P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 25-02-15, 08:09 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - February 28th, '15

Since 2002


































"The Internet is simply too important to allow broadband providers to be the ones making the rules." – FCC Chairman Tom Wheeler


"Inhibiting law enforcement’s rights are second to protecting mine!" – Florida Circuit Court Judge Frank Sheffield


"We started it. We're at the forefront of litigation in copyright infringement cases across the county." – Paul Nicoletti






































February 28th, 2015




Pirate Bay vs. Kickass Torrents: Which File-Sharing Site Is Tops For Safety?
James Geddes

One of the biggest potential drawbacks to file sharing is the potential for downloading a hidden virus or malware. Of the top two torrent sites, The Pirate Bay and Kickass Torrents, is one safer than the other for downloading files?

The Pirate Bay and Kickass Torrents are the top two torrent sites in the world right now, and both have thousands upon thousands of torrents allowing users access to files of music, movies, TV shows, games, software and more. Many of the torrent files that are available on one site are also featured on the other, although there is some exclusive content on each. Is one site safer than the other, and how can file sharers protect themselves from unwanted viruses and malware?

Both The Pirate Bay and Kickass Torrents are open to public use. That means, unlike some other torrent sites which require membership, they allow anyone to access their sites, and registration is optional. Both sites have systems in place to monitor uploads so that torrents that contain fake files, viruses and malware can be removed. Moderators are employed by both sites to verify the legitimacy of the torrent files that are uploaded, and certain trusted uploaders are also specified so that torrents uploaded by them can be downloaded and considered safe by users.

On Kickass Torrents, those torrents which have either been specifically verified by moderators or uploaded by a Verified Uploader are considered Verified Torrents and are awarded a three-pointed crown symbol which appears next to all Verified Torrents.

The Pirate Bay employs a three-tier grading system consisting of colored skulls which indicate the level of trustworthiness of a torrent. Green is the highest level of trust, called "VIP," pink is the next highest level or "Trusted," and blue is the third level of trust, called "Helper." Green and pink torrents are generally considered to have little to no safety risk, while those designated with blue are considered safe but are slightly more questionable.

While The Pirate Bay employs a more specific grading system, anecdotal reports from users on the web seem to indicate the torrents on Kickass are slightly safer overall. As long as users stick to verified torrents on either site, however, the chances of picking up a virus or malware is slight. It is not recommended that users download unverified torrents from either site. Often a torrent may be unverified simply because it is newly posted and has not yet been checked, so you can always check back later to see if a previously unverified torrent has been approved.

Recently, a big controversy ensued when The Pirate Bay finally returned sans many of the former moderators who once kept the site relatively safe for downloaders. The former moderators actually warned users not to trust the new version of the site and claimed there were hundreds of "bad" torrents lurking on the resurrected version of the site. The site operators and former moderators have made peace, however, and many of the former moderators were allowed to return and clean up The Pirate Bay.

While the best bet for users is to only download verified torrents, that doesn't mean viruses and malware can't still slip through the cracks and still appear in files which are listed as trusted. That's why, in the next part of our series, we'll give additional tips and precautions file-sharers can use to further protect themselves from unwanted malware or viruses.
http://www.techtimes.com/articles/34...-the-world.htm





Steven Seagal Film at Center of Internet Piracy Showdown with Michigan BitTorrent Users
RJ Wolcott

Ask anyone who grew up with the advent of the Internet age if they've ever illegally downloaded copyrighted material and you're likely to receive a stumbling, sheepish admission of one-time mistakes or youthful indiscretion.

But for those who continue to amass collections of pirated materials, questions from Internet service providers, or ISPs, as well as threats of legal action, could be on the way.

That's according to Paul Nicoletti, an attorney in Birmingham, Mich. who said his firm has been on the forefront of Internet copyright litigation for a number of years.

"We started it. We're at the forefront of litigation in copyright infringement cases across the county," Nicoletti said.

Since January, his firm, Nicoletti Law PLC, has filed suit against 12 area residents in West Michigan's District Court on behalf of Good Man Productions, copyright holder of the film "A Good Man".

In court documents, Nicoletti notes IP address holders found to have downloaded or distributed copywritten material could be subject to hundreds of thousands of dollars in fines.

Representing producers holding copyright on everything from adult movies to Academy Award-winning films, Nicoletti said his clients are going on the offensive against intellectual property thieves.

A question of motivation

The film at the center of this recent round of litigation is 2014's "A Good Man," which released on DVD and via online streaming services on Aug. 19, 2014.

Starting action star and Lansing-born actor Steven Seagal, the film had an estimated budget of $7 million and was shot on location in Bucharest, Romania, according to the Internet Movie Database, or IMDB.

The film's copyright owners maintain piracy is hurting them financially, and have stepped up efforts to obtain financial compensation. To that end, the Los Angeles-based production company has filed 127 suits against alleged copyright violators nationwide since November 2014, according to court records.

But Eric Misterovich, an attorney with Revision Legal PLLC in Traverse City, says copyright holders who take individuals to court may be using the legal system as a way to make money.

To that end, Misterovich said the vast majority of these sorts of cases end in settlement, with defendants electing to pay a few thousand dollars in compensation, depending on the amount of material infringed.

"It's almost like a business model at times," Misterovich said. "Settling is much easier and cheaper than fighting the charges for most defendants."

If they ignore the requests, or fight and lose, Misterovich said individuals could be fined as much as $150,000 per movie, and may also be subject to a plaintiff's attorney fees.

Rebuffing critics, Nicoletti maintains his clients are simply trying to stop pirates from stealing and distributing their property. Much like knockoff Gucci or Nike goods manufacturers are brought to court, so to should online pirates be held accountable for their lawbreaking behavior, Nicoletti said.

Using an outside company to establish a link between IP addresses and copywritten material, plaintiffs have been able to identify pirates with near certainty, Nicoletti said. Though there have been cases where service providers haven't been able to identify suspects, the method proves effective in more than 90 percent of cases, Nicoletti said. If identified, defendants are asked to provide any computers or hard drives for forensic examination.

From Napster to BitTorrent

Noting the first major case study in how copyright holders dealt with infringement came with Napster, Nicoletti observed many in the music industry were initially hesitant to use legal recourse.

With the rise and fall of numerous pirating platforms, Nicoletti said the producers he represents are no longer tolerating the loss of profits as a direct result of online piracy.

Today, modern pirates use services like BitTorrent, which enables peer-to-peer file sharing between users. Able to exchange large files easily, pirates have flocked to the service in the last few years, with websites like The Pirate Bay rising to fame as a means of making acquisition easier, producers contend.

Striking back, Nicoletti and the clients he represents are bringing lawsuits against many violators, including West Michigan residents. Since November of 2014, Nicoletti has issued 14 complaints against violators alone for Good Man Productions in defense of their film, with no plans of slowing down.

Nicoletti's clients also include copyright holders of the award-winning "Dallas Buyers Club", as well as Malibu Media, a Los Angeles-based erotic film production outfit, which operates the site X-Art.com. He also said has represented clients in courts across the country, including in Florida and Indiana.

Both clients have sought compensation from West Michigan-area residents in the past, and Nicoletti said more charges against copyright violators are on the way. Malibu Media is considered by industry experts to be a leader in bringing copyright violators to court, issuing more than 3,000 suits in the past three years alone, records show.

While critics have accused his clients of unethical practices, Nicoletti said plaintiffs are all legitimate copyright holders defending their work.

In this latest round of filings, Good Man Productions is listed as the plaintiff, while defendants are initially listed by their IP address, a series of numbers issued by Internet providers, which are considered traceable to end users, Nicoletti said.

After appealing to a judge to begin discovery, Internet service providers like Comcast can be subpoenaed to notify users they are being prosecuted for copyright infringement, as well as being asked to provide user contact information.

Scavenging the digital landscape for lawbreakers necessitates a relationship between plaintiffs and service providers, Nicoletti maintains.

Does an IP equal a person?

Discussing past cases, Nicoletti said defendants almost always attempt to say they are not the owners of the computers in question.

"In virtually every case, the defendant says the IP address isn't theirs, that someone must have hacked them or it was a neighbor or roommate who downloaded the movie," he said.

In all but a few cases he could recall, a forensic investigator has been able to find copywritten material from plaintiffs. In one of these cases, Nicoletti's investigator Patrick Paige was handed a recently-wiped hard drive, while another defendant elected to take a more direct approach, burning the device in question.

But according to Misterovich, the ability to definitively connect IPs, otherwise known as Internet addresses, to users has proven difficult in other cases.

"An IP address doesn't necessarily equal a person in all cases," Misterovich said.
In handling hundreds of calls related to intellectual property across the county, the attorney said many aren't sure how to proceed once they receive a letter from their Internet providers.

Often under the impression the letters are fake, defendants to their own detriment will ignore requests, or fail to consult a lawyer and settle quickly, Misterovich said.

If you do receive such correspondence, both attorneys' advised contacting a lawyer. Misterovich added that even though the cases are often time-consuming and thus expensive, he maintained many are winnable.

When asked about the number of lawsuits he expects to file in the coming months, Nicoletti said he wasn't able to say the exact amount, offering only that more are on the way.
http://www.mlive.com/news/grand-rapi...seagal_fi.html





The White House Doesn't Want You to Know the TPP's Looming Effects on U.S. Copyright Laws
Maira Sutton

As the White House doubles down on its attempt to pass legislation to fast track secret trade agreements like the Trans-Pacific Partnership (TPP) agreement, their oft-repeated refrain about these deals' digital copyright enforcement provisions is that these policies would not alter U.S. law. In a 2013 interview, US Trade Representative said this about the TPP's copyright provisions:

what we have in there are things that are already in U.S. law about making sure, whether it is copyright or other protections, are fully enforced around the world.

But such claims are very misleading. Leaked texts have confirmed again and again that the TPP contains Hollywood's wish list of anti-user policies—the result of years of lobbying and schmoozing with trade delegates. What they want is the most restrictive interpretation of U.S. policy to become the international "norm" by which all other TPP countries will be forced to conform their national laws. This does not mean that the TPP exactly mirrors the language of U.S. copyright rules, namely, the Digital Millennium Copyright Act (DMCA). It's that the policies are abstracted enough so that U.S. law could still be compliant with them, while the other nations could be pressured to enact harsher restrictions.

What the White House never seems to mention is how U.S. lawmakers are in the process of conducting a comprehensive review of its own innovation policies. Congress, led by Rep. Bob Goodlatte, has held hearings on various aspects of U.S. copyright rules for close to two years. This followed a speech by the Register of Copyrights, Maria Pallante, who recommended various reforms to U.S. copyright rules, including shortening the term of copyright by twenty years (unless the copyright is renewed). President Obama, meanwhile, is still proposing provisions in the TPP that would lock us into existing, broken rules.

Let's check out some of the provisions from the latest leaked version of the TPP's Intellectual Property chapter, and identify some of the language that could be expanded to become more restrictive, or simply lock us into rules that are in serious need of reform.

Excessive Copyright Terms

TPP will require all signatory nations to adopt at least the United States' current copyright term, which is the life of the author plus 70 years—the term created by the Sonny Bono Copyright Term Extension Act of 1998. As we mentioned above, U.S. officials are already calling to shorten the automatic term of protection to the length outlined in the Berne Convention, passed in 1886, which set it at a minimum of the life of the author plus 50 years. So the TPP's requirements go beyond the Berne Convention’s requirement. If adopted in the final agreement—which seems very likely—countries will be forced to mirror the United States' excessive lengths that resulted from heavy lobbying from Hollywood (particularly Disney). And Congress could be dissuaded from reducing copyright terms. It is wrong for the White House to push for these terms when we may have the chance to shorten them, especially in light of growing evidence that such long terms harm people's ability to access to knowledge and culture.

Criminalizing DRM Circumvention

The TPP almost completely mirrors US law criminalizing acts of getting around DRM (aka technological protection measures, which is what it's called in international legal instruments). As we know from years of experiencing the adverse effects of DRM anti-circumvention rules, our system needs drastic reform here in the United States for a raft of reasons—including allowing users full access to content they have paid for, allowing archival of our digital heritage, and ensuring that users can repair their devices and keep them secure. It would be a huge mistake to lock us into policies that harm free speech, innovation, privacy, and access to knowledge.

Internet Service Providers (ISP) Liability

This portion of the agreement is still controversial (at least it was in May 2014 when the last leaked draft was written) so it's hard to say what the final provisions will look like. U.S. safe harbor rules, which limit the liability that intermediaries like ISPs and websites shoulder for their users, have been crucial to enabling new platforms and services to thrive in the United States. However, the safe harbor rules have not been without problems. Our Takedown Hall of Shame documents just a few examples of Internet services that have been forced to take down, block, or filter important and legal content, because they fear the consequences of not going far enough to respond to infringement accusations. This is another area where we ought to learn from the deficiencies of the U.S. system to inform us and pass better rules, and yet again, the White House is seeking to lock us into a flawed system.

Criminal Penalties for File Sharing

Like U.S. law, the TPP has a dangerously low threshold for criminal copyright infringement where even non-commercial acts can be criminally prosecuted. But the TPP's criminal penalty provisions diverges from U.S. law in several ways. The TPP calls for a vague requirement that prison sentences and monetary fines must be "sufficiently high" to deter people from infringing again. That provision could lead to pressure to increase already high penalties. Also, U.S. law has a more specific definition of property that can be subject to seizure, while the TPP would enable authorities to seize a broader category of "materials and implements" related to the alleged infringing activity.

Fair Use: The TPP does not contain rules like the United States' flexible fair use regime. Although the agreement now suggests a "three-step test" for copyright exceptions and limitations, that test might limit the scope of copyright exceptions The language in the TPP could even be used to constrain fair use, or discourage new specific exceptions and limitations passed legislatively or through court precedents.

Criminalization of Investigative Journalism and Whistleblowing

The most recent leak of the TPP's Intellectual Property chapter revealed some of the most atrocious, human-rights-violating provisions we had seen yet. If it remains as written, these trade secret rules could be used to enact new laws to crackdown on whistleblowers and journalists. In many ways this echoes provisions in the Computer Fraud and Abuse Act (CFAA), which was used to charge Aaron Swartz with heavy-handed criminal penalties for accessing and downloading articles from the research database, JSTOR. EFF is already working to reform the CFAA, and yet the TPP contains trade secret provisions that could be used to expand state efforts to crack down on journalists using the Internet to expose corporate wrongdoing.

All of these examples illustrate that when the White House claims that the TPP's rules would not change US law, they are being disingenuous at best. Even where its provisions do not explicitly require U.S. lawmakers to pass new law, TPP is a scheme to make more restrictive rules the international standard. Lobbyists for entertainment companies use the secretive trade negotiation process to enact their vision of more draconian, anti-innovation copyright law, and then use those trade agreements to move domestic law and policy in the wring direction. This kind of shady, undemocratic international policy laundering scheme has been going on for over two decades. This is why we need to stop TPP and put an end to copyright creep.
https://www.eff.org/deeplinks/2015/0...copyright-laws





Congress Is Poised to Introduce a Bill to Fast Track TPP so It's Time to Act Now
Maira Sutton

The Trans-Pacific Partnership (TPP) talks are stalling while the White House assures its trading partners that this secret trade agreement won't be amended when it comes back to Congress for ratification after the President signs the deal. That's why the Executive is scrambling to get its allies in Congress to pass Fast Track. If they succeed, the U.S. Trade Representative can block remaining opportunities for the examination of the TPP's provisions by lawmakers who could ensure that this secret deal does not contain expansive copyright rules that would lock the U.S. into broken copyright rules that are already in bad need of reform.

The Fast Track bill is likely going to be introduced as early as next week—so it's time to speak out now. Congress needs to hear from their constituents that we expect them to hold the White House accountable for the TPP's restrictive digital policies. Unless this opaque, undemocratic process is fixed, and state officials uphold the interests of users rather than trampling our rights, we have no choice but to fight trade deals like the TPP.

You can get in touch with your elected representatives and call on them to oppose Fast Track trade authority for the TPP and other secretive, anti-user trade deals. We have also created a new tool for Twitter users to ask three key congressional leaders to come out against Fast Track. They are Sen. Ron Wyden, Rep. Nancy Pelosi, and Rep. Steny Hoyer. Here's why we are targeting these three Congress members in particular.

Target #1: Sen. Ron Wyden

Sen. Wyden is one of the leading defenders of users' rights and a staunch fighter for the free and open Internet in Congress. For the past several years, he has been one of the most outspoken lawmakers denouncing the secretive TPP negotiations, and has consistently raised concerns about the agreement's threat to users. As Ranking Member of the Senate Finance Committee, where the Senate bill will be introduced, he has a significant amount of influence over the outcome of Fast Track. We need to call on him to continue to stand with users and fight back against any version of this bill that does not address critical problems in the trade negotiation process.

Target #2: Rep. Nancy Pelosi

House Minority Leader, Nancy Pelosi, has proven to be an outspoken defender of the free and open Internet this year, as she was one of the most vocal proponents to defend net neutrality. However, she has unfortunately been wishy-washy on Fast Track and the TPP. She needs to hear from users that the TPP also puts the Internet at risk from oppressive regulations. If she were to come out against Fast Track, that would be a strong signal for other House Democrats to follow her lead.

Target #3: Rep. Steny Hoyer

His voting record for digital rights has been pretty spotty, and so far Rep. Hoyer has been supportive of Fast Track. But as House Minority Whip, his opposition to Fast Track would also be hugely influential for Democrats in the House to come out against it as well.

Let them know that we're counting on them to defend the Internet from the White House's secret, anti-user deals. Once you're done tweeting at them (which you can of course do more than once!), remember to share these actions through your social networks. We can defeat this massive, anti-user trade deal, but we're going to need all the help we can get.
https://www.eff.org/deeplinks/2015/0...-tpp-next-week





The Big Money Behind Iran's Internet Censorship
Patrick Howell O'Neill

In Iran, anti-censorship is big money.

While the Iranian government spends millions of dollars to build and maintain one of the strictest censorship regimes on the planet, its citizens spend their own millions on anti-censorship software that allows them to see the Internet more freely.

Anti-censorship is so much money, in fact, that many of the same government authorities that do the censoring then turn around and allow the sale of censorship-beating software—in order to line their pockets, offer a false sense of security to Iranians, and even to make their surveillance jobs that much easier.

As anyone who has been to Iran will tell you, it’s really not very hard at all to beat the Iranian system, known by critics as the FilterNet.

On it, many of the Web’s biggest sites, including Facebook—which is used by nearly 20 million Iranians—and Twitter, are blocked. Pay a couple of bucks for a virtual private network (VPN), however, and you can access much of the Internet as the rest of the world sees it.

Anti-censorship technology is de jure illegal in Iran, but many VPNs are sold openly, allowing Iranians to bounce around censorship and seemingly render it ineffective. Nearly 7 in 10 young Iranians are using VPNs, according to the country's government, and a Google search for “buy VPN” in Persian returns 2 million results.

Iran’s Cyber Police (FATA) have waged a high-volume open war against the VPNs, but it’s still very easy to find, buy, and use the software.

It's so easy, in fact, that you can use Iran's government-sanctioned payment gateways (Pardakht Net, Sharj Iran, Jahan Pay & Baz Pardakht) to buy the tools that'll beat the censors.

To use these gateways, however, customers have to submit their Iranian bank account and identity, all but foregoing hopes of privacy or protection from authorities.

The obvious question arises: Why do government-sanctioned services offer tools to beat the law?

Independent Iranian media have reported that "elements within the government and the Revolutionary Guard provide support to a number of VPN sellers," according to a 2014 report from Small Media. "Reports hypothesize that this is a mutually profitable arrangement; lining the pockets of officials at the same time as it allows VPN sellers to continue in their work without the threat of state interference."

BBC Persian journalist Hadi Nili says that not only do Iranian authorities sell VPN accounts, the Iranian government even uses VPNs in order to protect their own connections.

Direct proof of government affiliation with the VPNs is hard to come by, Nili told the Daily Dot. But the very fact that the VPNs can be sold openly, and are still used "except in very special occasions, like the elections," means that the most likely explanation is a government connection.

"The Iranian government owns more than 70 percent of VPNs inside Iran," researcher and activist Nariman Gharib told the Daily Dot. He believes the VPN owners are almost certainly connected to the government and Iranian Revolutionary Guard Corps "because [otherwise] they should be in jail by now! Which [they are] not!"

In Nov. 2014, Gharib surveyed over 84,000 Iranian Internet users who beat the country's censorship systems every day. The results of his report reveal the most popular circumvention tools in the country, exposing key detials about how beating censorship works (and how it doesn't).

The most popular circumvention tool in Iran is Hotspot Shield, with 15.1 percent of users, followed by psiphon3 and F-Secure FreedomeVPN, three easy to use tools that provide VPNs advertising the ability to tunnel around the blocks.

Tor, likely the most famous and accomplished anti-censorship tool in the Western world, boasts adoption by about 7.5 percent of the Iranians surveyed.

From a technical standpoint, there's little doubt that Tor is by far the most effective tool in the bunch at protecting privacy and beating censors.

So why don't Iranians flock to the free, open source, and impressively powerful anonymity network ? Gharib, who now works in the United Kingdom, is not surprised that Tor doesn't crack the top 3 in Iran.

When you're dealing with increasingly sophisticated regimes, such as Iran, making Tor work correctly is significantly harder than running the competing VPN tools.

For the average Joe (or, in this case, the average Ali), it almost always comes down to ease of use.

"There is not enough knowledge to how they can work with Tor and bridges," Gharib said in an email. "The size of Tor software is a bit big for Iranian Internet user inside Iran. And they don't know how they can play videos on Tor browser. [That's] seriously one of the biggest issue they have."

Iranians complain that Tor is slow, while VPNs are "quick, easy to use, and have fewer errors."

If, like many Internet users, you want to use a service like PayPal, Tor becomes incredibly onerous.

Part of Tor's secret sauce is that no website ever knows your real location and it even appears that your location is changing regularly around the world. For financial websites like PayPal that closely monitor where there customers are connecting from in order to prevent fraud, Tor blocks up the whole machine.

"Most of those VPNs are allowed to operate but just Tor and F-secure FreedomeVPN in my opinion are protecting users's privacy," Gharib said.

This isn't exactly a secret in Iran but the truth is that most people just don't care.

"That's what they care about most: finding a way around the curtains to find the content they want," Nili told the Daily Dot in an email. "They want to listen to music, watch videos, download both, and update their Android or Apple devices, check Facebook for cute kitty videos, checking news websites like BBC Persian, scrolling down their Facebook timeline, and maybe pushing the like button or leaving some sarcastic comments sometime and in the most active way, re share some posts. So even if they need a better security, they might opt to compromise their privacy for the price and ease of use."

For most Iranians, like many people around the world, if they can log into Facebook then what more can they ask of the Internet?

Tor's fight with Iran escalated rapidly in 2011.

After the heavily-contested 2009 elections saw activists use social media to organize and gain worldwide attention, the government woke up to the fact that the Internet was a force to be reckoned with. They transformed their very basic Web censorship and surveillance systems into an entirely new beast.

"In 2011, Iran deployed super sophisticated deep packet inspection at scale," Tor executive director Andrew Lewman told the Daily Dot. Every piece of data was suddenly being watched by authorities.

"Iran had 18 million concurrent people online at all times. From a sheer engineering perspective that's really impressive," Lewman said. "There were all sorts of rumors about who helped them. It's the equivalent of going from a cart and buggy to a jet in the span of a year."

The majority of the action happened even faster. In Jan. 2011, Lewman wrote that over the course of 48 hours the Great Persian Firewall updated and began blocking Tor and other anti-censorship tools more effectively than had ever been seen in the country before.

By the end of the month, almost no one in Iran was able to use Tor.

One of the most impressive features of Iran's new Internet was that it could detect Tor on the wire.

However, the developers at Tor had already been preparing for just such an occasion. They were eight months into the development of "pluggable transports," tools that disguise Tor use as something more benign such as Skype or searching Google.

"This is the perfect test case," Lewman said. "We told users it was test software. We said 'Are you willing to go to jail for this?' and they said 'Yes, I'm willing to go to jail already for so many things, just give me the software.' They tested our code live and it worked."

Since then, the Iranian government has regularly attacked the anonymity software, testing for weaknesses and pushing it offline in the country whenever possible. Last year, they were briefly able to knock 75 percent of Iranian Tor users off the network.

The Tor Project developers fought back once again. Within weeks, more Iranians than ever were using Tor as the software was updated and beating the censors.

Today, the number of Iranians on Tor is steadily dropping one more time with the numbers hovering around 20,000 at any given moment, a marked fall from the high of over 50,000 concurrent users in Sept. 2014. As always, Tor is being updated and upgraded to meet the new threat.

“We try to have arms races as slow as possible,” Lewman explained. "For every action we take, there's going to be a counter-action. We cannot rush into an arms race, that's not good for the users. The average user can't keep up with daily releases of anything, even monthly releases seem to be too much."

That's doubly true for Iranian users who already find Tor too tough and bandwidth intensive to use.

The current situation leaves many Iranians not only vulnerable but even with a false sense of security, which can be the most dangerous ignorance of all.

The future of the Internet in Iran is murky but uninspiring. While the President of Iran speaks out against Internet filters, the Ayatollah—who is the man truly in charge—calls high speed Internet "un-Islamic."

But even with the right VPN or using Tor, cybersecurity for the average Iranian is a dream. Cracked versions of Windows and anti-virus tools are legion in order to avoid the steep costs that can come with both, leaving users open to malicious attacks from many angles. Free and secure software like Linux are rare in Iran despite the obvious niche it could fill.

"In Iran, there is no 'full protection,'" Gharib warned. "So activists in Iran don't give a damn about foreign agencies [like the NSA]. They're much more worried about their own government."
http://www.dailydot.com/politics/ira...mvention-tech/





SSL-Busting Code that Threatened Lenovo Users Found in a Dozen More Apps

"What all these applications have in common is that they make people less secure."
Dan Goodin

The list of software known to use the same HTTPS-breaking technology recently found preinstalled on Lenovo laptops has risen dramatically with the discovery of at least 12 new titles, including one that's categorized as a malicious trojan by a major antivirus provider.

Trojan.Nurjax, a malicious program Symantec discovered in December, hijacks the Web browsers of compromised computers and may download additional threats. According to a blog post published Friday by a security researcher from Facebook, Nurjax is one such example of newly found software that incorporates HTTPS-defeating code from an Israeli company called Komodia. Combined with the Superfish ad-injecting software preinstalled on some Lenovo computers and three additional applications that came to light shortly after that revelation, there are now 14 known apps that use Komodia technology.

"What all these applications have in common is that they make people less secure through their use of an easily obtained root CA [certificate authority], they provide little information about the risks of the technology, and in some cases they are difficult to remove," Matt Richard, a threats researcher on the Facebook security team, wrote in Friday's post. "Furthermore, it is likely that these intercepting SSL proxies won't keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers. Some of these deficiencies can be detected by antivirus products as malware or adware, though from our research, detection successes are sporadic."

Komodia, a company that brazenly calls one of its software development kits as an "SSL hijacker," is able to bypass secure sockets layer protections by modifying the network stack of computers that run its underlying code. Specifically, Komodia installs a self-signed root CA certificate that allows the library to intercept encrypted connections from any HTTPS-protected website on the Internet. This behavior is by no means unique to Komodia, Superfish, or the other programs that use the SSL-breaking certificates. Antivirus apps and other security-related wares often install similar root certificates. What sets Komodia apart from so many others is its reuse of the same digital certificate across many different computers.

Researchers have already documented that the password protecting most or all of the Komodia certificates is none other than "komodia". It took Errata Security CEO and whitehat hacker Rob Graham only three hours to crack this woefully weak password. From there, he used the underlying private key in the Komodia certificate to create fake HTTPS-enabled websites for Bank of America and Google that were fully trusted by Lenovo computers. Despite the seriousness of Graham's discovery and the ease other security researchers had in reproducing his results, Superfish CEO Adi Pinhas issued a statement on Friday saying Superfish software posed no security risk.

According to Facebook's Richard, more than a dozen software applications other than Superfish use Komodia code. Besides Trojan.Nurjax, the programs named included:

• CartCrunch Israel LTD
• WiredTools LTD
• Say Media Group LTD
• Over the Rainbow Tech
• System Alerts
• ArcadeGiant
• Objectify Media Inc
• Catalytix Web Services
• OptimizerMonitor

A security researcher who goes by the Twitter handle @TheWack0lian said an additional piece of software known as SecureTeen also installed Komodia-enabled certificates. Over the weekend, the researcher also published findings documenting rootkit technology in Komodia code that allows it to remain hidden from key operating system functions.

Web searches for many of these titles uncover forum posts in which computer users complain that some of these applications are hard to remove once they're installed. Richard noted that he was unable to find documentation from any of the publishers explaining what effect Komodia software had on end-user PCs such as its ability to sniff passwords and other sensitive data from encrypted Web sessions.

Richard went on to publish the SHA1 cryptographic hashes he used to identify software that contained the Komodia code libraries. He invited fellow researchers to use the hashes to identify still more potentially dangerous software circulating online.

"We're publishing this analysis to raise awareness about the scope of local SSL MITM software so that the community can also help protect people and their computers," he wrote. "We think that shining the light on these practices will help the ecosystem better analyze and respond to similar situations as they occur."
http://arstechnica.com/security/2015...zen-more-apps/





'Secure' Advertising Tool PrivDog Compromises HTTPS Security
Lucian Constantin

New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users’ PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.

Over the weekend, a user reported on Hacker News that his system failed an online test designed to detect a man-in-the-middle vulnerability introduced by Superfish, a program preloaded on some Lenovo consumer laptops.

However, his system did not have Superfish installed. Instead, the problem was tracked down to another advertising-related application called PrivDog, which was built with the involvement of Comodo’s CEO, Melih Abdulhayoglu. New PrivDog releases are announced on the Comodo community forum by people tagged as Comodo staff.

PrivDog is marketed as a solution to protect users against malicious advertising without completely blocking ads. The program is designed to replace potentially bad ads with safer ones that are reviewed by a compliance team from a company called Adtrustmedia. As Abdulhayoglu puts it in a January 2014 post on his personal blog in which he describes the technology: “Consumers win, Publishers win, Advertisers win.”

However, according to people who recently looked at PrivDog’s HTTPS interception functionality, consumers might actually lose when it comes to their system’s security if they use the product.

In order to replace ads on websites protected with HTTPS (HTTP with SSL/TLS encryption), PrivDog installs its own self-generated root certificate on the system and then runs as a man-in-the-middle proxy. When users access HTTPS sites, PrivDog hijacks their connections and replaces the legitimate certificates of those sites with new ones signed with the locally installed root certificate.

Since the root certificate installed by PrivDog on computers is trusted by browsers, all certificates that chain back to it will also be trusted. This means that users will think that they’re securely speaking to the websites they accessed, while in the background, PrivDog will decrypt and manipulate their traffic.

That in itself is not a bad implementation. There are legitimate reasons for scanning HTTPS traffic and many security products use similar techniques to analyze encrypted traffic for potential threats.

Unlike Superfish, PrivDog installs a different root certificate on every system, so there’s no shared private key that would allow attackers to generate rogue certificates. However, it turns out they don’t even need a shared key

The error in PrivDog’s implementation is simpler than that: The program doesn’t properly validate the original certificates it receives from websites. It will therefore accept rogue certificates that would normally trigger errors inside browsers and will replace them with certificates that those browsers will trust.

For example, an attacker on a public wireless network or with control over a compromised router could intercept a user’s connection to bankofamerica.com and present a self-signed certificate that would allow him to decrypt traffic. The user’s browser would normally reject such a certificate.

However, if PrivDog is installed, the program will take the attacker’s self-signed certificate and will create a copy signed with its own trusted root certificate, forcing the browser to accept it. In essence, the user’s traffic would be intercepted and decrypted by the local PrivDog proxy, but PrivDog’s connection to the real site would also be intercepted and decrypted by a hacker.

PrivDog is bundled with some products from Comodo, like Comodo Internet Security as well as its Chromodo, Dragon and IceDragon browsers. However, it seems that these products include PrivDog version 2, which lacks the HTTPS proxy functionality, and thus does not expose users to man-in-the-middle attacks.

The PrivDog version that exposes users to man-in-the-middle attacks is version 3, which is available to download as a stand-alone application and which supports a large number of browsers including Google Chrome, Mozilla Firefox and Internet Explorer, according to security researcher Filippo Valsorda, who’s online HTTPS test was updated to account for it.

This "potential issue" only exists in PrivDog versions 3.0.96.0 and 3.0.97.0 that have never been distributed by Comodo and are not present in the company's browsers, a Comodo representative said Monday via email.

The PrivDog team at Adtrustmedia has published a security advisory that assigns a low threat level to the vulnerability. A maximum of 6,294 users in the USA and 57,568 users globally are potentially affected by the issue and they will be updated automatically to a patched version, the team said. The new version -- 3.0.105.0 -- is also available for download from the company's site.

“As long as people use this practice of ‘breaking the chain of trust’ there are bound to be some who implement it utterly wrong,” said Amichai Shulman, CTO of security firm Imperva, via email. “Superfish’s mistake was using the same root certificate across all deployments. PrivDog’s mistake is not validating certificates at all.”

Some people believe that the PrivDog vulnerability is even worse than the one introduced by Superfish.

“By comparison, the Superfish ‘man-in-the-middle’ process at least requires the name of the targeted website to be inserted into the certificates alternate name field,” said Mark James, a security specialist at antivirus firm ESET. “Although Superfish allows the possibility of massive exploitation with this flaw it is still marginally better than what PrivDog is doing.”

However, it’s not just Superfish or PrivDog that open such security holes on computers. Researchers determined that the Superfish vulnerability was actually in a third-party software development kit from a company called Komodia. The same SDK is used in other products as well, including parental control applications, VPN clients and software from a security vendor called Lavasoft.
http://www.itworld.com/article/28876...-security.html





U.S. and British Spies Probably Hacked Us - Phone SIM Card Maker
Nicholas Vinocur and Eric Auchard

U.S. and British spies probably hacked into the world's biggest maker of phone SIM cards in an attempt to steal codes that protect the privacy of billions of mobile phone users, the company said on Wednesday.

The Franco-Dutch firm, Gemalto (GTO.AS), was responding to a report on an investigative news website that said the hack allowed the Britain's GCHQ and the U.S. National Security Agency (NSA) to potentially monitor the calls, texts and emails of cellphone users around the world.

Gemalto said the attacks "probably happened", and aimed to intercept encryption codes that unlock mobile phone Subscriber Identity Module (SIM) cards while they were being shipped from its production facilities to mobile network operators worldwide.

But the company - which produces nearly 2 billion SIM cards a year - said the hack "could not have resulted in a massive theft of SIM encryption keys". SIMs are made of chips that uniquely identify phones and computer data cards on a network.

Its chief executive said it had not contacted the U.S. or British intelligence agencies because doing so would have been a "waste of time" and that it did not plan to take any legal action, as chances of success were virtually non-existent.

"The facts are hard to prove from a legal perspective and ... the history of going after a state shows it is costly, lengthy and rather arbitrary," Olivier Piou told a news conference in Paris to discuss the findings of its own investigation into the alleged hacking in 2010 and 201l.

A spokeswoman for Britain's GCHQ (Government Communication Headquarters) said on Wednesday that it did not comment on intelligence matters. The NSA could not be immediately reached for comment.

The alleged hacking was reported last week by website The Intercept, which cited documents leaked to it by former NSA contractor Edward Snowden.

Such an incursion, if confirmed, could have expanded the scope of known mass surveillance methods available to U.S. and British spy agencies to include not just email and web traffic, as previously revealed, but also mobile communications.

SOPHISTICATED

The attacks targeted email correspondence between Gemalto and some of the world's largest network equipment makers, including Ericsson (ERICb.ST) and Nokia (NOK1V.HE), but primarily China's Huawei [HWT.UL], the documents said.

Stolen key codes were vacuumed up on their way to network operators located mainly in Afghanistan, Somalia, Yemen, Iran and the Gulf States, but also involved countries ranging from Vietnam, Zimbabwe and Italy to Iceland, the documents said.

In the biggest example, the documents say 300,000 SIM codes destined for phone subscribers in Somalia were snatched.

Gemalto said it had never sold SIM cards to four of the 12 operators listed in the documents - naming a Somali carrier as one of those four.

It also said only older model phones that are widely used in emerging markets might have been affected and that more advanced 3G and 4G networks were not vulnerable to this type of attack.

"By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft," it said.

Even so billions of connections are still made using 2G phones, with GlobalComms forecasting 3.5 billion connections in 2018, almost the same as for 3G phones that handle not just calls and text messages but also video and Web surfing.

Gemalto confirmed that it had experienced many attacks in 2010 and 2011 and that it had found two particularly sophisticated intrusions that only states could muster and which matched the attacks described in the Intercept's report.

The company's statement outlining the likely limits of the hack helped lift its shares nearly 3 percent in mid-afternoon trading in Amsterdam to 71.39 euros, marking a full recovery from losses of as much as 10 percent last Friday following the publication of The Intercept report.

(Reporting by Nicholas Vinocur, Cyril Altmehyer and James Regan in Paris, Kate Holton in London, Noor Zainab Hussain in Bangalore; Writing by Eric Auchard; Editing by Andrew Callus and Pravin Char)
http://uk.reuters.com/article/2015/0...0LT0N520150225





NSA Director Wants Gov't Access to Encrypted Communications
Grant Gross

It probably comes as no surprise that the director of the U.S. National Security Agency wants access to encrypted data on computers and other devices.

The U.S. should be able to craft a policy that allows the NSA and law enforcement agencies to read encrypted data when they need to, NSA director Michael Rogers said during an appearance at a cybersecurity policy event Monday.

Asked if the U.S. government should have backdoors to encrypted devices, Rogers said the U.S. government needs to develop a “framework.”

“You don’t want the FBI and you don’t want the NSA unilaterally deciding, ‘So, what are we going to access and what are we not going to access?’” Rogers said during his appearance at the New America Foundation. “That shouldn’t be for us. I just believe that this is achievable. We’ll have to work our way through it.”

Justsecurity.org has a transcript of an exchange between Rogers and Yahoo CISO Alex Stamos at Monday’s event.

Rogers isn’t the first member of President Barack Obama’s administration to call for encryption workarounds in recent months. In September, after Apple and Google announced encryption features on their smartphone OSes, both FBI Director James Comey and Attorney General Eric Holder raised concerns that additional encryption tools would hinder law enforcement investigations.

Stamos questioned whether it is a good idea to build backdoors in encryption. “If we’re going to build defects/backdoors or golden master keys for the U.S. government, do you believe we should do so .... for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government?” he said, according to the Justsecurity transcript.

Rogers objected to using the word “backdoor”. “When I hear the phrase ‘backdoor’, I think, ‘Well, this is kind of shady. Why would you want to go in the backdoor? It would be very public,’” he said. “Again, my view is: We can create a legal framework for how we do this. It isn’t something we have to hide, per se.”

An NSA spokeswoman wasn’t immediately available for further comment.
http://www.itworld.com/article/28877...nications.html





It's Official: NSA Spying is Hurting the US Tech Economy
Zack Whittaker

Summary:China is backing away from US tech brands for state purchases as NSA revelations continue to make headlines in newspapers all around the world.

China is no longer using high-profile US technology brands for state purchases, amid ongoing revelations about mass surveillance and hacking by the US government.

A new report confirmed key brands, including Cisco, Apple, Intel, and McAfee -- among others -- have been dropped from the Chinese government's list of authorized brands, a Reuters report said Wednesday.

The number of approved foreign technology brands fell by a third, based on an analysis of the procurement list. Less than half of those companies with security products remain on the list.

Although a number of reasons were cited, domestic companies were said to offer "more product guarantees" than overseas rivals in the wake of the Edward Snowden leaks. Some reports have attempted to pin a multi-billion dollar figure on the impact of the leaks.

In reality, the figure could be incalculable.

The report confirms what many US technology companies have been saying for the past year: the activities by the NSA are harming their businesses in crucial growth markets, including China.

The Chinese government's procurement list changes coincided with a series of high profile leaks that showed the US government have been on an international mass surveillance spree, as well as hacking expeditions into technology companies, governments, and the personal cellphones of world leaders.

Concerned about backdoors implanted by the NSA, those revelations sparked a change in Chinese policy by forcing Western technology companies to hand over their source code for inspection. That led to an outcry in the capital by politicians who in the not-so-distant past accused Chinese companies of doing exactly the same thing.

From encrypted instant messengers to secure browsers and operating systems, thees privacy-enhancing apps, extensions, and services can protect you both online and offline.

The fear is that as the China-US cybersecurity standoff continues, it's come too late for Silicon Valley companies, which are already suffering financially thanks to the NSA's activities.

Microsoft said in January at its fiscal fourth-quarter earnings that China "fell short" of its expectations, which chief executive Satya Nadella described as a "set of geopolitical issues" that the company was working through. He did not elaborate.

Most recently, HP said on Tuesday at its fiscal first-quarter earnings call that it had "execution issues" in China thanks to the "tough market" with increasing competition from the local vendors approved by the Chinese government.

But one company stands out: Cisco probably suffered the worst of all.

Earlier this month at its fiscal second-quarter earnings, the networking giant said it took a 19 percent revenue ding in China, amid claims the NSA was installing backdoors and implants on its routers in transit.

China remains a vital core geography for most US technology giants with a global reach. But until some middle-ground can be reached between the two governments, expect Silicon Valley's struggles in the country to only get worse.
http://www.zdnet.com/article/another...s-tech-brands/





China Draft Counterterror Law Strikes Fear in Foreign Tech Firms
Michael Martina and Krista Hughes

China is weighing a far-reaching counterterrorism law that would require technology firms to hand over encryption keys and install security "backdoors", a potential escalation of what some firms view as the increasingly onerous terms of doing business in the world's second largest economy.

A parliamentary body read a second draft of the country's first anti-terrorism law this week and is expected to adopt the legislation in the coming weeks or months.

The initial draft, published by the National People's Congress late last year, requires companies to also keep servers and user data within China, supply law enforcement authorities with communications records and censor terrorism-related internet content.

Its scope reaches far beyond a recently adopted set of financial industry regulations that pushed Chinese banks to purchase from domestic technology vendors.

The implications for Silicon Valley companies, ranging from Microsoft to Apple Inc, have set the stage for yet another confrontation over cybersecurity and technology policy, a major irritant in U.S.-China relations.

"It's a disaster for anyone doing business in China," said one industry source. "You are no longer allowed a VPN that's secure, you are no longer able to transmit financials securely, or to have any corporate secrets. By law, nothing is secure."

The Obama administration has conveyed its concerns about the anti-terrorism draft law to China, according to a U.S. official.

Although the counterterrorism provisions would apply to both domestic and foreign technologies, officials in Washington and Western business lobbies argue the law, combined with the new banking rules and a slew of anti-trust investigations, amount to unfair regulatory pressure targeting foreign companies.

"The true test will come with implementation," said Scott Kennedy, the Director of the Project on Chinese Business and Political Economy at the Center for Strategic and International Studies in Washington.

"Given the recent spate of AML-related (anti-monopoly law) cases against foreign firms, the regulations about the banking sector, and the reduction of foreign firms' products on government procurement lists, there is good reason for foreign firms to be highly concerned," Kennedy said.

PROTECTIONISM, NOT SECURITY?

To be sure, Western governments, including in the United States and Britain, have for years requested tech firms to disclose encryption methods, with varying degrees of success.

Officials including FBI director James Comey and National Security Agency (NSA) director Mike Rogers publicly warned internet companies including Apple and Google late last year against using encryption that law enforcement cannot break.

Beijing has argued the need to quickly ratchet up its cybersecurity measures in the wake of former NSA contractor Edward Snowden's revelations of sophisticated U.S. spying techniques.

In December, China's banking regulator adopted new rules that outlined security criteria that tech products in 68 categories must meet in order to be considered "secure and controllable" for use in the financial sector, according to a version of the regulations seen by Reuters.

To attain the designation, source code powering operating systems, database software and middleware must be registered with the government if they are not domestically developed.

U.S. Trade Representative Michael Froman issued a statement on Thursday criticising the banking rules, saying they "are not about security – they are about protectionism and favouring Chinese companies".

"The Administration is aggressively working to have China walk back from these troubling regulations," Froman said.

A U.S. official confirmed a letter was sent by Froman, America's top trade negotiator, and other senior officials to Chinese counterparts expressing their concerns.

James Zimmerman, Chairman of the American Chamber of Commerce in China, said the latest rules, if implemented, would likely limit opportunities for U.S. companies, but could also backfire on China.

"One unfortunate consequence of over-broad anti-terrorism policies is to potentially isolate China technologically from the rest of the world, and the end result of that may be to limit the country's access to cutting-edge technology and innovation," Zimmerman said.

But several U.S. technology executives and industry sources who spoke on condition of anonymity said they feared the security law would be more stringent than the bank regulations – and more sensitive to discuss - because it was rooted in public security considerations.

The vague, open-ended requirements for cooperating with law enforcement appeared the most worrying, as well as the possibility of steep penalties or jail time for non-compliance, according to one executive.

"It's the equivalent of the Patriot Act on really, really strong steroids," said one U.S. industry source, referring to the anti-terrorism legislation enacted under the George W. Bush administration following the Sept. 11, 2001, attacks.

The National People's Congress did not respond immediately to a request for comment.

Apple and Google declined to comment on the proposed law, while Microsoft was not immediately available for comment.

China is drafting the anti-terrorism law at a time when Chinese leaders say the country faces a serious threat from religious extremists and separatists. Hundreds of people have been killed over the past two years in the far western region of Xinjiang in unrest the government has blamed on Islamists who want to establish a separate state called East Turkestan.

(Writing by Gerry Shih in Beijing; Additional reporting by Paul Carsten and Matthew Miller in Beijing and Joseph Menn in San Francisco; Editing by Alex Richardson)
http://uk.reuters.com/article/2015/0...0LV19M20150227





China Censorship Sweep Deletes More than 60,000 Internet Accounts

Some of China's largest Internet companies deleted more than 60,000 online accounts because their names did not conform to regulations due to take effect on Sunday, the top Internet regulator said.

Alibaba Group Holding Ltd, Tencent Holdings Ltd, Baidu Inc, Sina Corp affiliate Weibo Corp and other companies deleted the accounts in a cull aimed at "rectifying" online names, the Cyberspace Administration of China (CAC) said.

The reasons for their removal included accusations of being misleading, rumour mongering, links to terrorism, or involving violence, pornography and other violations, the CAC said in a statement on its website late on Thursday.

The purge is notable as a step toward China's government locking down control over people's internet account names, an effort which censors have struggled with in the past, despite numerous efforts to introduce controls.

These failed attempts have included trying to force users to register for online services using their real names.

The new regulations, which take on effect March 1 and will also target real-name registration, were issued by the CAC, which was formed last year and given power over all online content, something previously divided between various state ministries.

"Previously, the real-name registration system hasn't really been enforced," said Rogier Creemers, a researcher on Chinese media law at the University of Oxford. "These rules essentially impose a uniform and consolidated system for all online services requiring accounts."

The measure also reflects China's tightening control of the Internet, which has accelerated since President Xi Jinping took power in early 2013.

Weibo, the country's biggest microblog platform, will comply with the regulations and had a dedicated team to handle illegal information, including account names, a spokesman told Reuters.

E-commerce giant Alibaba declined to comment beyond highlighting a section of the CAC's statement on Alibaba's efforts to set up a team to handle account name issues. Tencent, China's biggest social networking and gaming company, and search leader Baidu were not available for immediate comment.

Among the accounts removed were those purporting to belong to state agencies, state media organisations and the East Turkestan Islamic Movement, said the CAC. China has blamed ETIM for violent attacks, but experts and rights groups have cast doubt on its existence as a cohesive group.

China operates one of the world's most sophisticated online censorship mechanisms, known as the Great Firewall. Censors keep a grip on what can be published online, particularly content seen as potentially undermining the ruling Communist Party.

(Reporting by Paul Carsten; Editing by Robert Birsel)
http://uk.reuters.com/article/2015/0...0LV16O20150227





Privacy is at a Crossroads. Choose Wisely.
Gabriel Weinberg

Disclosure: I’m the Founder & CEO of DuckDuckGo, the search engine that doesn’t track you. I may be biased, but I’m also well-informed.

Any day now President Obama is going to propose a new privacy bill of rights that will give you much more control over your personal information. A healthy debate will then ensue, and you can and should be a part of it. You can actually move the needle on this one. Let me try to convince you.

First things first, this is not a partisan issue. This is not Obama’s debate. This is our debate. It’s our personal information. Obama is just sparking the flame. In 2012 he proposed something similar and it didn’t catch. Three short years later, enough has changed in the world to expect this time it will be different.

The NSA files have woken us all up to the perils of government and corporate surveillance. Now the vast majority of us are concerned about online tracking, and privacy concerns are increasing every day with increasing awareness.

The important debates and reactions to government surveillance are still continuing, but we also need this new debate on corporate surveillance. After all, where do you think all this government surveillance data is coming from? Governments request (or steal) user data from corporations, and these same corporations also use it for their own purposes. Some of these uses are over the line for most people.

We’ve all noticed those annoying ads following us around the Internet. That’s just the tip of the iceberg. Most people still don’t know that private companies build and sell profiles about them or that many retailers charge different prices based on these data profiles.

The bottom line is that if your personal information can be used to make companies more profits, then you have to expect it will be used to do so, unless legislation prevents it. While advertising can certainly be responsible, left unchecked it can easily veer into unsavory territory. That’s the territory we need to regulate.

Now to be clear I am no fan of government regulation. Far from it. Just like with government surveillance, I think good intentions can end up in bad places. Regulation is often captured by the organizations that are supposedly being regulated. So I always look first to market-based solutions.

And there are indeed a few solutions that actually grant you partial relief from the pains of online tracking. First, switch your search engine, email and other major services where your personal information is heavily tracked to good private alternatives. Second, add EFF’s HTTPS Everywhere plugin to your browser, which will encrypt web site connections where possible. Third, add EFF’s Privacy Badger plugin to your browser, which blocks third-party trackers. These three simple changes will pretty seamlessly and significantly reduce your digital footprint.

Unfortunately, none of these solutions stop unscrupulous web sites from handing over or selling your data after your visit. There are some problems markets can’t solve alone, and this is one of them. Don’t fret though; this situation is actually the rule, not the exception. Pretty much all technologies have facets where markets break down and require some form of corrective regulation to make things work the way we want them to.

We already put legal limits on financial, medical, military, transportation, telecommunications and agriculture technology. Why not online tracking? With digital technology making its way into more parts of our lives, and with our data quickly becoming more and more valuable, of course there should be some limits on online tracking!

The question in the upcoming debate will quickly become: what limits? The status quo of collect it all and reveal as little as possible has to go, but there is a massive range between maximum possible collection and minimum necessary collection. Here are a few things we could do. Companies (and governments) could explicitly tell you what is happening to your personal information. They could allow you to opt-out. They could give you granular control of your data. They could even tell you exactly what you’re getting when you give out specific pieces of information. Disclosure requirements could mimic those in other areas like credit cards and mortgages where the most relevant risks are highlighted. In other words, there are a lot of options.

I would love to see regulation solve these control and transparency issues by enabling creative technological solutions. I have ideas, but this post is not about proposing a specific course of action. This post is about getting you involved. There is a moment now to do something about this. I fear that if Obama’s proposal goes nowhere like it did three years ago, then we will lose our moment and it will be really hard to get it back.

Mark my words. There will be massive lobbying against putting significant limits on online tracking. There will be attempts to hijack the debate with false claims. Some will say people don’t care. Not true. Some will say you have nothing to hide. Really? Some will say self-regulation will work. Laughable. Some will say incognito mode will protect you. Myth. Some will say they will “partially anonymize” the data. Nope. Time and time again attempts to “partially anonymize” data have failed.

These false claims don’t have to carry the day like they have in the past. Luckily, we are now in awesome era of effective online political movements. With your help, taking back our online privacy can be one of them. We need people of all political persuasions to demand the most basic controls over their personal information. It’s really not a big ask.

Convinced? Join us and spread the word.

@yegg

____________________________

Thank you to Caine Tighe, Zac Pappis, Jaryd Malbin, Russell Holt, Stephen Mendel, Brad Burnham and Nick Grossman for editing advice.
https://medium.com/@yegg/privacy-is-...y-96bac0644ec1





Secrecy Around Police Surveillance Equipment Proves a Case’s Undoing
Ellen Nakashima

The case against Tadrae McKenzie looked like an easy win for prosecutors. He and two buddies robbed a small-time pot dealer of $130 worth of weed using BB guns. Under Florida law, that was robbery with a deadly weapon, with a sentence of at least four years in prison.

But before trial, his defense team detected investigators’ use of a secret surveillance tool, one that raises significant privacy concerns. In an unprecedented move, a state judge ordered the police to show the device — a cell-tower simulator sometimes called a StingRay — to the attorneys.

Rather than show the equipment, the state offered McKenzie a plea bargain.

Today, 20-year-old McKenzie is serving six months’ probation #after pleading guilty to a second-degree misdemeanor. He got, as one civil liberties advocate said, the deal of the century. (The other two defendants also pleaded guilty and were sentenced to two years’ probation.)

McKenzie’s case is emblematic of the growing, but hidden, use by local law enforcement of a sophisticated surveillance technology borrowed from the national security world. It shows how a gag order imposed by the FBI — on grounds that discussing the device’s operation would compromise its effectiveness — has left judges, the public and criminal defendants in the dark on how the tool works.

That secrecy, in turn, has hindered debate over whether the StingRay’s use respects Americans’ civil liberties.

“It’s a terrible violation of our constitutional rights,” asserted Elaine Harper, McKenzie’s grandmother, who raised the young man. “People need to know — the public needs to know — what’s going on.”

The StingRay is a box about the size of a small suitcase — there’s also a handheld version — that simulates a cellphone tower. It elicits signals from all mobile phones in its vicinity. That means it collects information not just about a criminal suspect’s communications but also about the communications of potentially hundreds of law-abiding citizens.

The Tallahassee police used the StingRay or a similar device in more than 250 investigations over a six-year period, from mid-2007 through early 2014, according to a list of cases compiled by the Tallahassee Police Department and provided to the American Civil Liberties Union.

That’s 40 or so instances a year in a city of 186,000, a surprisingly high rate given that the StingRay’s manufacturer, Harris Corp., has told the Federal Communications Commission that the device is used only in emergencies. At least 48 state and local law enforcement agencies in 20 states and the District of Columbia have bought the devices, according to the ACLU.

The secrecy surrounding the device’s use has begun to prompt a backlash in cities across the country. In Baltimore, a judge is pushing back against the refusal of police officers to answer questions while testifying. In Charlotte, following a newspaper investigation, the state’s attorney is reviewing whether prosecutors #illegally withheld information about the device’s use from defendants.

In Tacoma, Wash., after a separate newspaper investigation found that judges in almost 200 cases had no idea they were issuing orders for the StingRay, the courts set new rules requiring police to disclose the tool’s use. The state legislature is weighing a bill to regulate police use of the equipment.

The FBI and Tallahassee police say that the device is used only with an appropriate court order and that they do not collect the content of calls or text messages. The FBI also said it retains only location data that is relevant to an investigation and immediately discards all other data.

So far, there is virtually no case law on how the Fourth Amendment — which prohibits unreasonable searches and seizures — should apply to this technology.

Pot purchase gone wrong

The robbery, judging from police reports, legal documents and interviews, was small-time.

At about 6 p.m. on March 4, 2013, McKenzie, then 18, and two friends met a young man named Jamal Williams at a local Taco Bell. They had set up a deal to buy some marijuana from Williams, whom McKenzie had first met at a party, with the intent of robbing him of the dope.

During the robbery, one of McKenzie’s buddies pulled what appeared to be a 9mm handgun out of his pocket, pointed it at Williams and demanded “everything you got.”

The other friend removed what looked to be a shotgun from the trunk of a car and leveled it at Williams. “I’m not scared to put a hole in you,” he said, Williams recalled.

Both weapons were BB guns. But they scared Williams enough that he gave the men the pot, left behind his iPhone and fled in a car driven by a friend who had escorted him to the Taco Bell.

That evening, Williams reported to police that he had been robbed of cash and his phone when he tried to buy marijuana from some dealers he did not know. Later he admitted that he, in fact, was the seller and assessed the stolen pot’s value at $130.

The police had little to go on beyond vague descriptions of the three men, a license-plate number and a cellphone number that McKenzie had provided. A check of the tag number turned up nothing. McKenzie had not given his real name.

The day after the robbery, the police obtained a court order from a judge to authorize Verizon to hand over data collected from cell towers that would show the approximate locations where the phone in question had been used.

Two days after the robbery, shortly after 4 a.m., several police officers drove to a house at 3197 Springhill Rd., on the south side of town, and set up surveillance.

About 6 a.m., McKenzie left the house, got into his car and pulled away. The officers tailed him past Sam’s Tires and Repairs, past the Family Dollar store, past Jerusalem Baptist Church, past Tony’s Gas. Three and a half miles later, they pulled him over. The youth, a senior looking to graduate, had been on his way to school, which began at 6:45 a.m.

The police found some marijuana and zip-top bags in the car. They detained McKenzie and took him to the police station. He confessed, giving police the names of his two friends and showing investigators where they lived. All three were charged with robbery with a deadly weapon.

Tracing a phone’s location

Months passed. The case dragged along.

In November 2013, after McKenzie’s original lawyer dropped out, his case was assigned to a public defender, Carrie McMullen. Around that time, the attorney for one of the co-defendants began to wonder: How did the police figure out that McKenzie was at 3197 Springhill Rd. that morning?

McMullen’s office hired a lawyer with technology expertise. John Sawicki, the expert, produced a map on which he plotted all the locations provided by Verizon, and they clumped in three different areas of town.

Cell-tower data can show general geographical areas where a phone was used, but “they will not tell you he’s in House X,” Sawicki said. “That’s how imprecise it is.”

In March, the defense team deposed police investigator Robert Newberry. The lawyers tried to get Newberry to explain how the police zeroed in on 3197 Springhill Rd. He mentioned the cell-tower records and then, under probing, acknowledged that they had not been sufficient on their own to locate the suspect.

He said a “Sergeant Corbitt” in the department’s technical operations unit had identified the phone’s location. “He would have to tell you how he got to that,” Newberry said, referring to Christopher Corbitt, who handles electronic surveillance operations.

There were other questions about whether the police had reasonable suspicion to pull McKenzie over. The descriptions Williams gave of the suspects were vague, and in fact, none closely matched McKenzie’s appearance.

The descriptions fit “two-thirds of the young black males living on the south side of town,” Sawicki said.

Newberry could not fully explain how Corbitt determined the phone’s location. “I can’t address it because I don’t know the magic behind it,” he said.

In April, the defense team deposed Corbitt. He told the attorneys that he turned up the address on Springhill Road by running phone numbers that the suspect’s phone had dialed through a subscription database, called Accurint, that helps law enforcement agencies locate individuals through data such as phone numbers, property records and court records.

But how did he know that the phone was in the house at 6 in the morning? The phone was a “burner” — one not registered under McKenzie’s name.

“We do have specific equipment that allows us to . . . direction-find on the handset, if necessary,” Corbitt said.

“What is that, and how does that work?” McMullen asked.

“I can’t go into that,” he said. “Due to [a] nondisclosure agreement with the FBI, we’re not able to get into the details of how the equipment operates.”

He acknowledged that the device was a cell-tower simulator.

He also acknowledged that the device, whose model name he could not give, was used to “assist in locating or determining the person in possession” of the cellphone, and that it could elicit signals from a target’s phone even when the phone was not in use.
“It is not nearly as invasive or as sinister as it is sometimes characterized to be,” he said.

“I so wish that I could tell you how this equipment operates, because I think I could put so many people at ease,” Corbitt said. “Unfortunately, I am not able to do that.”

He said that if the defense wanted more specific information, then he had “a specific protocol” to follow requiring him to notify the FBI and the Justice Department.

The Tallahassee police declined to comment for this article.

‘100 percent’ reliable

In June, in response to a motion for public access by the ACLU, the state released a transcript from a closed court hearing in 2010 relating to a Tallahassee rape case in which Corbitt testified that he had used a cell-site simulator to identify a suspect in an apartment complex. “In essence, we emulate a cellphone tower,” he said. “We force that handset to register with us. We identify that we have the correct handset and then we’re able to — by just merely direction-finding on the signal emanating from that handset — we’re able to determine a location.”

He noted that the equipment “is evaluating all the handsets in the area.”

“Using portable equipment,” he said, “we were able to actually basically stand at every door and every window in that complex and determine, with relative certainty . . . the particular area of the apartment that that handset was emanating from.”

He said the Tallahassee police began using the device in the spring of 2007. From that point until August 2010, he said, the police had used it “200 or more times” to locate a cellphone.

How reliable was it? “Truthfully,” he said, “100 percent.”

In September, McMullen drew up a motion to suppress the evidence obtained against McKenzie prior to his arrest, alleging that his Fourth Amendment rights were violated by the use of the StingRay. She argued that the police had not obtained a warrant based on probable cause to use the device.

“By scooping up all manner of information from a target cellphone, as well as nearly all cellphones in the general area, a StingRay device engages in exploratory rummaging,” she wrote.

McMullen also argued that the order the police did obtain not only failed to meet the requirements of a warrant but was also obtained without telling the judge that it would be used to operate a StingRay.

Then, in October, McMullen sought a subpoena to compel Corbitt to show the device in court. In November, Florida Circuit Court Judge Frank Sheffield held a hearing on the issue.

The state’s attorney, Courtney Frazier, argued that details of the equipment’s operation were protected from disclosure under a law enforcement exception to the state open-records law.

Sheffield broke in. “What right does law enforcement have to hide behind the rules and to listen in and take people’s information like the NSA?” he said.

Frazier protested that the information about the device was sensitive and that disclosure could inhibit the police’s ability to catch criminals.

“Inhibiting law enforcement’s rights are second to protecting mine!” Sheffield thundered, gesturing with both hands and fixing his gaze on the prosecutor.

On Dec. 2, Sheffield signed the subpoena forcing Tallahassee police to show the device they used.

Two days before Corbitt was due to show up with the device, McMullen received notice of the plea deal from the prosecutor. She had never gotten such a sweet deal on a case.

The defense attorneys were disappointed that they would not see the device, but they couldn’t refuse the plea bargain.

“How do you not take it?” Sawicki said. “How do you take these kids’ future away?”

Julie Tate in Washington contributed to this report.
http://www.washingtonpost.com/world/...dd2_story.html





Battery Power Alone Can be Used to Track Android Phones
Zoe Kleinman

Android phones can be tracked without using their GPS or wi-fi data by studying their power use over time, a study has found.

A smartphone uses more power the further away it is from a cellular base and the more obstacles are in its way as it reaches for a signal.

Additional power use by other activities could be factored out with algorithms, the researchers found.

They created an app designed to collect data about power consumption.

"The malicious app has neither permission to access the GPS nor other location providers (eg cellular or wi-fi network)," the team - Yan Michalevsky, Dan Boneh and Aaron Schulman, from the computer science department at Stanford University, along with Gabi Nakibly, from Rafael Ltd - wrote in their paper.

"We only assume permission for network connectivity and access to the power data.

"These are very common permissions for an application, and are unlikely to raise suspicion on the part of the victim."

There are 179 apps currently available on Android app store Google Play that request this information, the team add.

Activity such as listening to music, activating maps, taking voice calls or using social media all drain the battery but this can be discounted due to "machine learning", the report says.

"Intuitively the reason why all this noise does not mislead our algorithms is that the noise is not correlated with the phone's location," it says.

"Therefore a sufficiently long power measurement (several minutes) enables the learning algorithm to 'see' through the noise."

The tests were carried out on phones using the 3G network but did not measure signal strength as that data is protected by the device.
'Stuffed with sensors'

"With mobile devices now becoming ubiquitous, it is troubling that we are seeing so many ways in which they can be used to track us," said cyber-security expert Prof Alan Woodward, from Surrey University.

"I think people sometimes forget that smartphones are stuffed full of sensors from gyroscopes and GPS to the more obvious microphones and cameras.

"This latest work shows that even that basic characteristics (power consumption) has the potential to invade privacy if monitored in the right way," he added.

"We are approaching the point where the only safe way to use your phone is to pull the battery out - and not all phones let you do that."
http://www.bbc.co.uk/news/technology-31587621





Pakistanis Face a Deadline: Surrender Fingerprints or Give Up Cellphone

A Pakistani mobile vendor deals with customers at his roadside stall in Rawalpindi on Jan. 6. (Farooq Naeem/AFP/Getty Images)
Tim Craig and Shaiq Hussain

Cellphones didn’t just arrive in Pakistan. But someone could be fooled into thinking otherwise, considering the tens of millions of Pakistanis pouring into mobile phone stores these days.

In one of the world’s largest — and fastest — efforts to collect biometric information, Pakistan has ordered cellphone users to verify their identities through fingerprints for a national database being compiled to curb terrorism. If they don’t, their service will be shut off, an unthinkable option for many after a dozen years of explosive growth in cellphone usage here.

Prompted by concerns about a proliferation of illegal and untraceable SIM cards, the directive is the most visible step so far in Pakistan’s efforts to restore law and order after Taliban militants killed 150 students and teachers at a school in December. Officials said the six terrorists who stormed the school in Peshawar were using cellphones registered to one woman who had no obvious connection to the attackers.

But the effort to match one person to each cellphone number involves a jaw-dropping amount of work. At the start of this year, there were 103 million SIM cards in Pakistan — roughly the number of the adult population — that officials were not sure were valid or properly registered. And mobile companies have until April 15 to verify the owners of all of the cards, which are tiny chips in cellphones that carry a subscriber’s personal security and identity information.

In the past six weeks, 53 million SIMs belonging to 38 million residents have been verified through biometric screening, officials said.

Muhammad Safdar, 30, uses his cellphone in Islamabad after he and his three children waited in line for hours for a biometric screening that would allow him to keep the phone. (Tim Craig/The Washington Post)

“Once the verification of each and every SIM is done, coupled with blocking unverified SIMs, the terrorists will no longer have this tool,” said a senior Interior Ministry official, who was not authorized to speak publicly about the government’s security policy. “The government knows that it’s an arduous job, both for the cellular companies and their customers, but this has to be done as a national duty.”

As Pakistan’s decade-long struggle against Islamist extremism has stretched on, residents have grown accustomed to hassles such as long security lines and police checkpoints. Now they must add the inconvenience of rushing into a retail store to keep their phones on.

“I spend all day working and sometimes have to work till late in the night. . . . I cannot afford to stand in line for hours to have my SIM verified,” said Abid Ali Shah, 50, a taxi driver who was waiting to be fingerprinted at a cellphone store. “But if I don’t do it, my phone is my only source of communication that I have to remain in touch with my family.”

Though Pakistan’s first cellphone company launched in 1991, there was only sparse usage until the turn of the 21st century. Since then, the number of cellphone subscribers has grown from about 5 million in 2003 to about 136 million today, according to the Pakistan Telecommunications Authority.

The mobile phone subscription rate now stands at about 73 percent, roughly equal to the rate in neighboring India, according to the World Bank. It’s even common for Pakistanis in remote or mountainous areas, where electricity can be sporadic and few have access to vehicles, to own a cellphone.

With 50 million more SIM cards left to be verified, phone companies are dispatching outreach teams deep into the countryside and mountains to notify customers of the policy.

“It’s a massive, nationwide exercise with a tight deadline, but hopefully we will be able to verify our customers by the April deadline,” said Omar Manzur, an executive at Mobilink, which has 38 million customers in Pakistan. “We have sent out 700 mobile vans all across Pakistan to reach out to these far-flung areas, the villages and small towns.”

One region that appears largely unaffected by the plan is the immediate area around the Pakistan-Afghanistan border, where many Islamist militants have historically sought refuge. Pakistani cellphone networks generally do not provide service to those areas, and residents try to get coverage from Afghan networks, officials said.

Cellphone owners’ fingerprints are being matched with those on file in a national database the government began creating in 2005. Those whose prints are not in the database must first submit them to the National Database & Registration Authority. Some residents, including several million Afghan refugees not eligible for citizenship, also have to obtain a court affidavit attesting they will properly use their cellphones.

Over the years, several countries, including South Africa and India, have implemented broad systems for obtaining and storing residents’ biometric information. But analysts and communications experts say they can’t recall a country trying to gather biometrics as rapidly as Pakistan is doing.

“In a country like this, where the infrastructure is not available in many areas, this looks unprecedented,” said Wahaj us Siraj, the chief executive officer of Nayatel, a major Pakistani Internet supplier.

Once the nationwide verification process is complete, police and intelligence officials will have a much easier time tracing the origins of crimes or terrorist attacks, said Ammar Jaffri, the former deputy director of Pakistan’s Federal Investigation Agency.

Jaffri noted that cellphones have often been used to detonate explosive devices in Pakistan. Authorities are also struggling to curb extortion carried out by criminals, often affiliated with banned militant groups, who make threatening phone calls demanding money.

Jaffri said Pakistanis should just accept that a SIM card “becomes part of you” and that any privacy concerns do not override government regulation of airwaves.

“We have new technology now, and we shouldn’t be afraid of these things, we should face it,” said Jaffri, president of the Pakistan Information Security Association. “Watching people when they move, it’s natural: Every country does it. ”

As they show up at cellphone stores, some Pakistanis are learning firsthand just how lax Pakistan had been in tracking SIM cards.

At a Mobilink office in Islamabad, Muhammad Safdar, 30, was told that six different SIM cards were attached to his name.

“I think some of my friends had my ID card number,” Safdar said. “Earlier it was very easy to simply redeem that number and get a SIM issued in that name.”

Ghulam Rasool, a 24-year-old Afghan citizen living here, waited in line only to learn that the SIM card he had bought at a fruit market four years ago was now illegal.

“Before, no one asked, but now they are, and it has to be in my name,” said Rasool, who emerged from the Mobilink office with a new phone number. “Everyone has my old number, and now I have to contact hundreds of people” in both Pakistan and Afghanistan.

Still, many Pakistanis are taking the process in stride, saying they are willing to do whatever it takes to reduce terrorism. They are skeptical, however, that this will be the answer to ending a war that has killed more than 50,000 Pakistani residents and soldiers over the past 13 years.

“If this can bring peace, it’s okay,” said Khan Gul, his thumb still stained with blue ink. “But I am wondering how a mobile phone verification can bring peace.”
136 million

Number of cellphone subscribers in Pakistan, according to the Pakistan Telecommunications Authority. The number has grown since 2003, when there was about 5 million.
http://www.washingtonpost.com/world/...48a_story.html





BlackPhone Maker Silent Circle Announces $50 Million in Funding

"Android for the paranoid" rolling in cash after Gemalto, Snowden revelations.
David Kravets

The BlackPhone, a $600-plus encrypted Android handset designed to keep the prying eyes of criminals and the government out of mobile communications, is now fully owned by Silent Circle thanks to the company raking in investment cash.

Terms of the buyout deal with Spanish smartphone maker Geeksphone, the phone's hardware manufacturer, were not disclosed. Silent Circle said Thursday that it has raised $50 million and plans on showing off an encrypted "enterprise privacy ecosystem" at World Mobile Congress next week. A BlackPhone tablet is on the way, too.

"Silent Circle has brought tremendous disruption to the mobile industry and created an integrated suite of secure enterprise communication products that are challenging the status quo," Mike Janke, cofounder and chairman of the Silent Circle board, said in a statement. "This first stage of growth has enabled us to raise approximately $50M to accelerate our continued rapid expansion and fuel our second stage of growth."

The cash infusion and the push for encrypted communications are in part a direct result of National Security Agency whistleblower Edward Snowden's revelations about massive government surveillance.

'"I'm pleased to be part of the incredible growth of Silent Circle and to see our capabilities and opportunities rise alongside of the growing recognition of the importance of privacy in the modern enterprise," said Ross Perot Jr., an early investor in SPG Technologies, the name of the joint venture between Silent Circle and Geeskphone.

In our review last year, we described the BlackPhone—which runs a custom OS called PrivatOS—as "Android for the paranoid," saying:

We found that the BlackPhone lives up to its privacy hype. During our testing in a number of scenarios, there was little if any data leakage that would give any third-party observer anything usable in terms of private information.

As far as its functionality as a consumer device goes, BlackPhone still has a few rough edges.


The buyout announcement comes as the need for secure mobile communications was highlighted after the Snowden disclosure a week ago that governments may have breached the encryption on Gemalto's SIM cards.

The BlackPhone, however, wasn't without its own security issues, too.

A recently fixed vulnerability disclosed last month in the BlackPhone instant messaging application gave attackers the ability to decrypt messages, steal contacts, and control vital functions of the device.

Silent Circle made news in 2013 when it shuttered its secure e-mail service amid fears that the metadata of encrypted e-mail could be scooped up by the NSA.
http://arstechnica.com/tech-policy/2...on-in-funding/





T-Mobile And Mozilla Will Launch A New ‘Privacy Phone’
Ingrid Lunden

In a bid for more traction in the ever-saturated mobile market, Deutsche Telekom, the German parent of T-Mobile, and Mozilla are taking a step forward together. The two have developed a new “privacy phone”, built on Mozilla’s Firefox OS and compliant with privacy directives set by the two companies. The device is due to be formally unveiled next week at the Mobile World Congress in Barcelona.

The news of the “privacy phone” was buried in a longer article published today in the WSJ about data protection issues in Europe: specifically, regulators in Germany are cracking down on big tech companies as they try to enforce stricter policies around privacy, and consumers are also demanding more secure services.

We’re reaching out both to Deutsche Telekom and Mozilla for more information about the phone. The WSJ story describes the partnership as a joint venture — implying co-investment from both. It also notes that the phones will have preloaded features like location blurring — which means that apps and other services on the phone only pinpoint your location within a larger radius. And users will also be able to register for different services — such as “find my phone” apps — without registering details that identify themselves.

“Many apps, like weather apps, don’t need to know my exact location. It is sufficient if the location is accurate to 20 kilometers,” Claus Ulmer, Deutsche Telekom AG’s head of data privacy, told the WSJ. The comments are made in reference to why data protection regulation is important, but also underscore the bigger worry among cloud-services companies for how consumer distrust could have a bigger business impact.

A privacy-first phone is not a new concept: last year Geeksphone used MWC to unveil its Android-based Blackphone, also built with encryption and other features to safeguard user data. Others like BlackBerry have long used strong encryption for enterprise versions of their devices to protect data.

Mozilla has been an advocate for more secure browsing online — specifically through do-not-track plug-ins that allow for a layer of privacy when using services like Facebook. Taking that concept and moving it into its mobile operating system and device strategies would be a new move for the company.

Although T-Mobile has operations in several markets, its home market of Germany is ripe ground for more products built with privacy in mind. In addition to regulators cracking down on companies like Facebook and Google over their own privacy policies, consumers are also demanding more control and protection, particularly in light of revelations of activities from government organizations like the NSA in the US, on top of tracking from commercial interests for advertising purposes.

On the side of Mozilla, this is also an example of how the organization — which originally launched its Firefox phones with a view to targeting emerging markets and low-cost phone buyers — is looking to expand the kinds of consumers it hopes to target with its products. It’s not clear whether those devices have yet to see any critical mass of ownership in the face of dominance globally from Android-based handsets.

For DT, this is one more example of how carriers continue to develop their own customized devices as a way of building relationships with their consumers.

As users get increasingly annoyed by stories of large-scale commercial data tracking and snooping governments, they are starting to turn away from cloud-based services, with companies like Dropbox, Facebook and Google getting a particularly bad rap for their safeguarding of privacy and security. This is setting off alarm bells for any company with interests in developing more cloud services themselves: they need to refocus on consumer trust.

“It is a big risk if people avoid cloud services because they are uncertain about their privacy,” Ulmer told the WSJ.

There is indeed a larger commercial reason behind the privacy phone push: In the past several years, companies like Apple and Google have really run away with the smartphone show, controlling the app stores and key services that consumers use on their handsets, and leaving carriers scrambling for diminishing returns in the role of dumb pipe. Moves like this, to create new phones with unique experiences, could be one way to combat that.

We’ll update this story as we learn more.
http://techcrunch.com/2015/02/24/t-m...privacy-phone/





Don’t Let AT&T Mislead You About its $29 “Privacy Fee”
Stacey Higginbotham

This week AT&T got a lot of media attention for its expansion of its GigaPower service to Kansas City announced on Monday. The news wasn’t so much about the expansion, but about the ISP’s plans to to offer a $29 per month discount for customers who let Ma Bell scan their web searches in exchange for targeted advertising. The pricing isn’t new, but Ars Technica noted it as did the Wall Street Journal, and even our own Jeff Roberts wrote a post explaining that he thought it was a good idea that the company was putting an explicit price on privacy.

But $29 isn’t actually the price that AT&T charges per month for privacy. As I discussed back in May last year after I tried to sign up for AT&T’s GigaPower service to find out more about the pricing and the disclosures associated with the plan, the actual costs were closer to $44 or even $62 per month. This time around the price differentials are $44 for gigabit internet and $66 for HD TV and HBO Go plus gigabit internet.

Fact checking Ma Bell

To arrive at those prices I looked at the cost of the Internet Preference Plan (that’s the plan that monitors your web surfing) versus the Standard Plan for gigabit service and gigabit service plus TV. Gigabit service costs $99 per month under the Standard Plan plus a $7 monthly fee modem rental fee and a $99 one-time activation fee, that nets out to a monthly cost of $114. The Internet Preference Plan waives the one-time activation and monthly modem fee which means you pay only $70 a month, giving you a true cost of $44 a month if you choose the privacy-preserving option.

On the video side numbers are similar as seen below. The Standard Plan has a higher cost of $149 per month plus the $7 monthly fee and a one-time $49 activation fee. Only you also add in a $10 monthly service fee for HD TV and a $16 monthly fee for HBO Go which are included in the Internet Preference Plan. So the comparable plan nets out to $186, which costs $66 more than the $120 you’d pay for letting AT&T sneak a peek at your home broadband web surfing habits.

AT&T also makes it tough to find the alternative to its Internet Preferences plan. You have to read the fine print and click to search for options that don’t include the AT&T Internet Preferences plan (they don’t call it something straightforward like the “Ma Bell’s Watching You Plan”). See underlined item below for where to click.

AT&T doesn’t make this easy

So it’s tough to avoid the spying plan, but it’s even tougher to actually fact check AT&T to discover the associated fees that make the cost of privacy so much higher than the advertised $29 a month. As part of looking for the pricing this morning to see if anything had changed, I ran into another issue that’s almost as frustrating as AT&T’s misleading number and the media’s acceptance of it.

Uncovering AT&T’s actual pricing requires you to have a legitimate address in Ma Bell’s service area that currently doesn’t have AT&T service. For me, this meant finding a friend who had GigaPower service, getting their address and then using Google Maps to plug in addresses until I found one that worked with the ordering system so I could check pricing.

That’s a significant hurdle to compare prices for the media, for activists, for regulators and really for anyone interested in understanding what broadband costs in the U.S. AT&T isn’t alone in this practice. Almost every ISP has a similar hurdle in part because they charge different rates in different markets and also because they offer different services based on addresses. At a minimum ISPs should post pricing for their services in each market on their web sites up front before then requiring an availability check.

As it stands now, pricing for broadband is so complicated and dependent on contracts, various fees and options that you must go all the way through an order before you understand what your bill will actually be. This makes it hard to compare pricing between what is often the single other competitors in the market, but the contracts often lock the consumer into the ISP for a year or two, further reducing competition.

Someone call the FCC and FTC

So in this case, the media may be lauding AT&T for putting a $29 monthly price on the value of consumer privacy. But when I look at the practice, I see a company that has little competition, manipulating consumers into choosing to give up their privacy. Consumers do this, not because they get a $29 discount, but because after going through a fairly complicated sign up process and managing to click on the right button to even see the option to protect their privacy, they suddenly realize that keeping their privacy doesn’t cost $29 but rather $44 or even $66 per month.

That’s a very different story. And it’s one that AT&T makes it really difficult to report.
https://gigaom.com/2015/02/19/dont-l...9-privacy-fee/





University of Surrey Claims 1Tbps Speed via 5G Mobile Technology Test
Mark Jackson

Researchers working on the future 5th generation (5G) of Mobile Broadband technology at the University of Surrey in England claim to have achieved a staggering transfer speed of 1Tbps (Terabit per second), or 1,000,000Mbps (Megabits) in more familiar language, over their candidate technology.

The claimed performance, which is far in advance of the 10Gbps to 50Gbps (Gigabits per second) that is so often mooted when talking about 5G solutions, is well ahead of even Samsung’s rival 5G test that last year achieved 7.5Gbps (here). But Samsung’s test was conducted outside of the laboratory (technically still a “lab test“) and involved a car moving at 60MPH (note: performance dropped to 1.2Gbps when in motion) over a distance of 4.35km and using the 28GHz radio spectrum band.

By comparison we know precious little about the Surrey test, except for a rough V3 report stating that the performance was achieved over a fairly short distance of 100 metres via new transmitters and receivers. Apparently the plan is to take the technology outside of the lab for testing between 2016 and 2017, which would be followed by a public demo in early 2018.

Naturally we wanted to know more, not least with regards to whether Professor Rahim Tafazolli, who leads the project, could tell us what radio spectrum bands were used and whether their approach involved using millimeter wave (mmW) frequency bands to enable the use of higher frequencies over greater distances (a lot of other 5G solutions are using this).

Professor Rahim Tafazolli told ISPreview.co.uk:

“The technique is independent of centre frequency whether mm wave or below 6GHz. It is a new detector that works really well in environments where there is a lot of interference I.e dense cells (for example cells of ~100m) and cells with lots of interfering antennas like massive MIMO. The indicated rate was measured in 100MHz of bandwidth.”

Surrey University is of course home to the United Kingdom’s 5G Innovation Centre, which was setup in 2012 with a huge bag of public funding (here and here) so as to help the country develop its own contender for the next generation Mobile Broadband standard. But the 5GIC currently represents just one of multiple different teams from around the world that claim to be working on a 5G solution (another example here).

Crucially a firm standard for the future technology has yet to even be defined, while Ofcom must also conduct a lengthy process of spectrum reorganisation and auctions in order to find and release the necessary radio frequency bands (hard to do when 5G is still so experimental). The Government currently aims to release 500MHz of public sector spectrum by 2020 and most of this is for bands below 5GHz. Put another way, very few expect a commercial 5G deployment to begin before 2020.

Never the less the 5GIC has plenty of supporters, including most of the major UK mobile operators, plus BT, Huawei, Fujitsu, the BBC and of course Samsung itself; not to mention various others like Ofcom and the ITRI etc.

Certainly Professor Rahim Tafazolli makes no secret of wanting “to be the first in the world to show such high speeds” and so far they appear to be going in the right direction, but the road to turning such prototypes into a battery efficient commercial solution, which could slot into existing mobile infrastructure, is still very far off indeed.

Never the less it’s worth pointing out that the Government of South Korea has already committed an eye watering £940m to roll-out its own 5G service, with trials due by December 2017 and a commercial deployment set for 2020. Countries like South Korea and Japan have often been ahead of everybody else in the mobile field, but perhaps this time we won’t be so far behind and some of what the UK builds might actually form a meaningful part of the future standard.

As ever the performance that consumers can ultimately expect to receive will no doubt be a lot lower than the headline claims being made today and in the meantime existing 4G (LTE-Advanced) technology still has plenty of room to grow, with the service continuing to get faster and faster via new upgrades.
http://www.ispreview.co.uk/index.php...bile-tech.html





You'll Soon be Able to Try the Technology that Could Make Your Phone's Internet 1,000 Times Faster than 4G
Lisa Eadicicco

About a year ago, Artemis Networks CEO Steve Perlman said his startup was working on technology that could make your smartphone's internet connection 1,000 times faster than it is today. Now that technology is finally making its debut in San Francisco.

Artemis Networks announced that consumers in San Francisco would be able to purchase a SIM card from the company's website that allows phones to connect to the pCell network.

Because Artemis Networks has a partnership with Dish, the company will be using a certain block of Dish's spectrum for pCell's deployment in San Francisco.

If you have an unlocked iPhone 6 or iPad Air 2, you will be able to buy a SIM card directly from Artemis and insert it into the device. For Android, you will have to order an unlocked phone that is compatible with the specific spectrum pCell runs on. (Apple's unlocked phones come with all spectrum bands built in.)

Because pCell works only in San Francisco, Artemis Networks' SIM card will work on an MVNO network, or mobile virtual network operator, if you're outside of the region. An MVNO is a network based on spectrum that is leased from a larger carrier — it isn't owned by the service provider. MVNOs are known for offering the voice and data services from larger carriers at a much lower price with more flexible plans, as GigaOm describes it.

Artemis will offer different plan options on its website, Perlman told Business Insider. Specific details on these plans have not been publicly revealed, but Perlman said his company would be able to provide unlimited data plans at a lower cost than that of today's wireless carriers.

"And better yet, you'll get very high performance," Perlman said.

In fact, Artemis Networks' latest white paper on pCell says the technology comes close to certain standards set for 5G, which is expected to be deployed in 2020.

It is supposedly so fast it could even potentially replace a traditional cable modem, Perlman says. In addition to offering SIM cards for phones, Artemis Networks will begin selling a device similar to a MiFi wireless router that can be used to deploy a wireless network within your home. The Artemis I Hub, a distributed antenna hub for mobile operators, will be available starting Tuesday for a small number of partners as part of a trial period. If these companies like the Artemis I Hub, they can trade in the trial devices and place an order for the final product.

"Our cost will be low enough that we can compete with cable modems," Perlman said.

Perlman would not give specifics on pricing or availability, saying that would most likely be decided closer to the product's launch. PCell is still undergoing FCC approval, and estimates suggest that process could take about six months.

The price would be able to be low because pCell works off of small, hotspot-like devices and doesn't need a giant cell tower to be deployed. So the cost to build the network infrastructure is much lower for pCell than it is for a traditional carrier.

Think of pCell as an alternative to a traditional cell tower. It uses the same spectrum as a cellular carrier like Verizon or AT&T but allocated in a different way.

While cell towers emit a giant signal that all phones within a given area share, pCell creates an individual network for each user. PCell does this through devices called pWaves — these can be considered as cell towers that are about the same size as a wireless router.

The way pWaves and cell towers actually emit radio waves is very different, however. In fact, they are opposite. Cell towers are spaced far enough apart so that their signals can cover large areas without interfering with one another. Artemis' technology, rather, takes advantage of colliding radio waves with

Because the pWaves are so small, they can be placed practically anywhere, unlike cell towers. The idea is that numerous pWaves could be placed around cities to blanket an area more accurately than can traditional towers.

Although pCell could be used as an alternative to a traditional cell carrier in San Francisco, Perlman described the release as a sort of "showroom" for what pCell could do. He wants to work with larger carriers in the future.

"What we're trying to show is this thing's getting out there," he said. "Carriers are very interested to see how it performs."
http://www.businessinsider.com/pcell...ancisco-2015-2





Eleventh-Hour Drama for Net Neutrality
Julian Hattem

A Democrat on the Federal Communications Commission wants to see changes that could narrow the scope of new net neutrality rules set for a vote on Thursday.

Mignon Clyburn, one of three Democrats on the FCC, has asked Chairman Tom Wheeler to roll back some of his provisions before the full commission votes on them, FCC officials said.

The request — which Wheeler has yet to respond to — puts the chairman in the awkward position of having to either roll back his proposals, or defend the tough rules and convince Clyburn to back down.

It’s an ironic spot for Wheeler, who for months was considered to be favoring weaker rules than those pushed for by his fellow Democrats, before he reversed himself and backed tougher restrictions on Internet service providers.

Clyburn’s objections complicate the highly anticipated vote and add an extra bit of drama to the already high tensions on the five-member commission.

Wheeler will need the votes of both Clyburn and Democratic Commissioner Jessica Rosenworcel to pass the rules, since the two Republicans on the commission are expected to vote against anything he proposes.

Clyburn’s changes would leave in place the central and most controversial component of Wheeler’s rules — the notion that broadband Internet service should be reclassified so that it can be treated as a telecommunications service under Title II of the Communications Act, similar to utilities like phone lines.

Proponents of net neutrality have said such a move is the surest way to prevent Internet service providers from interfering with people’s access to the Web.

However, she wants to eliminate a new legal category of “broadband subscriber access services,” created as an additional point of legal authority for the FCC to monitor the ways companies hand off traffic on the back end of the Internet.

Those deals, known as “interconnection” arrangements, became a point of contention last year, when Netflix accused Comcast and other companies of erecting “Internet tolls” before easily passing Web traffic from one network to another.

The initial plan sought by Wheeler would allow the FCC to investigate and take action against deals that are “not just and reasonable,” according to a fact sheet released by the commission earlier this month.

Eliminating the new legal category could make it trickier for the FCC to police those arrangements, said officials with the agency, who were granted anonymity in order to speak freely about the ongoing negotiations.

Other FCC officials have previously said that the broader act of reclassifying broadband Internet service would, in and of itself, give the commission enough power to oversee interconnection deals. That opinion has been backed up by lawyers at Google, among others, who made the argument to FCC officials last week.

Matt Wood, the policy director at the pro-net neutrality organization Free Press, disagreed with officials who thought the change could weaken the rule. Clyburn’s edit might actually make the rules stronger by getting rid of “unnecessary baggage” in Wheeler’s early draft, he said.

Clyburn’s changes also would replace a new standard for Internet service providers’ conduct, which was meant to act as a catchall rule for any future behavior that might abuse consumers. That standard would be swapped out with potentially narrower language from 2010 rules that prevented “unreasonable discrimination.” A federal court tossed out those 2010 rules early last year, setting the stage for the FCC to write new rules.

The full text of the rules will not be revealed to the public until after the FCC’s vote on Thursday morning.

Clyburn declined to discuss specific changes she was supporting on Tuesday.

“This is a process that is an interaction with all five members of the commission and their offices,” she said after remarks at a policy forum hosted by Comptel, a trade group.

“I will just say that I am attempting to strike a balance and whatever you hear, whether it’s accurate or not, is a reflection of my enthusiastic willingness to do so.”

In a speech at the Federal Communications Bar Association last week, the commissioner said that she was “pleased” with the initial draft but also hinted that she might need some fixes to strike that balance between “strong” protections for consumers and “clarity” for investors.

“Some have expressed concerns about allowing private rights of action in court, failing to consider the impact on smaller [Internet service providers], that including interconnection goes too far or that the case-by-case approach does not go far enough, and that the new conduct rule may not be as strong as the previous unreasonable discrimination rule,” she said.

The requested changes come as FCC lawyers are spending hours poring over the text of the rules.

In keeping with FCC procedural rules, the four other commissioners got their first look at the rules just two and a half weeks ago outside of Wheeler’s office. Now they are scrambling to make edits ahead of the vote on Thursday morning.
http://thehill.com/business-a-lobbyi...utrality-rules





As Republicans Concede, F.C.C. Is Expected to Enforce Net Neutrality
Jonathan Weisman

Last April, a dozen New York-based Internet companies gathered in the Flatiron Building boardroom of the social media website Tumblr to hear dire warnings that broadband providers were about to get the right to charge for the fastest speeds on the web.

The implication: If they didn’t pay up, they would be stuck in the slow lane.

What followed has been the longest, most sustained campaign of Internet activism in history, one that the little guys appear to have won. On Thursday, the Federal Communications Commission is expected to vote to regulate the Internet as a public good. On Tuesday, Senator John Thune, Republican of South Dakota and chairman of the Senate Commerce Committee, all but surrendered on efforts to overturn the coming ruling, conceding Democrats are lining up with President Obama in favor of the F.C.C.

“We’re not going to get a signed bill that doesn’t have Democrats’ support,” he said, explaining that Democrats have insisted on waiting until after Thursday’s F.C.C. vote before even beginning to talk.

“I told Democrats, Yes, you can wait until the 26th, but you’re going to lose the critical mass I think that’s necessary to come up with a legislative alternative once the F.C.C. acts,” he said.

In the battle over so-called net neutrality, a swarm of small players, from Tumblr to Etsy, BoingBoing to Reddit, has overwhelmed the giants of the tech world, Comcast, Verizon and TimeWarner Cable, with a new brand of corporate activism — New World versus Old. The biggest players on the Internet, Amazon and Google, have stayed in the background, while smaller players — some household names like Twitter and Netflix, others far more obscure, like Chess.com and Urban Dictionary — have mobilized a grass-roots crusade.

“We don’t have an army of lobbyists to deploy. We don’t have financial resources to throw around,” said Liba Rubenstein, Tumblr’s director of social impact and public policy. “What we do have is access to an incredibly engaged, incredibly passionate user base, and we can give folks the tools to respond.”

In mid-October, the technology activist group Fight for the Future acquired the direct phone numbers of about 30 F.C.C. officials, circumventing the F.C.C.’s switchboard to send calls directly to policy makers at the agency. That set off a torrent of more than 55,000 phone calls until the group turned off the spigot Dec. 3.

In November, President Obama cited “almost four million public comments” when he publicly pressured the F.C.C. to turn away from its paid “fast lane” proposal and embrace a new regulatory framework.

Since then, the lobbying has only grown more intense. Last week, 102 small Internet companies, including Yelp, Kickstarter and Meetup, wrote the F.C.C. to say the threat of Internet service providers “abusing their gatekeeper power to impose tolls and discriminate against competitive companies is the real threat to our future,” not “heavy-handed regulation” and possible taxation, as conservatives in Washington say.

On Feb. 5, the Mozilla Foundation, makers of the popular Firefox web browser, posted a pro-net neutrality banner just below its search window, proclaiming, “In just a few days, the web could change forever,” and imploring users to sign the firm’s petition; close to 300,000 have signed, said Dave Steer, Mozilla’s director for advocacy, who has helped mobilize Silicon Valley for Net Neutrality.

“This is not East Coast-West Coast thing. It’s not a for-profit company versus nonprofit thing. It’s all of us,” he proclaimed. “We came together under the banner of Team Internet.”

Republicans who had branded net neutrality “Obamacare for the Internet” have grown much quieter under the barrage.

“Tech companies would be better served to work with Congress on clear rules for the road. The thing that they’re buying into right now is a lot of legal uncertainty,” said Senator Thune, who warned that the F.C.C.’s new rule would face litigation from opponents and a possible reversal from a future, more Republican F.C.C. “I’m not sure exactly what their thinking is.”

The cable and broadband companies that have fought the new regulations are even more dazed. Brian Dietz, a spokesman for the National Cable & Telecommunications Association, said the pro-net neutrality activists have somehow turned a complex and technical debate over how best to keep the Internet operating most efficiently into a matter of religion. The forces for stronger regulation are for the Internet. Those opposed are against it.

Mr. Dietz said in no way were the Internet service providers trying to silence the Internet content companies. “They have a right to have an active voice in the public policy arena,” he said.

But, he said, the Internet companies in some case are misleading their customers, and in some cases, are being misled on the intricacies of the policy.
http://www.nytimes.com/2015/02/25/te...-fcc-vote.html





FCC Overturns State Laws that Protect ISPs from Local Competition

Municipal broadband networks could expand because of FCC's controversial vote.
Jon Brodkin

The Federal Communications Commission today voted to preempt state laws in North Carolina and Tennessee that prevent municipal broadband providers from expanding outside their territories.

The action is a year in the making. FCC Chairman Tom Wheeler announced in February 2014 his intention to override state laws designed to protect private cable companies and telcos from public sector competition. Wheeler took his cue from the federal appeals court ruling that overturned net neutrality rules; tucked away in that decision was one judge's opinion that the FCC has the authority to preempt "state laws that prohibit municipalities from creating their own broadband infrastructure to compete against private companies."

Nineteen states have such laws, often passed at the behest of private Internet service providers that didn't want to face competition. Communities in two of the states asked the FCC to take action. The City of Wilson, North Carolina and the Electric Power Board (EPB) of Chattanooga, Tennessee filed the petitions that led to today's FCC action. Each offers broadband service to residents and received requests for service from people in nearby towns, but they alleged that state laws made it difficult or impossible for them to expand.

“You can’t say you’re for broadband and then turn around and endorse limits on who can offer it,” Wheeler said today. “You can’t say, ‘I want to follow the explicit instructions of Congress to remove barriers to infrastructure investment,' but endorse barriers on infrastructure investment. You can’t say you’re for competition but deny local elected officials the right to offer competitive choices."

States have given municipalities the authority to offer broadband but made it difficult with tons of bureaucratic requirements, he said. "The bottom line is some states have created thickets of red tape designed to limit competition," he said. Local residents and businesses are the ones suffering the consequences, he argued, pointing to members of the two communities in the audience.

Some businesses are forced to move to other towns for lack of better broadband, he said. Wheeler described one person who pays $316 a month "for a collage of services that includes two mobile hotspots," while living less than a mile from a gigabit network. One woman in the FCC's audience has to drive her son 12 miles to a church where he can access Internet service fast enough to do schoolwork, he said. These people are "condemned to second-rate broadband."

Both EPB and Wilson have advanced networks but are surrounded by communities that lack advanced service, FCC wireline competition official Gregory Kwan told commissioners.

"EPB is an island of competitive high speed broadband service surrounded by areas for the most part with single or no provider of advanced broadband," he said. "Wilson's network... is a similar situation, an island of competition surrounded by a sea of little to no options for world class competitive broadband services."

"Our focus is really about wanting to serve our neighbors who have little or no access to broadband," EPB communications VP Danna Bailey told Ars yesterday. "We’re hoping that the FCC votes in favor of our petition, but we’ll have to understand any ramifications of anticipated legal challenges before we move forward."

The vote was followed by applause from the crowd.

Democrats say yea, Republicans nay

The vote was split 3-2 along party lines, with Wheeler joined by fellow Democrats Mignon Clyburn and Jessica Rosenworcel.

"There are provisions that limit service by municipalities to specific areas but not others even if the local governmental entity has a pre-existing telecommunications network in that region," Clyburn said in today's meeting. "And just what has been the result? Certain communities have the capacity to achieve limitless outcomes, while others a few yards from town are stuck in a digital desert deprived of the means to close persistent opportunity gaps."

Rosenworcel likened municipal Internet service to "broadband barn raising."

"The Electric Power Board of the City of Chattanooga now offers gigabit service to all of its customers, and the residents of Wilson County have access to a municipal network that also supports gigabit speed," she said. "Now both municipal providers want to extend their broadband offerings to other consumers nearby. In communities where the speeds are slower and the competitive choice more limited. So today, we tear down barriers that prevent them from expanding their broadband service and offering more consumers more competitive choice."

Republican Ajit Pai dissented, pointing out that the laws in the two states were passed by legislatures controlled by Democrats and are now being overturned by unelected officials.

"I do not believe this agency has the legal power to preempt," Pai said.

Section 706 of the Telecommunications Act of 1996 requires the FCC to encourage the deployment of broadband to all Americans by using "measures that promote competition in the local telecommunications market, or other regulating methods that remove barriers to infrastructure investment." The ability to remove barriers is what Wheeler is using to preempt the state laws in North Carolina and Tennessee.

Pai pointed out that Section 706 includes no specific language on preempting state laws. According to Pai, Democrats conceded that the FCC can't overturn total state bans on municipal broadband; rather, they argue only that they can lift restrictions that limit rather than ban the municipal networks, he said. In North Carolina and Tennessee, the providers are being prevented from expanding their service territory, but aren't banned from offering the service within their territory.

"This yields an exceptionally strange result," Pai said. "While a state would be free to ban municipal broadband projects outright, it would be forbidden from imposing more modest restrictions on such projects. In other words, the most severe state law restrictions on municipal broadband projects, prohibitions, could not be preempted, but less stringent restrictions could be preempted." This could lead states to impose complete bans rather than limited restrictions, he said.

Republican commissioner Michael O'Rielly called it "arrogance" to rewrite state laws.

"It is not the government's role to offer services instead of or in competition with private actors," O'Rielly said. Today's order relies on an "illogical and tortured" reading of Section 706, he said.

The FCC could preempt laws in more states if communities file petitions asking the commission to do so. But the FCC's vote isn't the end of the road. Wheeler is relying on an untested legal theory that could face judicial scrutiny. Besides court challenges, Republicans in Congress have proposed legislation removing the FCC's Section 706 authority.

The FCC is also scheduled to vote today on reclassifying Internet service providers as common carriers under Title II of the Communications Act. Title II includes authority to preempt state laws that prohibit the ability of "any entity" to provide telecommunications. But this authority has already been tested, with the Supreme Court in 2004 agreeing with the FCC that "any entity" only referred to private entities.
http://arstechnica.com/business/2015...l-competition/





FCC Votes for Net Neutrality, a Ban on Paid Fast Lanes, and Title II

Internet providers are now common carriers, and they're ready to sue.
Jon Brodkin

The Federal Communications Commission today voted to enforce net neutrality rules that prevent Internet providers—including cellular carriers—from blocking or throttling traffic or giving priority to Web services in exchange for payment.

The most controversial part of the FCC's decision reclassifies fixed and mobile broadband as a telecommunications service, with providers to be regulated as common carriers under Title II of the Communications Act. This decision brings Internet service under the same type of regulatory regime faced by wireline telephone service and mobile voice, though the FCC is forbearing from stricter utility-style rules that it could also apply under Title II.

The decision comes after a year of intense public interest, with the FCC receiving four million public comments from companies, trade associations, advocacy groups, and individuals. President Obama weighed in as well, asking the FCC to adopt the rules using Title II as the legal underpinning. The vote was 3-2, with Democrats voting in favor and Republicans against.

Chairman Tom Wheeler said that broadband providers have the technical ability and financial incentive to impose restrictions on the Internet. Wheeler said further:

The Internet is the most powerful and pervasive platform on the planet. It is simply too important to be left without rules and without a referee on the field. Think about it. The Internet has replaced the functions of the telephone and the post office. The Internet has redefined commerce, and as the outpouring from four million Americans has demonstrated, the Internet is the ultimate vehicle for free expression. The Internet is simply too important to allow broadband providers to be the ones making the rules.

This proposal has been described by one opponent as "a secret plan to regulate the Internet." Nonsense. This is no more a plan to regulate the Internet than the First Amendment is a plan to regulate free speech. They both stand for the same concepts: openness, expression, and an absence of gate keepers telling people what they can do, where they can go, and what they can think.


Wheeler also said putting rules in place will give network operators the certainty they need to keep investing.

In May 2014, the Wheeler-led commission proposed rules that relied on weaker authority and did not ban paid fast lanes. Wheeler eventually changed his mind, leading to today's vote.

Commissioner Mignon Clyburn, the longest-tenured commissioner and someone who supported Title II five years ago, said the net neutrality order does not address only theoretical harms.

"This is more than a theoretical exercise," she said. "Providers here in the United States have, in fact, blocked applications on mobile devices, which not only hampers free expression, it also restricts innovation by allowing companies, not the consumer, to pick winners and losers."

Clyburn convinced Chairman Tom Wheeler to remove language that she believed was problematic.

“We worked closely with the chairman's office to strike an appropriate balance and, yes, it is true that significant changes were made at my office's request, including the elimination of the sender side classification, but I firmly believe that these edits have strengthened this item," she said.

Clyburn, Google, and consumer advocacy groups told Wheeler that language classifying a business relationship between ISPs and Web services as a common carrier service could give ISPs grounds to charge online content providers for access to their networks. This language was removed, but service that ISPs offer to home and business Internet users was still reclassified as a common carrier service. FCC officials believe this classification alone gives them power to enforce net neutrality rules and oversee network interconnection disputes that affect consumers.

Internet service providers such as Comcast, AT&T, and Verizon lobbied heavily against the Title II decision and could sue to overturn the rules. But Wheeler believes Title II puts the FCC on stronger legal ground. The FCC previously passed net neutrality rules in 2010, relying on some of its weaker authority, but the rules were largely overturned after a Verizon lawsuit.

By winning that case, Verizon inadvertently opened itself and all other Internet providers up to even stricter rules. The new rules go beyond the net neutrality rules passed in 2010. And this time around, the FCC is applying the rules equally to fixed and mobile broadband, whereas its 2010 rules went easier on Verizon's wireless subsidiary and other cellular companies.

The core net neutrality provisions are bans on blocking and throttling traffic, a ban on paid prioritization, and a requirement to disclose network management practices. Broadband providers will not be allowed to block or degrade access to legal content, applications, services, and non-harmful devices or favor some traffic over others in exchange for payment. There are exceptions for "reasonable network management" and certain data services that don't use the "public Internet." Those include heart monitoring services and the Voice over Internet Protocol services offered by home Internet providers.

The reasonable network management exception applies to blocking and throttling but not paid prioritization.

There are additional Title II requirements that go beyond previous net neutrality rules. There are provisions to investigate consumer complaints, privacy rules, and protections for people with disabilities. Content providers and network operators who connect to ISPs' networks can complain to the FCC about "unjust and unreasonable" interconnection rates and practices. There are also rules guaranteeing ISPs access to poles and other infrastructure controlled by utilities, potentially making it easier to enter new markets. (Republican commissioner Ajit Pai argued that the new rules will actually make cable companies and new providers like Google Fiber pay higher fees for access to utility poles.)

There is also a "general conduct" standard designed to judge whether future activity not contemplated by the order harms end users or online content providers.

The FCC could have tried to use Title II to require last-mile unbundling, in which Internet providers would have to sell wholesale access to their networks. This would allow new competitors to enter local markets without having to build their own infrastructure. But the FCC decided not to impose unbundling. As such, the vote does little to boost Internet service competition in cities or towns. But it's an attempt to prevent incumbent ISPs from using their market dominance to harm online providers, including those who offer services that compete against the broadband providers' voice and video products.

What’s next: Lawsuits and Congressional intervention

Opponents claim the order will bring new taxes and fees on broadband consumers and onerous procedural requirements for providers. But Wheeler says the order will not authorize any new taxes or fees or impose any "burdensome administrative filing requirements or accounting standards."

Broadband providers claim the rules amount to rate regulation because consumers could bring complaints about their bills to the commission, and the FCC could decide that a particular price is unreasonable. But the FCC would not determine any pricing in advance of specific complaints. Even without Title II, the FCC has authority under Section 706 of the Telecommunications Act to impose price caps on broadband, but it hasn't done so.

“The order retains core authority to prevent unjust and unreasonable practices, protect consumers, and support universal service,” Melissa Kirkel, an FCC attorney advisor, told commissioners. “The order makes clear that broadband providers will not be subject to utility-style regulation. This means no unbundling, tariffs, or other forms of rate regulation, and the order does not require broadband providers to contribute to the Universal Service Fund, nor does it impose, suggest, or authorize any new taxes or fees.”

Today's order could face both legal challenges and action from Congress. Republicans have proposed legislation that would eliminate Title II restrictions for broadband providers and vowed that the FCC vote is just the beginning of the debate.

Although many ISPs publicly oppose the new rules, the industry is by no means united against the FCC. Sprint and T-Mobile US have each said the FCC's proposal would not hurt their business. And while a good number of small broadband providers oppose the imposition of Title II rules, others support Wheeler. The NTCA Rural Broadband Association, which represents rural ISPs, said yesterday that it supports applying Title II to broadband networks.

Sir Tim Berners-Lee, inventor of the World Wide Web, spoke to the commission via video. He credited the openness of the Internet with allowing him to create the Web 25 years ago without having to ask "permission."

Republican Commissioner Michael O'Rielly dissented, accusing Wheeler of bowing to Obama's wishes. O'Rielly's written statement said:

Let me start by issuing apologies. First, I am just sick about what Chairman Wheeler was forced to go through during this process. It was disgraceful to have the Administration overtake the commission’s rulemaking process and dictate an outcome for pure political purposes. It is so disturbing to know that those efforts were about illegitimately pushing a larger political cause mostly unrelated to technology. This administration went so far beyond what has ever been attempted, and its inappropriate interference in the commission’s activities will forever change this institution.

Additionally, I am sorry to the staff members that were forced to prepare a half-baked, illogical, internally inconsistent, and indefensible document. For an institution that prides itself on quality of work and legal and technical expertise, this document is anything but. I guess that an artificial deadline to meet the radical protestors’ demands means that it is more likely that this item gets overturned by the courts because the work and thoughtful analysis needed to actually defend this completely flawed agenda is not included in the text.

Today, a majority of the commission attempts to usurp the authority of Congress by re-writing the Communications Act to suit its own “values” and political ends.


O'Rielly did not recite the first two paragraphs while reading his statement during the meeting.

Some entrepreneurs spoke in front of the commission. Veena Sud, a writer, director, and producer who developed the TV show The Killing, said the show "survived two near deaths" because of the Open Internet. "When AMC canceled us yet again, Netflix took over the show in its entirety and we were able to end the series as it was intended, all because the Internet was opened up to competition and widened the playing field."

FCC Commissioner Jessica Rosenworcel said, "We cannot have a two-tiered Internet with fast lanes that speed the traffic of the privileged and leave the rest of us lagging behind. We cannot have gatekeepers who tell us what we can and cannot do and where we can and cannot go online, and we do not need blocking, throttling, or paid prioritization schemes that undermine the Internet as we know it."

Pai said the FCC is replacing Internet freedom with "government control." The FCC is seizing unilateral authority to regulate Internet conduct and determine what service plans are available to consumers, he said.

"The Internet is not broken. There is no problem for the government to solve," he said.

Pai claimed that an Internet provider could "find itself in the FCC's crosshairs" if it doesn't want to offer unlimited data plans. The FCC's order does not actually ban data caps; instead, the FCC is claiming authority to intervene when companies use data caps to harm competitors or customers.

Pai said the FCC is only deferring a decision on new Universal Service fees for broadband rather than ruling them out entirely. Universal Service fees, which fund telecommunications projects in rural and under-served regions, currently apply to phone bills but not Internet service.

The full net neutrality order has not been published yet. The FCC's majority is required to include the Republicans' dissents in the order and "be responsive to those dissents," Wheeler said. The order will go on the FCC's website after that process. The rules will go into effect 60 days after publication in the Federal Register, with one small exception. Enhancements to the transparency rule must undergo an additional review by the Office of Management and Budget because they make changes to the one part of the 2010 net neutrality order that survived court challenge.
http://arstechnica.com/business/2015...-and-title-ii/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

February 21st, February 14th, February 7th, January 31st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 08:25 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)