in April in the wake of multiple sexual harassment allegations, occasionally showed willingness to buck the Trump line. Their replacements, Ingraham and Tucker Carlson, almost never break from the president.

The week before starting her show, Ingraham appeared with Steve Bannon at a political rally for Kelli Ward, the hard-right Arizona Senate candidate who had been challenging Trump critic Jeff Flake — a seemingly naked declaration that Ingraham is more a political operative than a journalist.

“It’s quite a significant pivot. For people who believe Fox has always been pro-Trump, they miss the significance of how hard the shift has been in the last 18 months,” Sykes said. “Fox is really turning itself very self-consciously into virtually a house organ of the Trump administration.”

Particularly noteworthy, he said, was the network’s recent embrace of Hillary Clinton-related stories that seem designed to deflect attention from special counsel Robert Mueller’s Russia investigation.

“There’s nothing about conservative ideas. This is not about the size of government, this is not about tax cuts. This is about defending the regime against legal attack,” Sykes said.

Some Fox News anchors, like Shepard Smith, Bret Baier and Chris Wallace, have remained willing to sound discordant notes, and Fox has added additional news programming since the election, including a just-launched newscast at 11 p.m. But the Clinton-focused stories have found significant airtime during Fox’s news programming, as well — far more than on any other network.

In the past, Fox News, under Roger Ailes, had sought to lead its viewers ideologically. The network, for instance, was on the forward edge of promoting the tea party movement during Barack Obama’s first term as president. Now, though, Ailes is gone and Fox appears more focused on meeting its viewers where they are.

That is, in part, because the network faces a far different media ecosystem today. In the old days, Fox was free to set the agenda. But the explosion in popularity of both social media and conservative sites like Breitbart, Infowars and The Gateway Pundit have now forced the network to make sure it doesn’t get left behind by whatever is bubbling up online.

“I think that Fox is making the same decision that Trump himself is making, which is double down in your appeal to your hard-core base,” Sykes said. “They didn’t hire Laura Ingraham because they want to get viewers from MSNBC.”

The access provided by cozying up to Trump — Fox’s No. 1 viewer — has been a boon to the network, said Brian Wieser, a senior analyst at Pivotal Research. Since he took office, Trump has granted 19 interviews to Fox News or Fox Business Channel, compared with just two for NBC and MSNBC, one for ABC News, one for CBS News and zero for CNN.

“They’ve certainly found that they can have Trump’s ear,” he said. “They know there’s advantage to access. I suspect that’s the more important element than is sheer ideology.”

After Ingraham, whose name had previously surfaced as a potential Trump press secretary, interviewed the president on Thursday, The Washington Post described the interview as, “as obliging as would be expected of someone who previously contemplated a role as the president's official mouthpiece.”

Trump’s appearance on Ingraham’s show caused a significant spike in her ratings, with more than 3 million people tuning in, according to Nielsen, compared with 2.36 million the night before.
Eric and Lara Trump leave the Fox Studios in New York after taping a segment of "Justice With Judge Jeanine" in October.

Eric and Lara Trump leave the Fox Studios in New York after taping a segment of "Justice With Judge Jeanine" in October. | Andres Kudacki/AP Photo

Whether a conservative challenger could potentially dent Fox News remains an open question. Wieser said that doing so would be incredibly difficult, requiring “hundreds of millions of dollars in upfront capital commitments.”

“I look at the ratings on a regular basis and clearly Fox is doing outrageously well,” said Charles Herring, president of the Fox rival One America Network’s parent company, Herring Networks. “I do believe that anybody who’s trying to compete with them has an uphill battle, but we’ve been able to carve out a really nice audience of independents and right-wing individuals, and we believe there’s a lot of upside potential for growth.”

Herring believes that Fox News viewers could react negatively to the network’s daytime news programs not having the same hard-core pro-Trump viewpoint as the prime-time opinion lineup. “If you’re a viewer, you’re getting two different messages, depending if you’re watching during the day or the evening prime-time lineup. And I think that’s a really tough act for a channel to do, to try to appeal to two audiences,” he said.

Though it’s unlikely a conservative challenger could immediately come along and knock Fox News off its pedestal, if another outlet grabbed even enough viewers to allow surging MSNBC to sneak ahead of Fox in the ratings, it would be a blow to the network, which has long made its No. 1 status central to its branding.

Ruddy said that Fox’s success is proof that there’s plenty of room in the conservative market, especially for a network more willing to offer “constructive criticism” of Trump.

“My view is we’re not challenging Fox, we’re just adding to the diversity of the marketplace,” Ruddy said. “Tucker, Laura and Hannity, that’s going to be a very predictable lineup largely. My view would be more independent voices. I think in the long run this is better for conservatives, it’s better for President Trump.”
https://www.politico.com/story/2017/...sidency-244712





21st Century Fox has Been Holding Talks to Sell Most of the Company to Disney: Sources
David Faber

• 21st Century Fox has been holding talks to sell most of the company to Walt Disney Co., according to people familiar with the situation.
• Disney would not purchase all of Fox, according to people with knowledge of the talks.
• Fox is said to believe that a more tightly focused group of properties around news and sports could compete more effectively.
• The two sides are not currently talking at this very moment, sources said.

21st Century Fox has been holding talks to sell most of the company to Walt Disney Co., leaving behind a media company tightly focused on news and sports, according to people familiar with the situation.

The talks have taken place over the last few weeks and there is no certainty they will lead to a deal. The two sides are not currently talking at this very moment, but given the on again, off again nature of the talks, they could be revisited.

For Fox, the willingness to engage in sale talks with Disney stems from a growing belief among its senior management that scale in media is of immediate importance and there is not a path to gain that scale in entertainment through acquisition. The company is said to believe that a more tightly focused group of properties around news and sports could compete more effectively in the current marketplace.

The media landscape has changed considerably in recent years with giants such as Facebook, Google (Alphabet), Amazon and Netflix changing the way people consume media and dominating the digital distribution of digital video content. Being able to compete in that changing landscape, many people believe, requires scale that a Disney has, but 21st Century Fox does not.

For Disney, the opportunity to take control of another movie studio and significant TV production assets as it readies a direct-to-consumer entertainment streaming offering is attractive as is Fox's significant exposure to international markets, such as the U.K., Germany and Italy — both through its networks and 39 percent ownership of Sky. Disney recently announced it will pull all of its movies from the Netflix platform and will establish two direct-to-consumer offerings: one for sports and one including its key franchises such as "Star Wars" and Marvel.

Disney would not purchase all of Fox, according to people with knowledge of the talks.

The company could not own two broadcast networks and would therefore not buy the Fox broadcast network. It would not buy Fox's sports programming assets in the belief that combining them with ESPN could be seen as anti-competitive from an antitrust standpoint and it would not buy the Fox News or Business channel. Disney would also not purchase Fox's local broadcasting affiliates, according to people familiar with the negotiations.

In addition to the movie studio, TV production and international assets such as Star and Sky, Disney would also add entertainment networks such as FX and National Geographic.

The contemplated structure of the deal or the price that has been discussed could not be learned. Given it would involve the sale of many, but not all of Fox's properties, it's unclear how Fox would mitigate potential tax consequences of a deal.

Officials at Disney and Fox declined to comment. Fox shares ended Monday higher by 9.9 percent. Disney added 2 percent on the day.
https://www.cnbc.com/2017/11/06/21st...y-sources.html





Sprint, T-Mobile Call Off Merger after Months of Talks
Liana B. Baker, Anjali Athavaley

Sprint Corp (S.N) and T-Mobile US Inc (TMUS.O) said on Saturday they have called off merger talks to create a stronger U.S. wireless company to rival market leaders, leaving No. 4 provider Sprint to engineer a turnaround on its own.

The announcement marks the latest failed attempt to combine the third- and fourth-largest U.S. wireless carriers, as Sprint parent SoftBank Group Corp (9984.T) and T-Mobile parent Deutsche Telekom AG (DTEGn.DE), show unwillingness to part with too much of their prized U.S. telecom assets.

A combined company would have had more than 130 million U.S. subscribers, behind Verizon Communications Inc (VZ.N) and AT&T Inc (T.N).

The failed merger could also help keep wireless prices low as all four providers have been heavily discounting their cellphone plans in a battle for consumers.

“Consumers are better off without the merger because Sprint and T-Mobile will continue to compete fiercely for budget-conscious customers,” said Erik Gordon, a Ross School of Business professor at the University of Michigan.

The companies’ unusual step of making a joint announcement on the cancelled negotiations could indicate they still recognise the merits of a merger, keeping the door open for potential future talks.

Sprint and T-Mobile said they ended talks because the companies “were unable to find mutually agreeable terms.”

John Legere, chief executive of T-Mobile, said in the statement that the prospect of combining with Sprint was compelling, but “we have been clear all along that a deal with anyone will have to result in superior long-term value for T-Mobile’s shareholders compared to our outstanding standalone performance and track record.”

Sprint CEO Marcelo Claure said that even though the companies could not reach a deal, “we certainly recognise the benefits of scale through a potential combination.”

Claure also said Sprint has agreed it is best to move forward on its own with its assets “including our rich spectrum holdings, and are accelerating significant investments in our network to ensure our continued growth.”

SPRINT‘S ROAD AHEAD

Failure to clinch an agreement leaves SoftBank CEO Masayoshi Son, a dealmaker who raised close to $100 billion (£76.44 billion) for his Vision Fund to invest in technology companies, needing to find another option for Sprint.

Sprint is in the middle of a turnaround plan and has sought to strengthen its balance sheet by cutting costs. But industry analysts have expressed concern that the company, weighed down with total debt of $38 billion, has few financial options.

Even though its customer base has expanded under CEO Claure, growth has been driven by heavy discounting. Analysts said an end to talks with T-Mobile would leave debt-laden Sprint without the scale needed to invest in its network and to compete in a saturated market.

Sprint has sought to strengthen its balance sheet by cutting costs and mortgaging a portion of its airwaves and equipment.

Mark Stodden, telecom analyst at Moody’s Investors Service, said about Sprint: “To really take the kind of next step from a business that has been stabilized to a business that has been growing is going to require a new more intense investment phase.”

T-Mobile is in a better position as a standalone company, analysts have said.

T-Mobile, controlled by Germany’s Deutsche Telekom which owns roughly 65 percent, became the first major carrier to eliminate two-year contracts - a shift quickly embraced by consumers and copied by competitors. The company has also badgered rivals with its unlimited data plans.

Deutsche Telekom CEO Tim Hφttges said in a statement on Saturday that T-Mobile has a “strong basis for growth in the upcoming years.”

MONTHS OF TALKS

Both companies had expressed interest in a tie-up this year. SoftBank was prepared to give up control to do a deal with T-Mobile, sources familiar with the company’s thinking told Reuters in February. But no deal was announced immediately following the conclusion of a ban on merger talks in the spring that was associated with a U.S. government auction of wireless airwaves.

Both Sprint and T-Mobile said they were open to exploring other options.

An added wrinkle was Sprint’s negotiations with cable companies Comcast Corp (CMCSA.O) and Charter Communications Inc (CHTR.O).

A source told Reuters in July that SoftBank was considering an acquisition offer for Charter in a deal where it would combine the cable company with Sprint.

The two companies came close to announcing a merger in 2014, but called it off at the last minute due to regulatory concerns.

Industry executives have said a combined Sprint-T-Mobile entity would have the scale, network and enhanced portfolio of wireless airwaves and a better chance to develop 5G, the next generation of wireless technology.

Even if T-Mobile and Sprint had agreed on merger terms, they would have faced major challenges convincing antitrust regulators that their deal should be approved.

“This is good news for consumers - a potential merger by T-Mobile and Sprint could have raised serious antitrust issues,” Senator Amy Klobuchar of Minnesota said in a statement.

Reporting by Liana B. Baker in San Francisco and Anjali Athavaley in New York; additional reporting by Doug Busvine in Frankfurt and; David Shepardson in Washington; editing by Matthew Lewis, Marguerita Choy and G Crosse
https://uk.reuters.com/article/uk-te...-idUKKBN1D50KD





Verizon, Comcast Working to Ensure States Don’t Pass their Own Net-Neutrality Rules

The two internet providers have asked telecom regulators to make clear that the FCC’s new policy on net neutrality — which could be put to a vote as early as next month — will pre-empt state and local regulations that might read differently.
Brian Fung

Some of the nation’s biggest internet providers want to make sure that, once the Federal Communications Commission (FCC) votes to deregulate the broadband industry, states won’t be able to set up their own, new regulations to replace them.

Comcast and Verizon have both asked telecom regulators to make clear that the FCC’s new policy on net neutrality — which could be put to a vote as early as next month — will pre-empt state and local regulations that might read differently. The request marks the industry’s latest step to weaken federal rules that regulate broadband companies like legacy telephone companies.

The FCC should “include a clear, affirmative ruling that expressly confirms the primacy of federal law with respect to [broadband] as an interstate information service,” Comcast said in a recent regulatory filing.

In a white paper released late last month, Verizon also lobbied for pre-emption, citing moves by about 30 states, including Washington, to adapt to a congressional measure repealing FCC privacy protections for consumers.

The FCC didn’t immediately respond to a request for comment.

At stake are the FCC’s rules that prohibit internet providers from blocking, slowing or giving preferential treatment to some websites at the expense of others. Approved in 2015, the rules were widely supported by advocacy groups who said they were a vital consumer protection. But they were also vehemently opposed by internet providers who said the regulations were illegal and overly burdensome.

The fight revolves around the FCC’s decision to classify internet providers under the law as “common carriers,” the same designation the agency applies to telephone service providers. Under Republican leadership, the FCC now wishes to backtrack on that policy change, seeking to reclassify broadband companies under “information services,” a more lightly regulated designation.

But the broadband industry fears that even if the FCC succeeds in deregulating, states could take steps “countermanding” the federal agency’s decision, according to the Verizon white paper.

“Allowing every state and locality to chart its own course for regulating broadband is a recipe for disaster,” the company said. “It would impose localized and likely inconsistent burdens on an inherently interstate service.”

John Bergmayer, a senior counsel at the consumer group Public Knowledge, said that FCC rules generally take precedence over state and local rules.

“If the FCC says X and a state says Not-X then the FCC wins,” he said. But, he added, it is less clear what happens if a piece of state regulation addresses an issue not explicitly contemplated by the federal rules — and how far states are allowed to take their consumer-protection mandates.

“As even Comcast admits, the FCC has no power to pre-empt state consumer- protection laws,” Bergmayer said. “There are questions about what counts as ‘consumer protection’ that would have to be answered.”

Then there’s the question of whether state and local pre-emption could wind up being a double-edged sword. A conclusion by today’s FCC that its looser net-neutrality rules are the law of the land, and that state variants will have no effect, may help internet providers this time. But a future FCC that adopts stricter rules against the industry’s wishes might be treated the same way.

Some telecom-industry officials say that’s a risk they’re willing to take.

“Almost as important to me as what the rules are, are the fact that there need to be one set of them,” said one industry official, speaking on the condition of anonymity to discuss company strategy. “ ‘Be careful what you wish for,’ but it’s hard to imagine — even if you had an unhelpful decision from the FCC — it doesn’t help me at all if California allows a more lenient standard” because companies would still be required to adhere to more stringent standards in other states.
https://www.seattletimes.com/busines...trality-rules/





Nearly Half of Colorado Counties Have Formally Rejected a Comcast-Backed Law Restricting City-Run Internet

After Tuesday’s elections, a total of 31 counties have voted to be exempted from a state law against municipal broadband networks.
Kaleigh Rogers

A lesson for Colorado's state government: telling Coloradans they can't have something is a surefire way to make them do whatever it takes to get it.

In Tuesday's Coordinated Election, two Colorado counties voted on ballot measures to exempt themselves from a state law prohibiting city-run internet services. Both Eagle County and Boulder County voters approved the measures, bringing the total number of Colorado counties that have rejected the state law to 31—nearly half of the state's 64 counties.

Senate Bill 152—which was lobbied for by Big Telecom—became law in Colorado in 2005, and prohibits municipalities in the state from providing city-run broadband services. In areas with lots of internet infrastructure and a competitive market, that's not a big issue, but for many communities in Colorado, high-speed internet is limited, expensive, or non existent.

Got a tip? You can contact this reporter securely on Wire @kaleighrogers or email kaleigh.rogers@vice.com

Some cities prefer to build their own broadband network, which delivers internet like a utility to residents, and is maintained through subscription costs. But ever since SB 152 was enacted, Colorado communities have to first bring forward a ballot measure asking voters to exempt the area from the state law before they can even consider starting a municipal broadband service. So that's what many of them have done.

In addition to the 31 counties that have voted to overrule the state restrictions, dozens of municipalities in the state have also passed similar ballot measures. Including cities, towns, and counties, more than 100 communities in Colorado have pushed back against the 12-year-old prohibition, according to the Institute for Local Self Reliance.

There are still hurdles for these communities to hop before city-run internet can actually be rolled out, but other Colorado towns have shown it's possible, including Longmont, where the city-run internet was rated the fastest internet service provider among US cities this year by PC Magazine. If the trend continues, Colorado may soon have a lot more cities at the top of that list.
https://motherboard.vice.com/en_us/a...band-vote-2017





The End of the Cloud is Coming
Viktor Charypar

We’re facing the end of the cloud. It’s a bold statement, I know, and maybe it even sounds a little mad. But bear with me.

The conventional wisdom about running server applications, be it web apps or mobile app backends, is that the future is in the cloud. Amazon, Google, and Microsoft are adding layers of tools to their cloud offerings to make running server software more and more easy and convenient, so it would seem that hosting your code in AWS, GCP, or Azure is the best you can do — it’s convenient, cheap, easy to fully automate, you can scale elastically … I could keep going. So why am I predicting the end of it all?

A few reasons:

It can’t meet long-term scaling requirements. Building a scalable, reliable, highly available web application, even in the cloud, is pretty difficult. And if you do it right and make your app a huge success, the scale will cost you both money and effort. Even if your business is really successful, you eventually hit the limits of what the cloud, the web itself can do: The compute speed and storage capacity of computers are growing faster than the bandwidth of the networks. Ignoring the net neutrality debate, this may not be a problem for most (apart from Netflix and Amazon) at the moment, but it will be soon. The volumes of data we’re pushing through the network are growing massively as we move from HD, to 4k to 8k, and soon there will be VR datasets to move around.

This is a problem mostly because of the way we’ve organized the web. There are many clients that want to get content and use programs and only a relatively few servers that have those programs and content. When someone posts a funny picture of a cat on Slack, even though I’m sitting next to 20 other people who want to look at that same picture, we all have to download it from the server where it’s hosted, and the server needs to send it 20 times.

As servers move to the cloud, i.e. onto Amazon’s or Google’s computers in Amazon’s or Google’s data centers, the networks close to these places need to have incredible throughput to handle all of this data. There also have to be huge numbers of hard drives that store the data for everyone and CPUs that push it through the network to every single person that wants it. This gets worse with the rise of streaming services.

All of that activity requires a lot of energy and cooling and makes the whole system fairly inefficient, expensive, and bad for the environment.

It’s centralized and vulnerable. The other issue with centrally storing our data and programs is availability and permanence. What if Amazon’s data center gets flooded, hit by an asteroid, or destroyed by a tornado? Or, less drastically, what if it loses power for a while? The data stored on its machines now can’t be accessed temporarily or even gets lost permanently.

We’re generally mitigating this problem by storing data in multiple locations, but that only means more data centers. That may greatly reduce the risk of accidental loss, but how about the data that you really, really care about? Your wedding videos, pictures of your kids growing up, or the important public information sources, like Wikipedia. All of that is now stored in the cloud — on Facebook, in Google Drive, iCloud, or Dropbox and others. What happens to the data when any of these services go out of business or lose funding? And even if they don’t, it is pretty restricting that to access your data, you have to go to their service, and to share it with friends, they have to go through that service too.

It demands trust but offers no guarantees. The only way for your friends to trust that the data they get is the data you sent is by trusting the middleman and their honesty. This is okay in most cases, but websites and networks we use are operated by legal entities registered in nation states, and the governments of these nations have the power to force them to do a lot of things. While most of the time, this is a good thing and is used to help solve crime or remove illegal content from the web, there are also many cases where this power has been abused.

Just a few weeks ago, the Spanish government did everything in its power to stop an independence referendum in the Catalonia region, including blocking information websites telling people where to vote. Blocking inconvenient websites or secretly modifying content on its way to users has long been a standard practice in places like China. While free speech is probably not a high-priority issue for most Westerners, it would be nice to keep the internet as free and open as it was intended to be and have a built-in way of verifying that content you are reading is the content the authors published.

It makes us — and our data — sitting ducks. The really scary side of the highly centralized internet is the accumulation of personal data. Large companies that provide services we all need to use in one way or another are sitting on monumental caches of people’s data — data that gives them enough information about you to predict what you’re going to buy, who you’re going to vote for, when you are likely to buy a house, even how many children you’re likely to have. Information that is more than enough to get a credit card, a loan, or even buy a house in your name.

You may be ok with that. After all, they were trustworthy enough for you to give them your information in the first place, but it’s not them you need to worry about. It’s everyone else. Earlier this year, credit reporting agency Equifax lost data on 140 million of its customers in one of the biggest data breaches in history. That data is now public. We can dismiss this as a once in a decade event that could have been prevented if we’d been more careful, but it is becoming increasingly clear that data breaches like this are very hard to prevent entirely and too dangerous to tolerate. The only way to really prevent them is to not gather the data on that scale in the first place.

So, what will replace the cloud?

An internet powered largely by client-server protocols (like HTTP) and security based on trust in a central authority (like TLS), is flawed and causes problems that are fundamentally either really hard or impossible to solve. It’s time to look for something better — a model where nobody else is storing your personal data, large media files are spread across the entire network, and the whole system is entirely peer-to-peer and serverless (and I don’t mean “serverless” in the cloud-hosted sense here, I mean literally no servers).

I’ve been reading extensively about emerging technologies in this space and have become pretty convinced that peer-to-peer is where we’re inevitably going. Peer-to-peer web technologies are aiming to replace the building blocks of the web we know with protocols and strategies that solve most of the problems I’ve outlined above. Their goal is a completely distributed, permanent, redundant data storage, where each participating client in the network is storing copies of some of the data available in it.

If you’ve heard about BitTorrent, the following should all sound familiar. In BitTorrent, users of the network share large data files split into smaller blocks (each with a unique ID) without the need for any central authority. In order to download a file, all you need is a “magic” number — a hash — a fingerprint of the content. The BitTorrent client will then find peers that have pieces of the file and download them, until you have all the pieces.

The interesting part is how the peers are found. BitTorrent uses a protocol called Kademlia for this. In Kademlia, each peer on the network has a unique ID number, which is of the same length as the unique block IDs. It stores a block with a particular ID on a node whose ID is “closest” to the ID of the block. For random IDs of both blocks and network peers, the distribution of storage should be pretty uniform across the network. There is a benefit, however, to not choosing the block ID randomly and instead using a cryptographic hash — a unique fingerprint of the content of the block itself. The blocks are content-addressable. This also makes it easy to verify the content of the block (by re-calculating and comparing the fingerprint) and provides the guarantee that given a block ID, it is impossible to download any other data than the original.

The other interesting property of using a content hash for addressing is that by embedding the ID of one block in the content of another, you link the two together in a way that can’t be tampered with. If the content of the linked block is changed, its ID would change and the link would be broken. If the embedded link is changed, the ID of the containing block would change as well.

This mechanism of embedding the ID of one block in the content of another makes it possible to create chains of such blocks (like the blockchain powering Bitcoin and other cryptocurrencies) or even more complicated structures, generally known as Directed Acyclic Graphs, or DAGs for short. (This kind of link is called a Merkle link after the inventor Ralph Merkle. So if you hear someone talking about Merkel DAGs, you know roughly what they are.) One common example of a Merkle DAG is git repositories. Git stores the commit history and all directories and files as blocks in a giant Merkle DAG.

And that leads us to another interesting property of distributed storage based on content-addressing: It’s immutable. The content cannot change in place. Instead, new revisions are stored next to existing ones. Blocks that have not changed between revisions get reused, because they have, by definition, the same ID. This also means identical files cannot be duplicated in such a storage system, translating into efficient storage. So on this new web, every unique cat picture will only exist once (although in multiple redundant copies across the swarm).

Protocols like Kademlia together with Merkle chains and Merkle DAGs give us the tools to model file hierarchies and revision timelines and share them in a large scale peer-to-peer network. There are already protocols that use these technologies to build a distributed storage that fits our needs. One that looks very promising is IPFS.

The problem with names and shared things

Ok, so with the above techniques, we can solve quite a few of the problems I outlined at the beginning: We get distributed, highly redundant storage on devices connected to the web that can keep track of the history of files and keep all the versions around for as long as they are needed. This (almost) solves the availability, capacity, permanence, and content verification problem. It also addresses bandwidth problems — peers send data to each other, so there are no major hotspots/bottlenecks.

We will also need a scalable compute resource, but this shouldn’t be too difficult: Everyone’s laptops and phones are now orders of magnitude more powerful than what most apps need (including fairly complex machine learning computations), and compute is generally pretty horizontally scalable. So as long as we can make every device do the work necessary for its user, there shouldn’t be a major problem.

So now that cat image I want to see on Slack can come from one of my coworkers sitting next to me instead of from the Slack servers (and without crossing any oceans in the process). In order to post a cat picture, though, I need to update a channel in place (i.e., the channel will no longer be what it was before my message, it will have changed). This fairly innocuous sounding thing turns out to be the hard part. (Feel free to skip to the next section if this bit gets too technical.)

The hard part: Updating in place

The concept of an entity that changes over time is really just a human idea to give the world some order and stability in our minds. We can also think about such an entity as just an identity — a name — that takes on a series of different values (which are static, immutable) as time progresses (Rich Hickey explains this really well in his talks Are we there yet? and The value of values). This is a much more natural way of modelling information in a computer, with more natural consequences. If I tell you something, I can no longer change what I told you, or make you unlearn it. Facts, e.g. who the President of the United States is, don’t change over time; they just get superseded by other facts referred to by the same name, the same identity. In the git example, a ref (branch or tag) can point to (hold an ID and thus a value of) a different commit at different times, and making a commit replaces the value it currently holds. The Slack channel would also represent an identity whose values over time are growing lists of messages.

The real trouble is, we’re not alone in the channel. Multiple people try to post messages and change the channel, sometimes simultaneously, and someone needs to decide what the result should be.

In centralized systems, such as pretty much all current web apps, there is a single central entity deciding this “update race” and serializing the events. Whichever event reaches it first wins. In a distributed system, however, everyone is an equal, so there needs to be a mechanism that ensures the network reaches a consensus about the “history of the world.”

Consensus is the most difficult problem to solve for a truly distributed web supporting the whole range of applications we are using to today. It doesn’t only affect concurrent updates, but also any other updates that need to happen “in-place” — updates where the “one source of truth” is changing over time. This issue is particularly difficult for databases, but it also affects other key services, like the DNS. Registering a human name for a particular block ID or series of IDs in a decentralized way means everyone involved needs to agree about a name existing and having a particular meaning, otherwise two different users could see two different files under the same name. Content-based addressing solves this for machines (remember a name can only ever point to one particular piece of matching content), but not humans.

A few major strategies exist for dealing with distributed consensus. One of them involves selecting a relatively small “quorum” of managers with a mechanism for electing a “leader” who decides the truth (if you’re interested, look at the Paxos and Raft protocols). All changes then go through the manager. This is essentially a centralized system that can tolerate a loss of the central deciding entity or an interruption (a “partition”) in the network.

Another approach is a proof-of-work based system like Bitcoin blockchain, where consensus is ensured by making peers solve a puzzle in order to write an update (i.e. add a valid block to a Merkle chain). The puzzle is hard to solve but easy to check, and some additional rules exist to resolve a conflict if it still happens. Several other distributed blockchains use a proof-of-stake based consensus while reducing the energy demands required to solve a puzzle. If you’re interested, you can read about proof of stake in this whitepaper by BitFury.

Yet another approach for specific problems revolves around CRDTs — conflict-free replicated data types, which, for specific cases, don’t suffer from the consensus problem at all. The simplest example is an incrementing counter. If all the updates are just “add one,” as long as we can make sure each update is applied just once, the order doesn’t matter and the result will be the same.

There doesn’t seem to be a clear answer to this problem just yet and there may never be only one, but a whole lot of clever people are working on it, and there are already a lot of interesting solutions out there to pick from. You just need to select the particular trade-off you can afford. The trade-off generally lies in the scale of a swarm you’re aiming for and picking a property of the consensus you’re willing to let go of at least a little — availability or consistency (or, technically, network partitioning, but that seems difficult to avoid in a highly distributed system like the ones we’re talking about). Most applications seem to be able to favor availability over immediate consistency — as long as the state ends up being consistent in reasonable time.

Privacy in the web of public files

One obvious problem that needs addressing is privacy. How do we store content in the distributed swarm of peers without making everything public? If it’s enough to hide things, content addressed storage is a good choice, since in order to find something, you need to know the hash of its content (somewhat like private Gists on Github). So essentially we have three levels of privacy: public, hidden, and private. The answer to the third one, it seems, is in cryptography — strongly encrypting the stored content and sharing the key “out of band” (e.g. physically on paper, by touching two NFC devices, by scanning a QR code, etc.).

Relying on cryptography may sound risky at first (after all, hackers find vulnerabilities all the time), but it’s actually not that much worse than what we do today. In fact, it’s most likely better in practice. Companies and governments generally store sensitive data in ways that aren’t shareable with the public (including the individuals the data is about). Instead, it’s accessible only to an undisclosed number of people employed by the organizations holding the data and is protected, at best, by cryptography based methods anyway. More often than not, if you can gain access to the systems storing this data, you can have all of it.

But if we move instead to storing private data in a way that’s essentially public, we are forced to protect it (with strong encryption) so that it is no good to anyone who gains access to it. This idea is roughly the same as the one behind making security-related software open source so that anyone can look at it and find problems. Knowing how the security works shouldn’t help you break it.

An interesting property of this kind of access control is that once you’ve granted someone access to some data, they will have it forever for that particular revision of the data. You can always change the encryption key for future revisions, of course. This is also no worse than what we have today, even though it may not be obvious: Given access to some data, anyone can always make a private copy of it.

The interesting challenge in this area is coming up with a good system of establishing and verifying identities and sharing private data among a group of people that needs to change over time, e.g. a group of collaborators on a private git repository. It can definitely be done with some combination of private-key cryptography and rotating keys, but making the user experience smooth is likely going to be a challenge.

From the cloud to a … fog

Hard problems to solve notwithstanding, our migration away from the cloud will be quite an exciting future. First, on the technical front, we should get a fair number of improvements out of a peer-to-peer web. Content-addressable storage provides cryptographic verification of content itself without a trusted authority, hosted content is permanent (for as long as any humans are interested in it), and we should see fairly significant speed improvements, even at the edges in the developing world (or even on another planet!), far away from data centers.

At some point even data centers may become a thing of the past. Consumer devices are getting so powerful and ubiquitous that computing power and storage (a computing “substrate”) is almost literally lying in the streets.

For businesses running web applications, this change should translate to significant cost savings and far fewer headaches building reliable digital products. Businesses will also be able to focus less on downtime risk mitigation and more on adding customer value, benefitting everyone. We are still going to be a need for cloud hosted servers, but they will only be one of many similar peers. We could also see heterogeneous applications, where not all the peers are the same — where there are consumer-facing peers and back office peers as part of the same application “swarm” and the difference in access is only in access level based on cryptography.

The other large benefit for both organizations and customers is in the treatment of customer data. When there’s no longer any need to centrally store huge amounts of customer information, there’s less risk of losing such data in bulk. Leaders in the software engineering community (like Joe Armstrong, creator of Erlang, whose talk from Strange Loop 2014 is worth a watch) have long argued that the design of the internet where customers send data to programs owned by businesses is backwards and that we should instead send programs to customers to execute on their privately held data that is never directly shared. Such a model seems much safer and doesn’t in any way prevent businesses from collecting useful customer metrics they need.

And nothing prevents a hybrid approach with some services being opaque and holding on to private data.

This type of application architecture seems a much more natural way to do large scale computing and software services — an Internet closer to the original idea of open information exchange, where anyone can easily publish content for everyone else and control over what can be published and accessed is exercised by consensus of the network’s users, not by private entities owning servers.

This, to me, is hugely exciting. And it’s why I’d like to get a small team together and, within a few weeks, build a small, simple proof of concept mobile application, using some of the technologies mentioned above, to show what can be done with the peer-to-peer web. The only current idea I have that is small enough to build relatively quickly and interesting enough to demonstrate the properties of such approach is a peer-to-peer, truly serverless Twitter clone, which isn’t particularly exciting.

If you’ve got a better idea (which isn’t too hard!), or if you have anything else related to peer-to-peer distributed web to talk about, please tweet at me; I’d love to hear about it!
https://venturebeat.com/2017/11/04/t...oud-is-coming/





Africa Set to Top 1 Billion Mobile Internet Connections in Five Years: Study

Africa’s mobile internet connections are set to double in the next five years, a study showed on Monday, thanks to affordable smartphones and the roll-out of high-speed networks.

A report by research and consulting firm Ovum in London estimates that mobile broadband connections will rise from 419 million at the end of this year to 1.07 billion by the end of 2022.

“Data connectivity is growing strongly in Africa, and there are also good prospects on the continent in areas such as digital media, mobile financial services, and the Internet of Things,” said Matthew Reed, Practice Leader Middle East and Africa at Ovum.

“But as Africa’s TMT market becomes more convergent and complex, service providers are under increasing pressure to make the transition from being providers of communications services, and to become providers of digital services.”

Mobile phone operators such as MTN Group, Orange and Bharti Airtel are investing heavily in high-speed networks to meet demand from users who are increasingly using phones for everything from paying their bills to streaming videos and surfing the internet.

Reporting by Tiisetso Motsoeneng; Editing by Hugh Lawson
https://uk.reuters.com/article/us-af...KBN1D61H3?il=0





Angry Villagers Upset Over Slow Broadband Speeds Burn Effigy of BT Openreach Van
Stephen Walter

Villagers frustrated over slow broadband speeds have burned a giant effigy of a BT Openreach van.

Residents living in Templeton, Devon, said they were struggling with speeds of less than 1 megabyte so took out their anger at a bonfire.

Roger Linden told the BBC that villagers have tried to raise the issue with BT.

The company, however, admitted it was finding the rollout of fibre broadband "more challenging" due to its rural location.

The Telegraph has contacted BT for a comment, but it told the broadcaster that it was working hard to find alternative ways of bringing faster broadband to residents, including a community fibre partnership and a mobile broadband solution.

However, Mr Linden said: "They managed to get a cable to the nearby hamlet of Nomansland, but just eight kilometres further and there's nothing.

"It's incompetence of the first order... but we all had a great evening watching the bonfire."

Villagers also said they were struggling to stream content with an internet speed of 0.7 megabytes per second, and could only browse the internet occasionally.

The effigy also changed the wording of "Openreach" to "Won't reach" due to the failure so far to find a resolution to their woes.
http://www.telegraph.co.uk/news/2017...-bt-openreach/





Project Loon Delivers Internet to 100,000 People in Puerto Rico

The balloon service has successfully given them basic connectivity.
David Lumb

The FCC granted Alphabet's Project Loon, which delivers internet via balloons, an experimental license last month to help get Puerto Ricans online after Hurricane Maria decimated the island's infrastructure. While the team cautiously tweeted that it would 'explore of it was possible to help,' Project Loon announced today that it has worked with AT&T and T-Mobile to successfully deliver basic internet to over 100,000 Puerto Ricans to the internet.

Since turning on service, #ProjectLoon has delivered basic internet connectivity to more than 100K people in Puerto Rico. https://t.co/s0zmFB9dRy
— The Team at X (@Theteamatx) November 9, 2017

It's not a total success, which isn't to be expected after Puerto Ricans' communications infrastructure suffered so much damage. But the team was able to work with AT&T and T-Mobile to get "communication and internet activities like sending text messages and accessing information online for some people with LTE enabled phones," head of Project Loon Alastair Westgarth wrote in a blog post. The team launched their balloons from Nevada and used machine learning algorithms to direct them over Puerto Rico, where they've been relaying internet from working ground networks over to users in unconnected areas.

In the post, Westgarth noted that Project Loon has never fired up internet from scratch this rapidly, and will improve their ability to keep balloons in place (and deliver sustained connectivity) as they become familiar with the air currents. They owed a lot to all manner of collaborators, from the mobile carriers to Pan-American and Puerto Rican governments' aviation authorities to local communications companies.

"In times of crisis, being able to communicate with loved ones, emergency services and critical information is key," Westgarth said in a statement provided to Engadget. "We hope that the connectivity Project Loon has provided over the last few weeks has been helpful, and would like to thank AT&T, T-Mobile, and our government partners who made these efforts possible."
https://www.engadget.com/2017/11/09/...e-puerto-rico/





Flaw Crippling Millions of Crypto Keys is Worse than First Disclosed

Estonia abruptly suspends digital ID cards as crypto attacks get easier and cheaper.
Dan Goodin

A crippling flaw affecting millions—and possibly hundreds of millions—of encryption keys used in some of the highest-stakes security settings is considerably easier to exploit than originally reported, cryptographers declared over the weekend. The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents.

The critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. When researchers first disclosed the flaw three weeks ago, they estimated it would cost an attacker renting time on a commercial cloud service an average of $38 and 25 minutes to break a vulnerable 1024-bit key and $20,000 and nine days for a 2048-bit key.

Organizations known to use keys vulnerable to ROCA—named for the Return of the Coppersmith Attack the factorization method is based on—have largely downplayed the severity of the weakness. Estonian officials initially said the attack was "complicated and not cheap" and went on to say: "Large-scale vote fraud is not conceivable due to the considerable cost and computing power necessary of generating a private key." Netherlands-based smartcard maker Gemalto, meanwhile, has said only that its IDPrime.NET—a card it has sold for more than a decade as, among other things, a way to provide two-factor authentication to employees of Microsoft and other companies—"may be affected" without providing any public guidance to customers.

Independent researchers, however, have determined the crippling weakness is present in cards issued from 2008 to earlier this year.

On Sunday, researchers Daniel J. Bernstein and Tanja Lange reported they developed an attack that was 25 percent more efficient than the one created by original ROCA researchers. The new attack was solely the result of Bernstein and Lange based only on the public disclosure information from October 16, which at the time omitted specifics of the factorization attack in an attempt to increase the time hackers would need to carry out real-world attacks. After creating their more efficient attack, they submitted it to the original researchers. The release last week of the original attack may help to improve attacks further and to stoke additional improvements from other researchers as well.

International cybercrime networks, take note

In an e-mail, Dan Cvrcek, CEO of Enigma Bridge, one of the outside organizations that helped in the original research, said he, too, believes much faster and less expensive attacks are possible. One way to improve the attack, Bernstein and Lange said, may be to use fast graphics cards, which have the potential to shave the average cost of factorizing a vulnerable 2048-bit key to $2,000 in energy costs.

"My impression is that the time and cost estimates cited in the original research have been fairly conservative," he wrote. "I'm not sure whether someone can slash the cost of one key below $1,000 as of today, but I certainly see it as a possibility."

On Friday, Estonia's Police and Border Guard suspended an estimated 760,000 ID cards known to be affected by the crypto vulnerability. The country's prime minister, Jόri Ratas, said the move came as officials learned the weakness affected cards and computers around the world, not just Estonian IDs. The wider-than-expected coverage, he said, "brought the safety flaw to the attention of international cybercrime networks which have significant means to take advantage of the situation."

One of the scenarios Bernstein and Lange presented in Sunday's post is that serious attackers can further reduce costs by buying dedicated computer gear, possibly equipped with GPU, field programmable gate array, and application-specific integrated circuit chips, which are often better suited for the types of mathematical operations used in factorization attacks. The estimates provided by the original researchers were based on the cost of renting equipment, which isn't as cost-effective when factorizing large numbers of keys. They also noted that compromising just 10 percent of cards used in country-wide voting might be enough to tip an election.

This weekend's suspension affects all cards Estonia issued from October 16, 2014 to October 25 of this year. The cut-off is almost two months after August 30, the date researchers privately reported the vulnerability to Estonian officials. The country is now issuing cards that use elliptic curve cryptography instead of the vulnerable RSA keys, which are generated by a code library developed and sold by German chipmaker Infineon. Estonian card holders can find details on card updates here.

Estonia is almost certainly not the only country with a national ID card that's vulnerable to ROCA. Researchers said cards issued by Slovakia also tested positive for the vulnerability. Ars is also aware of unconfirmed reports of a Western European country that also issues affected ID cards. When counting smartcards used in private industry, the number of vulnerable keys may reach into the tens or hundreds of millions, and possibly more. As the numbers grow higher, it won't be surprising if the time and cost of carrying out attacks continues to drop.
https://arstechnica.com/information-...rst-disclosed/





DOJ: Strong Encryption that We Don’t have Access to is “Unreasonable”

Rod Rosenstein: We should weigh “law enforcement equities” against security.
Cyrus Farivar

Just two days after the FBI said it could not get into the Sutherland Springs shooter's seized iPhone, Politico Pro published a lengthy interview with a top Department of Justice official who has become the "government’s unexpected encryption warrior."

According to the interview, which was summarized and published in transcript form on Thursday for subscribers of the website, Deputy Attorney General Rod Rosenstein indicated that the showdown between the DOJ and Silicon Valley is quietly intensifying.

"We have an ongoing dialogue with a lot of tech companies in a variety of different areas," he told Politico Pro. "There's some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They're moving in favor of more and more warrant-proof encryption."

While the battle against encryption has been going on within federal law enforcement circles since at least the early 1990s, Rosenstein has been the most outspoken DOJ official on this issue in recent months.

The DOJ's number two has given multiple public speeches in which he has called for "responsible encryption." The interview with Politico Pro represents the clearest articulation of the DOJ’s position on this issue, and it suggests that a redux of the 2016 FBI v. Apple showdown is inevitable in the near future.

"I want our prosecutors to know that, if there's a case where they believe they have an appropriate need for information and there is a legal avenue to get it, they should not be reluctant to pursue it," Rosenstein said. "I wouldn't say we're searching for a case. I'’d say we’re receptive, if a case arises, that we would litigate."

What Rosenstein didn't note, however, is that the DOJ and its related agencies, including the FBI, are not taking encryption lying down.

The FBI maintains an office, known as the National Domestic Communications Assistance Center (NDCAC), which actively provides technical assistance to local law enforcement in high profile cases.

In its most recently published minutes from May 2017, the NDCAC said that one of its goals is to make such commercial tools, like Cellebrite's services, "more widely available" to state and local law enforcement. Earlier this year, the NDCAC provided money to Miami authorities to pay Cellebrite to successfully get into a seized iPhone in a local sextortion case.

“Unreasonable”

In the interview, Rosenstein also said he "favors strong encryption."

"I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption."

"This is, obviously, a related issue, but it's distinct, which is, what about cases where people are using electronic media to commit crimes? Having access to those devices is going to be critical to have evidence that we can present in court to prove the crime. I understand why some people merge the issues. I understand that they're related. But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here."

He later added that the claim that the "absolutist position" that strong encryption should be by definition, unbreakable, is "unreasonable."

"And I think it's necessary to weigh law enforcement equities in appropriate cases against the interest in security," he said.

Poison the well

The DOJ's position runs counter to the consensus of information security experts, who say that it is impossible to build the strongest encryption system possible that would also allow the government access under certain conditions.

"Of course, criminals and terrorists have used, are using, and will use encryption to hide their planning from the authorities, just as they will use many aspects of society's capabilities and infrastructure: cars, restaurants, telecommunications," Bruce Schneier, a well-known cryptographer, wrote last year.

"In general, we recognize that such things can be used by both honest and dishonest people. Society thrives nonetheless because the honest so outnumber the dishonest. Compare this with the tactic of secretly poisoning all the food at a restaurant. Yes, we might get lucky and poison a terrorist before he strikes, but we'll harm all the innocent customers in the process. Weakening encryption for everyone is harmful in exactly the same way."

Rosenstein closed his interview by noting that he understands re-engineering encryption to accommodate government may make it weaker.

"And I think that's a legitimate issue that we can debate—how much risk are we willing to take in return for the reward?" he said.

"My point is simply that I think somebody needs to consider what's on the other side of the balance. There is a cost to having impregnable security, and we've talked about some of the aspects of that. The cost is that criminals are going to be able to get away with stuff, and that's going to prevent us in law enforcement from holding them accountable."
https://arstechnica.com/tech-policy/...-unreasonable/





Smartphones in Egypt Bring Biting Humor but Also Scrutiny
Declan Walsh

How do New York Times journalists use technology in their jobs and in their personal lives? Declan Walsh, The Times’s Cairo bureau chief, discussed the tech he’s using.

What tech is most important for you to do your job as our correspondent in Egypt?

A dented, screen-cracked iPhone is the center of my work. When I started out as a foreign correspondent 18 years ago, in Kenya, I carried a small satchel that held a tape recorder, a camera, an address book, a map and perhaps a shortwave radio. Today all of that has been squeezed into the thin black slab in my pocket.

It taped an interview with the leader of Hamas. It shot video and pictures as I drove across Syria. It has helped me navigate the back streets of Cairo, and then hails a cab ride home. It hasn’t, however, replaced pen and paper, although the stack of notebooks on my desk is gradually shrinking. I type faster into my Times-issue 13-inch MacBook Air than I can write. But I’ve come to realize that’s not always a plus: Slow and messy as it is, taking interview notes by hand makes you listen harder, and edit your notes as you go along.

The other key thing is secure communications. With so many Egyptians in jail, and many others at risk of arrest, encrypted apps like WhatsApp and Signal have become indispensable tools. The Egyptian police detained dozens of gay people recently, so when I called an activist to set up an interview, it was through an encrypted app. If I’d called on a regular line, he would have hung up. Apart from that, digital lines are simply better quality.

The Slack messaging app is replacing email as the way Times correspondents communicate with their editors, especially as our operation has spread out across the world. We might work with editors in London, New York or Hong Kong, depending on the story and the time of day.

Equally important, you need to know when to put all that technology away. In the more paranoid corners of the Middle East, pulling out a glowing laptop in public is not a great idea.

How is connectivity in Cairo and in the region when you travel on assignment?

The internet can be teeth-grindingly slow in Egypt, to the point of me yelling, ridiculously, at the screen on deadline.

In 2016, Egypt ranked 146th out of 150 countries for fixed broadband download speeds, according to Speedtest. The only worse country in North Africa was war-torn Libya. It’s surprising given that a major data cable, linking hundreds of millions of users, passes through one sleepy Egyptian village. The problem stems from a lack of investment in telecommunications infrastructure locally since the Arab Spring in 2011 and stifling state monopolies.

We get around this with dongles connected to the 4G cellphone network, which is better, if not perfect. In conflict zones like Libya, where I covered an offensive against the Islamic State last year, I turn to my BGAN satellite data terminal and a Thuraya satellite phone.

But increasingly there is at least patchy cellphone coverage in even the more dangerous places, such as during the battle for Aleppo, Syria, last year. That brings an immediacy that I once found jarring: the power to FaceTime with your mom, for instance, from a battlefront. But now that feels normal, and choices are dictated less by technology than by what simply feels right.

Are Egyptians joined at the hip with their smartphones?

Egyptians adore their smartphones. People have crazy-looking cases and a range of dramatic ringtones — Quranic verses for conservatives, melodramatic pop tunes for everyone else. Lionel Richie’s “Hello” and anything by Celine Dion are very popular.

The flip side to the smartphone mania is that it also inspires deep paranoia among the police and some ordinary citizens, known popularly here as “honorable citizens.” I know people who’ve been threatened with arrest for taking a photo of the Suez Canal (after the pyramids, one of Egypt’s most famous features). A photographer friend was admonished by an “honorable citizen” for trying to take a photo of the Nile with her phone. He accused her of being a spy.

What are the favorite apps or gadgets in Egypt? Are people on Facebook and using Google and Uber?

Egypt has the largest community of Facebook users in the Arab world. It’s a huge part of many people’s lives, at a time when the public square is dramatically shrinking. Since President Abdel Fattah el-Sisi came to power in 2013, protest has been outlawed and the news media is largely in thrall to the government. So people turn to social media to talk politics, mock their leaders and hunt for independent news. If Mr. Sisi makes a slip-up on television, there will unfailingly be a flurry of mocking memes flying about on Facebook within hours. It can be funny, dark or both — jokes about the country’s pitiful human rights record, for instance.

It’s not just Western apps. Anghami is the Arab version of Spotify, Souq.com is the big online retailer (and was bought by Amazon this year), and there’s a host of apps that tell pious Muslims when to pray or that help them to read the Quran.

On the streets of Cairo, Uber and Careem, a ride-sharing app that concentrates on the Middle East, are slugging it out for market share. As a result, cab rides can be ridiculously cheap — just a few dollars to cross town.

How does the Egyptian government treat tech like social media and Western apps?

With wariness and frequent hostility.

Egyptian officials closely monitor Facebook, Twitter and other social media sites, and posting an irreverent comment can land a user in court or in jail. A young army conscript is serving a three-year sentence for posting a photo of Mr. Sisi with a pair of Mickey Mouse ears. Since May, the government has banned over 400 websites, including Human Rights Watch, the Egyptian news site Mada Masr and, bizarrely, Medium. Earlier this year, I discovered the security services were seeking access to real-time information about ride-sharing customers — once known inside Uber as “God View” — through the Uber and Careem apps.

All told, it’s a pretty grim picture.

Beyond your job, what tech product do you love using in your daily life right now and why?

I love my Bose noise-canceling Bluetooth headphones, but the most satisfying tech product I’ve started using is one that cancels out the rest. A smart little alarm clock by the French designer Philippe Tabet sits on my bedside table, and means that I no longer need my smartphone to wake me up.

With the phone banished to another room, I can’t mindlessly scroll Twitter or Instagram at 8 o’clock in the morning, and I enjoy a tiny window of mental peace. If Times editors need me urgently, they can still call my land line. Sometimes, the old-fashioned tech is best.
https://www.nytimes.com/2017/11/08/t...ogy-egypt.html





How Cloudflare Uses Lava Lamps to Encrypt the Internet

Cloudflare's encryption secret? Gelatinous floating blobs.
Charlie Osborne

Cloudflare has revealed an interesting way to ensure randomness when generating encryption keys -- lava lamps.

Cloudflare is a DNS service which also offers distributed denial-of-service (DDoS) attack protection, security, free SSL, encryption, and domain name services.

Encryption is a hot topic today. While law enforcement often clashes with technology providers over backdoors and strong encryption getting in the way of cracking criminal cases, online, encryption can keep communication, payments, and accounts secure.

Cloudflare is known for providing good standards of encryption, but it seems the secret is out -- this reputation is built in part on lava lamps.

As first reported by Gizmodo, YouTuber Tom Scott was able to visit the San Francisco headquarters of the company in order to gaze at a wall of 100 lava lamps -- most often found in child bedrooms -- which were mounted at the office.

Roughly 10 percent of the Internet's traffic passes through Cloudflare, and as the firm deals with so much encrypted traffic, many random numbers are required.

According to Nick Sullivan, Cloudfare's head of cryptography, this is where the lava lamps shine.

Instead of relying on code to generate these numbers for cryptographic purposes, the lava lamps and the random lights, swirling blobs and movements are recorded and photographs are taken.

This footage is then turned into a "stream of random, unpredictable bytes," according to Sullivan.

"This unpredictable data is what we use to help create the keys that encrypt the traffic that flows through Cloudflare's network," the executive added.

The information is then fed into a data center and Linux kernels which then seed random number generators used to create keys to encrypt traffic.

"Every time you take a picture with a camera there's going to be some sort of static, some sort of noise," Sullivan said. "So it's not only just where the bubbles are flowing through the lava lamp; it is the state of the air, the ambient light -- every tiny change impacts the stream of data."

This is not the only way that Cloudflare generates randomness. In the firm's London office, there is something called a "chaotic pendulum" which has three components that unpredictably twist and turn together, and in Singapore, the company uses a radioactive source.

Whether or not anything is truly random is up for debate, but the more random a cryptographic key, the more difficult it is to brute-force, guess, or crack -- especially if you use out-of-the-box ideas like lava lamp movements which are almost impossible to replicate.

Check out the lamps in action below.
http://www.zdnet.com/article/how-lav...-the-internet/





BitTorrent Inventor Announces Eco-Friendly Bitcoin Competitor Chia
Josh Constine

A bitcoin transaction wastes as much electricity as it takes to power an American home for a week, and legendary coder Bram Cohen wants to fix that. And considering he invented the ubiquitous peer-to-peer file transfer protocol BitTorrent, you should take him seriously.

Cohen has just started a new company called Chia Network that will launch a cryptocurrency based on proofs of time and storage rather than bitcoin’s electricity-burning proofs of work. Essentially, Chia will harness cheap and abundant unused storage space on hard drives to verify its blockchain.

“The idea is to make a better bitcoin, to fix the centralization problems” Cohen tells me. The two main issues he sees in bitcoin are in environmental impact and the instability that arises from the few bitcoin miners with the cheapest access to electricity exerting outsized influence.

Chia aims to solve both.

Bitcoin uses proofs of work to verify the blockchain. That’s because it’s prohibitively expensive to make a fake blockchain as it wouldn’t have as much work demonstrated as the real one. But over time that’s given a massive advantage in collecting the incentives for mining bitcoin to those who operate close to low-cost electricity and naturally chill air to cool the mining rigs.

Chia instead relies on proofs of space in file storage, which people often already have and can use for no additional cost. It combines this with proofs of time that disarm a wide array of attacks to which proofs of space are susceptible.

“I’m not the first person to come up with this idea,” says Cohen, but actually implementing requires the kind of advanced computer science he specializes in.

After inventing torrenting in the early 2000s and briefly working on Steam for Valve, Cohen had been at BitTorrent building a new protocol for peer-to-peer live video transfer. But mismanagement on the business side caused the company to implode. Now it’s limping along, and Cohen says “it doesn’t need me day-to-day.” So while he’s still on the board, he left in early August to start Chia Network.

Cohen has teamed up with early bitcoin exchange Tradehill’s COO Ryan Singer and they’ve raised a seed round for Chia to ramp up hiring. Cohen wouldn’t say how much it had raised, laughing that, “I’m not sure how much we want to announce right now, but it was a very hot round.” The goal is do some early sales of Chia in Q2 2018, with a full launch of its cryptocurrency by the end of 2018, though Cohen says that’s a stretch goal.

Cohen is a brilliant technologist, but it will take more than that to convince people to switch over from bitcoin to Chia. He tells me the plan for Chia is “do some smarter things about its legal status and do a bunch of technical fixes that you can do when starting from scratch.”

It’s too early to guess how this will all play out, but at least someone is trying to address the ecological impact of cryptocurrency instead of just complaining about it. Cohen seems excited though. “It’s technically ambitious and there’s a big meaty chunk of work to do. I’ve done enough raising money and recruiting. Now for the real work.”
https://techcrunch.com/2017/11/08/ch...ryptocurrency/





Billionaire ex-Facebook President Sean Parker Unloads on Mark Zuckerberg and Admits He Helped Build a Monster
Rob Price

• Facebook's first president, Sean Parker, has been sharply critical of the social network, accusing it of exploiting human "vulnerability."
• "God only knows what it's doing to our children's brains," he said.
• His comments are part of a wave of tech figures expressing disillusionment and concern about the products they helped build.

Sean Parker, the first president of Facebook, has a disturbing warning about the social network: "God only knows what it's doing to our children's brains."

Speaking to the news website Axios, the entrepreneur and executive talked openly about what he perceives as the dangers of social media and how it exploits human "vulnerability."

"The thought process that went into building these applications, Facebook being the first of them ... was all about: 'How do we consume as much of your time and conscious attention as possible?'" said Parker, who joined Facebook in 2004, when it was less than a year old.

"And that means that we need to sort of give you a little dopamine hit every once in a while, because someone liked or commented on a photo or a post or whatever," he told Axios. "And that's going to get you to contribute more content, and that's going to get you ... more likes and comments."

Parker added: "It's a social-validation feedback loop ... exactly the kind of thing that a hacker like myself would come up with, because you're exploiting a vulnerability in human psychology."

"The inventors, creators — it's me, it's Mark [Zuckerberg], it's Kevin Systrom on Instagram, it's all of these people — understood this consciously," he said. "And we did it anyway."

Facebook did not immediately respond to Business Insider's request for comment.

Some in tech are growing disillusioned — and worried

Parker isn't the only tech figure to express disillusionment and worry by what they helped create. Tristan Harris, a former Google employee, has been outspoken in his criticism of how tech companies' products hijack users' minds.

"If you're an app, how do you keep people hooked? Turn yourself into a slot machine," he wrote in a widely shared Medium post in 2016.

"We need our smartphones, notifications screens and web browsers to be exoskeletons for our minds and interpersonal relationships that put our values, not our impulses, first," he continued. "People's time is valuable. And we should protect it with the same rigor as privacy and other digital rights."

In a recent feature, The Guardian spoke to tech workers and industry figures who have been critical of Silicon Valley business practices.

Loren Brichter, the designer who created the slot-machine-like pull-down-to-refresh mechanism now widely used on smartphones, said, "I've spent many hours and weeks and months and years thinking about whether anything I've done has made a net positive impact on society or humanity at all."

Brichter added: "Pull-to-refresh is addictive. Twitter is addictive. These are not good things. When I was working on them, it was not something I was mature enough to think about. I'm not saying I'm mature now, but I'm a little bit more mature, and I regret the downsides."

And Roger McNamee, an investor in Facebook and Google, told The Guardian: "The people who run Facebook and Google are good people, whose well-intentioned strategies have led to horrific unintended consequences ... The problem is that there is nothing the companies can do to address the harm unless they abandon their current advertising models."

The comments from Parker and others are further evidence of souring public sentiment about Silicon Valley. Once lauded in utopian terms, companies like Facebook have now come under heavy criticism over their role in the spread of "fake news" and Russian propaganda.
http://www.businessinsider.com/ex-fa...bility-2017-11





MINIX: Intel's Hidden in-Chip Operating System

Buried deep inside your computer's Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It's slow, hard to get at, and insecure as insecure can be.
Steven J. Vaughan-Nichols

The processor market is heating up once again, with AMD and Intel back to having "core and speed" wars. But if the latest leak is accurate, Intel's next-generation silicon is likely to be out of most people's budget.

Maybe you're not paranoid. Maybe they are out to get you. Ronald Minnich, a Google software engineer, who discovered a hidden MINIX operating system inside "kind of a billion machines" using Intel processors, might agree with this.

Why? Let's start with what. Matthew Garrett, the well-known Linux and security developer who works for Google, explained recently that, "Intel chipsets for some years have included a Management Engine [ME], a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT [Active Management Technology] is another piece of software running on the ME."

In May, we found out that AMT had a major security flaw, which had been in there for nine -- count 'em -- nine years.

"Fixing this requires a system firmware update in order to provide new ME firmware (including an updated copy of the AMT code)," Garrett wrote. "Many of the affected machines are no longer receiving firmware updates from their manufacturers, and so will probably never get a fix," he said. "Anyone who ever enables AMT on one of these devices will be vulnerable."

Quick! How many of you patched your PC or server's chip firmware? Right. Darn few of you. That's bad. It's not every processor, but if you or your hardware vendor has "explicitly enabled AMT", your machine is still vulnerable to attack.

The Electronic Frontier Foundation (EFF) has called for Intel to provide a way for users to disable ME. Russian researchers have found a way to disable ME after the hardware has initialized, and the main processor has started. That doesn't really help much. ME is already running by then.

But Minnich found that what's going on within the chip is even more troubling. At a presentation at Embedded Linux Conference Europe, he reported that systems using Intel chips that have AMT, are running MINIX.

If you learned about operating systems in the late '80s and early '90s, you knew MINIX as Andrew S Tanenbaum's educational Unix-like operating system. It was used to teach operating system principles. Today, it's best known as the OS that inspired Linus Torvalds to create Linux.

So, what's it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don't know exactly what version or how it's been modified since we don't have the source code. We do know that with it there:

• Neither Linux nor any other operating system have final control of the x86 platform
• Between the operating system and the hardware are at least 2 ½ OS kernels (MINIX and UEFI)
• These are proprietary and (perhaps not surprisingly) exploit-friendly
• And the exploits can persist, i.e. be written to FLASH, and you can't fix that

In addition, thanks to Minnich and his fellow researchers' work, MINIX is running on three separate x86 cores on modern chips. There, it's running:

• TCP/IP networking stacks (4 and 6)
• File systems
• Drivers (disk, net, USB, mouse)
• Web servers

MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings.

And, for even more fun, it "can implement self-modifying code that can persist across power cycles". So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in.

How? MINIX can do all this because it runs at a fundamentally lower level.

x86-based computers run their software at different privilege levels or "rings". Your programs run at ring three, and they have the least access to the hardware. The lower the number your program runs at, the more access they have to the hardware. Rings two and one don't tend to be used. Operating systems run on ring zero. Bare-metal hypervisors, such as Xen, run on ring -1. Unified Extensible Firmware Interface (UEFI) runs on ring -2. MINIX? It runs on ring -3.

You can't see it. You can't control it. It's just humming away there, running your computer. The result, according to Minnich is "there are big giant holes that people can drive exploits through." He continued, "Are you scared yet? If you're not scared yet, maybe I didn't explain it very well, because I sure am scared."

What's the solution? Well, it's not "Switch to AMD chips". Once, AMD chips didn't have this kind of mystery code hidden inside it, but even the latest Ryzen processors are not totally open. They include the AMD platform security process and that's also a mysterious black box.

What Minnich would like to see happen is for Intel to dump its MINIX code and use an open-source Linux-based firmware. This would be much more secure. The current software is only secured by "security by obscurity".

Changing to Linux would also enable servers to boot much faster. According to Minnich, booting an Open Compute Project (OCP) Server takes eight minutes thanks to MINIX's primitive drivers. With Linux it would take less than 17 seconds to get to a shell prompt. That's a speedup of 32 times.

There's no reason not to make this improvement. Minnich noted, "There are probably 30 million-plus Chromebooks out there and when your Chromebook gets a new BIOS, a new Linux image is flashed to firmware and I haven't heard of any problems."

Specifically, Minnich proposes that Intel, and AMD for that matter:

• Make firmware less capable of doing harm
• Make its actions more visible
• Remove as many runtime components as possible
• In particular, take away its web server and IP stack
• Remove the UEFI IP stack and other drivers
• Remove ME/UEFI self-reflash capability
• Let Linux manage flash updates

Over this, the new Linux firmware would have a userspace written in Go. Users would work with this Linux shell using familiar commands. This would give them a clear view of what was happening with the CPU and other system components.

At the same time, since UEFI is so easy to hack, he wants the "UEFI ROM reduced to its most basic parts".

Will this work? It's still early days, Minnich warned, and you may turn "your laptop into a brick". But both for security and performance, it needs doing.

It's neat that an obscure Unix like MINIX, thanks to Intel putting it on multiple cores in its chips, may be the world's most widely used operating system. But it's no way to run modern servers and PCs.
http://www.zdnet.com/article/diy-it-...ays-something/





Researchers Find Almost EVERY Computer with an Intel Skylake and Above CPU Can be Owned Via USB
Matthew Hughes

The Intel Management Engine (IME) is a component of virtually every Intel CPU released after 2008. Think of it as a CPU on top of a CPU; it does tasks separate from the main operating system while the computer is in use. Intel argues that it can be used to do remote administration tasks, although the likes of the EFF have long argued that having a “black box” that can control networking and hardware, even when the computer is switched off, represents a major security and privacy risk.

Turns out they were right. Security firm Positive Technologies reports being able to execute unsigned code on computers running the IME through USB. The fully fleshed-out details of the attack are yet to be known, but from what we know, it’s bad.

Essentially, the IME is linked to JTAG (Joint Test Action Group) debugging ports. USB ports also use JTAG. For this attack, Positive Technologies figured how to bridge the gap, although as previously mentioned, they haven’t gone into specifics of how. Yikes.

Fortunately, this particular attack vector only affects Skylake and above CPUs, although, like I said, pretty much every Intel CPU released after 2008 includes the Intel Management Engine.

This isn’t the first time that researchers have uncovered substantial security issues in the IME. This time around, the main issue is that it’s exploitable via USB, which is a common attack vector. The Stuxnet malware, for example, which was credited with temporarily interfering with Iran’s nuclear program, was initially spread via infected USB sticks deliberately dropped on the ground.

Here, we can perceivably imagine an adversary gaining “godmode” on a computer by using the same tactic — because, let’s face it, if someone finds a flash drive on the floor, they’ll probably plug it in.

Frustratingly, it’s impossible to remove the Intel Management Engine entirely. It’s a physical component, baked into the heart of your computer’s CPU. It is, however, possible to switch out the IME’s firmware, essentially neutering it.

Interestingly, there’s growing a niche for computers without the technology. One San Francisco company, Purism, sells laptops without IME. When reached for comment, Purism’s founder and CEO Todd Weaver, said, “The Intel ME, long theorized to be the scariest of threats is no longer is just theory. Having access to any Intel machine just above hardware and lower than all software means an attacker or criminal has complete control over everything; encrypted storage, secret keys, passwords, financial details, everything on your computer or that your computer does. All the things you hoped were safe are not.”

“Purism previously disabled the Management Engine in our laptops because we knew it was only a matter of time before this theoretical threat became reality. Purism is the only company to ship laptops with the ME disabled by default, and we invest in security enhancements on our hardware, benefiting users around the globe,” he added.
https://thenextweb.com/security/2017...owned-via-usb/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

November 4th, October 28th, October 21st, October 14th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Old 08-11-17, 10:22 AM   #2
Bright Eyes
Global Security Octopus
 
Bright Eyes's Avatar
 
Join Date: Apr 2000
Location: In the 1960s
Posts: 621
Default

I've only now discovered that napsterites has been restored. Thank you for continuing these weekly news stories.
__________________
Hippopotomonstrosesquippedaliophobia is the fear of long words.

This is the Century of the Insane.
Bright Eyes is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - November 24th, '12 JackSpratts Peer to Peer 0 21-11-12 09:20 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 02:43 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)