P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 03-03-23, 07:26 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - March 4th, ’23

Since 2002































March 4th, 2023




Covid Pandemic Fed Dramatic Spike In Global Film Piracy, U.S. Trade Rep Report Says
David Robb

The global piracy of films increased dramatically during the Covid pandemic, according to the latest report from the Office of the U.S. Trade Representative.

“The onset of the Covid-19 pandemic led to an unprecedented spike in online piracy, with lockdowns and health concerns simultaneously shuttering cinemas, concert halls, and other venues for creative works and forcing people to stay home,” the report found.

In early 2020, film piracy increased by 41% in the United States, 43% in the U.K., 50% in Spain, 62% in India, and 66% in Italy, which the report said is “very concerning for the workers who contributed to the production of the creative works in question.”

See the full report here.

The report found that while this spike in the viewing of pirated films “was an outlier, troubling trends continue to exist across all media sectors.” Muso, a data company that measurers global piracy, found that from January to August 2022 there was a 21.9% increase in visits to piracy websites over the same eight-month period in 2021.

All industry sectors examined in the Muso report – including television, film, publishing, music, and software – saw an increase in piracy, and film piracy traffic increased the most dramatically, growing by 49.1% year-on-year.

“It is evident that the global demand for digital media and entertainment content is increasing, and that piracy continues to be an extremely prevalent means of accessing this content, despite the harm it causes workers involved in its creation,” the Trade Representative report says.

“Online piracy has real consequences and harms the economic security of workers in the entertainment, media, and other creative industries. Pirating of digital media can result in lowered revenues and wages across the industry, impairing workers’ benefits and job security. Copyright enforcement plays a central role in preventing online piracy. As technological development and the ubiquity of the Internet facilitate the high-speed, low-cost reproduction and transmission of digital content, strong copyright protection remains one of the best ways to support workers in the creative sectors. The Covid-19 pandemic accelerated the consumption of digital media across the globe, highlighting the importance of preventing online piracy and protecting the livelihoods of workers who rely on IP protections, not just in the United States but also internationally.”

The report makes clear that copyright holders are not the only ones hurt by piracy. Workers in the entertainment industry are also harmed. “Online piracy is not only highly detrimental to the U.S. economy as a whole, but it also has a strong impact on the everyday lives of individual workers. The structure of compensation in the entertainment industry, in which royalties and residuals are a significant portion of total pay and benefits, makes the impact of piracy on workers even more pernicious. As methods of online piracy continue to evolve, efforts to monitor and address digital content theft must do so as well, and effective enforcement action will require government and stakeholder coordination on how to best address this problem.”
https://news.yahoo.com/covid-pandemi...174800520.html





You can Watch Pluto TV in VLC, and the MPA Considers this Piracy

The Motion Picture Association issued a DMCA notice to a playlist of publicly available URLs that let you watch ad-supported streams from Pluto TV on your video player of choice. But how exactly is that piracy?
Chris Person

The Motion Picture Association (MPA) issued a DMCA notice to a GitHub repo that contained a playlist that let viewers watch Pluto TVs streams on their own apps, such as VLC, MPV, and Tvheadend. The move was first noticed by TorrentFreak, and GitHub has complied and removed the repo, which ultimately does nothing. If you still have a tiny text file, you can still do exactly what the MPA tried to stop.

Pluto TV, for those who do not watch it, is a service owned by Paramount that allows users to legally stream movies and TV shows free of charge on many devices. They have a mobile app, apps for Xbox and PlayStation, smart TVs, and dongles. Users do not even need to sign up to use it. In turn, Pluto’s business model is predicated on serving ads and tracking user behavior. It’s part of a newer breed of streaming product called free ad-supported television, or FAST.

The GitHub repo in question contained M3U playlists to watch Pluto TV’s content via an app like VLC. The repo basically took links that were already available and gathered them in one place. It should be noted that M3U files aren’t torrent files; it’s just a simple playlist file that can direct to local files and web sources. If you are old as sin, like me, you may have used one in the past to make a playlist of MP3s on your iPod. In this instance, the M3U playlist allowed the users to watch Pluto on a simple video player instead of being tethered to Pluto’s.

While this complaint sort of makes sense if you don’t think about it at all, once you dig in, it’s a little baffling. First and most importantly, ads were still being served via the stream; it was just happening via whatever third-party client the user was using. The main difference here is the app being used, and honestly, is that really such a bad thing?

Second and most hilariously, Pluto itself did not encrypt any of its streams. These were publicly available via their API and did not include any kind of DRM. So that raises the question: how does that make it the problem of the GitHub user Mart1nho, some random person who posted an M3U playlist? How is watching a stream with ads, albeit on VLC instead of the Pluto app, piracy? Also, does taking down one GitHub repo really address the issue at hand?

The answer is, well, no. Was I, theoretically, able to find a way to pull the publicly available Pluto channel URLs and compile them into an XML file and another file called playlist.m3u? Perhaps. Was I then able to load those files into the video player of my choice and then stream Pluto’s content through both VLC and mpv.net? Perhaps. Was it a much more enjoyable experience as a result? Yet again, perhaps!

Honestly, I do not see the issue here. I am more inclined to watch Pluto TV if I have a way to do it flexibly on my own video player. Watching Pluto TV did not require a login to begin with. And just so we are clear: I was still being served ads by Pluto TV. Those were baked into the stream. And I am fine with that!

“At the end of the day, this is just about control,” said Katharine Trendacosta, associate director of policy and activism for the Electronic Frontier Foundation (EFF) about this takedown. “The MPA simply doesn’t like the information being out there that you CAN watch on an app they do not have a relationship with. As long as DRM isn’t being BYPASSED (and even then, I’d argue that the fact that you can’t do that even if you have the right to use the material, is unconstitutional) this isn’t illegal.”

While nowhere near as important, this reminds me of a case of DMCA overreach, namely the case of YouTube-dl. For those who do not follow the YouTube downloader software drama the way I do, YouTube-dl was and is a crucial piece of software for downloading videos from YouTube that is used in tons of open-source software. I not only use YouTube-dl; I personally recommend a fork of it, YT-DLP, in a previous article.

GitHub received a takedown notice, complied, and people rightfully complained because it was bullshit. With the help of the EFF, it was eventually overturned. And while I don’t see this happening in this case, it does bring up some questions about the increasing overreach of copyright holders as it relates to publicly available streams. What exactly is the definition of piracy? And who ends up being the target when copyright holders attempt to swing their weight around?

Also, and most importantly, what if this is actually just a better way to watch TV?
https://www.theverge.com/2023/2/28/2...thub-playlists





Reddit Tells Court: Film Studios Spewed “Nonsense” in Demand for Users’ Names

First Amendment covers users who anonymously discussed piracy, Reddit tells court.
Jon Brodkin

Reddit is fighting a film-industry attempt to identify users who discussed piracy, telling a federal court that the studios' request for users' real names should be rejected and that one of the studios' arguments is "nonsense."

"Courts have long recognized that the First Amendment protects online anonymity and have established a stringent standard to use in precisely this scenario, where a litigant seeks to unmask users for the purpose of providing evidence in litigation that does not involve those users... Plaintiffs are far from meeting that strict standard here," Reddit said Tuesday in a filing in US District Court for the Northern District of California.

We detailed the film studios' attempt to unmask Reddit users in a story last week. Reddit has no involvement in the lawsuit that triggered the request for users' identities—the studios behind films such as Hellboy, Rambo V: Last Blood, Tesla, and The Hitman's Bodyguard sued cable broadband provider RCN in a different court, alleging that RCN failed to terminate Internet subscribers who illegally downloaded copyrighted movies. (RCN is now known as Astound Broadband after being combined with several other cable ISPs in the same ownership group.)

In an attempt to prove that RCN turned a blind eye to users downloading copyrighted movies, the film studios subpoenaed Reddit seeking identifying information for specific users who commented in piracy-related threads. After Reddit provided information on only one user, calling the other requests a "fishing expedition," the studios filed a motion to compel Reddit to respond to the subpoena.

Reddit: Users didn’t even mention RCN

Reddit's new motion said the film studios "cannot overcome the Reddit users' First Amendment rights because the users' posts Plaintiffs have identified as the basis for this subpoena are completely irrelevant to Plaintiffs' lawsuit." Reddit continued:

Four of the seven users at issue do not appear to have ever even mentioned RCN, based on the evidence offered by Plaintiffs. They merely refer to "my provider" or "our ISP." And those references are all made in a discussion about Comcast, not RCN. Plaintiffs' argument that the users are "very likely" referring to RCN should be rejected as speculative. Two of the three remaining users did mention RCN, but were discussing issues (such as their customer service experience) unrelated to copyright infringement or Plaintiffs' allegations. And the final user vaguely mentioned RCN arguably in the context of copyright infringement once nine years ago, well beyond any arguably relevant timeframe for Plaintiffs' allegations.

Reddit further argued that the plaintiffs could get the information elsewhere. "Plaintiffs can obtain evidence about RCN's repeat infringer policies in countless ways that do not involve unmasking anonymous online speakers," Reddit told the court. "Most obviously, Plaintiffs could seek discovery directly from RCN. That would be far more efficient than taking wild guesses about which Reddit users might be RCN customers or might have engaged in copyright infringement at some point in the last decade. And, more importantly, it would not involve setting aside the fundamental First Amendment rights of uninvolved third parties."

The film studios, including Bodyguard Productions and Millennium Media, claimed that the users wouldn't be harmed by having their identities revealed. "Plaintiffs are not seeking to retaliate economically or officially against these subscribers," the film studios' motion argued. "Rather, Plaintiffs just wish to discuss the comments the subscribers made and use their comments as evidence that RCN monitors and controls the conduct of its subscribers, RCN has no meaningful policy for terminating repeat infringers and this lax or no policy was a draw for using RCN's service."

A hearing on the filmmakers' motion is scheduled for March 23.

Thread was about Comcast infringement email

Reddit said the studios' assertion that four users who posted in a Comcast thread are "very likely" RCN customers is an "unsupported opinion" and "simply insufficient to support Plaintiffs' request to infringe upon the users' First Amendment rights."

The February 2022 thread was started by a user "explaining that they had received a copyright infringement email from Comcast and expressing that they were 'kinda worried,'" Reddit wrote. "In the year since, there have been over 240 replies in that discussion. Among those hundreds of comments about Comcast's copyright practices, one mentions RCN."

Reddit said it provided identifying information for that one user to the plaintiffs. "But the remaining four Comcast Users are now being targeted merely because they happened to post in the Comcast Thread, despite the fact that none of the users were responding or referring to any discussion of RCN, and none mention RCN themselves," Reddit wrote.

Reddit noted that RCN's market share is minuscule. The Astound broadband group that includes RCN has 1.2 million customers, while Comcast "has more than thirty times RCN's market share," Reddit wrote.

"This context is important to understanding just how absurd it is for Plaintiffs to suggest that any mention of an unnamed ISP in a discussion about Comcast is 'very likely' discussing RCN. It's akin to suggesting that whenever a user mentions a 'car' on a Reddit discussion about Ford, they are 'very likely' talking about an Alfa Romeo," Reddit told the court.

Two of the users referred vaguely to "my provider" or "our ISP," while another said they "work for a national ISP." As Reddit's court filing noted, RCN is a regional ISP.

Film studio claim described as “nonsense”

Reddit acknowledged that two users who commented in other threads appear to be RCN customers but said those users didn't discuss piracy or copyright infringement. One person with the username "compypaq" mentioned that their ISP occasionally resets the user modem, and the film studios claimed that shows RCN "monitors and controls" its subscribers' Internet use.

"It appears that RCN would remotely reset the modem, thus further establishing that RCN monitors and controls its subscribers' conduct," the film studios argued. Reddit's response called that sentence "nonsense."

"Neither the Motion nor the Complaint discusses 'remote' or any other resetting of modems, what that means, or how that would be relevant to a copyright infringement claim," Reddit wrote. "Similarly unexplained is how a reset modem would 'control' subscriber conduct, or what basis Plaintiffs have to believe that u/compypaq, in particular, was being 'controlled' rather than merely suffering a routine Internet outage. In fact, u/compypaq directly rebuts that theory themselves, stating that the modem resets were because 'there was obviously some wiring issue,' as they stopped after u/compypaq moved."

Reddit disputes relevance of 13-year-old post

Reddit and the film companies also disagree on the relevance of a post from over 13 years ago. The studios argued that the 2009 post "establishes that RCN has the technical ability [to monitor users]. If RCN had the ability 13 years ago, it certainly still has the ability now."

The post in question said RCN replaced an error page with branded search results. Reddit told the court that the post doesn't prove what the film studios claim:

This practice is known as NXDOMAIN DNS hijacking, and many ISPs have engaged in it to display advertisements to their customers. It has absolutely nothing to do with copyright infringement or piracy... DNS hijacking does not demonstrate ever-present surveillance or control by an ISP over its users. It instead reflects an ISP's global policy of routing certain DNS calls to an IP address of their choosing.

Reddit also objected to providing the identity of a user who posted in a thread nine years ago that "RCN seems fairly lax." Noting that the lawsuit's allegations all "relate to copyright infringement in 2020" and that the "subpoena identifies a relevant timeframe going back only to 2016," Reddit said the post isn't "directly and materially relevant."
https://arstechnica.com/tech-policy/...r-users-names/





Alliance for Creativity, Entertainment Shuts Down Online Piracy Network Shahed4U in Joint Operation with Egyptian Authorities, Media Companies

(MENAFN) Alliance for Creativity and Entertainment (ACE), an anti-piracy coalition, has collaborated with Egyptian authorities and media companies MBC Group and OSN to shut down the online piracy network Shahed4U. It was the largest takedown in the MENA region for ACE, with this being the third such network to be closed down in recent times. It marks the global expansion of ACE and its partnership with law enforcement and local industry in combating piracy around the world.

Shahed4U was located in Alexandria and Cairo in Egypt, with over 118 domains and attracting 155 million visits per month. It provided access to 68,000 pirated TV series and 18,700 films. More than 25% of the traffic came from Egypt, with the rest coming from Algeria, Saudi Arabia, Turkey, and Jordan.

The CEO of OSN, Joe Kawkabani, believes that shutting down the sites is a significant step towards safeguarding rights in the media industry and promoting a creative ecosystem in the region and globally. Charles Rivkin, Chairman and CEO of the Motion Picture Association and Chairman of ACE, added that building local and regional connections and increasing ACE's global reach is fundamental to achieving the coalition's objective of eradicating illegal content distribution and protecting the legal marketplace for content creators.
https://menafn.com/1105683201/Allian...edia-companies





How Fake Copyright Complaints are Muzzling Journalists
BBC Trending

Journalists have been forced to temporarily take down articles critical of powerful oil lobbyists due to the exploitation of US copyright law, according to a new report.

At least five such articles have been subject to fake copyright claims, including one by the respected South African newspaper Mail & Guardian, according to the Organized Crime and Corruption Reporting Project (OCCRP).

The claims - which falsely assert ownership of the stories - have been made by mystery individuals under the US Digital Millennium Copyright Act (DMCA), a law meant to protect copyright holders.

Just last month, three separate false copyright claims were made against Diario Rombe, an investigative news outlet that focusses on Equatorial Guinea.

The articles under attack are about the president of Equatorial Guinea's son, Gabriel Mbaga Obiang Lima, and his close associate, Cameroonian businessman and lawyer NJ Ayuk.

The OCCRP claimed in a report published on Wednesday that the DMCA process was often abused by "unknown parties" who create backdated fake articles to target critical news reports.

Under the US law, any online author saying that their content has been stolen can seek to have what they claim is the infringing material "taken down" by triggering a formal legal process through web servers who host the material.

The process differs depending on the server provider, but it can mean content is removed from the web for weeks while the genuine author proves their credentials.

The OCCRP is yet to discover who is behind the attacks, however all the stories were critical of NJ Ayuk.

NJ Ayuk, also known as Njock Ayuk Eyong, is the CEO of African law firm Centurion Law Group and the founder of the African Energy Chamber (AEC). He is also an outspoken advocate of the oil industry in Africa.

Mr Ayuk has a close relationship with the other subject of two of the stories, Gabriel Mbaga Obiang Lima. Mr Obiang Lima was Equatorial Guinea's Minister of Mines and Hydrocarbons until a recent cabinet reshuffle.

Mr Ayuk has issued press releases from Centurion Law Group and the AEC which publicly attack journalists criticising his oil lobbying activities and questioning his close relationship with Mr Obiang Lima.

The first known false copyright claim to target reports on Mr Ayuk was made in 2019, following the publication of an article in South Africa's Mail & Guardian (M&G) titled Fraudster named in SA's oil deal.

The story examined Mr Ayuk's involvement in an oil deal between South Africa and South Sudan worth hundreds of millions of dollars. It revealed that Mr Ayuk was convicted of fraud in the US in 2007 after pleading guilty to illegally using the stationery and signature stamp of a congressman to obtain visas for fellow Cameroonians.

After the story was published, the M&G's web server Linode was contacted by an "Ian Simpson", claiming he was the original author of the piece. Linode took down the news outlet's entire website for a morning in response to the complaint.

M&G investigated and found that the US address given did not exist and that there were no other traces online of this alleged author. M&G concluded that "Simpson" and his article were fakes but Linode forced the newspaper to take down its article about Mr Ayuk before it would restore the rest of the M&G website.

Writing about the takedown, the M&G called this a "censorship attack".

Last November during the UN's climate summit COP27, UK-based Climate Home News published an article about Mr Ayuk launching a partnership with two UN agencies called UN gives platform to convicted fraudster lobbying for African gas.

The article highlighted the role of the African Energy Chamber in the UN's flagship Team Energy Africa private investments initiative and referenced Mr Ayuk's US fraud conviction.

The UN cancelled the initiative following the publication.

Two weeks later, Climate Home News' server AWS received copyright claims on both articles from "Thomas L Pierce" and "Marcus A Webre". The OCCRP was unable to trace the complainants, and emails to their provided addresses went unanswered.

AWS told Climate Home that it might have to take action against Climate Home News unless it could confirm that the matter had been successfully addressed.

Climate Home editor Megan Darby removed the articles while addressing the false claims with AWS. It took several weeks before Climate Home was able to reinstate the articles.

Ms Darby told the OCCRP: "These bogus allegations look like a devious tactic to suppress independent journalism."

Earlier this year, unknown parties filed three complaints against independent investigative outlet Diario Rombe over articles authored by them. Two were with its server Cloudflare and one with Google. They targeted two 2021 articles published in collaboration with OCCRP which were critical of Mr Ayuk and his relationship with Mr Obiang Lima.

All three complaints appear to have originated from South Africa. The OCCRP said that it could not establish whether the purported claimants "Lavino Siqueira" and "Mark E Bailey" were real people, and again, emails to their addresses went unanswered.

Google removed the second article from its search results. It reinstated the piece only after Diario Rombe filed a so-called "counter-notice".

Diario Rombe editor Delfin Mocache Massoko said: "These copyright complaints for a small outlet without funds like Diario Rombe do huge damage to our work. I believe that the author has a single mission, to eliminate all negative information about Mr Ayuk and Lima from the internet."

When contacted by the BBC, Mr Ayuk strongly denied corruption allegations and said he, the AEC and Centurion Law Group denied the allegations made by the OCCRP including in relation to fake copyright claims.

Gabriel Mgeba Obiang Lima did not respond to requests for comment at time of publication.

The OCCRP contacted AWS, Google and Cloudflare for comment on the bogus copyright complaints, but they did not respond.
https://www.bbc.com/news/world-africa-64798469





CNET is Doing Big Layoffs Just Weeks After AI-Generated Stories Came to Light

The cuts come from Red Ventures, the private equity-backed media company that bought CNET in 2020.
Mia Sato

Just weeks after news broke that tech site CNET was quietly using artificial intelligence to produce articles, the company is doing extensive layoffs that include several longtime employees, according to multiple people with knowledge of the situation. The layoffs total around a dozen people, a CNET staffer says, or about 10 percent of the public masthead.

CNET editor in chief Connie Guglielmo will also step down from her role and become the senior vice president of AI content strategy and editor-at-large, according to a draft blog post circulated internally and obtained by The Verge. She will be replaced by Adam Auriemma, former editor in chief of another Red Ventures-owned outlet, NextAdvisor. NextAdvisor appears to have shut down; it hasn’t tweeted since January, its website now redirects to CNET, and it no longer appears on Red Ventures’ list of brands.

The layoffs began Thursday morning and were announced internally via email by Red Ventures, the private equity-backed marketing-turned-media company that bought CNET in 2020. In the email, a Red Ventures executive suggested the cuts were made to focus CNET on areas where the site can succeed at bringing in traffic on Google search — a top priority for the company.

“To prepare ourselves for a strong future, we will need to focus on how we simplify our operations and our tech stack, and also on how we invest our time and energy,” wrote Carlos Angrisano, president of financial services and the CNET Group at Red Ventures.

CNET will focus on “authority,” a metric Google considers in search rankings

Angrisano says implicitly what Red Ventures’ — and CNET’s — focus will be going forward: coverage areas where the company has “a high degree of authority, relevance, differentiation” and can “make a large difference in the lives” of audiences. “Authority” is among the metrics that Google stresses to websites as it decides what content ranks highly in search.

Under Red Ventures, former CNET employees say the venerated publication’s focus increasingly became winning Google searches by prioritizing SEO. On these highly trafficked articles, the company crams in lucrative affiliate marketing ads for things like loans or credit cards, cashing in every time a reader signs up.

In the email, Angrisano said CNET would focus on consumer technology, home and wellness, energy, broadband, and personal finance — the sections Red Ventures could best monetize, a current staffer says.

“But those sections are shadows of what they once were, particularly home,” the staffer says. “If you want to do that section the right way, you don’t sell off your Smart Home, get rid of its video team and cripple your editorial staff.”

In January, Futurism reported that CNET had published dozens of articles since last November that were generated using AI tools, much to the surprise of readers — the outlet hadn’t formally announced it was doing so. Other Red Ventures-owned properties, Bankrate and CreditCards.com, had also been publishing similar pieces. The company paused the practice after public outcry and factual errors in stories and promised to do an audit of all articles using AI systems. On CNET, more than half of the articles eventually had corrections made to them.

Though the AI-generated stories were put on pause in January, Red Ventures is preparing to deploy the tool again soon, according to an internal meeting held in late February, first reported by Futurism and confirmed by The Verge. In her new role, Guglielmo will work on machine learning strategies across Red Ventures, according to the memo circulated today. The news is expected to be announced tomorrow.

Are you a former or current CNET / Red Ventures employee? I’d love to hear from you. Contact me at mia@theverge.com, and I’ll share my Signal.

Even beyond the shift to affiliate marketing, former CNET staff told The Verge that working conditions under Red Ventures deteriorated since the acquisition. Former staff recounted multiple instances in which CNET employees were pressured to change their coverage of companies that advertised with Red Ventures — a flagrant violation of journalistic ethics that put CNET’s editorial independence at serious risk.

Ivey O’Neal, senior communications manager for CNET, confirmed the layoffs in an email to The Verge. “Today, the CNET Group implemented a reorganization of the team, which unfortunately meant saying goodbye to a number of colleagues,” O’Neal writes. “While it was a difficult decision to let employees go, we believe this is critical for the longevity and future growth of the business.”
https://www.theverge.com/2023/3/2/23...o-red-ventures





White House Cybersecurity Strategy Stresses Software Safety
Eric Tucker and Frank Bajak

An ambitious and wide-ranging White House cybersecurity plan released Thursday calls for bolstering protections on critical sectors and making software companies legally liable when their products don’t meet basic standards. The strategy document promises to use “all instruments of national power” to pre-empt cyberattacks.

The Democratic administration also said it would work to “impose robust and clear limits” on private sector data collection, including of geolocation and health information.

“We still have a long way to go before every American feels confident that cyberspace is safe for them,” acting national cyber director Kemba Walden said during an online forum on Thursday. “We expect school districts to go toe-to-toe with transnational criminal organizations largely by themselves. This isn’t just unfair. It’s ineffective.”

The strategy largely codifies work already underway during the last two years following a spate of high-profile ransomware attacks on critical infrastructure. A 2021 attack on a major fuel pipeline caused panic at the pump, resulting in an East Coast fuel shortage, and other damaging attacks made cybersecurity a national priority. Russia’s invasion of Ukraine compounded those concerns.

The 35-page document lays the groundwork for better countering rising threats to government agencies, private industry, schools, hospitals and other vital infrastructure that are routinely breached. In the past few weeks, the FBI, U.S. Marshals Service and Dish Network were among the intrusion victims.

“The defense is hardly winning. Every few weeks someone gets hacked terribly,” said Edward Amoroso, CEO of the cybersecurity firm TAG Cyber.

He called the White House strategy largely aspirational. Its boldest initiatives — including stricter rules on breach reporting and software liability — are apt to meet resistance from business and Republicans in Congress.

Brandon Valeriano, former senior adviser to the federal government’s Cyberspace Solarium Commission, agreed.

“There’s a lot to like here. It just lacks a lot of specifics,” said Valeriano, a distinguished senior fellow at the Marine Corp. University. “They produce a document that speaks very much to regulation at a time when the United States is very much against regulation.”

The strategy’s data-collection component is also expected to meet stiff headwinds in Congress, though opinion polls say most Americans favor federal data privacy legislation.

In a new report, the tech data firm Forrester Research said state-sponsored cyberattacks rose nearly 100% between 2019 and 2022 and their nature changed, with a greater percentage now carried out for data destruction and financial theft. The threats are mostly from abroad: Russia-based cybercrooks and state-backed hackers from Russia, China, North Korea and Iran.

President Joe Biden’s administration has already imposed cybersecurity regulations on certain critical industry sectors, such as electric utilities, gas pipelines and nuclear facilities. The strategy calls for expanding them to other vital sectors.

In a statement accompanying the document, Biden says his administration is taking on the “systemic challenge that too much of the responsibility for cybersecurity has fallen on individual users and small organizations.” That will mean shifting legal liability onto software makers, holding companies rather than end users accountable.

As a nation, “we tend to devolve responsibility for cybersecurity downward. We ask individuals, small businesses and local governments to shoulder a significant burden for defending us all,” Walden said.

The White House wants to put greater responsibility on the software companies.

“Too many vendors ignore best practices for secure development, ship products with insecure default configurations or known vulnerabilities, and integrate third-party software of unvetted or unknown provenance,” the document says. That must change, it adds, stating that the White House will work with Congress and the private sector on legislation to establish liability.

The director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, drew an analogy in a speech Monday at Carnegie Mellon University to the automotive industry before consumer advocates led by Ralph Nader forced safety reforms, including seat belts and air bags: “The burden of safety should never fall solely upon the customer. Technology manufacturers must take ownership of the security outcomes for their customers.”

But Amoroso, the cybersecurity executive, called that comparison misguided because software is a different animal, inherently complex with hackers constantly finding ways to break it. The liability initiative is apt to get tied up in the courts as industry resists, he said. “If you are a cybersecurity lawyer this is manna from heaven.”

Asked if it was fair to make software companies liable in court for cyberattack damage, the trade association BSA — The Software Alliance said in a statement: “Cybersecurity is constantly evolving and providing incentives for companies to use best practices in secure software design and development would benefit the entire ecosystem.”

The group, whose members include Microsoft, Adobe, SAP, Oracle and Zoom, added: “We look forward to working with the administration and Congress on any proposed legislation to promote best practices.” Amoroso said he liked positive aspects of the strategy such as securing clean-energy technologies and bolstering the cybersecurity work force, currently short 700,000 workers nationally.

The document also calls for more aggressive efforts to pre-empt cyberattacks by drawing on military, law enforcement and diplomatic tools as well as help from the private sector. Such offensive operations, it says, must take place with “greater speed, scale, and frequency.”

Disruption of hostile cyberactivity through “defending forward” is already happening.

The FBI and U.S. Cyber Command now routinely engage cybercriminals and state-backed hackers in cyberspace, working with foreign partners to thwart ransomware operations and election interference in 2018 and 2020. The government has already deemed ransomware a national security threat and the document says it will continue to use methods such as “hacking the hackers” to combat it.

___

Bajak reported from Boston. AP reporter Rebecca Santana contributed.
https://apnews.com/article/biden-cyb...b63a6031b876f1





Report: ICE and the Secret Service Conducted Illegal Surveillance of Cell Phones
Matthew Guariglia

The Department of Homeland Security’s Inspector General has released a troubling new report detailing how federal agencies like Immigration and Customs Enforcement (ICE), Homeland Security Investigations (HSI), and the Secret Service have conducted surveillance using cell-site simulators (CSS) without proper authorization and in violation of the law. Specifically, the office of the Inspector General found that these agencies did not adhere to federal privacy policy governing the use of CSS and failed to obtain special orders required before using these types of surveillance devices.

Even under exigent circumstances, where law enforcement use of technologies that track cell-phone use are deemed immediately necessary, law enforcement must still get a pen register order. The pen register order is required by statute and policy even though exigency otherwise excuses police from having to obtain a conventional warrant. The Inspector General noted that the agencies didn't follow the rules in these cases either.

Cell-site simulators, also known as "Stingrays" or IMSI catchers, are devices that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower.

Cell-site simulators operate by conducting a general search of all cell phones within the device’s radius, in violation of basic constitutional protections. Law enforcement use cell-site simulators to pinpoint the location of phones with greater accuracy than phone companies. Cell-site simulators can also log IMSI numbers (unique identifying numbers) of all of the mobile devices within a given area.

Unfortunately, the report redacts crucial information regarding the total number of times that each agency used CSS with and without a warrant, and when they used the devices to support external information. The OIG should release this information to the public: knowing the aggregate totals would not harm any active investigation, but rather inform public debate over the agencies' reliance on this invasive technology. Make no mistake, cell-site simulators are mass surveillance that draws in the cell signal and collects data on every phone in the vicinity.

The fact that government agencies are using these devices without the utmost consideration for the privacy and rights of individuals around them is alarming but not surprising. The federal government, and in particular agencies like HSI and ICE, have a dubious and troubling relationship with overbroad collection of private data on individuals. In 2022 we learned that HSI and ICE had used overly-broad warrants to collect bulk financial records concerning people sending money across international borders through companies like Western Union. Mass surveillance of this kind is a massive violation of privacy and has elicited the concern of at least one U.S. senator hoping to probe into these tactics.

Most people carry cell phones on them at any given moment. EFF will continue to fight against careless government use of cell-site simulators, and we will continue to monitor federal agencies that rely on secrecy and a strategic ignorance of the law in order to wield powerful and overly broad surveillance powers and technologies.
https://www.eff.org/deeplinks/2023/0...ce-cell-phones

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

February 25th, February 18th, February 14th, February 4th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 08:35 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)