P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 02-03-16, 09:09 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - March 5th, '16

Since 2002


































"With all due respect to the F.B.I., they didn’t do what Apple had suggested they do in order to retrieve the data, correct? I mean, when they went to change the password, that kind of screwed things up, did it not?" – Representative Trey Gowdy, R-SC


"It’s important that a judge for the first time recognizes the All Writs Act doesn’t provide the lawful authority the government has been claiming in these cases." – Esha Bhandari, A.C.L.U.


"This week, Google launched what amounts to a religious war in American telecom land." – Susan Crawford






































March 5th, 2016




New P2P Torrent Site ‘Play’ has No Single Point of Failure
Alice MacGregor

Legal complications and the constant blocking of online download platforms has resulted in many operators looking for new solutions for staying online in the future. Now, reports are pointing to Play, a new peer-to-peer (P2P) site for downloading torrents that is practically impossible to shut down and promises to be the latest technology to revolutionise online downloads.

The platform has appeared recently across ZeroNet, a Budapest-based open source site which is looking to offer a home to decentralised platforms which employ Bitcoin-crypto and BitTorrent technologies. Users visiting ZeroNet are not only viewing it, but hosting it also. In this way, once a user joins the network, and requests a page, they will be retrieving it from other ZeroNet users.

As no central server exists, every additional user is a further point of connection inside the network, helping to avoid potential failures. If one of the connections fails, this does not necessarily compromise the entire downloads platform.

As the first torrent site to appear on the network, Play can be accessed directly through a ZeroNet URL (only available with the tool installed). The site serves magnetic links sourced from RARBG, with which users can download films, series and other media files, in varying qualities. A YouTube link is also provided to the related trailer, where possible.

However, as TorrentFreak notes, ZeroNet is not entirely anonymous as user IP addresses remain public, unless Tor or a VPN is in use. While ZeroNet itself is not an illegal platform, Play is identical to any other P2P download site in that it could face legal challenges over violating copyright.

In January 2014, The Pirate Bay discussed its plans to create a P2P network which could help them avoid being taken down or blocked. While ZeroNet has achieved this aim, The Pirate Bay’s idea seems to have fizzled out somewhat. Last year, the company behind file-sharing client uTorrent, BitTorrent, also revealed plans to launch its own people-powered browser, called Maelstrom. The project still remains in beta testing – currently limited to Windows only.
https://thestack.com/world/2016/03/0...nt-of-failure/





Sony Hack Reveals AACS 2.0 Ultra HD Blu-Ray Copy Protection Details
Jan Willem Aldershoff

Internal Sony documents revealed by Wikileaks show that the Blu-ray Disc Association (BDA) is working on a new version of the Blu-ray copy protection Advance Access Content System (AACS) that requires an internet connection on first playback. AACS uses cryptography to control and restrict the use of Blu-ray discs and is the main copy protection of the format.

Version 2.0 of AACS is currently under development and will be part of the Ultra HD Blu-ray standard. A document called AACS 2.0 Draft provides several details about this new copy protection. Ultra HD Blu-ray players will support two AACS 2.0 capabilities, one called basic and one called enhanced. Enhanced AACS 2.0 requires an internet connection during the first playback. The connection is used to retrieve a key that’s later stored on the device.

The documents also show that HDCP 2.2 is required to fully enjoy 4K content . Devices that don’t support HDCP 2.2. will get a downsampled (2K) version of the movie. Ultra HD Blu-ray players will also feature a Trusted Execution Environment where authenticated code can be executed, this appears to be an improved version of BD+.

Many Sony documents also talk about a Digital Bridge device, this device makes it possible to make a Managed Copy. Managed Copy is something that’s part of AACS for some time and should make it possible to create a backup of a movie (also on USB sticks or HDDs) that can be played on other devices (e.g. tablets and smartphones) but that’s still protected by AACS, making sure the movie can’t be copied infinite. The feature will now likely become a mandatory feature on Ultra HD Blu-ray players.

The documents were obtained during the large Sony hack last year. Wikileaks decided to publish the documents stating, “the work publicly known from Sony is to produce entertainment; however, The Sony Archives show that behind the scenes this is an influential corporation, with ties to the White House (there are almost 100 US government email addresses in the archive), with an ability to impact laws and policies, and with connections to the US military-industrial complex.”
http://www.myce.com/news/sony-hack-r...details-75833/





Disney CEO Asks Employees to Chip in to Pay Copyright Lobbyists

Letter boasts of beating Aereo, getting TPP—and wants workers' help in 2016.
Joe Mullin

The Walt Disney Company has a reputation for lobbying hard on copyright issues. The 1998 copyright extension has even been dubbed the “Mickey Mouse Protection Act” by activists like Lawrence Lessig that have worked to reform copyright laws.

This year, the company is turning to its employees to fund some of that battle. Disney CEO Bob Iger has sent a letter to the company’s employees, asking for them to open their hearts—and their wallets—to the company’s political action committee, DisneyPAC.

In the letter, which was provided to Ars by a Disney employee, Iger tells workers about his company's recent intellectual property victories, including stronger IP protections in the Trans-Pacific Partnership, a Supreme Court victory that destroyed Aereo, and continued vigilance about the "state of copyright law in the digital environment." It also mentions that Disney is seeking an opening to lower the corporate tax rate.

"With the support of the US Government we achieved a win in the Supreme Court against Aereo—an Internet service claiming the right to retransmit our broadcast signals without paying copyright or retransmission consent fees," writes Iger. "In the coming year, we expect Congress and the Administration to be active on copyright regime issues, efforts to enact legislation to approve and implement the Trans-Pacific Partnership trade agreement, tax reform, and more proposals to weaken retransmission consent, to name a few."

The source who provided the letter to Ars asked to remain anonymous, and they were bothered by the assumption that anyone who worked for Disney would agree with the company's political positions on tax, trade, intellectual property, and other matters.

"It just seems insensitive to folks that support the company but don't necessarily support all of its priorities," the source said. "Especially for something like TPP, which I view as particularly controversial. We do have a company position, but there's going to be a wide variety of opinion [within the company]."

The letter concludes with a suggested donation to DisneyPAC. Ars is not publishing the suggested amount in case it is personalized to the source's compensation or position at Disney.

"The TPP means that America will write the rules of the road in the 21st century."

"For your convenience, DisneyPAC has implemented a payroll deduction system, through which your contributions to the PAC will be deducted from your weekly paycheck," Iger explains.

The source received the letter via business mail and doesn't know how many other employees received it.

"I don't know how widely this was distributed," the source said. "Was it to rank and file folks in [theme] parks, to people working in a popcorn stand?"

Disney didn't respond to Ars' requests for comment about the fundraising letter.

Not unusual

Although Iger's letter was, in the view of this employee, somewhat tone-deaf, such requests are not illegal or even particularly uncommon. In 2012, Reuters reported on Citigroup's request to its employees to give to Citi PAC, a political entity that "contributes to candidates on both sides of the aisle that support a strong private sector and promote entrepreneurship."

US corporations are allowed to solicit political contributions as long as donations aren't coerced. The relevant law bars any "threat of a detrimental job action, the threat of any other financial reprisal, or the threat of force" when asking for donations.

The Disney letter has language explicitly reassuring employees that their jobs won't be affected by their decision whether or not to give to DisneyPAC.

"Your contribution is important to all of us, but I want to emphasize that all contributions are voluntary and have no impact on your job status, performance review, compensation, or employment," writes Iger. "Any amount given or the decision not to give will not advantage or disadvantage you."

Iger's compensation in the last fiscal year was $45 million (£32 million).

In the 2014 election cycle, the Disney employees' PAC spent about $375,000, according to OpenSecrets.org. During the current cycle with a presidential election on the way, the company will likely spend more. As of last month, the PAC had raised $295,000 and spent $231,000. The contributions are split roughly evenly between Democrats and Republicans, which is the PAC's policy according to the CEO's letter.

According to a MapLight analysis of the data, Disney's PAC contributed a total of $2.2 million in all election cycles since 2002. That doesn't include direct employee contributions to candidates, which adds another $1.5 million over the same period.

DisneyPAC fundraising letter to employees

Here's the verbatim text of most of Iger's letter to employees:

Quote:
As we head into the election year of 2016, the electorate faces significant decisions about the direction of our Nation's future. Besides choosing a new president, we will once again be electing new senators and representatives. These decisions will have a profound impact on the lives of all Americans. The election will also impact issues that affect our company. As such, we will continue to work with our representatives in Congress to ensure that they understand our perspective on critical issues like trade, intellectual property, tax, and travel policies. I write to urge you to consider supporting the Company's efforts through a contribution to DisneyPAC. A well funded DisneyPAC is an important tool in our efforts to maintain our positive profile in Washington.

In the past year, we successfully advocated the Company's position on a number of issues that have a significant impact on our business. We played a major role in ensuring that the "Trade Promotion Authority" legislation set high standards for intellectual property (IP) provisions in our trade negotiations, and we helped get that bill through Congress. We used that language in TPA to advocate successfully for a strong IP chapter in the Trans-Pacific Partnership (TPP) trade negotiations. We also pushed for provisions to promote digital trade and to reduce barriers in media and entertainment sectors. TPP will establish a strong baseline of protection for intellectual property while breaking down trade barriers in the Asia Pacific region. In both TPA and TPP we had to overcome significant efforts to weaken respect for IP, pushed not only by foreign governments but also from within our own Congress and the Administration.

The fight on these issues is far from over. Last year we spent significant time and effort engaged in a series of government reviews of the state of copyright law in the digital environment.

We also continued to defend our right to be compensated for carriage of our programming by cable and satellite carriers as well as by emerging "over-the-top" services. With the support of the US Government we achieved a win in the Supreme Court against Aereo—an Internet service claiming the right to retransmit our broadcast signals without paying copyright or retransmission consent fees. With respect to tax issues, Congress extended certain provisions that provide favorable tax treatment for film and television production in the US. It also extended this treatment to live theatrical productions. Last year we also worked closely with the Administration on important veterans employment issues—an issue of critical importance for the men and women who defend our country and an area in which our company is proud to play a leadership role.

In the coming year, we expect Congress and the Administration to be active on copyright regime issues, efforts to enact legislation to approve and implement the Trans-Pacific Partnership trade agreement, tax reform, and more proposals to weaken retransmission consent, to name a few.

On the trade front, we will also look to build on our achievements in other negotiations this year. 2016 should see significant activity in negotiations between the US and China over a Bilateral Investment Treaty (BIT), continued negotiations with the European Union over the proposed Transatlantic Trade and Investment Partnership agreement, the 50-country Trade in Services Agreement negotiations, and efforts by the US Government to raise IP standards and break down trade barriers through a variety of means.

In 2016, Congress will further discuss various tax reform proposals. While comprehensive reform is unlikely, activity in the coming year will lay the foundation for what many expect to be a genuine opportunity for reform in early 2017. We have been active educating Members of Congress on the importance of lowering the corporate tax rate to be competitive with the rest of the world. The US has one of the highest marginal and effective tax rates among developed countries, creating a significant competitive impediment to companies headquartered in the US.

Congress will continue to be very active on intellectual property issues... After three years of hearings and testimony from 100 witnesses, we now expect the House Judiciary Committee to turn to legislating. We expect significant attention on legislation to modernize the Copyright Office, a small agency that can have an enormous impact on our interests.

And the Copyright Office has launched several proceedings involving possible changes to laws governing the accountability of online services and the laws protecting technologies used to secure distribution of digital content. These discussions obviously have significant implications for a business like ours that is dependent on copyright policy in the face of ongoing change in technology and the marketplace.

We will also need to continue our work to fend off growing and concerted efforts to weaken our ability to freely negotiate the distribution of our broadcast and cable programming. Last year, the FCC teed up several rule makings that could have a significant adverse affect on retransmission consent and how we package and sell our media networks. As the debate becomes much more heated, we will need to remain vigilant.

With all of the challenges we will face this year, it is important that our PAC be strong. We, therefore, respectfully suggest that you consider making a contribution of [REDACTED]. You may give more or less than the suggested amount (although no contribution can exceed $5000 in any year) and any contribution will be appreciated. As always, 100% of your contribution is used in direct support of candidates and political entities that uphold policies and principles that are consistent with the best interests of our company. DisneyPAC contributes equally to Democrats and Republicans each calendar year. For your convenience, DisneyPAC has implemented a payroll deduction system, through which your contributions to the PAC will be deducted from your weekly paycheck. If you prefer, you may instead make a one-time personal contribution to the PAC. Your contribution is important to all of us, but I want to emphasize that all contributions are voluntary and have no impact on your job status, performance review, compensation, or employment. Any amount given or the decision not to give will not advantage or disadvantage you. You have the right to refuse to contribute without reprisal. Your help is truly appreciated.
http://arstechnica.com/tech-policy/2...ght-lobbyists/





YouTube Creates a Team to Minimize Copyright Violations, More Changes in the Coming Months
Abner Li

In the past weeks, several large YouTubers have been hit with apparent copyright violations that have led to video removals and loss of revenue. In response, YouTube has announced they are working on new initiatives to improve communications, starting with a dedicated team to minimize mistakes.

The post on Google’s support forum detailing the recent events and upcoming changes is by a member of the YouTube Policy team. It was tweeted earlier this afternoon by YouTube CEO Susan Wojcicki and mentioned channels recently affected by copyright claims.

Quote:
Hi, I’m Spencer,

I’ve been a member of the YouTube Policy team since 2008 and throughout that time, I’ve seen how your input has helped YouTube get better. For example, when I started on YouTube Policy, we didn’t have an appeals process for video removals. Through user feedback, we realized that we needed to establish a channel for users to alert us to our mistakes. We eventually launched an appeals form for age-restrictions, and just recently launched an appeals form for videos rejected due to policy violations. YouTube isn’t perfect, but thanks to your feedback, we are able to learn quickly and get better.

Recently, there’s been a lot of discussion about the enforcement of our policies, from video takedowns to channel demonetization. We want you to know that we monitor video takedowns very closely, and while we haven’t seen a big change in the overall rate of removals, it’s true that we do make mistakes. For this, we’re sorry and we strive to do better by you, our community.

The good news is that the feedback you’ve raised in comments and videos on YouTube and beyond is having an impact. It’s caused us to look closely at our policies and helped us identify areas where we can get better. It’s led us to create a team dedicated to minimizing mistakes and improving the quality of our actions. And it’s encouraged us to roll out some initiatives in the coming months that will help strengthen communications between creators and YouTube support. We’ll also make improvements to increase transparency into the status of monetization claims. And of course, as we work to implement these improvements as quickly as we can, we’ll continue to take your feedback seriously.

— Spencer from YouTube’s Policy Team
The largest and most immediate change is the creation of a human team to minimize mistakes and improve the quality of actions taken. YouTube is also planning to “roll out some initiatives in the coming months that will help strengthen communications between creators and YouTube support.” Specifically, they will increase the transparency into the status of monetization claims.

YouTube claims there hasn’t been a big change in the overall rate of video removals and that the automated system meant to deal with violation claims and the appeals process is at fault. Implemented in the early days of the video site, it has not adapted to the ever growing user base and increasing amount of people who have come to rely on YouTube to make a living.

YouTube is working as quickly as they can to implement the improvements and hopefully they will improve the situation for many of the site’s creators.

Thank you @YouTube community for all the feedback. We're listening: https://t.co/xLFmojjegI @GradeAUnderA @ChannelAwesome @IHE_OFFICIAL

— Susan Wojcicki (@SusanWojcicki) February 26, 2016

http://9to5google.com/2016/02/26/you...am-violations/





Government to Bring Forward Law to Close BBC 'iPlayer Loophole'

Culture secretary also asks if BBC shows such as Strictly Come Dancing are ‘distinctive’ enough and launches initiative against online adblocking
Jane Martinson

The government is to rush through legislation to close the “iPlayer loophole”, which allows people to watch BBC shows on catchup services without having a TV licence.

In a speech on Wednesday, culture secretary John Whittingdale also asked whether popular BBC1 programmes such as Strictly Come Dancing were “distinctive” enough and launched a new initiative on the devastating impact of adblockers on the newspaper industry.

After the speech at the Oxford Media Convention, Whittingdale said closing the loophole could not wait for legislation was passed to renew the BBC’s royal charter by the end of the year. Instead, it would be done “as soon as practicable” through secondary legislation that could be put before parliament as early as this summer.

Report urges end to 94 years of BBC self-regulation

“The BBC works on the basis that all who watch it pay for it. Giving a free ride to those who enjoy Sherlock or Bake Off an hour, a day or a week after they are broadcast was never intended and is wrong,” he told the Oxford Media Convention.

The offer to close the loophole, which already costs the BBC some £150m a year – a figure that is likely to increase – was made during negotiations with the BBC last summer that also saw the corporation agree to shoulder the £750m burden of free licence fees for the over-75s.

The white paper outlining the government’s views on charter renewal is due to be published this spring, but Whittingdale made little reference to its timing on Wednesday.

He also indicated that the white paper would welcome any attempts to make BBC programming more distinctive.

“On distinctiveness, there is no doubt that at its best the BBC makes programmes which no one else would do,” he said, citing programmes such as BBC1’s The Night Manager and the forthcoming new Ben Elton comedy about Shakespeare: Upstart Crow.

“But I also agree with the director general’s aim “to create a BBC that is more distinctive than ever – and clearly distinguishable from the market”.

Having previously been criticised for questioning whether the BBC should be showing The Voice or Strictly Come Dancing, Whittingdale said it was up to the BBC and future regulators to decide which programmes were distinctive enough.

Speaking afterwards he said: “Whether or not Strictly or Bake Off or other programmes are too removed or absolutely distinctive, that is for the judgment of whoever will have the task of assessing BBC programming.”

His remarks follow a report on the market impact of the BBC produced by Oliver & Ohlbaum and commissioned by the Department for Culture, Media & Sport that suggested entertainment shows were costing commercial rivals some £115m a year in revenues.

Whittingdale kept Channel 4 in limbo but indicated that any plans to sell off the state-owned commercially funded broadcaster would need to continue its public service remit, telling the audience: “We are looking at the future of C4 particularly with a view to ensuring that its remit continues.”

Responding to Whittingdale’s speech, the shadow secretary of state for culture, media and sport, Maria Eagle, said: “The secretary of state seems more concerned about helping the BBC’s commercial rivals than in helping the corporation satisfy its audiences and meet its public service obligations.”

She added: “What the culture secretary has called for today jars completely with what the British public want from the BBC. He must stop lecturing the BBC about what content it should and should not be producing.

“The results of consultation on the future of the BBC have again shown how highly the public value the corporation’s distinctive programming, and that they want to see it remain funded by the licence fee and independent of government.

“So the culture secretary must stop acting simply as a cheerleader for the BBC’s commercial rivals and start standing up for audiences who want to see the BBC continue to produce high-quality content.”
http://www.theguardian.com/media/201...ole-adblocking





The Kafkaesque Battle of Soulseek and PayPal, and Why Free Speech Defenders Should be Worried About Payment Networks
Rainey Reitman

Does your business follow copyright law to the best of its ability? Not good enough. At least that was the case for one long-standing peer-to-peer network, which had its payment processing shut down after more than 14 years of being a loyal PayPal customer.

Soulseek, a peer-to-peer file-sharing network, faced a Kafkaesque battle with PayPal. When its donors were cut off from making payments to Soulseek, the network struggled to figure out what it had done wrong—or even get a response from PayPal to its questions. Thankfully, Soulseek reached out to EFF. We got in touch with Paypal and helped convince them to reinstate the network.

PayPal did the right thing by restoring Soulseek’s account, and we commend them for that. But we’re also concerned: it’s not scalable for EFF to intervene whenever a law-abiding website is shut off from a payment provider (as we have done with an online bookseller and a short story archive). In addition, we think of Soulseek’s situation as indicative of a larger trend of Web censorship, as websites that haven’t violated any laws are choked of funds—a situation that was disastrous for WikiLeaks and is currently tightening a noose around the electronic neck of Backpage.com.

Soulseek describes itself as “an ad-free, spyware free, just plain free file sharing network for Windows, Mac and Linux.” The passion project of a husband and wife team, Soulseek itself doesn’t host files for users. Instead, users can join the network, connect with one another, and share files directly.

The platform is donation-driven. Without ads or fees, the service relies on the good will of the community to contribute back to keeping Soulseek going. While hardly profitable, this has been enough to keep the servers running and the software updated for many years.

And that was all fine, until the summer of 2015.

Not Granting Pre-approval at This Time

Instead, Roz Arbel, who runs the site with her husband Nir, heard from users who were unable to send in donations using MasterCard. I spoke with Roz in November and she briefed me on what happened. Roz called PayPal, and spoke to a general support agent. Through that agent, Roz learned that PayPal had sent Soulseek a questionnaire because, as Roz reported hearing from the PayPal representative, MasterCard was coming down on PayPal regarding filesharing networks.

Roz hadn’t seen any questionnaire from PayPal, so they sent a new one over. Roz was assured that service would be reinstated within 48 hours after the questionnaire was completed and returned.

Roz and Nir answered the questions promptly (see below for a list of the questions) and sent the questionnaire back. Most of the questions related to copyright infringement and whether the site was taking the necessary precautions to stay on the right side of the law. Soulseek has existed for as long as it has in large part because it has complied with the Digital Millennium Copyright Act’s safe harbor provisions. For example, Soulseek has a DMCA agent and a policy of blocking user accounts that get repeated copyright infringement notifications.

A week went by with no word from PayPal. It was now October, and Soulseek had been limping along without donations from MasterCard users. Roz again contacted PayPal. This time she heard from a representative of the company that the questionnaire had been received, but nobody inside PayPal had looked at it. Roz was assured that it would be escalated and dealt with immediately.

Within an hour, Soulseek received an email from PayPal stating that the account was being permanently limited. Funds could be withdrawn, but Soulseek would not be able to receive donations through PayPal. No reasons were provided for this decision. There wasn’t even a phone number.

As Roz and Nir Arbel explained in a blog post,

We have asked repeatedly for an explanation of this behavior, but we have been stonewalled at every turn, and have received only form emails telling us that we needed to be “pre-approved” for an account. When we asked what we need to do to be pre-approved, they emailed back and said that they are “not granting pre-approval at this time.”

After this, Roz reached out to EFF. We were able to connect with PayPal and discuss our concerns about the situation. We were happy that PayPal was willing to reverse its decision.

A Little Bit of SOPA

Payment networks blacklisting those accused of copyright infringement without due process is not a new idea. In fact, we saw something remarkably similar in SOPA, the notorious Internet blacklist bill introduced in 2011:

[A] payment network provider shall take technically feasible and reasonable measures, as expeditiously as possible, but in any case within 5 days after delivery of a notification under paragraph (4), that are designed to prevent, prohibit, or suspend its service from completing payment transactions involving customers located within the United States and the Internet site, or portion thereof, that is specified in the notification under paragraph (4). (text)

One of the most troublesome aspects of SOPA was that it did not require a neutral magistrate to consider the merits of a case and then rule on whether a site was actually engaged in copyright infringement. Instead, SOPA empowered payment providers to start shutting down websites as soon as they received written notification from a copyright holder.

This was a bogus idea in 2011, and was defeated in the single most powerful Internet protest to date. So Congress knows that the Internet community won’t stomach this type of censorship, and hasn’t dared to move a similar bill since.

Instead we’re seeing this sort of thing: quiet pressure from content holders aimed at putting pieces of SOPA into place without actually passing a bill.

These kinds of actions come with real costs. As Roz said in a phone interview, “It’s drastically reduced the number of donations we receive. It’s free for our users but it’s not free for us…we’re not doing anything wrong. We’re totally above board, and we’ve always tried to be.”

Free Speech On the Line

While the First Amendment imposes strict limitations on how the government can squelch online speech, corporations have more leeway. The argument, of course, is that consumers have choices about the companies they patronize, and companies also have certain First Amendment rights to choose what sorts of customers they want to allow.

When it comes to payment providers, that’s not exactly true.

Payment platforms are currently extremely centralized, creating what in practice is a duopoly. MasterCard and Visa are behemoth payment service providers, able to dictate through their internal policies what types of speech will and won’t be acceptable online. Other payment providers, including smaller entities like PayPal, Stripe, and many of the Bitcoin payment service providers, are bound by their agreements to Visa and MasterCard.

Until another payment alternative gains widespread popularity in processing online payments, websites are beholden to the terms set up by MasterCard and Visa. So the idea of consumer choice is entirely false.

Threats to free expression online can come in many forms, but shutting down or limiting a law-abiding website is censorship. While the situation with Soulseek turned out well in the end, we’re concerned about the many websites we haven’t heard from that may be facing similar problems. It’s time for the payment providers to start erring on the side of supporting legal speech and let courts—not arbitrary corporate policies—decide what content should be censored.


Questionnaire from PayPal (provided by Roz Arbel)

1. Business Overview. Please provide a general overview of your business, identifying all related website URLs or apps, describing the services you offer and how revenue is earned, and indicating how you use or would like to use PayPal’s services. (The terms “you” and “your” refer to your business in the remainder of this questionnaire.)
2. Typical Usage. Please describe the kinds of files that are most often stored or transferred using your services (indicating, for example, typical file types, sizes, content and/or other relevant attributes) and, to the extent of your knowledge, the typical purposes that your customers have for using your services.
3. Incentives for Uploaders. Do you offer rewards, cash payments or other incentives to some or all users who upload files? If so, please describe your related practices, including the criteria used to determine the nature and amount of incentives that users are entitled to receive.
4. Membership Tiers and Benefits. Please describe any membership tiers, subscription plans or service levels that you offer (e.g., “free,” “premium,” etc.), indicating for each any payments required and the main benefits users receive. Are paying users entitled to enhanced benefits related to downloading or otherwise accessing files uploaded by other users, such as faster access speeds, higher allowances for total amount of data accessed, or the reduction/elimination of wait times, captchas or advertising? If so, please describe the related terms.
5. Forum Codes. Do you offer “forum codes,” “URL codes,” “HTML codes” or other features that facilitate the incorporation of links to uploaded files on third-party websites? If so, please describe such features.
6. Link Checker. Do you offer users a link checker or other functionality that helps users determine whether links to uploaded files have been disabled. If so, please describe such functionality.
7. File Deletion. Please describe any practices you employ related to the expiration, purging or other automated deletion of uploaded files. Is the timing of a file’s deletion influenced by the frequency with which it is downloaded or otherwise accessed? If so, please explain.
8. Information Collection. Do you collect information about the uploaders of files? If so, please describe your related practices, including whether you collect any of the following: name, postal address, email address and IP address.
9. Repeat Infringement. Please describe any practices you employ to prevent users of your system from uploading copyright infringing files on multiple occasions. Please include information about any technological methods you use to identify repeat infringers, such as methods involving the IP addresses of computers used to upload files. If a policy or other information related to repeat infringement is available on your website, please provide a link.
10. Copyright Infringement Reports. Please describe your practices related to soliciting, receiving and responding to reports from third parties about copyright-infringing files accessible through your service. If a policy, reporting instructions or other information related to such practices (e.g., a DMCA policy) is available on your website, please provide a link.
11. Illegal File Reports. Please describe your practices related to soliciting, receiving and responding to reports from third parties about illegal files accessible through your service (other than reports of copyright infringement covered by Item 10 above). If a policy, reporting instructions or other information related to such practices is available on your website, please provide a link.
12. Monitoring. Do you employ any practices involving the monitoring of uploaded files to identify and remove copyright infringing files or other illegal files? If so, please describe those practices, including any manual review or automated scanning of files performed by your staff or by any third-party firms. Please indicate the names and website URLs of any such third-party firms.
13. Law Enforcement Cooperation. Please describe your practices with respect to responding to requests or orders from law enforcement, courts or other government bodies, such as information requests, discovery orders, search warrants and subpoenas.
14. Child Exploitation. Please describe any actions you take if you become aware that a file uploaded to your system involves child exploitation or any sexually-oriented depiction of a minor.
15. Other Controls. If you employ any processes or controls not otherwise covered in your responses to this questionnaire that are aimed at preventing or otherwise addressing any actual or potential use of your system for the storage or transfer of illegal files or for other illegal activities, please describe them.
16. Point of Contact. Please identify and provide contact information (including phone number and email address) for a person who will serve as PayPal’s point of contact with respect to our review of your business and any future inquiries or concerns we may have.

https://www.eff.org/deeplinks/2016/0...ders-should-be





Tor Project Says Google, CloudFlare and Others are Involved in Dark Web Surveillance and Disruption
Mark Wilson

With privacy concerns and the threat of surveillance from the likes of the NSA, more and more people are turning to the dark web and Tor. The anonymous, encrypted network has become a haven for not just illegal activity, but also for those who simply don’t want what they do online to be tracked and traced.

But now the Tor Project has voiced concerns that CDN and DDoS protection service CloudFlare is monitoring Tor traffic by introducing CAPTCHAs and cookies. CloudFlare is not alone: similar accusations are levelled at Google and Yahoo which are described as 'larger surveillance companies'. Concerns about interference with Tor traffic have been raised by project administrators in a ticket entitled "Issues with corporate censorship and mass surveillance".

Following instances of malicious traffic originating from the Tor network, CloudFlare introduced CAPTCHAs to ensure that visits to certain sites were being instigated by humans. This has not only proved irritating, but also unreliable. CAPTCHAs have been found to frequently fail, and appear multiple times. But more concerning that it opens up the potential for users to be "tagged, tracked and potentially deanonymized".

In a post on the Tor Project website, user ioerror says:

There are companies - such as CloudFlare - which are effectively now Global Active Adversaries. Using CF as an example - they do not appear open to working together in open dialog, they actively make it nearly impossible to browse to certain websites, they collude with larger surveillance companies (like Google), their CAPTCHAs are awful, they block members of our community on social media rather than engaging with them and frankly, they run untrusted code in millions of browsers on the web for questionable security gains.

It would be great if they allowed GET requests - for example - such requests should not and generally do not modify server side content. They do not do this - this breaks the web in so many ways, it is incredible. Using wget with Tor on a website hosted by CF is... a disaster. Using Tor Browser with it - much the same. These requests should be idempotent according to spec, I believe.

I would like to find a solution with Cloudflare - but I'm unclear that the correct answer is to create a single cookie that is shared across all sessions - this effectively links all browsing for the web. When tied with Google, it seems like a basic analytics problem to enumerate users and most sites visited in a given session.


There are concerns about CloudFlare's apparent lack of transparency, although an employee for the company did get involved in the discussion. ioerror continues:

One way - I think - would be to create a warning page upon detection of a CF edge or captcha challenge. This could be similar to an SSL/TLS warning dialog - with an option for users to bypass, engage with their systems or an option to *contact them* or the *site's owners* or to hit a cached version, read only version of the website that is on archive.org, archive.is or other caching systems. That would ensure that *millions* of users would be able to engage with informed consent before they're tagged, tracked and potentially deanonymized. TBB can protect against some of this - of course - but when all your edge nodes are run by one organization that can see plaintext, ip addresses, identifiers and so on - the protection is reduced. It is an open research question how badly it is reduced but intuitively, I think there is a reduction in anonymity.

It would be great to find a solution that allows TBB users to use the web without changes on our end - where they can solve one captcha, if required - perhaps not even prompting for GET requests, for example. Though in any case - I think we have to consider that there is a giant amount of data at CF - and we should ensure that it does not harm end users. I believe CF would share this goal if we explain that we're all interested in protecting users - both those hosting and those using the websites.


There are no denials that the Tor network -- thanks largely to the anonymity it offers -- is used as a platform for launching attacks, hence the need for tools such as CloudFlare. As well as the privacy concerns associated with CloudFlare's traffic interception, Tor fans and administrators are also disappointed that this fact is being used as a reason for introducing measures that affect all users.

Ideas are currently being bounced around about how best to deal with what is happening, and one of the simpler suggestions that has been put forward is adding a warning that reads "Warning this site is under surveillance by CloudFlare" to sites that could compromise privacy.
http://betanews.com/2016/02/27/tor-d...-surveillance/





Net Neutrality Is in More Danger Than Ever
Klint Finley

It’s been a year since the Federal Communications Commission adopted the Open Internet Order, theoretically ushering in the age of net neutrality. Under the order, Internet service providers are banned from discriminating against certain types of traffic or charging deep-pocketed Internet companies to have their content funneled through so-called “fast lanes.” Net neutrality advocates hailed the FCC’s decision as a victory for equal access and free speech, an Internet where money can’t buy privileged placement on the network.

But the battle is far from over. In fact, the FCC’s decision has catalyzed the forces that oppose government-enforced net neutrality. Regulators may be pushing for a more open Internet, but its prospects are in greater danger than ever.

The FCC's decision has catalyzed the forces that oppose government-enforced net neutrality.

Those threats are coming from multiple directions. Last month, presidential candidates Ted Cruz and Marco Rubio, along with six other senators, proposed a bill that would overturn the FCC decision. The legislation, dubbed “The Restoring Internet Freedom Act,” would not only nullify the FCC’s net neutrality rules but prohibit the agency from passing similar rules in the future.

The bill is just the latest way that congressional Republicans have sought to undermine the FCC’s decision, and it’s far from the only threat to the regulations. From telecom industry lawsuits to free data for certain companies’ content, net neutrality as both a legal mandate and a political ideal is under siege.

The Legal Threat

The most immediate threat to the Open Internet Order is a lawsuit filed on behalf of the telecommunications industry by the US Telecom Association challenging the FCC’s authority to enforce net neutrality regulations. The case is now being deliberated by the US Court of Appeals’ District of Columbia Circuit.

A previous version of the Open Internet Order was struck down in 2014 because broadband providers weren’t classified as so-called common carriers—the equivalent of telephone companies, but the FCC reclassified internet providers as common carriers last year before passing the current net neutrality order. The telco industry argues this reclassifying is a overreach on the part of the FCC. “The order represents an unprecedented transfer of regulatory power to the FCC without a clear warrant from Congress,” the association said in a blog post last year. The association charged that in seeking to extend its regulatory reach to every Internet-connected device, “the FCC has asserted authority to regulate a massive portion of the entire US economy,” an argument echoed by net neutrality’s congressional opponents.

Net neutrality is looking more and more like an issue headed for the Supreme Court.

Both sides are now trying to guess at the intentions of the three appeals court judges hearing the case. Net neutrality supporters are optimistic that Judge Sri Srinivasan will side with the FCC. But Srinivasan, who worked for the Office of the Solicitor General during President George W. Bush’s administration and was nominated to the federal court by President Barack Obama in 2012, isn’t on record expressing any opinions one way or the other on technology and telecommunications law. Srinivasan is seen by many as the president’s most likely nominee for late Judge Antonin Scalia’s open Supreme Court seat, which could inject a heavy dose of politics into any net neutrality decision. Judge Stephen F. Williams, meanwhile, is generally seen as skeptical of regulation and asked the FCC tough questions during the hearing on the suit.

The decision could come down to Judge David S. Tatel, the judge who ruled against the FCC’s net neutrality rules in 2014. That could be seen on one hand as a reluctance on his part to approve the FCC’s actions. On the other, the FCC has now reclassified broadband providers, which alleviates his original concern.

If the court rules against the FCC, the Open Internet Act is toast. But if it rules in the FCC’s favor, the telcos can still appeal to the Supreme Court.

Network Loopholes

Even if the regulations remain entirely intact, Internet providers are already finding loopholes in the Open Internet Order that could undermine the core ideas of net neutrality. Many Internet providers have a set limit as to how much data you can use in a month. After you reach that limit, your connection might be throttled to a lower speed, or you might have to pay overage charges. But now several providers are exempting certain apps or websites from those data limits, a practice called “zero rating.”

Zero rating effectively makes it more expensive for subscribers to watch certain streaming video services or use certain photo sharing apps than others. Instead of a fast lane, it’s effectively a toll road for the Internet. That’s a huge problem for net neutrality, because it allows Internet providers to broker which sites and apps get this preferential treatment. But it’s not explicitly banned by the Open Internet Order.

'People are feeling screwed by their cable companies and their broadband companies and they're not happy.'

Verizon and AT&T have both launched sponsored data services that allow companies to subsidize their users’ data usage. Verizon also allows its customers to view its own streaming video service, Go90, without having it count against their data caps. Comcast, likewise, offers a video service called Stream TV that doesn’t count towards the new data limits the company has rolled out in select areas.

But the most famous zero-rating service—or infamous, depending who you ask—is T-Mobile’s Binge On offering, which downgrades speeds for all video connections but allows customers to stream video from select providers without having that video count against their data limits. Binge On differs from Comcast and Verizon in that it doesn’t have its own streaming video service that it exempts. Instead, it exempts specific third-party providers, like Netflix and Hulu.

Unlike AT&T and Verizon, T-Mobile doesn’t charge companies to allow users access to zero-rated data. But that hasn’t exempted it from controversy. Stanford University law professor Barbara van Schewick argues in a paper published in January that this practice still violates the idea of net neutrality by prioritizing entertainment over education (since videos hosted on, say, Netflix are exempted, but those hosted on university websites are not), and by creating hoops for smaller independent providers to jump through in order to be exempted. Some providers, especially those outside the US, might not even know they need to apply to T-Mobile to be included in Binge On. Van Schewick concludes that although zero rating itself isn’t banned by the Open Internet Order, T-Mobile violates the FCC’s general conduct rules and is therefore illegal.

The FCC doesn’t necessarily see it that way. Although the Open Internet Act reserved the right to ban zero rating on a case-by-case basis, as opposed to a blanket ban on the practice, the agency has yet to take any action.

Telecommunications industry analyst Jan Dawson thinks fears over threats to net neutrality are overblown. “I’d argue that there were no large-scale threats to net neutrality when the order was passed, and there still aren’t now,” he says.

He agrees that Verizon’s zero-rated Go90 likely violates the spirit of net neutrality but argues that it’s such a marginal service that it’s unlikely to actually affect the online video market. Binge On, meanwhile, is more popular, but he says it’s less problematic since it’s open to any video provider and T-Mobile doesn’t charge to take part. In other words, we might not need strong regulatory protections to keep the Internet open.

But such faith has sometimes proven unfounded. In 2008, for example, Comcast was caught throttling Internet connections that used peer-to-peer file sharing networks, a practice the company initially denied but eventually admitted and later halted as the result of an earlier FCC net neutrality order.

Politicizing the Network

Ted Cruz famously called net neutrality “Obamacare for the Internet” in 2014. Donald Trump has claimed that net neutrality will somehow “target conservative media” (even though the Open Internet Act gives the FCC no power to interfere with conservative websites, or websites of any other political bent).

And this political campaign against net neutrality is working. In November 2014, 85 percent of self-identified Republicans opposed Internet fast lanes, according to a survey conducted by the University of Delaware. By November 2015, that number had dropped to 63 percent, and a solid majority of Republicans opposed using government regulations to prevent fast lanes.

Still, there’s reason to think that the public will still favor net neutrality regulations in the end. Harold Feld of the pro-net neutrality organization Public Knowledge points out that people still don’t like the broadband industry. “People are feeling screwed by their cable companies and their broadband companies and they’re not happy,” he says.

At the same time, Feld points out that while Comcast is very unpopular as a brand, T-Mobile’s zero rated offerings have proved good for the company’s name. Telling consumers that Comcast can’t charge them extra because they watched too much high-def Netflix probably won’t be controversial. But telling customers that they can’t have free Netflix on T-Mobile could backfire, fueling the Republican case against net neutrality.

That might be part of why the FCC is proceeding with caution. It’s an election year, and anything the agency does to stir up controversy could affect the outcome. If the Republicans take back the White House in November and appoint a new FCC chairman next year, all the existing regulations and legislation will likely be moot. That will be true every election year, at least as long as net neutrality remains a highly polarizing issue. The price of net neutrality will be eternal vigilance.
http://www.wired.com/2016/03/despite...y-danger-ever/





Comcast Accused of Violating NBC Merger Commitment and Net Neutrality Rule

Comcast says its Stream TV isn't an Internet service; consumer group disagrees.
Jon Brodkin

Consumer advocacy group Public Knowledge has asked regulators to stop Comcast from exempting its own streaming video service from Internet data caps, saying that selective enforcement of caps violates a merger condition from when Comcast purchased NBCUniversal and may violate a net neutrality rule.

Public Knowledge filed its petition with the Federal Communications Commission yesterday. It relates to "Stream TV," a service for Comcast's Internet-only customers that streams live TV channels to computers, tablets, and phones. Stream TV doesn't require a set-top box, but Comcast says it "is an in-home cable service delivered over Comcast's cable system, not over the Internet." Stream TV offers some video outside the home, but live TV channels can only be watched on Comcast customers' home Internet connections.

Public Knowledge points out that when Comcast won government approval to buy NBCUniversal in 2011, the FCC and Department of Justice "prohibited Comcast from excluding its own services from data caps or metering and required it to count traffic from competing online video services the same as its own." Public Knowledge also says the data cap exemption for Stream TV should be stopped by the FCC's net neutrality order; though the net neutrality rules don't specifically ban zero-rating, the FCC imposed a "general conduct" rule to be applied on a case-by-case basis. That rule is meant to stop practices that limit consumers' access to content or the ability of online service providers to reach consumers.

Comcast argues that Stream TV's data cap exemption doesn't violate the merger condition or net neutrality because it is a cable service and not an Internet one. Public Knowledge is trying to convince the FCC that Comcast is wrong.

The merger condition's exact phrasing was that Comcast "shall not measure, count, or otherwise treat Defendant’s affiliated network traffic differently from unaffiliated network traffic."

"Stream TV is 'network traffic' for the purpose of this [merger] restriction, no different than traffic from video services like Youtube and Netflix," Public Knowledge's petition said. "Customers access Stream TV via their broadband Internet access subscriptions. It is not available on a standalone basis without a broadband connection, as MVPD [multichannel video programming distributor] services such as cable TV are. Stream TV data travels over the same path as other broadband data, from Comcast’s network, and through the cable modem in customers’ homes. Additionally, viewers watch Stream TV on the same devices (such as personal computers and mobile devices) they use to watch other online video services."

Public Knowledge further argued that "Comcast appears to believe that it need do nothing more than physically locate the servers which offer a given broadband service on its own property for that service to be categorically immune from various consumer protection policies."

Comcast: “Public Knowledge doesn't have the facts straight”

Comcast, which has instituted 300GB monthly data caps and overage charges in parts of its territory, won't be backing down. The company provided Ars a statement, saying that "Public Knowledge doesn’t have the facts straight."

"Our Stream TV cable package does not go over the Internet, so it can’t possibly violate a condition which only applies to Internet content... Stream TV is delivered as a cable service on the same private, managed network that delivers all our other cable television services in the home and is subject to all the regulations that apply to our other cable TV services such as franchise fees, PEG requirements, closed-captioning, and emergency alerts. Those regulations don’t apply to content that goes over the Internet, just another demonstration how different Stream TV is than Internet delivered services."

Comcast also said the FCC declined to take any action on a similar complaint Public Knowledge filed a few years ago about Comcast zero-rating an Xbox streaming application.

FCC staff will review Public Knowledge's petition and decide how to proceed, but an FCC spokesperson declined to comment on the merits of the petition. The consumer group asked the FCC to require that Comcast either "eliminate its data caps to the extent they discourage the consumption of online video" or count Stream TV against data caps and take any enforcement action necessary to deter future, similar arrangements.

The Comcast/NBCUniversal merger conditions had a time limit and expire in 2018. The net neutrality rules that apply to the whole broadband are permanent (unless they're overturned in court), but it's not clear how strong a stance the FCC is ready to take against zero-rating. The FCC is examining zero-rating implementations from Comcast, AT&T, and T-Mobile, but it hasn't said whether it will put a stop to any of them.

The FCC's net neutrality order only vaguely outlines circumstances in which zero-rating or other practices might violate its so-called "general conduct rule." ISP practices that give end users control over how they access the Internet "and empower meaningful consumer choice" are not likely to violate the rule, the order says. Practices that have anti-comeptitive effects or discourage innovation or investment in online services would be more likely to be deemed violations.

Public Knowledge argues that these factors should weigh heavily against Comcast.

"By employing data caps and selectively zero-rating its own services, Comcast is reducing the likelihood that increased subscriber demand for unaffiliated online services will drive broadband investment," the group wrote. "It is harming innovation in the edge services market, since Stream TV is not competing through the quality of the overall offering or through a novel business model, but through employing billing practices that are not available to unaffiliated services."

A Comcast FAQ indicates that Stream TV may soon be available to people without Comcast Internet service. "If you're not an Xfinity Internet customer, we are working hard to make the required equipment available in 2016," Comcast says.
http://arstechnica.com/business/2016...utrality-rule/





Israeli Startup Bets on 'Smart' Satellite Antennas for Global Web Access
Ari Rabinovitch

ROSH HA'AYIN, Israel Israeli startup Skyfi is looking to outflank Facebook and Google in a race to provide worldwide internet access by developing the first self-correcting antenna that can turn mini-satellites into powerful transmitters covering the globe.

The two technology leaders are working on ways to beam internet access from the sky to remote areas, Google with high-flying balloons and Facebook with a combination of drones and larger, more complex satellites.

But it will take an orbiting cluster of 60 miniature, or nano, satellites, each about the size of a shoe box, to provide full coverage of earth, said Raz Itzhaki Tamir, a veteran of Israel's aerospace industry who co-founded Skyfi four years ago.

The way he hopes to do it is by using a parachute-like antenna that deploys once in space. The antenna can then mechanically adjust itself for imperfections in the transmitter's surface, allowing a stronger signal to pass, and even alter the direction it points should broadcast needs change over the course of the satellite's life.

That may not sound like much, but those are two major hurdles that have limited satellite operators for years.

While the company says it has a working "proof of concept", the technology has yet to be proven in space, so don't expect a fleet of internet-providing nanosatellites for at least a few years. But the antenna alone could be big business in the meantime.

Thousands of new satellites will be launched into space in the coming decade and many will use technology from Israel, which has built on its military expertise to capture a sizeable chunk of the growing commercial space market, particularly in the field of miniaturization.

Skyfi raised $3 million in a round led by Jerusalem Venture Partners, one of the country's most successful venture capital funds, and says it has signed letters of intent to sell its antennas to global players such as Lockheed Martin and Spacecom.

Spacecom, which is collaborating with Facebook to beam internet services to Africa, said that if the new Skyfi antenna is successful, it would be in huge demand.

"This type of solution will conquer the market, because it addresses some of the most serious and bothersome issues for satellite operators," said David Pollack, Spacecom's chief executive.

For now, Skyfi is perfecting its system by testing a large version of the antenna in a 50-square-meter (yard) echoless chamber that simulates the conditions of space. It plans to launch its first unit in the next 18 months.

"Currently, if an antenna is not perfect, you have to live with it, with the losses," said Tamir. "We can change that and be flexible, thus gaining more revenue from the satellite."

(Editing by David Holmes)
http://uk.reuters.com/article/us-spa...-idUKKCN0W20Y4





ITU Gain Consent for New 40Gbps Ultrafast FTTH Broadband Standard
Mark Jackson

The International Telecommunication Union (ITU) has gained first-stage approval (“consent“) for a new set of international Fibre-to-the-Home (FTTH/P) broadband standards, which can support both 40Gbps speeds (NG-PON2) and symmetrical 10Gbps speeds (XGS-PON).

Strictly speaking ISPs can already offer similar performance over their existing ultrafast fibre optic networks and indeed we’ve recently seen Singtel in Singapore promote a 10Gbps (Gigabits per second) service using their 10GPON (Gigabit Passive Optical Network) platform (here). Back in 2012 BT also demoed 10Gbps using a similar setup (here).

However the new standards go beyond those (see below for details) and it’s always helpful to ensure that everybody is building / using kit that is created to the same specification, which ensures good general compatibility. Both of the new standards were developed by the ITU-T Study Group 15.
10 Gigabit Symmetric Passive Optical Network (XGS-PON / ITU-T G.9807.1)

The previous XG-PON standard only ensured an asymmetric speed of 10Gbps download and 2.5Gbps upload, while a symmetric connection like the new XGS-PON can push 10Gbps in both directions and that’s a very significant improvement.

The new XGS-PON is said to reuse “existing PON standards to the maximum extent possible” and its physical layer follows the XG-PON (ITU-T G.987.2) and 10GE-PON (IEEE 802.3) standards. Meanwhile the design of the XGS-PON protocol layer is based on NG-PON2 (ITU-T G.989.3) and XG-PON (ITU-T G.987.3), and its ONU management and control mechanism is specified in ITU-T G.988.

XGS-PON also operates on the same optical distribution network (ODN) as XG-PON. The typical distance between the optical line terminal (OLT) and an optical network unit (ONU) is 20 km, and one OLT is capable of supporting up to 128 ONUs.

“The XGS-PON wavelength plan provides for co-existence with G-PON, XG-PON and NG-PON2. An XGS-PON system is fully backward compatible with XG-PON ONUs, allowing the operation of both XGS-PON and XG-PON ONUs under a single XGS-PON OLT port,” said the ITU without twisting its tongue in the process.
40 Gigabit Passive Optical Network (NG-PON2 / ITU-T G.989.2 Amendment 1)

The big news today is of course the ITU’s new 40Gbps capable NG-PON2 standard, which mixes together ITU-T G.989.1, G.989.2, G.989.3 and is said to be the “first series of standards” that will provide download speeds beyond the current 10Gbps.

The main enhancements with NG-PON2 are provided by its use of multi-wavelength operation and ONU wavelength tunability in both transmitters and receivers (this reuses some of ITU-T G.988 and its wavelength management follows the guideline in ITU-T G.9802).

Quote:
ITU Statement on NG-PON2

NG-PON2 is based on a multi-wavelength, point-to-multipoint architecture, and its primary solution is time and wavelength division multiplexed PON (TWDM-PON). A typical TWDM-PON consists of four to eight wavelengths in both directions, achieving a maximum rate of up to 80 Gbit/s in each direction. Each wavelength is capable of providing a subscriber with optical access up to a rate of 10 Gbit/s, and the upstream/downstream wavelength is also capable of operating at the lower rate of 2.5 Gbit/s. The typical distance between the optical line terminal (OLT) and an optical network unit (ONU) is 40 km, and one OLT is capable of supporting up to 256 ONUs.
Apparently major operators are already testing this new system with the “intention of deploying these systems in the near future.” Operators implementing NG-PON2 will be able to reuse existing optical distribution networks (ODNs) deployed for previous generations of PONs.

The wavelength plan of NG-PON2 provides for co-existence with G-PON (ITU-T G.984 series); XG-PON1 (ITU-T G.987 series); radiofrequency video overlay (ITU-T J.185; ITU-T J.186); and optical time-domain reflectometer (OTDR).

Other Information

Sadly the United Kingdom probably won’t be seeing 10Gbps FTTH/P broadband networks on a truly big national scale for another decade or two and even then it will take a lot of time and money to deploy, although many of the FTTH/P networks that have been built so far (around 400,000+ premises passed) could in theory be upgraded to support the new standards (not that you need or could even fully use such speeds).

It’s worth noting that the ITU are also investigating the possibility of 25Gbps per wavelength over PON and they’re doing so with the aim of enhancing the capacity to beyond 100Gbps in the future, which would bring FTTH/P services it up to the sort of standard that some core network links already deliver.

Separately there has also been a third development today (ITU-T G.709/Y.1331 – “Interfaces for the Optical Transport Network“), which saw the ITU-T grant first-stage approval of a revision to a key ITU-T standard underlying the Optical Transport Network (OTN) that will enable optical transport at rates that go higher than the current 100Gbps. This is of more use for major core network links rather than domestic FTTH/P.

The new standard extends OTN with a flexible n x 100G frame format (OTUCn), which can be used for line-side interfaces up to 25.6Tbps (Terabits per second) over the next 15-20 years. Yes.. Terabits! Apparently the initial n × 100G FlexO standard (ITU-T G.709.1) will be fully approved by the end of 2016 and standards for n × 200G and n/4 × 400G FlexO will be ready for when next-generation 200G or 400G client optical modules become available.

Suffice to say, there’s a lot of capacity left in them thar fibre optic cables.
http://www.ispreview.co.uk/index.php...-standard.html





You Didn’t Notice It, But Google Fiber Just Began the Golden Age of High Speed Internet Access

Its “dark fiber” project in Huntsville creates a model that might finally thrust US Internet access into the 21st Century
Susan Crawford

This week, Google launched what amounts to a religious war in American telecom land.

In a surprising announcement, the Alphabet company known as Google Fiber said it would expand its high speed Internet access services to Huntsville, Alabama — but in a different way that it currently has started up operations in cities like Austin and Kansas City. In cities it services to date, Google Fiber actually lays down the fiber-optic cables that allow it to deliver super-high numbers of bits to customers and businesses. But in Huntsville, it will lease “dark” fiber that will be built and owned by the electric utility in that city. (Dark fiber is passive, unlit by lasers, so not capable of carrying information until someone comes along and lights it.) The Google lease is nonexclusive — any other ISP can show up and provide services — and will allow Google to provide retail gigabit fiber Internet access services to any home or business that Huntsville decides to serve.

I am over the moon about this. It’s a similarly exhilarating feeling to the one I’d have if I were a rabid football fan and my long-suffering team just won the Super Bowl. And don’t mock my wonkiness — because you should be celebrating too.

The reason this is totally exciting is that this is the model that has been used with enormous success in several other cities — and could be revolutionary here in smashing the current dogma that keeps Americans overcharged and under-served.

Why haven’t we adopted this dark-fiber model? Because high-speed Internet access policy here has to date been full of stories of large incumbent companies taking positions that make no sense. They do it because doing otherwise would violate a deeply-held belief that they think is core to their business survival. Sticking to their story becomes an article of faith — a religious icon — something to hang onto in the face of common sense and, often, facts.

In this case, the crucial religious tenet of the handful of giant high-speed Internet access providers in America (chiefly our enormous local monopoly cable companies) is that consumer-protective competition among them will come from the ability of private actors to build, own, and operate competing wire services to every home and business. Cable will fight it out with telephones! Someday “broadband over powerline” will arrive!

But that’s not how competition actually works in telecommunications — and certainly not how it has worked out in America. As I’ve been saying for years, the phone companies (AT&T and Verizon) have backed off from from wired competition and become mostly wireless companies providing a complementary service, while the cable operators (Comcast and Time Warner Cable, chiefly) have decisively won the market for high-speed wired Internet access — becoming mostly monopoly providers in their footprints. Where consolidation is possible, competition is impossible.

In reality, the way competition actually happens in telecommunications is to have a world-class, basic, fixed-price, passive, wholesale wire to every home and business that can be used by any retail operator to provide services. That’s it. That’s the sensible model. Once you have that in place, competition explodes: the retail sellers know how much the wholesale input costs and can rely on that pricing while they differentiate their services by price, customer service, and quality commitments. Presto: prices charged to consumers begin to approach the marginal cost of the service and service quality climbs.

No one needs more than one world-class wire to a house, just as no one needs more than one water or electricity connection. But everyone needs reasonably-priced, world-class connectivity — and, right now, the “free market” in the US is not providing that service.

But dark fiber can change this. Before Huntsville, we’ve seen only glimmers of it here, in in small towns like Rockport, Maine and Ammon, Idaho. But look overseas for proof that this model can work beautifully. And zero in on the capital of Sweden, Stockholm.

More than 20 years ago, the city of Stockholm decided to treat high-speed Internet access as infrastructure. But the city didn’t want to itself offer services in competition with private providers, and didn’t want the streets to be torn up haphazardly by companies selling competing services. So it set up a holding company that purchased an existing duct network and began deploying dark fiber using loans backed by the city. Stokab, the holding company, started leasing out dark fiber connections, quickly paying back the loans and becoming cash-flow positive.

In Stockholm today, more than 95% of residences — and all businesses — have fiber optic Internet access connections. Connectivity is cheap — $15-$35 per month — and ubiquitous. Stokab charges simple, standardized, and predictable prices for dark fiber leases. Its customers range from real estate developers to mobile phone companies, and include many service providers. Because of Stokab, Stockholm was the first city in the world with four competing LTE mobile networks. Stokab is trusted and professional, and makes tens of millions of dollars a year for the city of Stockholm.

This didn’t happen by magic. It happened because of policy. And it’s been transformative. Broadly, Stockholm is ranked as a highly attractive city for business and is a regional leader in tech jobs — and is home to Skype and Spotify, among many other companies. The city can assume connectivity in providing online municipal services. (I’m visiting next month to see their “smart city” and telemedicine pilots; I’ll report back.)

As great as the dark fiber story has been for Stockholm, the city hasn’t been able to take the fullest advantage of it. Why? Because the culture lacks America’s robust venture capital environment and a (necessarily) slightly messy history of individual innovation. When I was last there, a city leader talked to me about needing more “grit” in Stockholm. Things are too neat, he said. They started a non-stop flight to Silicon Valley to import some grit.

But if Huntsville and other American cities, with their entrepreneurs, scientists, innovators, sources of capital, and history of individual attainment, can take this totally straightforward step of building and leasing dark fiber, anything is possible here. Low prices, ubiquitous connectivity, new forms of making a living, WiFi everywhere…we’ll bring all Americans closer to a thriving life.

Huntsville (“Rocket City”) happened because it has a well-run electrical utility (like Chattanooga) and a forward-thinking mayor. You don’t have to have a utility, though, to build a dark fiber network. All you need is capital, and we have plenty of that in America. All it takes to set up these wholesale networks is attractive financing and an “anchor tenant” retail provider willing to take the first step in providing actual services. (It is crucial that the wholesale facility be owned or controlled by local government, however; you don’t want a private equity company snapping up the wholesale network and gouging retail providers unpredictably.) That’s how Rockport ME built its network. (I’ve made an extensive suggestion here about how to make financing fiber a national policy possibility.) That’s how Connecticut plans to build dark fiber to many towns.

What’s remarkable — and welcome — is that Google and Huntsville are willing to break ranks with the other incumbent ISPs in America — to challenge their constricting religion — and say, implicitly at least, that the economics of this network make sense. The same actor that constructs a wholesale network does not have to be involved in service delivery in order to make money. The same actor that owns a wholesale network does not have to be involved in service delivery either — and will be more trusted, as the Stockholm example shows, if it isn’t. And the same actor that delivers services — here, Google — doesn’t have to build a network from scratch in order to use it.

In New York City, for example, it would probably make economic sense for Verizon, which has been struggling to establish its FiOS network in the city, to turn itself into a wholesale dark fiber provider whose pricing is overseen by the city. Benefits to Verizon: no more servicing of individuals or buying overpriced television programming, so overhead goes way down. A predictable stream of money from leasing that will continue until the sun explodes. Benefits to the city: finally, a fiber connection to every home and business, with reasonably-priced services sold by different, competing providers.

Other American cities and hamlets and towns should similarly look at this wholesale model. Fiber is good for the next 40 to 50 years. It’s essential to manage the flood of data from self-driving cars, virtual reality, gaming, telemedicine, and emergency services that we’re going to generate. Its seemingly limitless transmission capacity can be put to work by youngsters imagining new businesses, families wanting to educate their children, and older people who want to live with dignity at home.

A very interesting element of this story is that Huntsville, AL is Comcast territory. Comcast has announced no plans to build high-capacity services to Huntsville residents. I wonder whether the company would consider being a retail operator by leasing the Huntsville fiber.

I doubt it. That would be against Comcast’s religion. But the rest of us should understand that the Huntsville dark fiber story could be the holy grail for high speed Internet access policy in America.
https://backchannel.com/you-didn-t-n...b85#.iu0dbvpim





Google Fiber TV Subs ‘Astonishingly Low’: Analyst

Ended 2015 with about 53K video customers
Jeff Baumgartner

Google Fiber’s ambitions have drawn both bearish and bullish views from analysts, but new data from the U.S. Copyright Office shows that the initiative is not yet setting the world on fire, at least with respect to the number of video customers who have signed on so far.

Google Fiber ended 2015 with just north of 53,000 video subs, according to a blog post from MoffettNathanson analyst Craig Moffett that pointed to fresh data from the U.S. Copyright Office.

The number's a bit of a mixed bag. In Moffett's view, Google Fiber’s rate of video growth is strong, but should be stronger.

“The number of subscribers to Google's fiber service remains astonishingly low,” Moffett noted. Though the percentage growth rate for Google Fiber is high, he said the surprise is that the growth rate isn’t higher. "After all, there has been a steady stream of new cities announced, and they’ve now been at it for a long time in at least a handful of markets," he wrote.

According to Moffett’s analysis, Google Fiber ended Q4 2015 with 53,390 video subs, up from 12,659 a year earlier. Among individual service areas, it ended the year with about 12,189 video subs in Kansas City, Kan., on a base of 53,925 homes in the city (22.6% penetration), a 16.8% penetration in Kansas City, Mo. (37,338 subs on a base of 221,860 homes in the city); and 8.2% penetration in Provo, Utah (2,718 subs on 33.212 homes). Google Fiber, he found, also has 941 video subs in Austin, Texas.

The addition of fewer than 12,000 subs over a six month span “for a service that has generated this kind of fanfare isn’t terribly impressive,” he said, noting that Google Fiber now represents about 5/100ths of 1% of the U.S. pay TV market. “As a stand-alone entity, Google Fiber would be approximately 1/7th the size of the smallest distribution company in our firm’s coverage, Cable One. They are 1/15th the size of Mediacom, and just over 1/70th the size of the new U.S. Altice (assuming Altice’s deal for Cablevision successfully closes).”

Of course, Google Fiber’s video numbers don’t provide the full picture of its true progress. After all, Google Fiber tends to lead with a standalone 1 Gbps service that costs $70 per month. It also offers a double-play (1 Gig and pay TV), and also offers a free basic Internet service (5 Mbps down by 1 Mbps up) to customers who spring for the $300 construction fee.

Moffett said his findings are not a suggestion that Google isn’t “doing well,” and did note that the numbers don’t factor in broadband.

“[W]e presume that Google has many more broadband subscribers than video ones. Still, this latest data is a useful barometer of just how slowly all this happens, and just how tiny Google Fiber remains in the grand scheme of things," he said.

And he is puzzled at Google Fiber’s apparent lack of progress and low penetration in Provo, where it acquired iProvo, then the area’s municipal fiber service provider, for $1, plus a pledge to complete and expand on the buildout there.

“Over the past six months, they have added exactly 65 subscribers in Provo. Yes, you read that correctly. There are no decimal places missing," Moffett wrote, while later pointing out that Google Fiber represents a large piece of Alphabet’s “other bets.”

Those other bets, which include Google Fiber and moonshot project like self-driving cars, lost $3.56 billion in 2015, alongside revenues of $448 million.

But others who watch Google Fiber closely believe that the initiative is poised to make a serious dent in the market and become a profitable enterprise.

Incumbents, Bernstein Research analyst Carlos Kirjner warned in a recent research note, should not get “too complacent” in the face of Google’s slow and limited progress so far.

In a note issued today, Kirjner noted that Alphabet and Google CFO Ruth Porat made comments at an investor conference this week reiterating that the company is taking a long-term view with Google Fiber, expecting it to morph into a sustainable, stand-alone business.

Google Fiber has also been mixing up its game plan a bit, and has begun to complementing its expanding reach by tapping into existing infrastructure (in San Francisco and Atlanta, for example), or to ride on top of municipally-owned fiber networks (as it’s set to do in Huntsville, Ala.) to accelerate its ability to offer services.

And that’s on top of Google Fiber’s commitments to deploy in Salt Lake City, Utah; Atlanta; Austin and San Antonio, Texas; Nashville, Tenn.; and Charlotte and Raleigh-Durham, N.C. It’s also mulling expansions in Chicago; Portland, Ore.; Los Angeles, San Jose, Irvine and San Diego, Calif.; Phoenix; Oklahoma City; Louisville, Ky.; and Jacksonville and Tampa, Fla.

But that’s still not enough to sway Moffett. “Over the past week, Google has made a number of splashy announcements,” he wrote. “Taken together, they have a rather provisional feel, as if the company is still experimenting. Or perhaps their goal is simply to showcase as many different models as they can think of, creating a menu of choices that they hope more and more municipalities will emulate (ideally without Google’s help).”
http://www.multichannel.com/news/nex...analyst/403032





AT&T Pushing its Own Fiber in Louisville After Blocking Google's
Karl Bode

As we noted last week, AT&T has decided to sue to slow Google Fiber's expansion into Louisville. Specifically, AT&T is upset that Louisville streamlined the pole attachment process in the city, reducing the pole attachment process from the usual six months -- to one. AT&T owns about 40% of the poles in Louisville, and has argued that only the Kentucky Public Service Commission and the Federal Communications Commission have the authority to change pole attachment rules.

But the delay does have an obvious benefit for AT&T: it gives the company some extra time to prepare its own gigabit offering (or lock down un-upgraded DSL customers into long-term contracts). As such, AT&T is now pushing its own gigabit fiber solution in two east-end Louisville neighborhoods, a first for the city:

Quote:
AT&T has notified two Jeffersontown-area subdivisions – Silver Oaks and Landherr Estates – that the company will soon be working in the rights of way, including some digging, to install fiber-optic lines.

Joe Burgan, an AT&T spokesman, confirmed that the homeowners associations of those subdivisions recently got letters from the company, but he was unable to say if there are other neighborhoods getting the service, nor to provide a comprehensive list.
If you've followed AT&T's deployment of its gigabit "Gigapower" service you know that refusing to clarify just how many people can (or will be able to) get the service is kind of the company's MO. That's quite often because in many "launched" gigabit markets we're only talking about a few housing developments. But with Google promising to deploy fiber to entire counties, AT&T's promising that its Louisville build won't just be a few key areas:

Quote:
AT&T’s Harris could not say exactly how broad GigaPower’s coverage will be in Louisville, but it's not just newer subdivisions with underground utilities that will get it, he said.

“I can tell you, the ones (neighborhoods) we’re in now – they’re not the first and they’re not going to be the last,” Harris told WDRB on Thursday. “We’re committed to do a lot of work here to put this product out for consumers."
Granted if AT&T were entirely confident in its own offering, it wouldn't be suing to stop Google Fiber. As for pricing, just the mere threat of Google Fiber forces AT&T's hand, with the company's Gigapower gigabit service starting at $110 in markets where Google Fiber isn't -- and $70 a month where Google Fiber is (or will be). Just remember if you want to opt out of AT&T's deep packet inspection snoopvertising, you may have to pay a $60 per month premium.
https://www.dslreports.com/shownews/...Googles-136439





Chinese ISPs Caught Injecting Ads and Malware into Web Pages
Rakesh Krishnan

China has gained a considerable global attention when it comes to their Internet policies in the past years; whether it's introducing its own search engine dubbed "Baidu," Great Firewall of China, its homebrew China Operating System (COP) and many more.

Along with the developments, China has long been criticized for suspected backdoors in its products: Xiaomi and Star N9500 smartphones are top examples.

Now, Chinese Internet Service Providers (ISPs) have been caught red-handed for injecting Advertisements as well as Malware through their network traffic.

Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic.

Chinese ISPs had set up many proxy servers to pollute the client's network traffic not only with insignificant advertisements but also malware links, in some cases, inside the websites they visit.

If an Internet user tries to access a domain that resides under these Chinese ISPs, the forged packet redirects the user's browser to parse the rogue network routes. As a result, the client's legitimate traffic will be redirected to malicious sites/ads, benefiting the ISPs.

Here's How Malware and Ads are Injected

In the research paper titled 'Website-Targeted False Content Injection by Network Operators,' the Israeli researchers wrote that the tactic has now expanded to core ISPs – the Internet companies that interconnect edge ISPs with the rest of the ISPs globally.

These ISPs have set up specialized servers that monitor network traffic for specific URLs and move to alter it, no matter the end users are their customers or not.

Methods of Injection:

Various methods had been adopted by ISPs to infiltrate the legitimate traffic. Some of them are:

1- Out of Band TCP Injection

Unlike in the past when ISPs modified network packages to inject ads, the network operators send the forged packets without dropping the legitimate ones.

Interestingly, instead of interception or rewriting of network packets, cloning of HTTP response packets had been adopted by ISPs to replicate the infection. The ISP clones the legitimate traffic, modifies the clone, and then sends both packets to the desired destination.

So ultimately, there are 2 packet responses generated for a single request. Hence, there is a chance of forged packet to win the race, while legit packet reaches at last.

Since the cloned traffic will not always arrive at the end users before the legitimate one, the injected traffic is harder to detect.

But a serious analysis with netsniff-ng would knock out the fake packets.

2) HTTP Injection

HTTP is a stateless client-server protocol that uses TCP as its transport. As TCP only accepts the initial packet upon its receival and discards the second, there is a chance to receive the fake packet in first place; if infection had been taken place.

Here, the user might get a response with HTTP Status Number 302 (Redirection) instead of HTTP Status Number 200 (OK) and would be re-routed to the other non-legit links.

How to Identify Rogue Packets?

1) IP Identification

IP identification value does contains a counter that is sequentially incremented after each sent the packet.

The forged packet returns soon after making a request that masquerades as a legit packet. But the time stamp in each packet would provide enough evidence to eliminate the rogue packet.

The forged packet is the one that has the largest absolute difference between its identification value and the average of the identification values of all the other packets

2) TTL (Total Time to Live)

Each received packet contains an initial value set by sender that calculates the number of hops covered by the packet during the transmission.

If packet is received with different number of hop counts, then it would clearly draws a line between the legit and illegit ones.

The forged packet is the one that has the largest absolute difference between its TTL value and the average of TTL values of all the other packets

3) Timing Analysis

Time stamp in the packet captured by the monitoring systems at the entrance to the Edge network would figure out the genuinity.

The data packet with apparent time close proximity would differentiate the legitimate packets from the forged packets with unmatched arrival time.

List of the Infection Groups

In general, 14 different ISPs had been discovered with malicious background, and out of these 10 are from China, 2 from malaysia, and 1 each from India and United States.

Following are the injection groups and their characteristics:

1. Hao – Referred the user to hao123.com itself, but using an HTTP 302 response mechanism to infect users.

2. GPWA – The genuine website of Gambling had been forged to another web domain which intelligently redirects the traffic to 'qpwa' (sometimes, public would not find the difference between 'q' and 'g').

The forged content here includes a JavaScript that refers to a resource having the same name as the one originally requested by the user, but the forged resource is located at qpwa.org registered to a Romanian citizen.

3. Duba Group – The injections in this group add to the original content of a website a colorful button that prompts the victim to download an executable from a link at the domain duba.net.

The executable is flagged as malicious by several antivirus vendors.

4. Mi-img – In these injected sessions, the client, which appears to be an Android device, tries to download an application. The redirected response navigates into an online bot database that had been identified by a BotScout lookup.

5. Server Erased – In this group, the injections were identical to the legitimate response but the original value of the HTTP header 'Server' is changed.

Motive Behind the Attack

Both the advertising agencies and the ISPs are benefited by redirecting user's traffic to the corresponding sites.

This practice would mark an increase in advertisement revenue and other profits to advertisers and ISPs.

During their research, the researchers logged massive amounts of Web traffic and detected around 400 injection incidents based on this technique.

Most of these events happened with ISPs in China and far east countries, even if the traffic originated from Western countries, meaning a German user accessing a website hosted in China is also susceptible to having his/her traffic injected with ads or malware.

How to Mitigate?

Since the companies that engage in such practices are edge ISPs - the final network providers that connect users to the Internet, users can change their Internet provider.

However, the simplest way to combat this issue is for website operators to support HTTPS for their services, as all the websites that infect users are SSL-less.

The sites that supply malicious URLs are not guarded by SSL Shield, making them vulnerable to carry out the illegit things.

Therefore, usage of HTTPS-based websites would block such kinds of attacks, so users are advised only to stick to SSL sites.

Delivering the illegit content, or redirecting the crowd to stash the cash would end up losing the public trust on the technologies.
https://thehackernews.com/2016/02/ch...r-malware.html





Largely Undetected Mac Malware Suggests Disgraced HackingTeam has Returned

Until recently, sample wasn't detected by any of the top antivirus programs.
Dan Goodin

Researchers have uncovered what appears to be newly developed Mac malware from HackingTeam, a discovery that's prompting speculation that the disgraced malware-as-a-service provider has reemerged since last July's hack that spilled gigabytes worth of the group's private e-mail and source code.

The sample was uploaded on February 4 to the Google-owned VirusTotal scanning service, which at the time showed it wasn't detected by any of the major antivirus programs. (Ahead of this report on Monday, it was detected by 10 of 56 AV services.) A technical analysis published Monday morning by SentinelOne security researcher Pedro Vilaça showed that the installer was last updated in October or November, and an embedded encryption key is dated October 16, three months after the HackingTeam compromise.

The sample installs a copy of HackingTeam's signature Remote Code Systems compromise platform, leading Vilaça to conclude that the outfit's comeback mostly relies on old, largely unexceptional source code, despite the group vowing in July that it would return with new code.

"HackingTeam is still alive and kicking but they are still the same crap morons as the e-mail leaks have show us," Vilaça wrote. "If you are new to OS X malware reverse engineering, it's a nice sample to practice with. I got my main questions answered so for me there's nothing else interesting about this. After the leak I totally forgot about these guys :-)."

Patrick Wardle, a Mac security expert at Synack, has also examined the sample and says that while it appears to install a new version of the old HackingTeam implant, it uses several advanced tricks to evade detection and analysis. For one, it uses Apple's native encryption scheme to protect the contents of the binary file, making it the first malicious implant installer Wardle has ever seen to do so. Wardle was nonetheless able to break the encryption because Apple uses a static hard-coded key—"ourhardworkbythesewordsguardedpleasedontsteal(c)AppleC" —that has long been known to reverse engineering experts. Even then, he found that the installer was "packed" in a digital wrapper that also limited the types of reverse engineering and analysis he wanted to perform.

The sample still leaves many questions unanswered. For example, it's not clear how the malware gets installed. One possibility is that targets are tricked into believing that the file installs a benign application. Another possibility is that it's bundled with an exploit that surreptitiously executes the installer. People who want to know if a Mac is infected should check for a file named Bs-V7qIU.cYL, which is dropped into the ~/Library/Preferences/8pHbqThW/ directory.

Vilaça said he can't conclusively determine that the new sample is the work of HackingTeam. Since the 400 gigabytes of data that was obtained in the July breach included the Remote Code Systems source code, it's possible that a different person or group recompiled the code and distributed it in the new installer. Still,Vilaça said evidence from the Shodan search service and a scan of the IP address in VirusTotal show that a command and control server referenced in the sample was active as recently as January, suggesting that the new malware is more than a mere hoax.
http://arstechnica.com/security/2016...-has-returned/





Most Software Already has a “Golden Key” Backdoor: the System Update

Software updates are just another term for cryptographic single-points-of-failure.
Leif Ryge

In 2014 when The Washington Post Editorial Board wrote "with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant," the Internet ridiculed them. Many people painstakingly explained that even if there were somehow wide agreement about who would be the "right" people and governments to hold such an all-powerful capability, it would ultimately be impossible to ensure that such power wouldn't fall in to the "wrong" hands.

Yet, here is a sad joke that happens to describe the reality we presently live in:

Q: What does almost every piece of software with an update mechanism, including every popular operating system, have in common?

A: Secure golden keys, cryptographic single-points-of-failure which can be used to enable total system compromise via targeted malicious software updates.

I'll define those terms: By "malicious software update," I mean that someone tricks your computer into installing an inauthentic version of some software which causes your computer to do things you don't want it to do. A "targeted malicious software update" means that only the attacker's intended target(s) will receive the update, which greatly decreases the likelihood of anyone ever noticing it. To perform a targeted malicious software update, an attacker needs two things: (1) to be in a position to supply the update and (2) to be able to convince the victim's existing software that the malicious update is authentic. Finally, by "total system compromise" I mean that the attacker obtains all of the authority held by the program they're impersonating an update to. In the case of an operating system, this means that the attacker can subvert any application on that computer and obtain any encryption keys or other unencrypted data that the application has access to.

A backdoored encryption system which allows attackers to decrypt arbitrary data that their targets have encrypted is a significantly different kind of capability than a backdoor which allows attackers to run arbitrary software on their targets' computers. I think many informed people discussing The Washington Post's request for a "secure golden key" assumed they were talking about the former type of backdoor, though it isn't clear to me if the editorial's authors actually understand the difference.

From an attacker perspective, each capability has some advantages. The former allows for passively-collected encrypted communications and other surreptitiously obtained encrypted data to be decrypted. The latter can only be used when the necessary conditions exist for an active attack to be executed, but when those conditions exist it allows for much more than mere access to already-obtained-but-encrypted data. Any data on the device can be exfiltrated, including encryption keys and new data which can be collected from attached microphones, cameras, or other peripherals.

Many software projects have only begun attempting to verify the authenticity of their updates in recent years. But even among projects that have been trying to do it for decades, most still have single points of devastating failure.

In some systems there are a number of keys where if any one of them is compromised such an attack becomes possible. In other cases it might be that signatures from two or even three keys are necessary, but when those keys are all controlled by the same company (or perhaps even the same person) the system still has single points of failure.

This problem exists in almost every update system in wide use today. Even my favorite operating system, Debian, has this problem. If you use Debian or a Debian derivative like Ubuntu, you can see how many single points of failure you have in your update authenticity mechanism with this command:

For the computer I'm writing this on, the answer is nine. When I run the apt-get update command, anyone with any one of those nine keys who is sitting between me and any of the webservers I retrieve updates from could send me malicious software and I will run it as root.

How did we get here? How did so many well-meaning people build so many fragile systems with so many obvious single points of failure?

I believe it was a combination of naivety and hubris. They probably thought they would be able keep the keys safe against realistic attacks, and they didn't consider the possibility that their governments would actually compel them to use their keys to sign malicious updates.

Fortunately, there is some good news. The FBI is presently demonstrating that this was never a good assumption, which finally means that the people who have been saying for a long time that we need to remove these single points of failure can't be dismissed as unreasonably paranoid anymore.

I won't write much about the specifics of the FBI/Apple situation, because there are already plenty of in-depth accounts of the many details of the case. The important thing to understand is that the FBI is demanding that Apple provide them with a signed software update which will disable an iPhone feature which deletes data after a certain number of failed attempts at guessing the PIN (which, along with a per-device secret, is the seed from which the encryption key is derived). On iPhones with relatively short PINs, this effectively "breaks" the encryption because a small key space can be quickly searched.

(On my Debian system, such a feature doesn't even exist. If someone has my encrypted hard drive, they can freely attempt to brute-force my disk passphrase—but hopefully most people's disk crypto passphrases on computers with keyboards are stronger than a short PIN. If an attacker can convince my computer to run arbitrary code while the disk is decrypted, the key can be exfiltrated and the strength of the passphrase becomes irrelevant.)

So when Apple says the FBI is trying to "force us to build a backdoor into our products," what they are really saying is that the FBI is trying to force them to use a backdoor which already exists in their products. (The fact that the FBI is also asking them to write new software is not as relevant, because they could pay somebody else to do that. The thing that Apple can provide which nobody else can is the signature.)

Is it reasonable to describe these single points of failure as backdoors? I think many people might argue that industry-standard systems for ensuring software update authenticity do not qualify as backdoors, perhaps because their existence is not secret or hidden in any way. But in the present Apple case where they are themselves using the word "backdoor," abusing their cryptographic single point of failure is precisely what the FBI is demanding.

Apple might prevail in their current conflict with the FBI, but the fact that they could also lose means they may have already lost to someone else. Imagine if some other murderous criminal organization wanted to access data on a PIN-encrypted iPhone. What if they, like the FBI has now done, found some people who understand how the technology works and figured out who needs to be coerced to make it possible? Having access to a "secure golden key" could be quite dangerous if sufficiently motivated people decide that they want access to it.

I'm optimistic that the demands the FBI is making to Apple will serve as a wakeup call to many of the people responsible for widely-used software distribution infrastructures. I expect that in the not-too-distant future, for many applications at least, attackers wishing to perform targeted malicious updates will be unable to do so without compromising a multitude of keys held by many people in many different legal jurisdictions. There are a number of promising projects which could help achieve that goal, including the DeDiS Cothority and the Docker project's Notary.

Being free of single points of failure should be a basic requirement for any new software distribution mechanisms deployed today.
http://arstechnica.com/security/2016...d-auto-update/





San Bernardino DA Says Seized iPhone May Hold “Dormant Cyber Pathogen”

He says iPhone might be "a weapon" to trigger some nefarious worm of some sort.
David Kravets

The San Bernardino District Attorney told a federal judge late Thursday that Apple must assist the authorities in unlocking the iPhone used by Syed Farook, one of the two San Bernardino shooters that killed 14 people in a killing rampage in December. The phone, which was a county work phone issued to Farook as part of his Health Department duties, may have been the trigger to unleash a "cyber pathogen," county prosecutors said in a brief court filing.

"The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino's infrastructure," according to a court filing by Michael Ramos, the San Bernardino County district attorney.

The development represents the first time any law enforcement official connected to the investigation provided an indication, other than links to possible co-conspirators, of what the authorities might discover on the phone. The district attorney's position comes a week after Jarrod Burguan, the San Bernardino police chief, said there was a "reasonably good chance that there is nothing of any value on the phone." James Comey, the FBI director, said Feb, 21 that "Maybe the phone holds the clue to finding more terrorists. Maybe it doesn't."

The county declined to directly comment. A spokesman, David Wert, told Ars in an e-mail that "The county didn't have anything to do with this brief. It was filed by the district attorney." The DA's office, which did not immediately respond for comment, followed up with a statement to Ars, saying that there is a "compelling governmental interest in acquiring any evidence of criminal conduct, additional perpetrators, potential damage to the infrastructure of San Bernardino County, and in protecting the California Constitutionally guaranteed due process rights of the victims, deceased and living, arising from state crimes committed on December 2, 2015."

Jonathan Zdziarski, a prominent iPhone forensics expert, said in a telephone interview that the district attorney is suggesting that a "magical unicorn might exist on this phone."

"The world has never seen what he is describing coming from an iPhone," Zdziarski said. "I would expect, I would demand, in order to make that statement at all, he should make some kind of proof."

Quote:
It sounds like he’s making up these terms as he goes. We've never used these terms in computer science. I think what he’s trying to suggest is that Farook was somehow working with someone to install a program on the iPhone that would infect the local network with some kind of virus or worm or something along those lines. Anything is possible, right? Do they have any evidence whatsoever to show there is any kind of cyber pathogen on the network or any logs or network captures to show that Farook's phone tried to introduce some unauthorized code into the system?
In a follow-up e-mail, Zdziarski added: "This reads as an amicus designed to mislead the courts into acting irrationally in an attempt to manipulate a decision in the FBI's favor. It offers no evidence whatsoever that the device has, or even might have, malware on it. It offers no evidence that their network was ever compromised. They are essentially saying that a magical unicorn might exist on this phone."

At issue is that the Federal Bureau of Investigation wants Apple to create software to help it bypass the passcode lock to enable the authorities to gain access to the iPhone. Apple is fighting a Southern California magistrate's order that it do that. Oral arguments are set for March 22 in federal court, in which Apple hopes to change the magistrate's mind.

The government claims that a 1789 law, known as the All Writs Act, allows judges to issue orders despite there being no law on the topic.

The district attorney's revelation was contained in his application to submit a friend-of-the-court brief. His so-called amicus brief has not been lodged with the court. San Bernardino County did not make it available when Ars requested it.
http://arstechnica.com/tech-policy/2...yber-pathogen/





What is a “Lying-Dormant Cyber Pathogen?” San Bernardino DA Says it’s Made Up

He now says there's no evidence of cyber doom, wants iPhone unlocked to be sure.
David Kravets

One day after the San Bernardino County district attorney said that an iPhone used by one of the San Bernardino shooters might contain a "lying-dormant cyber pathogen," the county's top prosecutor went on the offense again. DA Michael Ramos said Apple must assist the FBI in unlocking the phone because an alleged security threat might have been "introduced by its product and concealed by its operating system."

Ramos' office said the "Companies that introduce dangerous products, and it can be argued that the iPhone with its current encryption is dangerous to victims, are required to fix them. Companies that create environmental damage are required to clean it up," the prosecutor said in a filing Friday afternoon.

The fact no one has heard of a pathogen that might carry devastating qualities has us and others wanting to know exactly what is a "lying-dormant cyber pathogen?" We asked Ramos' office to elaborate. Ars' e-mail and phone messages, however, were not returned.

As the chatter on Twitter and elsewhere could attest, security and forensics experts have never heard of this type of threat. Online commenters called it everything from a "magical unicorn" to a make-believe plot that we might see on the broadcast TV show CSI: Cyber.

But late Friday, Ramos told The Associated Press that his cyber doom suggestion was out of thin air.

"This was a county employee that murdered 14 people and injured 22," Ramos said. "Did he use the county's infrastructure? Did he hack into that infrastructure? I don't know. In order for me to really put that issue to rest, there is one piece of evidence that would absolutely let us know that, and that would be the iPhone."

Ramos had been tight-lipped on exactly what security threat may be on the passcode-protected phone of Syed Farook, a county worker who was one of two shooters in the Dec. 2 massacre that killed 14 and wounded scores of others. The prosecutor suggested in a court filing yesterday that the iPhone—a county phone used by Farook and recovered after the shooting—might be some type of trigger to release a "lying-dormant cyber pathogen" into the county's computer infrastructure. On Friday, the district attorney again demanded that a federal magistrate presiding over the dispute command Apple to help decrypt the phone.

Quote:
Apple has not advanced a single argument to indicating [sic] why the identification and prosecution of any outstanding coconspirators, or to detect and eliminate cyber security threats to San Bernardino County's infrastructure introduced by its product and concealed by its operating system, and Apple's refusal to assist in acquiring that information, is not a compelling governmental interest.

To the extent that Apple states in its brief at page 33 that there is no compelling state interest because the government "has produced nothing more than speculation that this iPhone might contain potentially relevant information," Apple completely forgets that a United States Magistrate has issued a search warrant based on a finding of probable cause that the iPhone does contain evidence of criminal activity. The reason we search is to find out if the device contains evidence or is an instrumentality of the crime. Such authority is granted by the United States Constitution.
The FBI is demanding that Apple build software that would enable the government to defeat the passcode lock without data being lost on the phone the county issued to Farook. Apple has steadfastly rejected building what the tech company said amounts to an encryption backdoor. Apple says helping would weaken iPhone security overall. Until Ramos' court filings on Thursday and Friday, the authorities have been maintaining that the phone might provide evidence of possible co-conspirators that have escaped justice. The authorities also say there are hundreds of phones in prosecutors' hands that need unlocking to help solve crimes.

Magistrate Sheri Pym has already ordered Apple to build the software. A hearing on Apple's challenge is scheduled for March 22 before Pym in Riverside federal court.

Apple declined comment.
http://arstechnica.com/tech-policy/2...o-da-wont-say/





Apple Wins Ruling in New York iPhone Hacking Order
Katie Benner and Joseph Goldstein

A federal magistrate judge on Monday denied the United States government’s request that Apple extract data from an iPhone in a drug case in New York, giving the company’s pro-privacy stance a boost as it battles law enforcement officials over opening up the device in other cases.

The ruling, from Judge James Orenstein in New York’s Eastern District, is the first time that the government’s legal argument for opening up devices like the iPhone has been put to the test. The denial could influence other cases where law enforcement officials are trying to compel Apple to help unlock iPhones, including the standoff between Apple and the F.B.I. over the iPhone used by one of the attackers in a mass shooting in San Bernardino, Calif., last year.

Judge Orenstein, in his 50-page ruling on Monday, took particular aim at a 1789 statute called the All Writs Act that underlies many government requests for extracting data from tech companies. The All Writs Act broadly says that courts can require actions to comply with their orders when not covered by existing law. Judge Orenstein said the government was inflating its authority by using the All Writs Act to force Apple to extract data from an iPhone seized in connection with a drug case.

The government’s view of the All Writs Act is so expansive as to cast doubt on its constitutionality if adopted, Judge Orenstein wrote.

The All Writs Act is also being invoked in the fight over an iPhone in the San Bernardino shooting, which has publicly pitted Apple against the government. Apple’s chief executive, Timothy D. Cook, has refused to comply with a federal court order to help break into the phone, saying that he needs to protect the data of all customers. That has set off a far-reaching debate over privacy and security.

Both the F.B.I. and Apple have called for Congress to step in to help settle the question of when law enforcement should get access to citizens’ private data. On Tuesday, Apple’s general counsel, Bruce Sewell, and James B. Comey, the F.B.I. director, will testify about balancing privacy and safety before the House Judiciary Committee.

“It’s important that a judge for the first time recognizes the All Writs Act doesn’t provide the lawful authority the government has been claiming in these cases,” said Esha Bhandari, a lawyer with the A.C.L.U., which supports Apple’s position. “It demonstrates that when the government’s arguments are put to the test, a federal court has decided they were not actually right.”

In a statement on Monday in response to Judge Orenstein’s ruling, the Justice Department said it would ask the judge to review the decision. Apple had previously agreed to help open up the iPhone in the drug case, and has complied with past All Writs Act orders, the Justice Department said.

“This phone may contain evidence that will assist us in an active criminal investigation, and we will continue to use the judicial system in our attempt to obtain it,” the Justice Department said.

An Apple senior executive said Monday’s ruling makes clear that helping to open an iPhone is a constitutional issue that should be taken up by Congress.

Judge Orenstein’s ruling stands out because the courts have largely been absent on the major questions of electronic surveillance and privacy of our day. While judges around the country have signed at least 70 orders at the request of the government compelling Apple to access data on phones, this was the first time that a judge and Apple have pushed back.

The legal back and forth between Judge Orenstein, the Justice Department and Apple began last October, when federal prosecutors applied for a court order to force Apple to unlock an iPhone 5s seized by the Drug Enforcement Administration in a 2014 drug case, according to court documents.

After federal prosecutors requested the order, Judge Orenstein argued in an 11-page memo last October that prosecutors were misusing the All Writs Act. The judge asked Apple to weigh in, and the company filed a brief that same month. In addition to agreeing with the judge, the company also said the request could create an undue burden and threatened to “substantially tarnish the Apple brand.”

“This reputational harm could have a longer-term economic impact beyond the mere cost of performing the single extraction at issue,” Apple said in a brief.

The government then called Apple’s decision to side with the judge a “stunning reversal.” Saritha Komatireddy, a Brooklyn federal prosecutor, said the government’s application in this case “was just a simple routine request for assistance in carrying out a valid search warrant issued by a federal court, as Apple has done so many times before.”

During the case, Judge Orenstein said he found it puzzling that Apple had not previously resisted the use of the All Writs Act, including in other cases where Apple had complied with the order.

“You have had apparently 70 prior instances where you have not taken the steps available to you,” Judge Orenstein said to Apple’s lawyers during a hearing.

Ultimately, Judge Orenstein argued that the government couldn’t use the All Writs Act to ask Apple to help extract information from a device just because a different law, the Communications Assistance for Law Enforcement Act, or Calea, addresses the issue and does not include an “information services” company like Apple. Congress has been debating whether to amend Calea to include tech companies such as Apple, Facebook and Alphabet’s Google.

Still, the decision is not binding for the San Bernardino case, said Eric A. Berg, a litigation lawyer and special counsel with Foley & Lardner, who is a former Justice Department lawyer.

“From a technical, legal standpoint, it doesn’t really have much of an effect in the California districts,” Mr. Berg said. But “if you start with public opinion, this is going to be viewed as a victory for the privacy lobby and a defeat for the government in that battle over privacy.”
http://www.nytimes.com/2016/03/01/te...ing-order.html





F.B.I. Error Locked San Bernardino Attacker’s iPhone
Cecilia Kang and Eric Lichtblau

The head of the F.B.I. acknowledged on Tuesday that his agency lost a chance to capture data from the iPhone used by one of the San Bernardino attackers when it ordered that his password to the online storage service iCloud be reset shortly after the rampage.

“There was a mistake made in the 24 hours after the attack,” James B. Comey Jr., the director of the F.B.I., told lawmakers at a hearing on the government’s attempt to force Apple to help “unlock” the iPhone.

F.B.I. personnel apparently believed that by resetting the iCloud password, they could get access to information stored on the iPhone. Instead, the change had the opposite effect — locking them out and eliminating other means of getting in.

The iPhone used by Syed Rizwan Farook, one of the assailants in the Dec. 2 attack in which 14 people were killed, is at the center of a fierce legal and political fight over the balance between national security and consumer privacy. Many lawmakers at Tuesday’s hearing of the House Judiciary Committee seemed torn over where to draw the line.

“The big question for our country is how much privacy are we going to give up in the name of security,” Representative Jason Chaffetz, a Utah Republican, told Mr. Comey. “And there’s no easy answer to that.”

While some lawmakers voiced support for Apple’s privacy concerns, others attacked the company’s position, saying it threatened to deprive the authorities of evidence in critical cases involving newer iPhones.

“We’re going to create evidence-free zones?” asked Representative Trey Gowdy, a South Carolina Republican who once served as a federal prosecutor. “Am I missing something?”

“How the hell you can’t access a phone, I just find baffling,” he said.

Bruce Sewell, Apple’s general counsel, told committee members that the F.B.I.’s demand for technical help to unlock Mr. Farook’s iPhone 5c “would set a dangerous precedent for government intrusion on the privacy and safety of its citizens.” Apple has said that in many cases investigators have other means to gain access to crucial information, and in some instances it has turned over data stored in iCloud.

Mr. Sewell reacted angrily to the Justice Department’s suggestion that Apple’s branding and marketing strategy was driving its resistance to helping the F.B.I., an assertion that he said made his “blood boil.”

“We don’t put up billboards that market our security,” he said. “We do this because we think protecting security and privacy of hundreds of millions of iPhones is the right thing to do.”

F.B.I. officials say that encrypted data in Mr. Farook’s phone and its GPS system may hold vital clues about where he and his wife, Tashfeen Malik, traveled in the 18 minutes after the shootings, and about whom they might have contacted beforehand. While investigators believe that the couple was “inspired” by the Islamic State, they have not found evidence that they had contact with any extremists overseas.

A judge last month ordered Apple to develop software that would disable security mechanisms on Mr. Farook’s phone so that the F.B.I. could try multiple passwords to unlock the phone through a “brute force” attack, without destroying any data. Once the systems were disabled, it would take only about 26 minutes to find the correct password, Mr. Comey said.

He rejected an idea expressed by several lawmakers that the F.B.I. was trying to force Apple to build a “back door” to decrypt its own security features. He used a different analogy to explain the government’s demands.

“There’s already a door on that iPhone,” Mr. Comey said. “Essentially, we’re saying to Apple ‘take the vicious guard dog away and let us pick the lock.’ ”

But the F.B.I. did not help its case with lawmakers when Mr. Comey acknowledged the mistake of changing the iCloud password.

When the dispute over Mr. Farook’s iPhone erupted two weeks ago, the Justice Department blamed technicians at San Bernardino County, which employed Mr. Farook as an environmental health specialist and which owned the phone he used. But county officials said their technicians had changed the password only “at the F.B.I.’s request.”

Mr. Comey acknowledged at the hearing that the F.B.I. had directed the county to change the password.

Mr. Sewell, the Apple lawyer, explained to the committee that before F.B.I. officials ordered the password reset, Apple first wanted them to try to connect the phone to a “known” Wi-Fi connection that Mr. Farook had used. Doing so might have recovered information saved to the phone since October, when it was last connected to iCloud.

“The very information that the F.B.I. is seeking would have been available, and we could have pulled it down from the cloud,” he said.

The F.B.I.’s handling of the password change drew criticism from both Democrats and Republicans at the hearing.

“If the F.B.I. hadn’t instructed San Bernardino County to change the password to the iCloud account, all this would have been unnecessary, and you would have had that information,” said Representative Jerrold Nadler, Democrat of New York.

Mr. Chaffetz leveled a similar criticism during the more than two and a half hours of testimony from Mr. Comey.

“With all due respect to the F.B.I., they didn’t do what Apple had suggested they do in order to retrieve the data, correct?” Mr. Gowdy asked the director. “I mean, when they went to change the password, that kind of screwed things up, did it not?”

But Mr. Comey said that even if the F.B.I. had not mishandled the password, he did not think the bureau could have gotten everything it wanted from the phone and would still have needed Apple to help disable the security features in the phone.

“We would still be in litigation,” he said, “because the experts tell me there’s no way we would have gotten everything off the phone from a backup.”

Mr. Comey stressed that the fight with Apple was about trying to get as much information as possible about the San Bernardino attack — not about gaining a powerful law enforcement tool elsewhere.

But when he was asked whether the F.B.I. would seek to unlock other encrypted phones if it prevailed in the San Bernardino case, he responded, “Of course.”

In the audience were relatives of a Louisiana woman, Brittney Mills, who was shot to death at her doorstep last year when she was about eight months pregnant.

Mr. Comey said the data in her phone could help investigators determine whether she was shot by someone she knew, but they had been unable to break the passcode.
http://www.nytimes.com/2016/03/02/te...committee.html





The FBI Should Try to Unlock a Shooter's iPhone Without Apple's Help, a Lawmaker Says

It may be possible for investigators to make multiple copies of the hard drive on an iPhone used by the San Bernardino mass shooter
Grant Gross

The FBI might be able to copy the hard drive of an iPhone used by a mass shooter without triggering the device's auto-erase functions, thus eliminating the agency's need to take Apple to court, a company executive said Tuesday.

Instead of forcing Apple to help defeat the iPhone password security that erases the device's contents after 10 unsuccessful attempts, it may be possible to make hundreds of copies of the hard drive, said Bruce Sewell, Apple's senior vice president and general counsel.

Apple doesn't know the condition of the iPhone used by San Bernardino mass shooter Syed Rizwan Farook, so it's unclear if mirroring the hard drive would work, but it's possible, Sewell said during a congressional hearing.

The suggestion that the FBI attempt to copy the iPhone's hard drive first came from Representative Darrell Issa, a California Republican and former car-alarm entrepreneur.

The design of the older model iPhone 5C may allow investigators to remove its hard drive and make multiple copies, Issa said. Investigators could then run 10 password attempts on each copy until they found the correct password, he said.

"The FBI is the premier law enforcement organization, with laboratories that are second to none in the world," Issa told FBI Director James Comey. "Are you testifying today that you and/or contractors that you employ could not achieve this without demanding that an unwilling partner do it?"

The FBI has explored other options and found none that it believes will work without Apple's assistance in defeating the password protection, Comey said. "We have engaged all parts of the U.S. government" to find ways to gain access to information on the phone without Apple's help, he said. "If we could have done this quietly and privately, we would have done it."

Sewell and Comey both faced tough questions during the hearing, which was focused on the pending court case and on smartphone encryption. Both men largely repeated their talking points from the long-running debate on device encryption, but lawmakers seemed split on whether Apple should honor the FBI's request and Magistrate Judge Sheri Pym's Feb. 16 order requiring the company to comply.

Apple has resisted the court order and called for Congress to set encryption policy, but it hasn't proposed any specific actions, noted Representative Jim Sensenbrenner, a Wisconsin Republican. If Congress acted, it might force Apple to aid in similar investigations.

"I don't think you're going to like what's going to come out of Congress," Sensenbrenner said. "All you've been doing is saying, 'no, no, no, no.'"

Apple ultimately will follow the law, Sewell said. "What we're asking for, congressman, is a debate on this," he said. "I don't have a proposal, I don't have a solution for it, but what I think we need to do is give this an appropriate and fair hearing."

Critics of Apple's position suggested the company is ignoring public safety issues.

Apple and Google, by enabling encryption by default on smartphones running their OSes, are, in effect, setting a U.S. policy that values customer privacy over national security and criminal prosecutions, said Cyrus Vance Jr., district attorney for New York County in New York.

Smartphone security and encryption will eventually lead to a serious problem when entire segments of suspects' lives are shielded from police, Comey told lawmakers.

"I have colleagues and others who are advocating for these evidence-free zones," added Representative Trey Gowdy, a South Carolina Republican. "There are just going to be compartments of life where [law enforcement agencies] are precluded from going to find evidence of anything ... no matter how compelling the government's evidence is."

Several other lawmakers questioned the FBI's demands, saying a court order requiring Apple to write new code to defeat the phone's security could lead to hundreds of similar requests. Vance, the New York prosecutor, said his office is now in possession of 205 locked smartphones that could be used as evidence in criminal cases.

Criminals will find ways to exploit mandated holes in encryption, said Representative Zoe Lofgren, a California Democrat. While the FBI worries about "a world where everything is private, it may be that the alternative is nothing is private," she said.

During the hearing, Comey acknowledged the FBI made a mistake when it asked San Bernardino County, the owner of the phone, to change the password soon after the mass shooting there in December.

Comey disputed the suggestion that the FBI was asking for an encryption key or a backdoor into the phone. "There's already a door on that phone," he said. "Essentially, we're asking Apple, 'take the vicious guard dog away, let us pick the lock.'"
http://www.csoonline.com/article/304...aker-says.html





Congress Showed it's Willing to Fight the FBI on Encryption. Finally

It took a while, but FBI director Jim Comey got the grilling he deserves in the Apple v FBI case
Trevor Timm

Members of Congress did something almost unheard of at Tuesday’s hearing on the brewing battle over encryption between Apple and the FBI: their job. Both Democrats and Republicans grilled FBI director Jim Comey about his agency’s unprecedented demand that Apple weaken the iPhone’s security protections to facilitate surveillance. This would have dire implications for smartphone users around the globe.

Normally, congressional committee hearings featuring Comey are contests among the members over who can shower the FBI director with the most fawning compliments in their five-minute allotted time frame. Hard questions about the agency’s controversial tactics are avoided at all costs. But on Tuesday, in rare bipartisan fashion, virtually every member of the House judiciary committee asked Comey pointed questions and politely ripped apart his arguments against Apple.

One judiciary member questioned how the FBI managed to mess up so badly during the San Bernardino investigation and reset the shooter’s password, which is what kicked this whole controversy and court case in motion in the first place. And if the case was such an emergency, why did they wait 50 days to go to court? Another member questioned what happens when China inevitably asks for the same extraordinary powers the FBI is demanding now. Others questioned whether the FBI had really used all the resources available to break into the phone without Apple’s help. For example, why hasn’t the FBI attempted to get the NSA’s help to get into the phone, since hacking is their job?

Comey readily admitted that the San Bernardino case could set a precedent for countless others after it, and that it won’t just be limited to one phone, as the FBI tried to suggest in the days after the filing became public. Comey said the FBI has so many encrypted phones in its possession that he doesn’t know the number (that’s not including the hundreds of local police forces that are itching to force Apple to create software to decrypt those as well). Comey also admitted under questioning that terrorists would just move to another encrypted device if Apple was forced to do what the government is asking, and that there are companies all over the world offering similar products.

More than anything, though, the members of Congress expressed anger that the FBI director didn’t follow through earlier on his stated intention to engage in a debate in Congress and the public about the proper role for encryption in society. Instead, he decided to circumvent that debate altogether and quietly go to court to get a judge to do what the legislative branch has so far refused to do.

FBI v Apple hearing: 'Apple is in an arms race with criminals and hackers' – live

This all comes on the heels of a judge in New York strongly rebuking the FBI and Department of Justice in a court decision on Monday. (The New York case is different from the high profile San Bernardino situation that has garnered more media attention.) Comey, despite knowing he would testify on Tuesday, decided not to read the opinion from the previous day. He didn’t give a reason for why he didn’t, but given the judge thoroughly dismantled every argument the government put forward, maybe he couldn’t stomach it.

The court hearing in the San Bernardino case is in two weeks, and there is no doubt that this is really only the beginning of the debate. But, for the first time, it seems like Congress has finally opened its eyes to the long-term effects of designing vulnerabilities into our communications systems and forcing tech companies to becomes investigative arms of the government.
http://www.theguardian.com/commentis...yption-finally





'Code is Speech' Expert Cindy Cohn Explains Key Argument in Apple's Fight with the FBI
Eric Geller

Apple's argument that a court order forcing it to write software code violates its First Amendment rights is legally sound and raises serious concerns, according to one of the lawyers most responsible for establishing the precedent that computer code is a form of speech.

In a series of court battles in the late 1990s and early 2000s, Cindy Cohn represented plaintiffs challenging restrictions on DVD copying and the publication of cryptographic code. In all three cases—Bernstein v. United States, Universal City Studios v. Reimerdes, and Junger v. Daley—federal courts held that computer code merited protection under the First Amendment.

Apple repeatedly pointed to this precedent in its motion last Friday to vacate a ruling ordering it to help the FBI unlock the iPhone of one of the San Bernardino shooters.

The company argued that, if it were forced to write code to assist in that effort, it would set a precedent that could lead to more intrusive government demands. It suggested, for example, that the government could use the same legal argument to compel it to add surveillance code to a future iOS software update, thus enabling authorities to monitor a suspect using an updated phone.

Cohn, now the executive director of the Electronic Frontier Foundation, endorsed Apple's repeated citations of her cases. But she said that the controversial iPhone-unlocking order impinged even further on Apple's free-speech rights than the restrictions in her cases.

In the Apple case, the government is not restricting anyone's ability to share code. Instead, it is requiring Apple to write new code—in this case, custom software that would disable security features on the phone so the FBI can flood it with password guesses. Even more importantly, Cohn said, it is asking Apple to digitally sign that code—effectively vouching for its legitimacy as a product of the Cupertino-based company—so that the device will accept it.

While the signature is based on a technical fact—a security feature to prevent the phone from accepting fraudulent operating systems—it has political and constitutional dimensions, Cohn said.

“They're not just asking Apple to do some writing, which itself is a First Amendment problem,” she said. “They're making Apple sign on the dotted line that this is authentic and represents Apple’s seal of approval. That, to me, is particularly interesting and makes the First Amendment problem that this creates for Apple pretty easy to see, even if you're not a coder.”

Apple argued that, by forcing it to write and sign the requested code, the government is compelling it to speak through that code. Compelled speech violates the First Amendment unless the speech is reasonably tailored and the government has a compelling interest.

In two of Cohn's cases, individuals challenged government restrictions on the sharing of encryption code, arguing that those restrictions constituted a prior restraint on the production and distribution of code—which, they said, was a form of speech. Courts agreed with both of those plaintiffs, establishing the principle. (The government later modified its restrictions, causing an appeals court to send one case back to the district court, but that lower court's ruling remains valid.)

In Cohn's third case, involving DVD ripping, a federal court upheld a ruling against the plaintiffs—who were sharing software that makes it easy to strip anti-piracy encryption from DVDs—but still agreed with their argument that the software constituted speech.

The EFF is preparing an amicus brief backing Apple's arguments, including the First Amendment claim. Cohn revealed that an army of technologists instrumental in developing early cryptographic standards would sign the brief, including Martin Hellman, co-creator of the Diffie–Hellman key exchange, one of the earliest encryption protocols.

“We're talking about the value that signatures have, and how they're really a lot like physical signatures,” Cohn said. “You have to sign the papers to sell your house, and the reason you have to sign the papers to sell your house is that so nobody else can come in and sell your house out from underneath you. It represents your word and your bond.”

In fact, Cohn said, there was a strong case to be made that digital signatures were even “more powerful” than written ones, “because a digital signature actually confirms the authenticity of the thing that's being signed in a way that a physical signature really can't.”

“I think there would be a constitutional problem even if the government was just asking Apple to write code that Apple didn't want to write,” Cohn said. “But the fact that it's actually asking Apple to then put its trust marker on that, to me, makes it, again, even more clear that there are First Amendment implications for what's going on here.”

Apple also argued in its motion to vacate the order that, by compelling it to “speak” contrary to its stated values of protecting strong encryption at all costs, the government was discriminating against it on the basis of its viewpoint—another kind of compelled-speech violation. Cohn agreed that the government was forcing Apple to produce speech that took its side.

“Apple has put its marker down to say, ‘Look, we think that the best thing for the world is for us to have uncompromised security, not compromised security,’” she said. “What the FBI is demanding that Apple do is basically publicly capitulate to the government’s views.”

While Cohn is best known for her work on code-as-speech cases, she and the EFF will also be backing Apple's other major arguments.

Apple argued in its filing that the Communications Assistance for Law Enforcement Act (CALEA)—a 1994 law requiring telephone (and, later, Internet) providers to design their equipment so it could be wiretapped—bolstered its argument.

CALEA's exemptions declare that the government can't force a company to design its equipment in a particular way and that companies can't be forced to decrypt communications if their systems are designed such that they don't have the keys. There is also an exception for Internet companies like Google, which provide services on the Web but not access to it.

Taken together, Apple argued, these limitations in CALEA express Congress's intent to bar the government from requesting technical modifications like the ones that the FBI now wants. On Monday, a federal judge in New York rejected the government's request for a similar iPhone-unlocking order on the basis that congressional intent—including the language of CALEA—implicitly prohibited it.

Cohn, too, agreed with Apple's reading of CALEA. She also dismissed the notion, advanced by the government, that the ban on demanding specific equipment design—one of the provisions that Apple stressed the most—only applied to the initial design stage of a product before it went to market.

If that were the case, Cohn said, CALEA would be toothless, because it wouldn't prevent the FBI from subsequently going to an equipment maker and demanding modifications on a specific device—exactly what it wants to do in the San Bernardino case.

“Congress would have passed the law that was pretty useless,” she said. “If it only talked about the first time you rolled out a thing, but the minute you rolled it out, the FBI could come up and make you modify it so it didn’t do that thing anymore, it wouldn’t be a particularly useful protection.”

Analyzing the Justice Department's use of the All Writs Act—which lets courts issue any orders necessary to carry out a ruling—Cohn argued that the government's position in the San Bernardino case reflected exactly the kind of broad-brush precedent setting that Apple feared.

“The government is seeking legal precedent here,” she said. “There's nothing about the way the government has argued this case that would limit it to this particular case, that would limit it to terrorism investigations, that would limit it to Apple or limit it to these things. That's not what they're aiming for here. It's very clear from the papers. They’re saying the All Writs Act lets them do this or anything like it.”
http://www.dailydot.com/politics/app...ohn-interview/





Former Heads of NSA and Homeland Security Unlikely Supporters in Encryption Battle
Ron Miller

At a panel discussion today at the RSA conference in San Francisco, Apple found two unlikely allies when the former heads of the NSA and Homeland Security threw their support behind encryption technologies.

Michael Chertoff, who was the head of Homeland Security under presidents George W. Bush and Barack Obama, and who helped author the USA Patriot Act, and former NSA head Mike McConnell both expressed strong support for encryption technology during a panel called “Beyond Encryption: Why We Can’t Come Together on Security and Privacy — and the Catastrophes That Await If We Don’t.”

Chertoff was a surprisingly spirited advocate of encryption suggesting at several points during the discussion that weakening it could put the economic engine driven by the Internet at risk, while placing an undue burden on the private businesses who are charged with making sure that information flows smoothly and safely on the Internet.

“If we ask private sector to be in control of security, then we have to allow them to have tools to carry out that mission,” he said. Further, he worried that weakening encryption could limit technological development.

“We need to make sure that as technology develops that policies and rules and laws don’t stifle technology,” he said.

He believes that trust fuels the Internet’s economic engine and that weakening that trust puts those economic benefits at risk. “If you lose trust, you get to a tipping point where people flee to something else,” he said. As that happens, we could inadvertently fragment the internet as different countries go their own way in the name of privacy.

“If we don’t come to an agreement with the majority of the world [around privacy], we could end up with multiple internets and lose the value of an interconnected world,” he said.

Meanwhile Mike McConnell, former head of the NSA, who is currently senior executive advisor at Booz Allen said if he were advising the FBI on the Apple case, he would tell them that they chose the wrong test case.

Instead of bringing the case to court, McConnell suggested a more reasoned approach — forming “a legislatively directed commission of leading experts to have an informed dialog with all clearances [required] to make reasonable recommendations.”

He believes that the public and Congress lack the expertise to make informed decisions about cyber security matters, and that by bringing together a group of experts, it could help Congress make more informed decisions.

Consider that two men who once advocated limiting privacy in the name of security are strongly defending encryption technology and suggesting that weakening it puts the entire Internet at risk. It seems that Apple has some powerful if unlikely allies when it comes to supporting encryption as a way of protecting data on the Internet — and that’s certainly an unexpected outcome of this debate.
http://techcrunch.com/2016/03/03/for...ryption-battle





U.N. Backs Apple, Calls Encryption Fundamental to Freedom
Buster Hein

The United Nations is standing behind Apple in the company’s fight against the FBI over whether the federal government can compel the iPhone-maker to create a backdoor into iOS.

In a letter written in support of Apple’s case, U.N. Special Rapporteur David Kaye says that if the feds are successful, it would infringe on citizens’ right to freedom of expression.

Pointing to a U.N. report he published last year, Kaye argues encryption is “fundamental to the exercise of freedom of opinion and expression in the digital age.” He goes on to slam the FBI’s demands as completely unnecessary.

“Given that the Government has multiple, alternative technical and operational measures to conduct this investigation, it is unclear that the Government’s motion to compel Apple to create software to enable access to this iPhone is necessary for this particular investigation.”

Kayes questions whether the FBI went to other agencies for help in unlocking the iPhone 5c that belonged to one of the San Bernardino terrorists that killed 14 people. Director James Comey told the House Judiciary Committee that the FBI had exhausted all internal resources and queried other agencies for help on unlocking the iPhone. However, some of the congressional representatives on the committee weren’t convinced the FBI has tried everything.

“My concern is that the subject order implicates the security, and thus the freedom of expression, of unknown but likely vast numbers of people, those who rely on secure communications,” warns Kaye. “This is fundamentally a problem of technology, one where compromising security for one and only one time and purpose seems exceedingly difficult if not impossible.”

A number of other companies and individuals are expected to file amicus briefs in support of Apple today. The husband of San Bernardino survivor Anies Kondoker has submitted a letter in Apple’s favor, arguing that there’s probably not any data on the iPhone 5c in question, since it was a work phone and employees knew they could be monitored.

Briefs from the ACLU, Access Now, Wickr Foundation, the App Association and more are available to view on Apple’s website.
http://www.cultofmac.com/415765/u-n-...se-of-freedom/





Amazon Just Removed Encryption from the Software Powering Kindles, Phones, and Tablets
Patrick Howell O'Neill

While Apple continues to resist a court order requiring it to help the FBI access a terrorist's phone, another major tech company just took a strange and unexpected step away from encryption.

Amazon has removed device encryption from the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices.

The change, which took effect in Fire OS 5, affects millions of users.

Device encryption, which ties data access to a password known only to the device's rightful owner, prevents thieves from reading personal information on tablets, phones, and other products that they steal. Older Amazon devices supported relatively easy-to-apply encryption.

Amazon's decision prompted a wave of customer complaints on support forums, blogs, and social media.

In the wake of revelations about U.S. mass-surveillance programs and government hacking activities, Apple and Google added device encryption to iOS and Android in 2014, although Google left it off by default. Apple's gradual ratcheting up of security features on its mobile devices sparked the current fight over law-enforcement access to those devices.

Amazon is among several tech companies filing or joining amicus briefs in the Apple case.

The company did not respond to a request for comment about its Fire OS encryption change.
http://www.dailydot.com/politics/ama...rating-system/





Amazon Reverses Course on Encryption for its Fire Tablets

You will be able to encrypt Amazon Fire tablets again after a new update this spring.
Richard Lawler

It's been only one day since -- in the midst of a national debate over encrypted devices -- Amazon started pushing a new Fire OS 5 to its tablets that ditched support for device encryption. Just yesterday, the company said that was because customers weren't using the feature. Tonight, the company tells Engadget that it will bring the option back in another update that is due to arrive this spring. Given the attention Apple's battle with the FBI has brought to this security feature it seems logical that encryption remains at least available as an option, even on a device intended for casual usage.

Quote:
Amazon:

We will return the option for full disk encryption with a Fire OS update coming this spring.
http://www.engadget.com/2016/03/04/a...ack-to-FireOS/





ISIS Turns to Foreign Encryption Products as Apple–FBI Fight Rages in U.S.
Patrick Howell O'Neill

FBI and Apple officials spent Tuesday afternoon on Capitol Hill, debating American encryption laws with members of Congress. Prompted by a case related to the ISIS-inspired terrorist attack in San Bernardino, the intense discussion heavily focused on thwarting the Islamic State.

But ISIS supporters online didn't seem worried at all.

Instead, they've spent the week—and longer—promoting strong encryption tools from outside the United States that the American government cannot touch with legislation.

In the last month, Islamic State supporters have promoted security software from Finland, Romania, America, France, the Czech Republic, Canada, Panama, Germany, Switzerland, Saint Kitts and Nevis, and other nations, a Daily Dot review found.

On Telegram, a popular Islamic State technology channel promoted a number of secure communications tools, including ProtonMail (from Switzerland), Ghostmail (also Swiss), and Tutanota (German) as ways to hide from Western surveillance.

IS supporters making email recommendations

Apple and the Federal Bureau of Investigation are currently embroiled in a legal battle over a court order that requires Apple engineers to create custom software that will let the FBI guess the password to San Bernardino shooter Syed Rizwan Farook's locked iPhone 5c. The technology giant is fighting the order on the grounds that doing so would jeopardize its users' security and violate the company's rights.

The international availability of encryption technology, of which Islamic State militants are well aware, underscores FBI Director James Comey's long-held desire to build an international legal regime to deal with the problems posed by encryption, what he calls “going dark.”

Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.) are currently crafting legislation that may mandate so-called “backdoors” in encryption technology as a means to combat criminals and terrorists evading the reach of intelligence agents and law enforcement. Another piece of legislation, introduced this week by Sen. Mark Warner (D-Va.) and Rep. Michael McCaul (R-Texas), aims to create a commission to study encryption and other digital-security technologies.

In the Tuesday hearing before the House Judiciary Committee, Apple's top lawyer, Bruce Sewell, argued that free, open-source, foreign encryption solutions are popular and would benefit from any law weakening American encryption—an argument often repeated by technologists and other opponents of anti-encryption legislation.

“Couldn't foreign companies and bad actors generally do that, whatever we said?” Rep. Jerrold Nadler (D-N.Y.) asked Comey.

Comey was skeptical that many people would ditch American devices and adopt foreign products due to encryption and privacy issues.

Various studies have concluded that U.S. tech companies lost billions of dollars because of the privacy and security concerns raised in the wake of former NSA contractor Edward Snowden's leak of secret National Security Agency documents in 2013. The Snowden revelations prompted Apple and Google, creator of Android, to build strong encryption into their mobile operating systems in an attempt to rebuild customer trust and strengthen their security.

Susan Landau, a Worcester Polytechnic Institute cybersecurity policy professor, argued forcefully that any terrorist can simply download foreign applications with strong encryption to get around whatever legislation Congress might pass.

“If congress were to pass a law prohibiting use of encryption on Apple phones ... what it would do is weaken us but not change it for the bad guys,” Landau said, agreeing that any limits on encryption are virtually “undoable.”
http://www.dailydot.com/politics/isi...international/





French Bill Carries 5-Year Jail Sentence for Company Refusals to Decrypt Data for Police
Patrick Howell O'Neill

Employees of companies in France that refuse to decrypt data for police can go to prison for five years under new legislation from conservative legislators, Agence France-Presse reports.

The new proposal echoes a bill from January 2016 that would have mandated “backdoors” into encryption in France. That backdoor bill, championed by Conservatives in the French legislature, was defeated and criticized by the current government of Prime Minister Manuel Valls.

The new punitive legislation, which is also being criticized by the Valls government, is an amendment to a larger penal reform bill. Like its predecessor, it's unclear that this amendment will make it through to law.

The punishment for refusing to hand over access to encrypted data is a five year jail sentence and $380,000 fine. Telecom companies would face their own penalties, including up to two years in jail.

M. Pierre Lellouche, a French Republican, singled out American encryption in particular.

“Ironically, encrypted systems generally come from the U.S. military—I think the Tor network and Dark cloud in general—and most companies that engage in this kind of trade are American,” he told the National Assembly. “They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists. It is unacceptable that the state loses any control over encryption and, in fact, be the subject of manipulation by U.S. multinationals.”

Lellouche criticized opponents of the amendment sharply: “In terms of prevention, by one vote, you do not want to send the signal of resistance to US multinationals to end encryption of communications between terrorists. You do not want to send that signal.”

The new French proposal will resonate loudly with those following the American legal clashes between the FBI and Apple. The U.S. tech firm is fighting a court order requiring it to help the Federal Bureau of Investigation hack into the iPhone of a San Bernardino shooter, arguing that it will set a harmful precedent and greatly weaken overall American cybersecurity.

“It is absolutely essential that France is sending a solemn signal that our prosecutors and intelligence services can have access to data available to these multinational corporations,” Lellouche said. “For such companies, colleagues, know the addresses of those who plan attacks against our country. It is unbearable to accept such a situation!”

French parliamentary deputies voted in favor of the new amendment on Thursday.
http://www.dailydot.com/politics/fra...on-law-punish/





Britain Floats Revised Bill for Broad Surveillance Powers
Michael Holden

Britain floated revised legislation on Tuesday that would grant authorities wide-ranging surveillance powers including the right to see which websites people visit, saying the modified bill addressed concerns about threats to privacy.

Last November, Prime Minister David Cameron's government unveiled a draft of the law that would give police and spies snooping tools they say are vital to protecting the public from criminals, pedophiles and terrorism.

But the measures met scepticism from lawmakers, global technology firms and privacy groups, reflecting a debate raging in the West over how state authorities can operate effectively in the digital age without overly intruding into people's lives or risking the security of data.

On Tuesday, the Conservative government put forward a tweaked version that it said was clearer and provided stronger privacy safeguards.

"The bill ensures that the security and intelligence agencies and law enforcement continue to have the powers they need to keep us safe - and no more," Home Secretary (interior minister) Theresa May said in a foreword.

Earlier this month a committee of lawmakers set up to scrutinize the draft bill said the government needed to make significant changes, describing parts as flawed, while the Intelligence and Security Committee (ISC) said it was rushed and did not do enough to protect privacy.

Last year's draft bill was itself a watered-down version of plans dubbed a "snoopers' charter" by critics who prevented it reaching parliament.

The revised proposal seeks to spell out existing powers, update outdated legislation and grant additional capabilities.

Its measures include forcing tech firms to store details of every website people visit for a year, and outlines the ability of spies to collect bulk data and for the authorities to hack into individuals' computers and smartphones.

The British bill needs to be passed into law before the end of the year when existing surveillance legislation expires.

Critics remained unimpressed.

"The bill published today continues to adhere to the structure and the underlying rationale that underpinned the draft ... bill, despite the criticism and lengthy list of recommendations from three parliamentary committees," said Gus Hosein, Executive Director of Privacy International.

One of the most contentious issues has revolved around whether tech firms would have to hand over data they held even if was encrypted. May said companies would only be asked to produce data protected by encryption where it was "practicable".

That might address the concerns of global tech giants such as Apple, which is engaged with a showdown the FBI over its refusal to unlock an iPhone belonging to Syed Rizwan Farook, who along with his wife went on a shooting rampage in December that killed 14 people in San Bernardino, California.

Apple says unlocking the phone would weaken the security of hundreds of millions of Apple devices.

(Editing by Mark Heinrich)
http://uk.reuters.com/article/uk-bri...-idUKKCN0W34XK





Snooper's Charter to Extend Police Access to Phone and Internet Data

Latest version of investigatory powers bill will allow police to hack people’s computers and view browsing history
Alan Travis

Powers for the police to access everyone’s web browsing histories and to hack into their phones are to be expanded under the latest version of the snooper’s charter legislation.

The extension of police powers contained in the investigatory powers bill published on Tuesday indicates the determination of the home secretary, Theresa May, to get her controversial legislation on to the statute book by the end of this year in spite of sweeping criticisms by three separate parliamentary committees in the past month.

The bill is designed to provide the first comprehensive legal framework for state surveillance powers anywhere in the world. It has been developed in response to the disclosure of state mass surveillance programmes by the whistleblower Edward Snowden. The government hopes it will win the backing of MPs by the summer and by the House of Lords this autumn.

May said the latest version reflected the majority of the 122 recommendations made by MPs and peers, including strengthening safeguards, enhancing privacy protections and bolstering oversight arrangements.

She has, in particular, made changes to meet concerns within the technology industry that the surveillance law would undermine encryption. The latest draft makes clear that the government will take a pragmatic approach, and no company will be required to remove encryption of their own services if it is not technically feasible. The likely costs involved will also be taken into account.

But the publication of the detailed bill has also revealed that, far from climbing down over her proposals, May intends to expand the scope of its most controversial new powers – the collection and storage for 12 months of everyone’s web browsing history, known as internet connection records – and state powers to hack into computers and smartphones.

The bill will now:

• Allow police to access all web browsing records in specific crime investigations, beyond the illegal websites and communications services specified in the original draft bill.

• Extend the use of state remote computer hacking from the security services to the police in cases involving a “threat to life” or missing persons. This can include cases involving “damage to somebody’s mental health”, but will be restricted to use by the National Crime Agency and a small number of major police forces.

The expansion of police powers to access web browsing history as part of their investigations follows pressure from the police, and the use of these powers does not need the “double-lock” ministerial authorisation.

The home secretary told MPs she had rejected the committees’ recommendations to exclude the use of state surveillance powers for the “economic wellbeing” of the UK. She also resisted their demand to scrap warrants allowing GCHQ to undertake bulk computer hacking, describing them as a “key operational requirement”.

May also underlined the “vital part” played by the security agencies’ “bulk powers” – the mass collection and storage of everyone’s communications data in Britain and the bulk interception of the content of communications of those based overseas to acquire intelligence.

The Home Office has made detailed tweaks to the original draft of the bill, including stronger protections for journalists and lawyers, six codes of practice setting out how the powers will be used, and the use of a “double-lock” authorisation of the most intrusive surveillance methods by a minister backed by the approval of a judicial commissioner.

The Home Office has also acknowledged that the initial costing of the bill, at around £247m, is not set, and a final figure will be published after detailed consultations with industry.

May said: “This is vital legislation and we are determined to get it right. The revised bill we introduced today reflects the majority of the committees’ recommendations – we have strengthened safeguards, enhanced privacy protections and bolstered oversight arrangements – and will now be examined by parliament before passing into law by the end of 2016.

“Terrorists and criminals are operating online and we need to ensure the police and security services can keep pace with the modern world and continue to protect the British public from the many serious threats we face.”she said.

As part of the pre-legislative process, the bill was examined by a draft scrutiny committee, the intelligence and security committee and the science and technology committee.

The MPs and peers called for a fundamental rewrite of the draft bill, with the ISC calling for privacy safeguards to be made the backbone of the legislation and the draft scrutiny committee saying the case had not yet been made for the introduction of the new powers to store and access everyone’s web browsing history.
http://www.theguardian.com/uk-news/2...-internet-data





Brazil Arrests Senior Facebook Exec Over WhatsApp Aid In Drug Case
David Meyer

Facebook’s fb vice president for Latin America has been arrested on his way to work in São Paulo, Brazil. Federal police picked up Diego Dzodan because Facebook disobeyed a court order to help investigators in a drug case that involves a WhatsApp user.

The arrest was made at the request of officials from the state of Sergipe, in Brazil’s north-east. In a statement, the federal police said Facebook/WhatsApp had repeatedly failed to comply with court orders relating to an organized crime and drug-trafficking investigation.

Local media reported that the police were being cagey about the precise details of the arrest, due to the secretive nature of the judicial process in this case.

Get Data Sheet, Fortune’s technology newsletter.

WhatsApp said in a statement that it was disappointed at the arrest and is unable to provide information it does not have, due to the architecture of its service. “We cooperated to the full extent of our ability in this case and while we respect the important job of law enforcement, we strongly disagree with its decision,” the unit said.

Facebook issued a distinct statement, noting that WhatsApp is operationally separate from the mothership, making the arrest of a Facebook exec “extreme and disproportionate.”

Brazil blocked WhatsApp for two days back in December, because of its unwillingness to cooperate in a criminal investigation. Again, the details were scarce at the time due to secrecy.

Dzodan has been in his post at Facebook since June last year. Previously, he spent six months as regional senior vice president for Software AG swdaf , and before that he spent a few years in several senior roles for SAP sap .
http://fortune.com/2016/03/01/brazil-facebook-arrest/





Peer-Seeking Webcam Reveals the Security Dangers of Internet Things
David Cassel

Last week security blogger Brian Krebs revealed that a popular internet-enabled security camera “secretly and constantly connects into a vast peer-to-peer network run by the Chinese manufacturer of the hardware.”

While the device is not necessarily sharing video from your camera, it is punching through firewalls to connect with other devices. Even if the user discovers it, it’s still extremely hard to turn off. And apparently it’s not the only electronic device that’s secretly phoning home.

The manufacturers may envision this as a service, allowing mobile users to conveniently connect remotely to their collection of devices at home. But in some cases, manufacturers aren’t even publicizing these features to their customers, which is one of the things that’s alarming the former Washington Post cybercrime reporter, who hold the device up as an example of “Why People Fear the ‘Internet of Things’.”

“[T]he problem with so many IoT devices is not necessarily that they’re ill-conceived, it’s that their default settings often ignore security and/or privacy concerns,” Krebs wrote.

A Chinese firm named Foscom sells this particular security camera, but one user had detected the unusual behavior and posted about it on the company’s discussion board last November. Soon other users were chiming in, confirming that they’d noticed the same things.

“I had cut off anything that should have caused the camera to ‘phone home’, but it still insisted on sending out UDP 10001 to several different IPs,” posted another user a few days later. “My router blocked the incoming responses, so no conversation was actually created, but my firewall was reporting about 16,000 attempted connections (4,000 to each of four different IPs).”

Krebs points out that some of the company’s “P2P” cameras don’t even include P2P in the product’s name — but then argues there’s two even bigger problems. First, this behavior is activated by default, until the user proactively disables it. And second: disabling it doesn’t really work. “Foscam admits that disabling the P2P option doesn’t actually do anything to stop the device from seeking out other P2P hosts online…”

Krebs links to a post in Foscam’s forum, where a user shared their response from the company’s customer support. To make it possible for the cameras to instantly come online, they were always syncing with the server.

It’s not the first incident raising questions about the security of security cameras. Back in 2005, web surfers discovered an easy way to search Google for the addresses of web-based security cameras and began remotely controlling the cameras themselves and pulling up live feeds of strangers from around the globe.

“I was mooching around this Chinese bloke’s shop with no one to be seen,” posted one prankster. “Then all of a sudden they turn up, he looks at the camera whilst I was zooming in on him and he twigged something was not right…so he runs over to his PC with me following him with the camera, then he calls his friend over….obviously they went there to check the PC as the camera is linked through that.”

As they pulled up the camera-controlling software on their PC, they saw: a picture of themselves.

But now the devices are proactively contacting the Internet themselves, and in many cases, the internet-enabled cameras are even designed to reach through a user’s firewall. This obviously opens up a new attack vector. According to Krebs, on Foscam’s camera’s this functionality “can’t be switched off without applying a firmware update plus an additional patch that the company only released after repeated pleas from users on its support forum.”

Krebs contacted Nicholas Weaver, a senior researcher in networking and security for the International Computer Science Institute, who described it as “an insanely bad idea.”

“It opens up all Foscam users not only to attacks on their cameras themselves (which may be very sensitive), but an exploit of the camera also enables further intrusions into the home network. Given the seemingly cavalier attitude and the almost certain lack of automatic updates, it is almost certain that these devices are remotely exploitable,” Weaver told Krebs.

Consumers may not be aware that their internet-enabled devices may already be reaching out to the Internet of Things. Last May a user also discovered a DVR that was contacting the same IP address in China. And a few months earlier, another security-watcher noted a similar P2P behavior in a smart plug he’d purchased which allows lights to be switched off remotely using a mobile phone.

“Our houses and offices are more and more infested by electronic devices embedding a real computer with an operating system and storage…” he wrote on the “Internet Storm Center” site. Though the product’s packaging made no mention of this functionality, his plugs were also attempting to contact that same peer-to-peer network.

“It’s not a major security issue but this story enforces what we already know (and be afraid) about IoT: those devices have weak configuration and they lack visibility/documentation about their behavior,” the user, Xavier Mertens, wrote. “Take care when connecting them on your network.”
http://thenewstack.io/snooping-webca...ternet-things/





Devices on Public Buses in Maryland are Listening to Private Conversations

Passenger conversations are being recorded on public buses.
Ovetta Wiggins

The Maryland Senate on Tuesday delayed action on a bill that would clamp down on when public buses and trains can record the private conversations of their passengers.

Sen. Robert A. Zirkin (D-Baltimore County), chair of the Senate Judicial Proceedings, which unanimously voted for the measure to move to the Senate floor, said he wanted the committee to address an amendment offered by some of those who are concerned about costs associated with the bill.

The bill is likely to be considered by the Senate on Wednesday, he said.

“What [the Maryland Transit Administration] is doing is a mass surveillance,” Zirkin said.

“I find it outrageous,” he said. “I don’t want to overstate it, but this is the issue of our generation. As technology advances, it becomes easier and easier to encroach on people’s civil liberties.”

While Zirkin and other proponents argue that the technology, which has been in use since 2012, is an infringement on civil liberties, the bill’s opponents say the recordings are a necessary tool for homeland security.

The bill, which would affect MTA buses in the Baltimore area, Ride On buses in Montgomery County and TheBus in Prince George’s County, creates guidelines for audio recordings and places limits on when they can be made.

MTA began using recording devices inside some of its buses in 2012, without seeking legislative approval. Nearly 500 of its fleet of 750 buses now have audio recording capabilities. Officials say the devices can capture important information in cases of driver error or an attack or altercation on a bus.

Under the bill, recording devices would have to be installed near a bus or train operators’ seat. The devices would be controlled by the driver and could be activated only in the event of a public-safety incident.

The legislation to limit the recordings came to the Senate floor last week, but a vote was delayed until Tuesday after several lawmakers raised questions about how much it would cost to retrofit or replace existing recording equipment to meet the bill’s requirements.

Some lawmakers raised the issue of security. Several asked for the delay to allow time to draft amendments.

“I can make an argument to tape everybody, everywhere, everywhere they walk, everywhere they talk, and you can make the excuse for homeland security,” Zirkin said. “But that is not a valid reason to encroach this fundamentally on people’s privacy rights.”
This is the fourth time in four years that the bill to limit the recordings has been introduced. Previous pieces of legislation have never made it out of committee, but Zirkin’s committee unanimously approved it this year.

Senate President Thomas V. Mike Miller Jr. (D-Calvert) indicated last week that he doesn’t like the bill and would probably vote against it because he feels the limitations could compromise security, and he does not want to incur the cost of replacing existing equipment.

The Judicial Proceedings Committee will hear testimony Tuesday afternoon on a bill that would change the way police officers in Maryland are trained and the process they go through when they are accused of misconduct.

The legislation, which was heard in the House last week, was created after the spring’s riots in Baltimore and repeated calls from criminal justice advocates for police reform.

Also on Tuesday, the House Appropriations Committee is scheduled to hold a hearing on a proposal to ban firearms at public colleges and universities in the state, including community colleges. Under existing law, schools can set their own gun policies, as long as they comply with Maryland statutes. Some schools prohibit firearms outright, while others allow them with permission from campus police.

The gun legislation, sponsored by Sen. Richard S. Madaleno Jr. (D-Montgomery) and Del. Benjamin S. Barnes (D-Prince George’s), is partly a response to a wave of mass shootings across the nation in recent years. Schools that include Virginia Tech and Oregon’s Umpqua Community College have experienced such deadly shootings, and Washington College on the Eastern Shore was shut down for a week in the fall while authorities tried to track down a student who had allegedly displayed a gun on campus.

House Speaker Michael E. Busch (D-Anne Arundel) and Senate President Miller joined other Democratic lawmakers in announcing support for the gun ban last month.

Josh Hicks contributed to this report.
https://www.washingtonpost.com/local...de1_story.html





News Corp Faces U.S. Trial Over Monopoly of In-Store Ads
Nate Raymond

News Corp (NWSA.O) went to trial on Monday in a class action lawsuit that accuses the company of monopolizing the market for in-store promotions at some 52,500 retail stores across the United States.

Jury selection got underway in federal court in Manhattan in an antitrust lawsuit filed by consumer packaged goods companies including Dial Corp, Kraft Heinz Foods Co [HJHC.UL] and Smithfield Foods Inc [SFII.UL].

The lawsuit claims News Corp has monopolized the U.S. market for in-store promotion services, where it acts as a middleman to help companies promote goods through coupon dispensers, electronic signs, end-of-aisle displays and shopping cart ads.

The plaintiffs said News Corp, which is controlled by billionaire Rupert Murdoch, has dominated this market since 2004 by locking up exclusive long-term contracts with retailers.

By 2009, the plaintiffs said News Corp controlled 90.5 percent of the market. In 2014, its sole remaining competitor, Valassis Communications Inc [VCII.UL], abandoned the business, according to court papers.

The plaintiffs said News Corp's anti-competitive conduct forced them to pay artificially high prices to promote such goods as Dial soap and Heinz ketchup.

It's unclear from court records how much in damages News Corp could face.

While the plaintiffs had until recently been seeking damages that could reach $2.5 billion if tripled by a federal judge under U.S. antitrust law, pre-trial rulings have recently limited News Corp's potential liability.

News Corp has denied the plaintiffs' allegations, and says it has "acted lawfully at all times, and caused no harm to competition or the competitive process."

The litigation is part of a long-running battle over News Corp's marketing operations.

In January 2010, the New York-based company agreed to pay $500 million to end rival Valassis's [VCII.UL] antitrust lawsuit over the newspaper coupon market.

The case is Dial Corp et al v. News Corp et al, U.S. District Court, Southern District of New York, No. 13-06802.

(Editing by Bernadette Baum)
http://uk.reuters.com/article/uk-new...-idUKKCN0W222G





Donald Trump: We're Going to 'Open Up' Libel Laws
Hadas Gold

Donald Trump said on Friday he plans to change libel laws in the United States so that he can have an easier time suing news organizations.

During a rally in Fort Worth, Texas, Trump began his usual tirade against newspapers such as The New York Times and The Washington Post, saying they're "losing money" and are "dishonest." The Republican presidential candidate then took a different turn, suggesting that when he's president they'll "have problems."

"One of the things I'm going to do if I win, and I hope we do and we're certainly leading. I'm going to open up our libel laws so when they write purposely negative and horrible and false articles, we can sue them and win lots of money. We're going to open up those libel laws. So when The New York Times writes a hit piece which is a total disgrace or when The Washington Post, which is there for other reasons, writes a hit piece, we can sue them and win money instead of having no chance of winning because they're totally protected," Trump said.

Under current law, largely determined at the state instead of federal level, public persons, such as politicians, can win a suit against a media organization only if the person can prove that the publication published information with actual malice, knowing it to be wholly incorrect, as well as in cases of reckless disregard. The case that set this precedent — New York Times Co. v. Sullivan — was decided by the Supreme Court in 1964.

"You see, with me, they're not protected, because I'm not like other people but I'm not taking money. I'm not taking their money," Trump said on Friday. "We're going to open up libel laws, and we're going to have people sue you like you've never got sued before."
http://www.politico.com/blogs/on-med...el-laws-219866





Japanese Court Demands ‘Right to be Forgotten’ for Sex Offender
Alice MacGregor

A Tokyo court has ordered that Google remove any results linked to the arrest of a man, after a judge ruled that he deserves to rebuild his life ‘unhindered’ by online records of his criminal history.

Citing the right to be forgotten, the Saitma district court demanded the removal of all personal information online related to the conviction. While the decision was made back in December, the case has only recently been revealed publicly following the discovery of leaked court papers.

The news is expected to spark controversy in Japan over whether legal authorities should have the power to resolve an individual’s right to privacy, in the case of a crime committed in the past. The question remains if freedom of information and the public’s right to know should remain in tact.

Judge Hisaki Kobayashi argued that, dependent on the nature of the crime, an individual should be able to go through a fair rehabilitation process, which would include a clean sheet on their online records after a certain amount of time has passed.

“Criminals who were exposed to the public due to media reports of their arrest are entitled to the benefit of having their private life respected and their rehabilitation unhindered,” said Kobayashi, according to local Japanese reports. He added that without this protection it would be extremely hard for an individual to lead a normal life.

In this case, the unnamed man had requested that information from more than three years ago, related to his child prostitution and pornography crimes (for which he was fined 500,000 yen – approx. £3,170), be removed from Google’s results. He complained that whenever his name or address is typed into the search bar, the case appears.

While the man’s record no longer appears in the search results, Google has still appealed against the ruling in the high court.
https://thestack.com/world/2016/03/0...-sex-offender/





Samsung is Building 256GB Memory Chips for Smartphones

The flash chips have double the read speed of a typical SSD.
Steve Dent

Your smartphone may soon have as much storage as a typical PC. Samsung has announced that it's mass producing 256GB embedded chips, double what it had last year, using the Universal Flash Storage (UFS) 2.0 standard. That gives them read speeds nearly twice that of typical SATA-based SSDs at 850MB/s, though write speeds are lower at 250MB/s. It also supports 45,000 IOPS, more than double the speed of last-gen UFS memory. Samsung's memory division VP says the company is "moving aggressively to enhance performance and capacity" of smartphone memory and SSD products, too.

The company says that the high 256GB capacity will make it possible to store weighty content like 4K movies and also transfer them faster thanks to the USB 3.0 interface. We're not sure if you've downloaded too many 360-degree movies lately, but those are not exactly lightweight, either -- and Samsung, for one, has made a bit bet on virtual reality. The company has started production of the chips and will ramp it up in line with global demand.
http://www.engadget.com/2016/02/25/s...r-smartphones/





Samsung Ships the World's Highest Capacity SSD, with 15TB of Storage

Samsung revealed it was working on the drive last August
Lucas Mearian

Samsung Electronics announced Wednesday that it is now shipping the industry's highest-capacity solid-state drive (SSD), the 15.36TB PM1633a.

Samsung revealed it was working on the drive last August, saying it would use the same form factor as for a laptop computer: 2.5-in.

The 2.5-in SSD is based on a 12Gbps Serial Attached SCSI (SAS) interface for use in enterprise storage systems. The PM1633a has blazing fast performance, with random read and write speeds of up to 200,000 and 32,000 I/Os per second (IOPS), respectively. It delivers sequential read and write speeds of up to 1200MBps, the company said. A typical SATA SSD can peak at about 550MBps.

Because the PM1633a comes in a 2.5-in. form factor, IT managers can fit twice as many of the drives in a standard 19-in. 2U (3.5-in.) rack, compared to an equivalent 3.5-in. storage drive. The SSD also sets a new bar for sustainability, Samsung said. The 15.36TB PM1633a drive supports one full drive write per day, which means 15.36TB of data can be written every day on a single drive without failure.

The SSD can write from two to 10 times as much data as typical SATA SSDs based on planar MLC and TLC NAND flash technologies.

Samsung said it is betting on the PM1633a SSD line-up to "rapidly become" the overwhelming favorite over hard disks for enterprise storage systems.

"To satisfy an increasing market need for ultra-high-capacity SAS SSDs from leading enterprise storage system manufacturers, we are directing our best efforts toward meeting our customers' SSD requests," Jung-bae Lee, senior vice president of Samsung Electronic's Application Engineering Team, said in a statement. The performance of the PM1633a SSD is based on four factors: the 3D NAND (vertical NAND or V-NAND) chips; 16GB of DRAM; Samsung's proprietary controller chip; and the 12Gbps SAS interface.

The random read IOPS performance is about 1,000 times that of SAS-type hard disk drives and the sequential read and write speeds are more than twice the speed of a typical SATA SSD, the company said.

Combining 512 of Samsung's 256Gbit V-NAND memory chips enables the SSD's unprecedented 15.36TB of data storage capacity in a single drive. V-NAND, or 3D NAND, is a way of stacking NAND cells one atop another like a microscopic skyscraper. Not only does it double the density of standard planar NAND chips, from 128Gbits to 256Gbits, it also increases performance.

Samsung originally announced the 48-layer V-NAND last August, saying it also sports 3-bits per cell or multi-level cell (MLC) NAND technology.

In the V-NAND chip, each cell utilizes the same 3D Charge Trap Flash (CTF) structure in which the cell arrays are stacked vertically to form a 48-storied mass that is electrically connected through 1.8 billion channel holes vertically punching through the arrays by using a special etching technology. In total, each chip contains more than 85.3 billion cells. They each can store 3 bits of data, resulting in 256 billion bits of data -- in other words, 256Gb on a chip that's larger than the tip of a finger.

The 256Gb dies are stacked in 16 layers to form a single 512GB package, with a total of 32 NAND flash packages in the 15.36TB drive. Utilizing Samsung's third-generation, 256-gigabit (Gb) V-NAND technology, which stacks cell-arrays in 48 layers, the PM1633a line-up is expected to be faster and more reliable than its predecessor, the PM1633. That model used Samsung's second-generation, 32-layer, 128Gb V-NAND memory.

In 2014, Samsung became the first company to announce a 3D NAND flash chip with a 3-bit MLC architecture. In October 2014, the company announced it was mass producing a 32-layer V-NAND chip. Then, last August, it followed up by mass producing a 48-layer V-NAND chip.

While Samsung may be the first to do so, it's not alone in developing 48-layer 3D NAND chips. Last year, SanDisk and Toshiba announced that they were also preparing to manufacture 256Gbit, 3-bit-per-cell (X3) 48-layer 3D NAND flash chips that offer twice the capacity of their previously densest memory.

Intel and Micron have also announced 3D NAND products. The two companies boasted that their technology would enable gum-stick-sized SSDs with more than 3.5 terabytes (TB) of storage and standard 2.5-in. SSDs with greater than 10TB.

Along with the 15.36TB model, Samsung will offer the PM1633a SSD in 7.68TB, 3.84TB, 1.92TB, 960GB and 480GB versions later this year. Because the SSDs are targeted at enterprise use, and will be sold to resellers who'll determine the retail prices, Samsung did not announce its own pricing for the drives.
http://www.computerworld.com/article...html?nsdr=true





Technics Explains Why its New SL-1200 Turntable Costs $4,000

The new model was designed and built "from scratch."
Billy Steele

Back at CES, Panasonic's revived Technics brand pulled the wraps off of its new direct-drive SL-1200 turntable. While that announcement surely kicked up all sorts of feelings, the new gear comes with a steep price tag: $4,000. As many have noted, that's a dramatic increase from what Technics' turntables used to go for before the brand was discontinued. What Hi-Fi reports that new materials, including a new motor, and increased production costs are the reasons you'll need to empty your savings account to nab one later this year.

"Because the original 1210 turntables were manufactured for so many years, the manufacturing process had got to a very low cost," Technics CTO Tetsuya Itani told What Hi-Fi. "Now we need to invest in all the tools again, and the price now is much higher than the 1970s."

Itani explained that all of the tools used during the manufacturing process were either gone or damaged, except for the dust cover's die. In fact, that's the only part of the new SL-1200G that isn't new. The Technics CTO goes on to say that the upcoming model was designed and built "from scratch," using a lot less plastic that the previous version with a newly designed cordless direct-drive motor. According to Itani, the changes put the new SL-1200 more on the level of the heavy-duty high-fi SP10 MK II performance-wise, a turntable that launched in the 1970s.

If the $4,000 (just under £3000) doesn't deter you, you'll have to wait until late 2016 to pick up the SL-1200G. There's a special edition SL-1200GAE that's slated for a June release, but there's no word on specifics there just yet. Itani says Technics is considering a more affordable model, but admits the company "needs to study" before making any concrete plans.
http://www.engadget.com/2016/02/29/t...rntable-price/





'What You Can't Afford it?' Kanye West SLAMMED for Pirating Music Programme by Deadmau5... after 'Discussing Legal Action Against Pirate Bay'

Kanye West is at the centre of controversy once again.

The 38-year-old rapper took to Twitter to share a photo of his laptop screen to show that he was listening to a Sufjan Stevens song but hawk-eyed fans found something much more interesting about the snap.

One of the tabs Kanye had open in his web browser read 'Pirate Bay Torrent Xfe...' which lead many to believe that he could have been downloading an illegal torrent.

Others, including EDM producer Deadmau5, even accused him of stealing wavetable synthesizer programme Serum by Xfer Records as 'Xfer Records Serum t..' could be seen in another one of the tabs.

The music production programme, which retails for $189, is used to produce high-quality sound with an easy-to-use interface.

Deadmau5 , who also cofounded Xfer Records, was quick to chime in on the allegations as he tweeted to Kanye: 'What the f*** @kanyewest ... Can't afford serum? D***.'

The 35-year-old music producer - real name Joel Thomas Zimmerman - did not stop there as he continued: 'Let's start a Kickstarter to help @kanyewest afford a copy of Serum.'

The Ghost & Stuff hitmaker finished off the social media rant with: 'He needs a small loan of 200$ #prayforyeezy.'

One user posted: '@kanyewest torrenting serum? nice. @steve_duda congrats you've made it.'

Steve Duda is a musical artist who is close friends and often works with Deadmau5, who also creates plugins used for music production under his Xfer Records brand which sells Serum.

Another Twitter user wrote: '@kanyewest DOG IM SURE U CAN AFFORD SERUM CMON MAN.'

This comes just weeks after it was reported that the Good Life hitmaker was considering a lawsuit against the file-sharing site Pirate Bay.

'Kanye is going to meet with his legal team to discuss the possibilities of starting legal action against torrent site Pirate Bay,' a source told HollywoodLife.com.

Within 24 hours of it's release, Kanye's latest album The Life Of Pablo was reportedly pirated 500K times and the husband of Kim Kardashian was not happy about losing those profits.

The insider for the gossip site also explained that Kanye is 'furious because he's potentially lost millions of dollars.'

Just a few weeks ago the artist who refers to himself as Yeezus claimed to be $53 million in debt.

This all comes to a head as the tension over money and power has been thrust into the public eye after he took to Twitter last month to open up about his debt and even make a public plea to Mark Zuckerberg to 'invest 1 billion dollars into Kanye West ideas.'

After making the public appeal, he then claimed he had a great response, with 'billionaires and hedge fund guys' quickly getting in touch.

However, he has launched into another late night Twitter rant where he said he wouldn't 'let people use my debt against me.'

He started the rant by saying: 'For the past 3 years people who knew about the debt tried to use it against me in negotiations.

'You can’t control me or use the debt against me no more.

'Money doesn’t make me who I am. I wanted the world to know my struggle.

'You can point fingers and laugh, but for all entrepreneurs with families this country was built off of dreamers … never give up on your dreams, bro… my dreams brought me into debt and I’m close to seeing the light of day.'

And he continued his rant by saying: 'Perhaps Adidas will do some big Lebron style deal or perhaps a fashion group will cover the 53 that I’ve invested over the past 13 years.'
http://www.dailymail.co.uk/tvshowbiz...programme.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

February 27th, February 20th, February 13th, February 6th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 02:16 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)