P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 19-09-18, 06:42 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - September 22nd, ’18

Since 2002


































"Pai abdicated his responsibility to ensure an open internet. Unlike Pai’s FCC, California isn’t run by the big telecom and cable companies." – CA State Senator Scott Wiener, D-11






































September 22nd, 2018




Canada Court Says ISPs Can Charge Studios for Hunting Pirates

If Hollywood wants cooperation, it might have to pay up.
Jon Fingas

It could soon prove expensive for media makers to chase online pirates in Canada. The country's Supreme Court has unanimously ruled that internet providers are entitled to "reasonable" compensation when asked to link pirates' IP addresses to customer details. Voltage Pictures (the production firm behind The Hurt Locker) intended to sue roughly 55,000 customers of telecom giant Rogers for allegedly bootlegging movies, but balked when Rogers wanted to charge $100 per hour to comply with the requests for information. Rogers won the initial Federal Court case, but had to defend itself at the Supreme Court when Voltage appealed the case.

Voltage had insisted that these kinds of fees would make it too costly to pursue pirates. Justice Russell Brown rejected this notion, however, and suggested that media producers could wind up imposing stiff costs on ISPs. He noted that the costs "may well be small" right now, but that it would be wrong to assume that they would always be inconsequential.

Not surprisingly, Rogers characterized the decision as a victory for customers, claiming that millions of people faced "open season" on their personal data if ISPs had to provide info no matter what the cost.

This doesn't mean that Canadian ISPs could ask for blank checks (or rather, cheques). Brown indicated that Rogers should go back to a lower court to prove its costs. Even so, it adds a barrier to Hollywood studios and music labels expecting to track down pirates -- they can't just assume ISPs will work pro bono on their behalf.
https://www.engadget.com/2018/09/16/...nting-pirates/





Prison Sentence Sought for Deadpool Pirate
James Delahunty

Prison sentence sought for Deadpool pirate A man who has admitted to downloading a bootleg copy of Deadpool and then sharing it online could face a prison term.

The Fresno, California resident downloaded a bootleg copy of Deadpool shortly after it debuted in theaters over two years ago and then shared it on Facebook. As a result, the copy of the film was viewed more than 6,386,456 times by Facebook users.

Following his arrested, the individual signed a plea agreement with the government in which he admitted to pirating the popular film and sharing it on the social media platform. He pleaded guilty to a Class A misdemeanor which carried a maximum prison term of a year.

However, the government is recommending a six-month stint.

"[T]he government recommends the high-end sentence of six months' imprisonment, to be followed by a one-year term of supervised release, and a mandatory special assessment of $100," the sentencing position reads.

To justify the request, the government argues that the individual broke the law in a brazen and public manner. It noted, for example, that many users in the comments on Facebook pointed out to him that he was committing a crime, but he scoffed at the warnings.

"Defendant even created a Facebook group for the purpose of illegally sharing movies with others, posting 'EVERYBODY JOIN' in relation to the Facebook group he created called 'BOOTLEG MOVIES'," the government notes.

His defense is seeking a sentence of one year probation.
https://www.afterdawn.com/news/artic...eadpool-pirate





It’s Always DRM’s Fault
John Bergmayer

There was a recent viral story about Apple "deleting" purchased movies from someone's library. As always with these stories, there's a little more to it, but I'm here to tell you that the details don't really matter. And because this is being published on the International Day Against DRM, I'm here to tell you that it's DRM’s fault.

To get the facts straight: Anders G da Silva purchased movies while living in Australia, with his iTunes region set to "Australia." Then he moved to Canada, and found that the movies were no longer available for download -- due, no doubt, to licensing restrictions, including restrictions on Apple itself. While his local copies of the movies were not deleted, they *were* deleted from his cloud library. Given that movies can be up to several gigabytes in size, and because most people are using devices with SSDs with a few hundred gigabytes in storage rather than multi-terabyte hard drives, it is not unreasonable for people to expect that they can delete large files and redownload them later.

To that rare breed of person who carefully reads terms of service and keeps multiple, meticulous backups of important files, da Silva should have expected that his ability to access movies he thought he'd purchased might be cut off because he'd moved from one Commonwealth country to another. Just keep playing your original file! But DRM makes this an unreasonable demand.

First, files with DRM are subject to break at any time. DRM systems are frequently updated, and often rely on phoning home to some server to verify that they can still be played. Some technological or business change may have turned the most carefully backed-up and preserved digital file into just a blob of unreadable encrypted bits.

Second, even if they are still playable, files with DRM are not very portable, and they might not fit in with modern workflows. To stay with the Apple and iTunes example, the old-fashioned way to watch a movie purchased from the iTunes Store would be to download it in the iTunes desktop app, and then watch it there, sync it to a portable device, or keep iTunes running as a "server" in your home where it can be streamed to devices such as the Apple TV.

But this is just not how things are done anymore. To watch an iTunes movie on an Apple TV, you stream or download it from Apple's servers. To watch an iTunes movie on an iPhone, same thing. (And because this is the closed-off ecosystem of DRM'd iTunes movies, if you want to watch your movie on a Roku or an Android phone, you're just out of luck.)

In other words, even if you had carefully kept a backup of your iTunes purchase, and it still played in iTunes, actually watching your movie might at best involve dusting off some outdated and little-used software and at worst might not work at all. (I know from experience that Apple doesn't focus much energy on ensuring that the experience of streaming an iTunes library to an iOS device is bug and hassle-free.)

My takeaway is that, if a seller of DRM'd digital media uses words like "purchase" and "buy," they have at a minimum an obligation to continue to provide additional downloads of that media, in perpetuity. Fine print aside, without that, people simply aren't getting what they think they're getting for their money, and words like "rent" and "borrow" are more appropriate. Of course, there is good reason to think that even then people are not likely to fully understand that "buying" something in the digital world is not the same as buying something in the physical world, and more ambitious measures may be required to ensure that people can still own personal property in the digital marketplace. See the excellent work of Aaron Perzanowski and Jason Schultz on this point. But the bare minimum of "owning" a movie would seem to be the continued ability to actually watch it.

Of course, a company might not want to take on that burden. Or its contracts with content companies may not allow it to. There's a simple solution: Don't sell movies with DRM. It might be good customer service to allow customers to redownload DRM-free movies, but at least with those it can be reasonable to tell them that they should just keep backups. DRM-free media files that are in a reasonably standard format can be expected to play on any hardware for the foreseeable future, can be converted to other formats if not, and so on. Consumers really own them, unlike the case with DRM downloads.

To end things on a bit of a positive note, it has been encouraging to see the movie industry make some progress toward allowing customers to access their purchased media on the devices of their choice. Thanks to the Movies Anywhere initiative, you can link your iTunes, Amazon, Google, and so on accounts together, such that movies purchased on one service show up in your cloud library on all the others. (I have no idea how this interacts with the region issue da Silva encountered.) This is actually pretty cool -- if you watch all your movies on Vudu but there's a sale on iTunes, you can buy the movie there instead. It's almost as cool as not having any DRM at all! The movie industry, at least, has realized that DRM in general gives platform companies a lot of leverage against them, though creating a captive customer base, and moves like this reduce that. Just think how good it would be for the publishing industry and e-book competition if your Kindle library was accessible on Kobo e-readers, and publishers could sell books on non-Amazon platforms and have them automatically appear in Kindle libraries. Similarly, wouldn't it be better if buying the iOS version of an app also gave you access to it on Android? Where some creators might see a few lost sales, the movie industry has shown that reducing dependence on large platforms is in the interest of creators, and DRM lock-in is a major part of platform dominance.

But still, even with incremental progress like Movies Anywhere, the fact is that with DRM, you never truly own the media you thought you bought, and how, where, and whether you can access it can be subject to business and technological considerations beyond your control. It seems to be pretty obvious, too, that ordinary customers simply do not understand the contractual restrictions they are "agreeing" to, and are being misled every day. The simplest way to move past this would be to move past DRM.
https://www.publicknowledge.org/news...ays-drms-fault





'A Public Relations Nightmare': Ticketmaster Recruits Pros for Secret Scalper Program

CBC goes undercover at industry convention in Las Vegas to expose ticket giant’s new scheme
Dave Seglins, Rachel Houlihan, Laura Clementson

Box-office giant Ticketmaster is recruiting professional scalpers who cheat its own system to expand its resale business and squeeze more money out of fans, a CBC News/Toronto Star investigation reveals.

In July, the news outlets sent a pair of reporters undercover to Ticket Summit 2018, a ticketing and live entertainment convention at Caesars Palace in Las Vegas.

Posing as scalpers and equipped with hidden cameras, the journalists were pitched on Ticketmaster's professional reseller program.

Company representatives told them Ticketmaster's resale division turns a blind eye to scalpers who use ticket-buying bots and fake identities to snatch up tickets and then resell them on the site for inflated prices. Those pricey resale tickets include extra fees for Ticketmaster.

"I have brokers that have literally a couple of hundred accounts," one sales representative said. "It's not something that we look at or report."

CBC shared its findings with Alan Cross, a veteran music journalist and host of the radio program The Ongoing History of New Music, who suspects the ticket-buying public will be far from impressed: "This is going to be a public relations nightmare."

He said there have been "whispers of this in the ticket-selling community, but it's never been outlined quite like this before."

"It does seem a bit stinky, doesn't it?"

By partnering with scalpers, Ticketmaster has done an about-face from its position of less than a decade ago when then-CEO Irving Azoff told U.S. legislators: "I believe that scalping and resales should be illegal."

Two floors above the slot machines and blackjack tables at Caesars, Ticketmaster was one of dozens of vendors and speakers at the convention, which bills itself as a "one-of-a-kind networking event" for industry leaders and small businesses alike.

With hidden cameras rolling, he mingled with some of the world's most successful scalpers, documenting candid accounts from players inside this notoriously secretive industry.

Casey Klein, Ticketmaster Resale director, held a session that was closed to the media called "We appreciate your partnership: More brokers are listing with Ticketmaster than ever before."

The audience heard that Ticketmaster has developed a professional reseller program and within the past year launched TradeDesk, a web-based inventory management system for scalpers. The company touts it as "The most powerful ticket sales tool. Ever."

TradeDesk allows scalpers to upload large quantities of tickets purchased from Ticketmaster's site and quickly list them again for resale. With the click of a button, scalpers can hike or drop prices on reams of tickets on Ticketmaster's site based on their assessment of fan demand.

Neither TradeDesk nor the professional reseller program are mentioned anywhere on Ticketmaster's website or in its corporate reports. To access the company's TradeDesk website, a person must first send in a registration request.

Not building a 'better mousetrap'

On the trade show floor, a handful of Ticketmaster salespeople handed out cupcakes, and at two cubicle workstations, they provided online demonstrations of TradeDesk.

One of the presenters, who was unaware he was speaking with undercover journalists, insisted that Ticketmaster's resale division isn't interested in whether clients use automated software and fake identities to bypass the box office's ticket-buying limits.

"If you want to get a good show and the ticket limit is six or eight ... you're not going to make a living on six or eight tickets," he said.

While Ticketmaster has a "buyer abuse" division that looks out for blatantly suspicious online activity, the presenter said the resale division doesn't police TradeDesk users.

"We don't share reports, we don't share names, we don't share account information with the primary site. Period," he said when asked whether he cares if scalpers use bots to buy their tickets.

CBC heard the same message from a different Ticketmaster employee during an online video conference demonstration of TradeDesk at an earlier stage of the undercover investigation back in March.

"We've spent millions of dollars on this tool. The last thing we'd want to do is get brokers caught up to where they can't sell inventory with us," he said when asked whether Ticketmaster will ban scalpers who thwart ticket-buying limits — a direct violation of the company's terms of use.

"We're not trying to build a better mousetrap."

Scalping pays

Ticketmaster, which is owned by Live Nation, the world's largest concert promoter, has made it clear to shareholders that it plans to expand further into the resale market.

As Part 1 of the CBC News/Toronto Star investigation revealed yesterday, resale tickets are particularly lucrative for Ticketmaster because the company charges fees twice on the same ticket.

So, for example, if Ticketmaster collects $25.75 on a $209.50 ticket on the initial sale, when the owner posts it for resale for $400 on the site, the company stands to collect an additional $76 on the same ticket.

CBC News obtained a copy of Ticketmaster's official reseller handbook, which outlines these fees. It also details Ticketmaster's reward system for scalpers. As scalpers hit milestones such as $500,000 or $1 million in annual sales, Ticketmaster will knock a percentage point off its fees.

The Ticketmaster employee who gave the video conference demonstration in March said 100 scalpers in North America, including a handful in Canada, are using TradeDesk to move between a few thousand and several million tickets per year.

"I think our biggest broker right now has probably grabbed around five million," he said.

Cross, who has spent the past two years researching online ticket sales, suspects some fans will read about this and conclude Ticketmaster is colluding with scalpers.

"On one hand, they say, 'We don't like bots,' but on the other hand, 'We have all these clients who may use bots.'"

Music writer Alan Cross answers readers' questions about how to avoid paying exorbitant prices for concert tickets:

Imbalance of supply and demand

Ticketmaster has declined repeated requests for an interview.

CBC and the Toronto Star submitted a list of specific questions about the company's scalper program.

In a statement to CBC News, the company made no mention of the program, nor did it comment on its recruitment effort in Las Vegas.

Ticketmaster did say that as long as there is an imbalance between supply and demand for live events, "there will inevitably be a secondary market."

"As the world's leading ticketing platform, representing thousands of teams, artists and venues, we believe it is our job to offer a marketplace that provides a safe and fair place for fans to shop, buy and sell tickets in both the primary and secondary markets," wrote Catherine Martin, senior vice-president of communications, based in Los Angeles.

But Richard Powers, associate professor at the University of Toronto's Rotman School of Management, says what Ticketmaster is doing is unethical.

With its near monopoly on box-office tickets, Ticketmaster should not also be allowed to profit from the scalping of those same tickets, he says.

"Helping to create a secondary market where purchasers are duped into paying higher prices and securing themselves a second commission should be illegal."

For Alan Cross, the program raises a series of ethical questions:

• Is this a legitimate form of commerce?
• Does it violate any consumer protection laws?
• Is it transparent and fair to consumers?

"It is probably going to trigger some questions," he said, "and if not from governments, certainly from the general public."
https://www.cbc.ca/news/business/a-p...gram-1.4828535





Fans Are Spoofing Spotify With "Fake Plays," And That's A Problem For Music Charts

The spoofing could erode the veracity of widely respected Billboard chart metrics, especially since the fan campaigns appear to be getting more sophisticated.
Blake Montgomery

The Billboard charts have long been the gold standard by which musicians measure their success, but as recent tantrums by the likes of Nicki Minaj have highlighted, the rising influence of streaming services is upending that model — and giving die-hard fans a way to manipulate the data.

A recent release by the Korean pop group BTS prompted its superfandom, millions strong across the globe, to do just that by launching a sophisticated campaign to make sure the boy band reached No. 1.

The strategy employed by the so-called BTS Army went largely like this: Fans in the US created accounts on music streaming services to play BTS’s music and distributed the account logins to fans in other countries via Twitter, email, or the instant messaging platform Slack. The recipients then streamed BTS’s music continuously, often on multiple devices and sometimes with a virtual private network (VPN), which can fake, or “spoof,” locations by rerouting a user’s traffic through several different servers across the world. Some fans will even organize donation drives so other fans can pay for premium streaming accounts.

“Superfans of pop acts have long been doing this sort of thing,” said Mark Mulligan, managing director of the digital media analysis company MIDIA Research. “But if a superfan has decided to listen nonstop to a track, is that fake? If so, how many times do they have to listen to a track continuously before it is deemed ‘fake’?”

One BTS fan group claimed it distributed more than 1,000 Spotify logins, all to make it appear as though more people in the US were streaming BTS’s music and nudge their album Love Yourself: Tear up the Spotify chart, which in turn factors into Billboard’s metrics.

Billboard began incorporating streaming music into chart rankings in 2012 and announced in May that it had finalized changes to how streams are weighted for the Hot 100 (for singles) and Billboard 200 (albums). For streams on a paid service like Spotify Premium or Apple Music, about 1,250 song plays equal one album sale, but on free services, it typically takes around 3,750 streams.

The band reached its self-proclaimed chart-topping goal in May when Love Yourself: Tear debuted at No. 1 on the Hot 200. Love Yourself: Answer did the same in September.

so let me summarize everything @BTS_twt fans accused kris fans of using bots, vpns bc they're salty he's #1 on itunes meanwhile their fanbase is creating us spotify accts for non us fans, using bots to stream on yt (EXPOSEDT BY YT) and offering to pay for people to buy the song https://t.co/l64H9Zsyk8
kat
@rigagirls

so let me summarize everything @BTS_twt fans accused kris fans of using bots, vpns bc they're salty he's #1 on itunes meanwhile their fanbase is creating us spotify accts for non us fans, using bots to stream on yt (EXPOSEDT BY YT) and offering to pay for people to buy the song https://t.co/l64H9Zsyk8
06:07 AM - 21 May 2018
Reply Retweet Favorite


While manipulating streaming plays is becoming a more widely used tactic, it’s unclear just how much of an impact it can have on Drake-level artists. But even if it’s just a drop in the bucket, the fraud could erode the veracity of the widely respected Billboard chart metrics, especially since the fan campaigns appear to be getting more sophisticated. Harry Styles fans weaponized Tumblr accounts and VPNs to promote his first solo single and album in 2017, but BTS fans took the blueprint further, creating tests for wannabe helpers to verify their devotion.

It’s not just the US, either: Rampant allegations of chart manipulation in South Korea recently triggered an investigation by the Ministry of Culture, Sports and Tourism.

After BuzzFeed News reached out to several people about the tactics, one tweet warning the community not to speak to this reporter racked up more than 8,000 retweets, another over 2,000.

Fans also deleted tweets about sharing Spotify accounts, and dozens sent direct messages defending themselves.

Spotify didn’t answer questions about what safeguards are in place, but its user agreement does prohibit “circumventing any territorial restrictions applied by Spotify or its licensors” (free accounts streaming from locations other than their original ones will be deactivated after two weeks), as well as “providing your password to any other person or using any other person’s username and password.” Doing so could lead to suspension or termination of the account.

Apple Music and representatives for BTS did not respond to multiple requests for comment, nor did the three biggest music labels and distributors in the world: Warner Music Group, Universal Music Group, and Sony Music.

But experts say that unless there are truly effective safeguards in place, the ability to set up flash accounts to continually stream an artist’s music — and artificially boost its performance — exposes the Billboard system to fraud.

“The standardized, readily available numbers from Spotify are putting the Billboard charts out of business,” said Peter Fader, a University of Pennsylvania professor of marketing who testified as an expert witness in the 1999 Napster trials and who has extensively researched the industry. “Music lovers are coming to look to Spotify for everything — not only for metrics, but for guidance on which artist we should be listening to, trends in the industry.”

Without detailed data from the major industry players, it’s unclear how many fans are using deceptive tactics to boost musicians and whether they have the power to materially affect the Billboard charts.

Billboard declined to comment to BuzzFeed News, but speaking to the Washington Post in July, senior vice president of charts and data development Silvio Pietroluongo said the company reacts “to the marketplace around us.”

“I think we were fairly nimble on downloading, and even more so on streaming, to make sure we’re reflecting where the music consumer is going,” he said. “Where that will end up, though, I don’t know.”

Sales tracking services Nielsen and the Recording Industry Association of America (RIAA) claim to have safeguards, but neither group would describe their methods. And accounting firm Gelfand, Rennert & Feldman, which for 35 years has audited sales figures for the RIAA, did not answer multiple requests for comment.

“Anytime you have a metric, people will come up with a way to manipulate it,” Fader said. “It invites gameplay.”

While that gameplay does not conclusively prove chart rankings and streaming numbers have been compromised, the industry’s silence raises questions, said journalist Markus Tobiassen, who broke the story on how Tidal inflated the number of times people had streamed famous artists’ albums, falsely boosting the counts by hundreds of millions of plays.

“While we were reporting on Tidal, we went to Billboard and the Norwegian charts and asked them if they counted the hundreds of millions of extra Kanye and Beyoncé plays,” he said. “They said they had safeguards in place, but they couldn’t give us a conclusive answer on whether they had identified them and discounted the extra plays.”

Based on his reporting and a study from the Norwegian University of Science and Technology, Tobiassen said it’s “highly unlikely” Billboard did.

The question is not so much whether these companies have safeguards, he said, but whether those protective measures have independent oversight. Royalties from companies like Spotify and Apple Music made up two-thirds of the music industry’s revenue in 2017. And Spotify metrics are now so important that they factor into album releases, touring schedules, promotion, and even artist collaborations.

“It’s understandable that these companies don’t want to disclose their systems. Someone will then game them and adapt,” Tobiassen said. “On the other hand, there is a lack of third-party verification we know about, someone rubber-stamping this, as in other businesses. In the digital economy, that is lacking.”

Reports like Tobiassen’s pressure trackers like Billboard to justify their counts as the streaming universe continues to expand, posting double-digit percentage growth year over year. In the first half of 2018, overall on-demand streaming increased 41.7% in the US, hitting 403.5 billion streams, according to Nielsen Music.

“Billboard is still groping in the dark to balance the data inputs, and they haven’t found the right ones,” Fader said. “When you start changing it so that you can’t compare today’s numbers with last year’s, that’s a problem.”

But streaming companies with subscriber bases in the millions ultimately can’t police everything, Mulligan said. And so as traditional “hard” metrics like downloads and purchases wane, the digital streaming cat-and-mouse game with fans may be an inevitable part of the future.

“A series of computers auto-generating repeated plays of a track is clearly a case of fake plays,” he said. “The audio streaming services have thus far been effective at nipping them in the bud. The bottom line, though, is that hardcore fans will always do what they can to help their favorite artists, and some degree of gaming the system will seep through.”
https://www.buzzfeednews.com/article...llboard-charts





Music Modernization Act Passes in Senate With Unanimous Support

The bill, now renamed after Utah Senator Orrin Hatch, now heads back to the House, where its changes will need approval.
Ed Christman

The long road to copyright revision is nearing its end as the U.S. Senate passed the Music Modernization Act by unanimous consent Tuesday (Sept. 18). The move mimics the House's unilateral support, previously passing the bill by a vote of 415-0 back in April.

With the Senate's move, the legislation has been renamed the Orrin G. Hatch Music Modernization Act in honor of the Republican senior senator from Utah -- a songwriter himself -- who will retire at the end of his term this year.

Now the Senate version of the bill will go back to the House where it needs approval due to all the changes made to the bill in order to get it passed in the Senate. If the House approves the new version of the bill, it will need to be signed by President Donald Trump before it can become law.

The bill, in three parts, gives something to different rights holders, thanks to compromises from most of the industry including music licensees. But while the legislation has been described as compromise legislation, it had to overcome an aggressive lobbying effort by SiriusXM that the company said was designed to improve the bill to be fair to their services. Rights holders responded, accusing the satellite radio service of trying to derail the entire legislation. As it is, on Monday about 150 artists said they were going to organize a boycott against SiriusXM majority stakeholder, Liberty Media, if the bill didn't pass.

Whether all is forgiven and the industry returns to normal or grudges are harbored going forward, on Tuesday the various architects of the legislation are celebrating its passage in the Senate.

"Today is a momentous day for songwriters, artists, composers, producers, engineers and the entire industry that revolves around them," said National Music Publishers' Association President and CEO David Israelite in a statement. "The Senate vote marks a true step forward towards fairness for the people at the heart of music who have long been undervalued due to outdated laws. This was a long and complex process but ultimately the music industry has come out stronger and more united than ever."

With the Music Modernization Act's passing in the Senate, the industry had to wait through a nerve-wracking few days, as the legislation went through the fast-track hotline process. Over a 24-hour period, all 100 Senators were notified the bill would be put off for unanimous consent approval and wouldn't need a vote, so long as none of them objected. As of Tuesday, 82 senators had signed on as co-sponsors, but it was unclear if all of the 18 remaining senators were onboard. As it turns out, they were.

“As legendary band the Grateful Dead once said in an iconic pre-1972 song, ‘what a long strange trip it’s been.’ It’s been an epic odyssey, and we’re thrilled to almost be at our destination,” said RIAA President Mitch Glazier in a statement. “For the modern U.S. Senate to unanimously pass a 185-page bill is a herculean feat, only achievable because of the grit, determination and mobilization of thousands of music creators across the nation. The result is a bill that moves us toward a modern music licensing landscape better founded on fair market rates and fair pay for all. At long last, a brighter tomorrow for both past and future generations of music creators is nearly upon us.”

The bill creates a blanket mechanical license and establishes a collective to administer it; reshapes how courts can determine rates, while making sure future performance rates hearings between performance rights organizations BMI and ASCAP and licensees rotate among all U.S. Southern District Court of New York Judges, instead of being assigned to the same two judges, Judge Denise Cote for ASCAP and Judge Louis Stanton for BMI, as its done now; creates a royalty for labels, artists and musicians to be paid by digital services for master recordings created prior to Feb. 15, 1972, while also eliminating a Digital Millennium Copyright Act of 1998 carve out for "pre-existing digital services" like Sirius XM and Music Choice that allows for certain additional considerations not given to any other digital service when rates are set; and codifies a process for Sound Exchange to pay producers and engineers royalties for records on which they have worked.

Over on the music publishing side of the business, there was much happiness too. For example, ASCAP noted that the legislation reforms an "outdated music licensing system and give music creators an opportunity to obtain compensation that more accurately reflects the value of music in a free market."

"Today's unanimous passage of the Music Modernization Act in the Senate represents a Herculean industry-wide effort to promote and celebrate songwriters and ensure their right to a sustainable livelihood," ASCAP CEO Elizabeth Matthews said in a statement.

Added ASCAP Chairman of the Board and President Paul Williams, "Today, we made history by joining together and working for Senate passage of the Music Modernization Act, bringing us one step closer to a music licensing framework that reflects how people listen to music today. We urge the House of Representatives to swiftly pass the Senate bill, so the President can sign it into law and music creators can begin to see the benefits of this critical reform."

"The Senate's passage of the Music Modernization Act is the most exciting development I've seen in my career," said NMPA chairman of the board Irwin Robinson in a statement. "Songwriters have suffered long enough and this bill will allow them to be paid fairly by the streaming companies that rely on their work. We got to this point because of the advocacy of hundreds of music creators who rallied behind the MMA and who will drive the future of the music industry. I look forward to seeing the MMA become law and watching the songwriters, composers, artists and producers who will greatly benefit."

Across the industry praise for the legislation's passing poured out.

"The passage of the Music Modernization Act by the Senate is a historic moment for the tens of thousands of music creators across the nation," said Neil Portnow, President/CEO of the Recording Academy, in a statement. "Since first proposing the music industry unite around a common bill in 2014, our members have lobbied in Washington and all 50 states to achieve this vision. When creators raise their voices for fairness, they make great progress."

"The future of the music industry got brighter today," said SoundExchange President and CEO Michael Huppe in a statement. "Creators of music moved one step closer to getting paid more fairly. And industry forces that fought to maintain an unfair and harmful status quo were rebuffed. Now, SoundExchange's 170,000-member community has just one word for the House of Representatives: Encore.

"The Music Modernization Act proves what can happen when constructive industry leaders work together towards a greater good. The SoundExchange community joined a historic coalition of artists, labels, songwriters, music publishers, streaming services, performance rights organizations, producers, engineers and unions. The outcome of this collaboration is a law that sets a new framework to guide the future of the music industry. There are still issues regarding creator fairness that we need to address, but today we celebrate a new era of cooperation and progress across the industry."

"The Orrin G. Hatch Music Modernization Act will bring music licensing laws into the 21st century and cement the framework for a just relationship between music creators and the technology companies that benefit from their work, it is also important to note the impact it will have on legacy artists," said musicFIRST Executive Director Chris Israel in a statement. "Through the CLASSICS provision of this bill legacy artists will finally receive the fair compensation they so rightly deserve. Today is a historic day for music creators of all generations and these much-needed reforms will properly value the music that we all love and enjoy well into the future."

“This milestone for the MMA demonstrates that with bipartisan leadership and a united music industry looking to the future, consumers, creators and copyright owners can all benefit," said DiMA CEO Chris Harrison in a statement. "Digital streaming and innovation have saved the music industry, delivering consumers better experiences and better value, and growing revenue for creators. With Senate passage of the MMA, we look forward to working with Members of the House in the coming days to send a strong bill to the President’s desk for his signature."

"The passing of the Music Modernization Act by the Senate is a huge turning point," said Recording Academy National Advocacy Committee Co-Chair Harvey Mason Jr in a statement. "This vote says loudly and clearly that music and those that create it are valued by our government and its citizens. We are all so thankful for this step to ensure music makers are compensated fairly."

"This is a historic day for music creators," added Recording Academy National Advocacy Committee Co-Chair Mindi Abair in a statement. "We've watched for years as technology has exponentially changed the way our music is consumed. Our laws have not kept up, and today is a huge milestone toward creating a fair living wage and updating the system of how music makers in the 21st century are paid."

"The bill is a great step forward towards a fairer music ecosystem that works better for music creators, services, and fans," said the Content Creators Coalition (c3) and MusicAnswers in a statement. "We also are gratified that our two organizations, in collaboration and independent of other groups, were able to make meaningful contributions to the final legislation, including comprehensive and publicly available audits of the MMA’s new Mechanical Licensing Collective and ensuring that the Collective uses best practices to find the owners of unclaimed royalties. We appreciate the receptivity of key legislators and their staffs to these fundamental notions of transparency and accountability."
https://www.billboard.com/articles/b...nimous-support





Streaming Now Accounts for 75 Percent of Music Industry Revenue

Music sale revenues largely come from the same place now
Patricia Hernandez

The Recording Industry Association of America released a report today that details how the music industry has grown in 2018, and while the data isn’t surprising — the world still isn’t buying records — the specific numbers are still fascinating. Turns out, streaming makes more money than physical CDs, digital downloads, and licensing deals combined.

Streaming in this context includes paid subscriptions to services such as Spotify and Tidal, but also radio broadcasts and video streaming services such as VEVO. It’s a broad category that nonetheless has made $3.4 billion dollars in 2018 so far, a total that amounts to 75 percent of overall revenue for the record industry.

The new user adoption rate for streaming is currently around 1 million new subscribers for streaming services per month, which is tiny compared to the number of people who actually listen to music, but that growth rate is still bigger than every other category of recorded music business.

Digital download revenues and physical purchases were down this year by 27 percent and 41 percent, respectively, continuing a general downward trend since the advent of online music sharing. Vinyl sales, which in recent years have once again become trendy, have increased in revenue in 2018 — but not enough to offset other more traditional forms of recorded music sales.

“The music streaming economy presents myriad new opportunities, but also its share of challenges too,” the RIAA writes. “According to Nielsen, more than 70,000 different albums were released by mid-year. Finding an audience amongst an extraordinary range of music choices, competing for the user’s attention against other entertainment options on the ubiquitous smartphone, and being prominent on dozens of different digital platforms is ... critical for success.”
https://www.theverge.com/2018/9/20/1...dustry-revenue





FCC Chairman Ramps Up Defense of Net Neutrality Repeal
David Shepardson

With a federal appeals court preparing to consider the Trump administration’s reversal of Obama-era U.S. net neutrality regulations, the chairman of the Federal Communications Commission is ramping up his defense of the decision.

FCC Chairman Ajit Pai has this month also criticized California’s legislature for approving a state measure to guarantee open internet access and said “bad behavior” on the part of internet service providers (ISPs) could be prevented by the FCC’s new transparency requirements.

The FCC voted 3-2 in December to reverse the Obama era rules that barred internet service providers from blocking or throttling traffic or offering paid fast lanes, also known as paid prioritization. FCC repeal of the 2015 net neutrality rules was a win for ISPs Comcast Corp, AT&T Inc and Verizon Communications Inc, whose practices faced significant government oversight.

In August, 22 states and a coalition of trade groups representing companies including Alphabet Inc, Facebook Inc and Amazon.com Inc urged a federal appeals court to reinstate the rules.

The court has not yet scheduled oral arguments.

The U.S. Senate voted in May to reinstate the net neutrality rules, but the measure is unlikely to be approved by the House of Representatives and the White House also opposes it.

Under President Donald Trump, the FCC handed ISPs sweeping new powers to recast how Americans use the internet, as long as they disclose changes. The new rules took effect in June but providers have made no changes in access.

Pai said Thursday “if an ISP starts blocking lawful content, everyone will know. If an ISP starts throttling services based on the nature of the content, everyone will know. This is a powerful disincentive for bad behavior.”

Last December, the FCC’s net neutrality repeal sought to preempt state internet rules. Pai criticized California’s state legislature for approving net neutrality but Governor Jerry Brown, a Democrat, has not yet disclosed a position on the measure and has until Sept. 30 to decide whether to sign it.

Pai called California’s legislation “a radical, anti-consumer Internet regulation bill that would impose restrictions even more burdensome than those adopted by the FCC in 2015.”

California State Senator Scott Wiener, one of the bill’s sponsors, responded that Pai “abdicated his responsibility to ensure an open internet ... Unlike Pai’s FCC, California isn’t run by the big telecom and cable companies.”

On Thursday, Pai criticized big tech companies including Twitter and Google, as “completely unregulated, which is fine, except that they’ve also been badgering the FCC and the federal government to heavily regulate their rivals.”

Reporting by David Shepardson; Editing by Dave Gregorio
https://uk.reuters.com/article/us-us...-idUKKCN1M12OO





FCC Angers Cities and Towns with $2 Billion Giveaway to Wireless Carriers

Cities will get less revenue, and carriers won't face any new requirements.
Jon Brodkin

The Federal Communications Commission's plan for spurring 5G wireless deployment will prevent city and town governments from charging carriers about $2 billion worth of fees.

The FCC proposal, to be voted on at its meeting on September 26, limits the amount that local governments may charge carriers for placing 5G equipment such as small cells on poles, traffic lights, and other government property in public rights-of-way. The proposal, which is supported by the FCC's Republican majority, would also force cities and towns to act on carrier applications within 60 or 90 days.

The FCC says this will spur more deployment of small cells, which "have antennas often no larger than a small backpack." But the commission's proposal doesn't require carriers to build in areas where they wouldn't have done so anyway.

Philadelphia is one of numerous local governments that objects to the FCC plan.

"The City respectfully disagrees with the Commission's interpretation of 'fair and reasonable' compensation," Philadelphia officials told the commission this week. "For many cities, public rights-of-way are the most valuable and commonly used public asset."

The FCC plan proposes up-front application fees of $100 for each small cell and annual fees of up to $270 per small cell. The FCC says this is a "reasonable approximation of [localities'] costs for processing applications and for managing deployments in the rights-of-way." Cities that charge more than that would likely face litigation from carriers and would have to prove that the fees are a reasonable approximation of all costs and "non-discriminatory."

But, according to Philadelphia, those proposed fees "are simply de minimis when measured against the costs that the City incurs to approve, support, and maintain the many small cell and distributed antenna system (DAS) installations in its public rights-of-way."

Philadelphia said it "has already established a fee structure and online application process to apply for small cell deployment that has served the needs of its citizens without prohibiting or creating barriers to entry for infrastructure investment." The city has also negotiated license agreements for small cell installations with Verizon, AT&T, and other carriers.

Rural governments also cry foul

Localities both large and small object to the FCC plan. A group representing 35 rural California counties told the FCC that its "proposed recurring fee structure is an unreasonable overreach that will harm local policy innovation."

The FCC-proposed limit of $270 per small cell site is too low, said the group, which is called the Rural County Representatives of California (RCRC).

"That is why many local governments have worked to negotiate fair agreements with wireless providers, which may exceed that number or provide additional benefits to the community," the RCRC wrote. "The FCC's decision to prohibit municipalities' ability to require 'in-kind' conditions on installation agreements is in direct conflict with the FCC's stated intent of this Order and further constrains local governments in deploying wireless services to historically underserved areas."

Los Angeles Mayor Eric Garcetti expressed similar concerns, saying the FCC plan "will insert confusion into the market and sow mistrust between my technology team and the carriers with whom we have already reached agreements."

The full FCC docket is available here.

Ex-FCC official details problems in plan

Local governments are right to be angry at the FCC, according to telecom industry adviser Blair Levin. Levin was the FCC's chief of staff from 1993 to 1997 and oversaw development of the FCC's National Broadband Plan in 2010.

The pending FCC order "presents a framework in which industry gets all the benefits (reduced fees to access state and local property) with no obligations to reinvest the resulting profits in rural broadband—even though the purported rationale for the reduced fees is that they will lead to new investment," Levin wrote in a blog post Wednesday. "At the same time, states and localities will be forced by federal mandate to bear all the costs and receive no guaranteed benefits."

Levin described the move as "a 'power grab' in which the FCC majority substitutes [its] judgment of what is best for local communities for the judgment of duly elected local officials."

Carriers don't need the FCC's help negotiating with cities, Levin wrote. "As the carriers themselves have acknowledged, they have sufficient leverage to walk away from any locality that creates too many obstacles to deployment," he noted.

Local governments are also able to encourage deployment without FCC interference, Levin wrote.

"[L]ocal governments have a strong recent track record of endeavoring to enable and facilitate broadband deployment, as the Google Fiber experience conclusively demonstrated," Levin wrote. "Vilifying them based on fees for use of public property is not only a distraction but also unfair."

Fees are less than 1% of 5G deployment costs

The FCC's 5G plan was spearheaded by Republican Commissioner Brendan Carr, who said in a speech that carriers will have to spend $275 billion to deploy small cells throughout the US.

Carr said in another speech that eliminating $2 billion worth of local fees will "stimulate $2.4 billion in additional investment" and "flip the business case for building 5G and next-gen networks in rural and less affluent communities." Carr quoted a Republican state senator from Montana as saying that carriers spend most of their investment capital in large urban areas "primarily due to the high regulatory cost and the cost recovery [that] can be made in those areas" and that "this leaves the rural areas out."

Carr claims that the FCC's proposed changes are necessary for the US to beat China in "the race to 5G."

The "race to 5G" is frequently invoked by the FCC and carriers in arguments to eliminate various regulations. T-Mobile and Sprint now claim they need to merge in order to create a robust 5G network, even though each company previously said it would build a top-tier 5G network by itself.

Even AT&T cast doubt on this narrative in a recent FCC filing that responded to the T-Mobile/Sprint merger. AT&T told the FCC that "the US is already the world leader in 5G" and that "AT&T plans to serve more than 400 markets [with 5G] by the end of 2018."

FCC claims are “highly questionable”

The FCC's 5G proposal claims that additional deployment created by carriers' $2 billion in savings will occur almost entirely in "rural and suburban communities that otherwise would be on the wrong side of the digital divide."

But Levin is skeptical. "[E]ven if one accepts the FCC claim about the $2.5 billion—which is highly questionable—that amount is about one percent of what the FCC and industry claim is the necessary new investment needed for next-generation network deployments and, therefore, is not likely to have a significant impact," he wrote.

Other federal government actions—such as new tariffs on China—will have an even greater impact on 5G deployment but in the opposite direction, he wrote.

Reducing local fees would make it cheaper for carriers to deploy small cells in areas where they would have done so anyway. But there's no reason to think carriers will use those savings to build 5G networks in areas where doing so would be unprofitable, Levin wrote.

"[T]e FCC's draft order is based on a fallacy that no credible investor would adopt and no credible economist endorse: that reducing or eliminating costs for small cell mounting on public property in lucrative areas of the country (thus reducing carriers' operating costs), will lead to increased capital expenditures in less-lucrative areas—thus supposedly making investment more attractive in rural areas," Levin wrote.

Though the FCC claims the carriers' savings would be re-invested in rural areas, the commission isn't imposing any requirement that carriers do that.

"[W]hile the FCC may ignore reality, the carriers and Wall Street understand that increasing profitability in Market A will not make Market B more attractive for investment," Levin wrote. "Market B will still be an area that is unprofitable or otherwise unattractive for investment, and the new requirement that Market A subsidize carriers by reducing fees will not benefit Market B under these circumstances."

Instead, carriers are more likely to devote savings to "stock buybacks, debt reduction, or dividend support" than to new capital investments, he wrote.
AT&T, Verizon in favor

So who's in favor of making 5G deployment cheaper for carriers, even without any guarantee of additional deployment? The carriers, of course.

The FCC plan "takes the critical next step of addressing state and local processes that may impede the deployment of advanced wireless networks," Verizon told the FCC Wednesday. If approved, Verizon said the FCC proposal "would establish meaningful guidance for state and local governments, while preserving their role in those reviews."

AT&T is hoping the FCC will go even further. AT&T urged the commission to apply its new standard to existing agreements between carriers and municipalities instead of just future agreements. This would require changing the draft order before next week's vote.

"The Commission should clarify that this standard applies not only to municipal regulations but also to existing and future agreements between municipalities and carriers," AT&T wrote Wednesday. "Otherwise, carriers paying exorbitant fees under an existing agreement with a jurisdiction will operate at a competitive disadvantage relative to new entrants who pay presumptively reasonable fees."
https://arstechnica.com/tech-policy/...less-carriers/





Judge: FCC Can’t Hide Records that May Explain Net Neutrality Comment Fraud

Journalist seeks identities of bulk comment submitters, gets partial court win.
Jon Brodkin

The Federal Communications Commission must stop withholding records that may shed light on fraudulent comments submitted in the FCC's net neutrality repeal proceeding, a US District Court judge ruled last week.

The ruling came in a lawsuit filed in September 2017 by freelance journalist Jason Prechtel, who sued the FCC after it failed to provide documents in response to his Freedom of Information Act (FoIA) request. Prechtel sought data that would identify people who made bulk comment uploads; many of the uploads contained fraudulent comments submitted in other people's names without their knowledge.

Prechtel called the ruling "a huge victory for transparency over an issue that has gone unanswered by the FCC and its current leadership for too long."

Making the documents public will allow scrutiny of the FCC's process for taking comments on the net neutrality repeal, said the ruling written by Judge Christopher Cooper of US District Court for the District of Columbia.

"In addition to enabling scrutiny of how the Commission handled dubious comments during the rulemaking, disclosure would illuminate the Commission's forward-looking efforts to prevent fraud in future processes," Cooper wrote.

Disclosure "would clarify the extent to which the Commission succeeded—as it assured the American people it had—in managing a public-commenting process seemingly corrupted by dubious comments," Cooper also wrote.

While Cooper didn't give Prechtel everything he asked for, the judge's ruling ordered the FCC to turn over the email addresses that were used to submit .CSV files, which contained the bulk comments. Cooper also ordered the FCC to work with Prechtel on potentially releasing the .CSV files themselves—if the FCC can locate those files.

Cooper wrote:

Disclosure of the email addresses and .CSV files will enable interested observers to scrutinize that action (or its absence) by defining the scope of the problem. It may be the case, for example, that hundreds of comments were submitted in bulk .CSV files by plainly fake email addresses, or that the comments submitted through .CSV files were all above board and most problematic comments were submitted through other means. In either instance, Prechtel seeks information that sheds light on the suitability of the Commission's efforts to prevent future public-commenting fraud and abuse. It is surely in the public interest to further the oversight of agency action to protect the very means by which Americans make their voices heard in regulatory processes.

The FCC argued that revealing bulk submitters' email addresses would be an invasion of privacy. But during the net neutrality proceeding, the FCC warned bulk comment submitters that their email addresses and other information would be made public, "mitigating any expectation of privacy," Cooper wrote.

FCC may or may not still have files

It's not clear whether the FCC still has the .CSV files. "The Court therefore directs the parties to meet and confer regarding the release of the .CSV files, applying the analysis set forth in this opinion to the relevant facts. If a dispute remains, the Commission may file a renewed motion for summary judgment on this issue," Cooper wrote.

Prechtel says he expects to get both the email addresses and .CSV files.

"I am confident that the FCC has access to the .CSV files I have requested and I won't have any trouble receiving them," Prechtel told Ars. "I believe the Court has effectively ruled that the FCC must produce the bulk .CSV comment files, should they be unable to prove they can't produce them."

However, Cooper ruled against Prechtel's request for FCC server logs.

"The judge ruled against my request for logs from the FCC's servers that would provide further details about which specific email addresses posted which bulk .CSV comments to their system," Prechtel wrote in a Medium post yesterday. "Similarly, the judge ruled in favor of maintaining the FCC's redactions in a suspicious email thread the FCC provided to me weeks after I filed my lawsuit."

Those redactions affected emails written by former FCC CIO David Bray to CQ Roll Call, which sought the FCC tech department's help with submitting millions of comments on behalf of clients that have not been identified publicly. Cooper accepted the FCC's argument that it could redact the emails because of the "deliberative process" exemption in public records law.

The emails contain "internal deliberations among IT staff regarding how to respond" to an inquiry about comment submissions. "This is precisely what the deliberative process privilege is designed to protect: the agency staff's ability to have candid discussions and weigh options before making a final decision," the judge wrote.

Bray is the same former FCC official who falsely claimed that the comment system was hit by multiple DDoS attacks.

The judge also ruled against Prechtel's request for server logs detailing the dates and times that .CSV files were submitted. The FCC argued that the logs contain both non-sensitive information and sensitive information related to how the FCC protects the system from attacks and that separating the two is too difficult. Cooper accepted the FCC's explanation.

What happens next

When contacted by Ars, the FCC declined comment on the ruling and on whether it will appeal the ruling.

Prechtel said he doesn't know when he'll get the records but speculated that it could take months. He also said it's premature to talk about whether he'll appeal the parts of the ruling he lost, because the case isn't over.

"For now, the judge has declined to rule on the other bulk tool that is likely the biggest culprit for the mass FCC comment fraud—the Data.gov API (Application Programming Interface), which is maintained by a different federal agency, the General Services Administration (GSA)," Prechtel wrote.

After he receives all the public records he's able to obtain, Prechtel said he will analyze them and post them online.

"As you know, the whole point of this FOIA request-turned-lawsuit is to find out who exactly posted bulk comments to the FCC's public comment system and to see if any of the already confirmed fake comments can be linked to a particular bulk submitter's email address or API key registration info," Prechtel told Ars. "Whatever I ultimately win determines what kind of analysis I can do, but after I present my findings in whatever manner seems most appropriate, I will put the records online for others to conduct their own analysis."
https://arstechnica.com/tech-policy/...comment-fraud/





New York Times Sues FCC for Net Neutrality Records
Jon Reid

The New York Times Co. is suing the Federal Communications Commission for records the newspaper alleges may reveal possible Russian government interference in a public comment period before the commission rolled back Obama-era net neutrality rules.

The plaintiffs, including Times reporter Nicholas Confessore and investigations editor Gabriel Dance, filed in the U.S. District Court for the Southern District of New York Sept. 20 under the Freedom of Information Act, seeking to compel the commission to hand over data.

“The request at issue in this litigation involves records that will shed light on the extent to which Russian nationals and agents of the Russian government have interfered with the agency notice-and-comment process about a topic of extensive public interest: the government’s decision to abandon ‘net neutrality,’” the plaintiffs alleged.

The FCC has “thrown up a series of roadblocks” to prevent the Times from obtaining records, which were first requested by Confessore and Dance in June 2017, the plaintiffs said.

An agency spokesman declined to comment.

About half a million comments on the FCC’s proposal were submitted from Russian email accounts, including some sent by automation, the Times alleged, citing data from a Washington Post op-ed by Democratic FCC Commissioner Jessica Rosenworcel.

The plaintiffs also pointed to a report from cyber-intelligence company GroupSense that links the email addresses cited in special counsel Robert Mueller’s “indictment of thirteen Russian individuals and three Russian companies” to the emails used to submit comments on the FCC’s proposal.

The plaintiffs are seeking data, including IP addresses and time stamps, linked to public comments submitted to the agency.

An unprecedented number of public comments on the proposal flooded the commission before it rolled back its rules prohibiting internet service providers from blocking, throttling or prioritizing web content.

The FCC has given several reasons for refusing the records request, including lack of technical capacity and protecting sensitive information, the plaintiffs alleged. The newspaper’s request was modified several times in an attempt to obtain the records, they alleged.

The case is New York Times Co. v. FCC, No. 1:18-cv-08607, complaint filed 9/20/18.
https://www.bna.com/new-york-times-n73014482696/





Nancy Pelosi on Net Neutrality: California Will Pave the Way for a Federal Law
Sean Captain

After plenty of drafts, committee meetings, press conferences, rallies, and a near-meltdown, California’s sweeping net neutrality bill is finally on Governor Jerry Brown’s desk. And no one knows if he’ll sign it. To keep the momentum going, top House of Representatives Democrat Nancy Pelosi, who represents San Francisco, joined with the city’s state senator, Scott Wiener–the main author of the California law–for a mini rally in their hometown on Tuesday. Also on hand were other state politicians, nonprofit leaders, and an audience of mostly journalists.

Though she works for the federal government, Pelosi has taken a keen interest in this state law–even helping facilitate a come-to-Jesus between warring state Democrats to keep the effort from collapsing.

“Once we have established California as a model of a state taking action, other states may follow,” she tells me. (A few states have preceded California, albeit with less-extensive laws.) “And then I think you will see some of corporate America say, okay, let’s have a federal law because we don’t . . . want to do different things in different states,” she says.

FCC Chairman Ajit Pai, who led the scrapping of federal net neutrality rules, agrees, if for different reasons. “California’s micromanagement poses a risk to the rest of the country,” he told a crowd in Maine last week. “For if individual states like California regulate the internet, this will directly impact citizens in other states.”

Pai, and sympathetic telecom companies, assert the right of the FCC to preempt state internet laws. States and national Democrats disagree and believe they have the public on their side (as many polls, like this one, indicate). “If they want to go to court, they’re going to have to go to the court of public opinion,” Pelosi told the crowd.

Pelosi might return to her old job as Speaker of the House if Democrats take back the chamber in November, and I asked her how net neutrality plays into the midterm campaigns. “Young voters are not particularly partisan, but they know what issues affect their lives,” she says. “And every place I go, [net neutrality] is one of the issues . . . the millennials bring up.”
https://www.fastcompany.com/90238912...-a-federal-law





Despite Data Caps and Throttling, Industry Says Mobile Can Replace Home Internet

Can mobile replace fiber or cable? Carriers say yes as FCC reviews deployment.
Jon Brodkin

AT&T and Verizon are trying to convince the Federal Communications Commission that mobile broadband is good enough for Internet users who don't have access to fiber or cable services.

The carriers made this claim despite the data usage and speed limitations of mobile services. In the mobile market, even "unlimited" plans can be throttled to unusable speeds after a customer uses just 25GB or so a month. Mobile carriers impose even stricter limits on phone hotspots, making it difficult to use mobile services across multiple devices in the home.

The carriers ignored those limits in filings they submitted for the FCC's annual review of broadband deployment.
FCC’s annual broadband review

If the FCC decides that broadband is being deployed to all Americans in a reasonable and timely fashion, the agency isn't required to do as much to accelerate deployment or promote competition. Treating mobile and fixed broadband as substitutes for each other would effectively lower the bar in the FCC's analysis of whether the current state of broadband deployment is good enough. Even areas that lack fiber or cable service are likely to have mobile access.

In January 2018, the FCC concluded that broadband deployment is happening quickly enough for the first time since the Bush administration. But Chairman Ajit Pai stopped short of declaring mobile access a full substitute for fixed broadband services such as fiber and cable.

AT&T and Verizon want that to change when the FCC releases the next version of the report, likely early next year. Pai's FCC previously "refused to acknowledge mobile broadband as a substitute for fixed," AT&T complained in an FCC filing this week.

AT&T continued, citing data from an industry-funded group:

Even today, a recent study by the Internet Innovation Alliance (IIA) demonstrates that significant numbers of consumers are using mobile devices for activities that were once dominated by personal computers and larger-screen televisions. For example, the study shows that a clear majority of consumers use mobile devices for "bandwidth and data-intensive applications" like streaming multimedia content—including watching news and sports, as well as streaming movies and television shows from services like Netflix, Hulu, etc. Notably, these results are consistent across different racial groups, different residential areas, and different income levels. The study also demonstrates that mobile broadband has a prominent role in American education, reporting that "nearly half of all US households with school age children have relied on mobile devices to complete homework assignments in the past year." With 5G services offering speeds of up to 1 Gig and beyond, consumers will undoubtedly view wireless services as an even more compelling alternative to fixed.

Verizon told the FCC that its annual analysis should be "broad enough to account for broadband deployment overall... including how consumers may use mobile broadband to supplement or substitute for fixed broadband."

"[A]ny analysis of broadband availability based on the number of providers... should reflect the number of fixed and mobile broadband providers (i.e., the number of providers offering some form of broadband, regardless of technology)," Verizon also said.

Verizon noted that Comcast and Charter are offering mobile broadband as resellers of Verizon service and that various messaging and VoIP apps compete against the major carriers' voice and text services.

NCTA, the cable lobby that represents Comcast, Charter, and other ISPs, made a similar argument:

In the 2018 Report, the Commission found that mobile service is not a complete substitute for fixed service, but it acknowledged that both fixed and mobile broadband services "clearly provide[] capabilities that satisfy the statutory definition of advanced telecommunications capability." We note that services need not have identical characteristics to be considered substitutes, but at a minimum the Commission should take into account that millions of consumers choose to rely solely on mobile broadband services even where they have the option to purchase fixed services, and that this number appears poised to increase as 5G wireless services are deployed.

Pai’s FCC changed course after criticism

Pai's FCC last year drew criticism by initially suggesting that mobile Internet might be all that Americans need. By contrast, the Obama-era FCC concluded that Americans need home and mobile access because the two types of services have different capabilities and limitations.

Pai's FCC faced a backlash from Internet users who pointed out that mobile connections are hindered by data caps, limits on tethering, and reliability problems that make it fall short of a wired Internet connection. Pai's FCC eventually acknowledged that mobile broadband is not a full substitute for home Internet services.

The FCC kicked off its current broadband analysis last month with a Notice of Inquiry that proposes to maintain the commission's fixed broadband standard at the current level of 25Mbps downstream and 3Mbps upstream.

The FCC notice also sought comment "on whether and to what extent fixed and mobile services of similar functionality are substitutes for each other." While the 2018 report found that mobile is not a full substitute for fixed home broadband, "we seek comment on whether since the 2018 Report there have been developments that would support a different conclusion about substitutability," the FCC's notice said.

Advocates say mobile serves different needs

Consumer advocacy groups urged the FCC to reject the notion that mobile broadband is a full substitute for home Internet services.

"[T]he technological characteristics combined with consumer expectations make fixed and mobile services distinct, complementary products," Common Cause and Public Knowledge wrote in an FCC filing. "For example, mobile broadband services typically come with data caps where the mobile network operator places a limit on the amount of data a customer can use over their Internet connection. Once a customer reaches that limit, the mobile carrier engages in certain actions such as slowing down data speeds or charging fees for data overages. This makes it difficult for consumers to continuously use data-intensive applications like video streaming or file downloads on a mobile connection, compared to a fixed connection where large amounts of data usage are generally permitted and speeds are typically not throttled for heavy usage."

Fixed and mobile also differ when it comes to "pricing models, variability of speed, and reliability," and thus serve different needs, the groups said.

New America's Open Technology Institute similarly wrote that mobile broadband plans "include data caps, limited bandwidth capacity, and unique pricing models that are foreign to the market of fixed [broadband] providers because the two services meet different consumer needs."

The Open Technology Institute also urged the FCC to raise its fixed broadband speed standard and to require greater competition levels before declaring that broadband is being deployed in a reasonable and timely manner.

The FCC's 2018 report measured deployment by summing the populations of census blocks with at least one provider, the Open Technology Institute said. Instead, the FCC should put a greater emphasis on how many Americans have a choice of high-speed providers, the group said.

"A one-provider threshold wrongly suggests that one provider is an adequate baseline for reasonable and timely broadband deployment," the Institute said. "Competition is an important indicator of network investment and quality. The Commission's previous methodology obscured this fact by only measuring the number of Americans with at least one [broadband] provider."
https://arstechnica.com/tech-policy/...home-internet/





'I Am Admin' Bug Turns WD's My Cloud Boxes into Everyone's Cloud

Western Digital NAS machines vulnerable to hijacking via HTTP cookies
Shaun Nichols

Miscreants can potentially gain admin-level control over Western Digital's My Cloud gear via an HTTP request over the network or internet.

Researchers at infosec shop Securify revealed today the vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass password checks and login with admin privileges.

This would, in turn, give the scumbag full control over the NAS device, including the ability to view and copy all stored data as well as overwrite and erase contents. If the box is accessible from the public internet, it could be remotely pwned, it appears. Alternatively, malware on a PC on the local network could search for and find a vulnerable My Cloud machine, and compromise it.

According to Securify, the flaw itself lies in the way My Cloud creates admin sessions that are attached to an IP address. When an attacker sends a command to the device's web interface, as an HTTP CGI request, they can also include the cookie username=admin – which unlocks admin access.

Thus if properly constructed, the request would establish an admin login session to the device without ever asking for a password. In other words, just tell it you're the admin user in the cookie, and you're in.

"The network_mgr.cgi CGI module contains a command called cgi_get_ipv6 that starts an admin session that is tied to the IP address of the user making the request when invoked with the parameter flag equal to 1," Securify explained. "Subsequent invocation of commands that would normally require admin privileges are now authorized if an attacker sets the username=admin cookie."

The team has posted a proof-of-concept exploit showing how the bug could be targeted with a few lines of code.

POST /cgi-bin/network_mgr.cgi HTTP/1.1
Host: wdmycloud.local
Content-Type: application/x-www-form-urlencoded
Cookie: username=admin
Content-Length: 23

cmd=cgi_get_ipv6&flag=1


Securify said it reported the vulnerability to Western Digital back in April, but did not receive a response. Now, some five months later, they are finally disclosing the bug.

Western Digital did not return a Reg request for comment on the matter.

This isn't the first time Western Digital was taken to task for lax security on the My Cloud storage line. In January, the company had to scramble out a fix after a researcher discovered a number of My Cloud devices had a hard-coded password left in their firmware.
https://www.theregister.co.uk/2018/0...ital_my_cloud/





This Windows File May be Secretly Hoarding Your Passwords and Emails

A little-known Windows feature will create a file that stores text extracted from all the emails and plaintext-files found on your PC, which sometimes may reveal passwords or private conversations.
Catalin Cimpanu

If you're one of the people who own a stylus or touchscreen-capable Windows PC, then there's a high chance there's a file on your computer that has slowly collected sensitive data for the past months or even years.

This file is named WaitList.dat, and according to Digital Forensics and Incident Response (DFIR) expert Barnaby Skeggs, this file is only found on touchscreen-capable Windows PCs where the user has enabled the handwriting recognition feature [1, 2] that automatically translates stylus/touchscreen scribbles into formatted text.

Also: Microsoft details for the first time how it classifies Windows security bugs

The handwriting to formatted text conversion feature has been added in Windows 8, which means the WaitList.dat file has been around for years.

The role of this file is to store text to help Windows improve its handwriting recognition feature, in order to recognize and suggest corrections or words a user is using more often than others.

"In my testing, population of WaitList.dat commences after you begin using handwriting gestures," Skeggs told ZDNet in an interview. "This 'flicks the switch' (registry key) to turn the text harvester functionality (which generates WaitList.dat) on."

"Once it is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature," Skeggs says.

Since the Windows Search Indexer service powers the system-wide Windows Search functionality, this means data from all text-based files found on a computer, such as emails or Office documents, is gathered inside the WaitList.dat file. This doesn't include only metadata, but the actual document's text.

"The user doesn't even have to open the file/email, so long as there is a copy of the file on disk, and the file's format is supported by the Microsoft Search Indexer service," Skeggs told ZDNet.

"On my PC, and in my many test cases, WaitList.dat contained a text extract of every document or email file on the system, even if the source file had since been deleted," the researcher added.

Furthermore, Skeggs says WaitList.dat can be used to recover text from deleted documents.

"If the source file is deleted, the index remains in WaitList.dat, preserving a text index of the file," he says. This provides crucial forensic evidence for analysts like Skeggs that a file and its content had once existed on a PC.

The technique and the existence of this file have been one of the best-kept secrets in the world of DFIR and infosec experts. Skeggs wrote a blog post about the WaitList.dat file back in 2016, but his discovery got little coverage, mostly because his initial analysis focused on the DFIR aspect and not on the privacy concerns that may arise from this file's existence on a computer.

But last month, Skeggs tweeted about an interesting scenario. For example, if an attacker has access to a system or has infected that system with malware, and he needs to collect passwords that have not been stored inside browser databases or password manager vaults, WaitList.dat provides an alternative method of recovering a large number of passwords in one quick swoop.

Skeggs says that instead of searching the entire disk for documents that may contain passwords, an attacker or malware strain can easily grab the WaitList.dat and search for passwords using simple PowerShell commands.

Skeggs has not contacted Microsoft about his findings, as he, himself, recognized that this was a part of an intended functionality in the Windows OS, and not a vulnerability.

This file is not dangerous unless users enable the handwriting recognition feature, and even in those scenarios, unless a threat actor compromises the user's system, either through malware or via physical access.

While this may not be an actual security issue, users focused on their data privacy should be aware that by using the handwriting recognition feature, they may be inadvertently creating a giant database of all the text-based files found on their systems in one central location.

According to Skeggs, the default location of this file is at:

C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization \TextHarvester\WaitList.dat

Not all users may be storing passwords in emails or text-based files on their PCs, but those who do are advised to delete the file or disable "Personalised Handwriting Recognition" feature in their operating system's settings panel.

Back in 2016, Skeggs also released two apps[1, 2] for analyzing and extracting details about the text harvested in WaitList.dat files.
https://www.zdnet.com/article/this-w...s-and-emails/#





California May Ban Terrible Default Passwords on Connected Devices

A proposed law could force smart device manufacturers to shore up security.
Kris Holt

California looks set to enact a law that aims to protect connected devices against hackers. The state senate has sent Governor Jerry Brown draft legislation that could beef up security across the vast ocean of smart gadgets.

If a device requires you to sign in, manufacturers will either have to use unique preprogrammed passwords -- see ya never, username: admin/password: admin -- or make you change the credentials the first time you use it. Companies will also have to "equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device."

If Brown signs the bill into law, it will take effect at the beginning of 2020. But critics claim the wording is vague and doesn't go far enough in ensuring manufacturers don't include unsecured features.

"It's like dieting, where people insist you should eat more kale, which does little to address the problem you are pigging out on potato chips," Robert Graham of Errata Security said in a blog post. "The key to dieting is not eating more but eating less." Given the huge number of connected devices available, it's also not clear how the state plans to enforce and regulate the rules.

Still, it's a step towards protecting consumers from the litany of attacks, exploits, and security flaws on connected devices that threaten consumers every day. Including fuzzy wording in the draft language may actually be a positive, as technology companies (and hackers) typically move faster than lawmakers can legislate, so more concrete security measures that the bill could have laid out may soon seem antiquated anyway.

It's possible that, should the law come into effect, manufacturers will adopt the same security measures for their products in other states that they will in California. A number of draft bills related to connected device security are languishing in Congress committee purgatory, so the California law could prompt movement on legislation at the federal level too.
https://www.engadget.com/2018/09/19/...cybersecurity/





Massachusetts Police Tweet Lets Slip Scale of Leftwing Surveillance

An image of a police computer screen posted during Thursday’s gas emergency showed bookmarks for several activist groups
Sarah Betancourt

At the height of Thursday night’s gas emergency that affected 8,000 people and in which one person was killed, Massachusetts state police posted to Twitter a map of responses to fires and explosions.

It was an image of a computer monitor, showing locations of 39 incidents as confirmed “by MSP Watch Center”, and it included a vital message: “Reminder: all residents of Lawrence/Andover/N[orth] Andover who have Columbia Gas must evacuate, as should anyone else who smells gas.”

But the image also showed something else: a bookmarks bar at the top of the browser window which listed several leftwing groups.

The bookmarks included a Facebook group for Mass Action Against Police Brutality (MAAPB); the Coalition to Organize and Mobilize Boston Against Trump (Combat); Facebook 413; Facebook MA Activism; and Resistance Calendar, which notes timings for canvassing for Democratic or progressive candidates and anti-Trump rallies.

The state police’s official Twitter account shared the image at 6.26pm. Less than half an hour later it deleted it and shared a new one, which had been cropped. But the first tweet had already drawn the attention of activists and reporters, who shared screenshots and began a social media debate about online police surveillance.

The MSP Watch Center is the information-gathering Commonwealth Fusion Center, formed in 2005 to facilitate the “collection, analysis and dissemination of intelligence relevant to terrorism and public safety”. There are more than 100 such centers nationwide.

The Massachusetts state police director of media communications, David Procopio, told the Guardian police have a “responsibility to know about all large public gatherings of any type and by any group, regardless of their purpose and position, for public safety reasons”.

He added: “We do not collect information about – nor, frankly, do we care about – any group’s beliefs or opinions.”

Pressed about the organizations bookmarked, the circumstances of the post and the role of intelligence analysts within MSP, he declined to comment further.

Tom Arabia, a co-founder of Combat, said: “No one can deny the Massachusetts state police are surveilling leftwing organizations.”

He added that the image on the state police tweet “was both unsurprising and also a bit scary, because of how intimate it is in a sense to see your own organization listed in a police browser’s bookmarks”.

Combat’s Facebook page had not had a new post since November 2017, when it shared a post about a gathering for racial justice. Founded shortly after the election of Donald Trump and in protest against his policies, the group describes itself as an intersectional coalition of students, artists and workers “organizing creatively to resist all forms of oppression”. It has not met for some time.

In a message to the Guardian, the group’s leadership said: “The fact that state police, who are funded by our taxpayer dollars, are spending time monitoring groups on Facebook that opposed racist, sexist, homophobic and transphobic violence, instead of those groups who perpetuate such violence, is abhorrent and should be examined under scrutiny.”

The group added that it had no plans to reactivate. Nonetheless, former members were “deeply disconcerted”, it said.

An organizer for one of the other bookmarked organizations called for transparency on who made the post and what kind of surveillance was being carried out.

Brock Satter is a member of MAAPB, a group that focuses on police-involved deaths and altercations in communities of color. Launched after the death of Michael Brown Jr in Ferguson, Missouri, in 2014, the group seeks to put political pressure on government to prosecute police brutality.

“We didn’t realize we were such a high priority to state police,” Satter said. He added that the organization had been aware of past monitoring because of police presence at public events.

Though MAAPB has not held any political rallies in more than five months, Satter said, there were rumblings about responding publicly to the state police tweet.

“Whoever was behind this should be denounced,” he said.

Surveillance of activist groups is not new in Massachusetts, said Kade Crockford, director of the Technology for Liberty Program at the American Civil Liberties Union (ACLU) of Massachusetts, who has been tracking the issue for almost a decade.

Crockford was “appalled” but “not surprised” by the tweet, adding that MSP monitored Black Lives Matter on social media in 2015 through the same fusion center during a protest in Boston.

The ACLU of Massachusetts obtained through public records requests documents, also reviewed by the Guardian, that show the Boston police department’s Boston Regional Intelligence Center, the only other fusion center in the state, used a social media surveillance system called Geofeedia from 2014 to 2016. Thousands of social media posts involving activism were assessed. The ACLU said these were “irrelevant” to law enforcement concerns.

Efforts have been made to curtail surveillance of leftwing groups. A 2017 bill in the Massachusetts legislature, “The Fundamental Freedoms Act”, proposed a prohibition on public agencies collecting information about first-amendment protected activities and speech. The one allowance would be reasonable grounds to believe a person had committed a crime. The legislative session ended on 31 July without the bill passing.

“They should disclose the groups they’re monitoring,” Crockford said. “I encourage the … state police to release a list of all organizations’ Facebook pages they monitor for policing large events.”
https://www.theguardian.com/us-news/...illance-boston





Lenovo: Companies Working in China May Have to Install Local Backdoors

But emphasises that this doesn't apply to the rest of the world
Chris Merriman

At Lenovo's Transform event last week, the company announced amongst a slew of data centre offerings, a new partnership to create a product specifically aimed at the Chinese market, with new BFF, flash storage provider NetApp.

This immediately got our tinfoil hat tingling so when we had the opportunity to speak to Peter Hortensius, CTO and head of strategy for Lenovo's Data Center biz, we couldn't resist throwing a slight curveball his way.

Let's put it this way. There can be only one reason that we can think of why a unique Chinese product would be needed: backdoors.

His initial response was a polished continuation of the "We're a global company" line that we'd heard the previous day from CEO Yan "call me YY" Yuanqing.

"Our philosophy on this was formed very early. We want to put local people in local jobs. All our executives work in our home countries, apart from me, I'm Canadian in the US. We do that very deliberately, it's not like the meetings are easy, but it gives us the understanding of how to operate in a local way.

"That means that we can respect local norms. For example, if the local norm is that you respect others IP or suffer the consequences, then we respect other people's IP."

So yes, that's good news, we say, but it doesn't answer the elephant in the room. The press corp has attempted to get a clear answer on this all day, and so we decide we're done with tiptoeing.

Does Lenovo put backdoors in if the Chinese government asks?

"If they want backdoors globally? We don't provide them. If they want a backdoor in China, let's just say that every multinational in China does the same thing.

"We comply with local laws. If the local laws say we don't put in backdoors, we don't put in backdoors. And we don't just comply with the laws, we follow the ethics and the spirit of the laws."

And then, with a final flourish, the answer.

"Likewise, if there are countries that want to have access, and there are more countries than just China, you provide what they're asking. "

Actually, this wasn't the end of the sentence, as he rolled it straight into asking for the next question in a move so fluid, you'd think it was being used to cool a gaming PC. But we made our point.

Let's be clear here, It's not to say that Lenovo is doing anything it shouldn't in the rest of the world, quite the opposite, but it's a stark reminder that anything going through a Chinese server is probably not your friend.

Lenovo is keen to make the point that its servers are spread locally and as such, you're not going to get caught up in any politics. But companies including Lenovo are going to have to pay the price of doing business with the biggest population in the world.
https://www.theinquirer.net/inquirer...ocal-backdoors





Google's Ex-CEO Eric Schmidt Says the Internet Will Split in Two by 2028
Isobel Asher Hamilton

• Former Google CEO Eric Schmidt said that he believes the internet will split in two within a decade.
• He told an audience at a private event in San Francisco that he foresees a break between the Chinese-led internet and the non-Chinese led internet.
• Google has recently come under fire over plans to expand into China with "Project Dragonfly."

Ex-Google CEO Eric Schmidt on Wednesday predicted that the internet will split in two in the next decade, CNBC reports.

Speaking at a private event in San Francisco, Schmidt said that he believes China will effectively split away and create its own internet.

"I think the most likely scenario now is not a splintering, but rather a bifurcation into a Chinese-led internet and a non-Chinese internet led by America," he said.

"If you look at China, and I was just there, the scale of the companies that are being built, the services being built, the wealth that is being created is phenomenal. Chinese Internet is a greater percentage of the GDP of China, which is a big number, than the same percentage of the US, which is also a big number.

If you think of China as like 'Oh yeah, they're good with the Internet,' you're missing the point. Globalization means that they get to play too. I think you're going to see fantastic leadership in products and services from China. There's a real danger that along with those products and services comes a different leadership regime from government, with censorship, controls, etc."

Schmidt has flagged up Chinese technological advancement before. In November of last year he warned the US that it would have to step up its game if it didn't want to be outgunned by China on AI, predicting that it would be a world leader in the industry by 2030.

He also said on Wednesday that other countries could end up adopting a Chinese model of the internet. "Look at the way BRI works — their Belt and Road Initiative, which involves 60-ish countries — it's perfectly possible those countries will begin to take on the infrastructure that China has with some loss of freedom."

The Belt and Road Initiative is China's infrastructure project to link itself to 70 countries across Asia, Africa, Europe, and Oceania with railways and shipping lanes.

Google has recently come under fire for its dealings with China over reports that current CEO Sundar Pichai held government talks about launching a censored version of Google search there. The reports sparked outrage both within and without, with some employees resigning in protest and human rights groups calling on Pichai to reverse the decision.
https://www.businessinsider.com/eric...8-china-2018-9





Google Suppresses Memo Revealing Plans to Closely Track Search Users in China
Ryan Gallagher, Lee Fang

Google bosses have forced employees to delete a confidential memo circulating inside the company that revealed explosive details about a plan to launch a censored search engine in China, The Intercept has learned.

The memo, authored by a Google engineer who was asked to work on the project, disclosed that the search system, codenamed Dragonfly, would require users to log in to perform searches, track their location — and share the resulting history with a Chinese partner who would have “unilateral access” to the data.

The memo was shared earlier this month among a group of Google employees who have been organizing internal protests over the censored search system, which has been designed to remove content that China’s authoritarian Communist Party regime views as sensitive, such as information about democracy, human rights, and peaceful protest.

According to three sources familiar with the incident, Google leadership discovered the memo and were furious that secret details about the China censorship were being passed between employees who were not supposed to have any knowledge about it. Subsequently, Google human resources personnel emailed employees who were believed to have accessed or saved copies of the memo and ordered them to immediately delete it from their computers. Emails demanding deletion of the memo contained “pixel trackers” that notified human resource managers when their messages had been read, recipients determined.

The Dragonfly memo reveals that a prototype of the censored search engine was being developed as an app for both Android and iOS devices, and would force users to sign in so they could use the service. The memo confirms, as The Intercept first reported last week, that users’ searches would be associated with their personal phone number. The memo adds that Chinese users’ movements would also be stored, along with the IP address of their device and links they clicked on. It accuses developers working on the project of creating “spying tools” for the Chinese government to monitor its citizens.

People’s search histories, location information, and other private data would be sent out of China to a database in Taiwan, the memo states. But the data would also be provided to employees of a Chinese company who would be granted “unilateral access” to the system.

To launch the censored search engine, Google set up a “joint venture” partnership with an unnamed Chinese company. The search engine will “blacklist sensitive queries” so that “no results will be shown” at all when people enter certain words or phrases, according to documents seen by The Intercept. Blacklisted search terms on a prototype of the search engine include “human rights,” “student protest,” and “Nobel Prize” in Mandarin, said sources familiar with the project.

According to the memo, aside from being able to access users’ search data, the Chinese partner company could add to the censorship blacklists: It would be able to “selectively edit search result pages … unilaterally, and with few controls seemingly in place.”

That a Chinese company would maintain a copy of users’ search data means that, by extension, the data would be accessible to Chinese authorities, who have broad powers to obtain information that is held or processed on the country’s mainland. A central concern human rights groups have expressed about Dragonfly is that it could place users at risk of Chinese government surveillance — and any person in China searching for blacklisted words or phrases could find themselves interrogated or detained. Chinese authorities are well-known for routinely targeting critics, activists, and journalists.

“It’s alarming to hear that such information will be stored and, potentially, easily shared with the Chinese authorities,” said Patrick Poon, a Hong Kong-based researcher with the human rights group Amnesty International. “It will completely put users’ privacy and safety at risk. Google needs to immediately explain if the app will involve such arrangements. It’s time to give the public full transparency of the project.”

On August 16, two weeks after The Intercept revealed the Dragonfly plan, Google CEO Sundar Pichai told the company’s employees that the China plan was in its “early stages” and “exploratory.” However, employees working on the censored search engine were instructed in late July, days before the project was publicly exposed, that they should prepare to get it into a “launch-ready state” to roll out within weeks, pending approval from officials in Beijing.

The memo raises new questions about Pichai’s claim that the project was not well-developed. Information stored on the company’s internal networks about Dragonfly “paints a very different picture,” it says. “The statement from our high-level leadership that Dragonfly is just an experiment seems wrong.”

The memo identifies at least 215 employees who appear to have been tasked with working full-time on Dragonfly, a number it says is “larger than many Google projects.” It says that source code associated with the project dates back to May 2017, and “many infrastructure parts predate” that. Moreover, screenshots of the app “show a project in a pretty advanced state,” the memo declares.

Most of the details about the project “have been secret from the start,” the memo says, adding that “after the existence of Dragonfly leaked, engineers working on the project were also quick to hide all of their code.”

The author of the memo said in the document that they were opposed to the China censorship. However, they added, “more than the project itself, I hate the culture of secrecy that has been built around it.”

The memo was first posted September 5 on an internal messaging list set up for Google employees to raise ethical concerns. But the memo was soon scrubbed from the list and individuals who had opened or saved the document were contacted by Google’s human resources department to discuss the matter. The employees were instructed not to share the memo.

Google reportedly maintains an aggressive security and investigation team known as “stopleaks,” which is dedicated to preventing unauthorized disclosures. The team is also said to monitor internal discussions.

Internal security efforts at Google have ramped up this year as employees have raised ethical concerns around a range of new company projects. Following the revelation by Gizmodo and The Intercept that Google had quietly begun work on a contract with the military last year, known as Project Maven, to develop automated image recognition systems for drone warfare, the communications team moved swiftly to monitor employee activity.

The “stopleaks” team, which coordinates with the internal Google communications department, even began monitoring an internal image board used to post messages based on internet memes, according to one former Google employee, for signs of employee sentiment around the Project Maven contract.

Google’s internal security team consists of a number of former military and law enforcement officials. For example, LinkedIn lists as Google’s head of global investigations Joseph Vincent, whose resume includes work as a high-ranking agent at the U.S. Immigration and Customs Enforcement agency’s Homeland Security Investigations unit. The head of security at Google is Chris Rackow, who has described himself as a former member of the Federal Bureau of Investigation’s hostage rescue team and as a former U.S. Navy SEAL.

For some Google employees, the culture of secrecy at the company clashes directly with its public image around fostering transparency, creating an intolerable work environment.

“Leadership misled engineers working on [Dragonfly] about the nature of their work, depriving them of moral agency,” said a Google employee who read the memo.

Google did not respond to a request for comment on this story.
https://theintercept.com/2018/09/21/...sers-in-china/





Google Admits That It Lets Outside Services Share Your Gmail Data
David Meyer

Last year, Google made a big thing of announcing that it would no longer scan people’s Gmail emails for keywords that could be used to target ads at them. However, in early July a Wall Street Journal report showed that Google was still letting third-party services access people’s Gmail accounts.

That report won the attention of U.S. lawmakers, who asked Google to explain what it was up to. The company did so in a letter that was made public Thursday. And what’s interesting is that Google admitted not only giving third-party developers access to Gmail accounts, but also allowing them to share what they find with other third parties.

“Developers may share data with third parties so long as they are transparent with the users about how they are using the data,” Google’s head of U.S. public policy, Susan Molinari, wrote in the letter, according to the Journal.

As Google (googl) explained in a blog post following the initial story, the kinds of third-party services that it allows to plug into Gmail include email clients, trip planners and customer relationship management systems.

These services, which Google claims to thoroughly vet, typically read emails in an automated way, although humans do sometimes read them too. Users need to actively permit the apps to access their Gmail accounts, and they can revoke permission afterwards.
However, Google’s blog post did not talk about the possibility of those third-party services sharing users’ data with other third parties.

Marc Rotenberg, president of the Electronic Privacy Information Center, told the Journal there was “simply no way that Gmail users could imagine that their personal data would be transferred to third parties,” and the revelation showed that the “privacy policy model is simply broken beyond repair.”

Google had better hope that all the apps with such privileges are indeed properly informing users about passing data on to other third parties. In the European Union, the General Data Protection Regulation (GDPR) requires full disclosure on this front.
http://fortune.com/2018/09/21/google...third-parties/





"Lawful Intercept" Pegasus Spyware Found Deployed in 45 Countries

At least ten operators of Pegasus spyware have deployed the malware outside their country's border, new Citizen Lab report finds.
Catalin Cimpanu

Security researchers have found evidence that a piece of malware peddled as "lawful intercept" software to government agencies has been deployed against victims located in 45 countries, a number that far outweights the number of known operators, meaning that some of them are conducting illegal cross-border surveillance.

The malware, known as Pegasus (or Trident), was created by Israeli cyber-security firm NSO Group and has been around for at least three years --when it was first detailed in a report over the summer of 2016.

The malware can operate on both Android and iOS devices, albeit it's been mostly spotted in campaigns targeting iPhone users primarily. On infected devices, Pegasus is a powerful spyware that can do many things, such as record conversations, steal private messages, exfiltrate photos, and much much more.

During the past three years, security researchers from Citizen Lab, a laboratory at the Munk School of Global Affairs at the University of Toronto, Canada, have been tracking cases where Pegasus has been deployed in the wild.

In many instances, the spyware was used by oppressive government regimes to spy on journalists, human rights defenders, opposition politicians, lawyers, and anti-corruption advocates.

But new data published today by Citizen Lab researchers reveals the existence of 36 different groups who deployed the Pegasus spyware against targets located in 45 countries, including the US, France, Canada, Switzerland, and the UK, countries known to have solid and democratic regimes in place.

Citizen Lab says ten of these 36 groups appear to be conducting surveillance in multiple countries and have not limited their spying inside their own country's borders, an act that may violate surveillance laws active in the states where Pegasus victims may be located.

Citizen Lab researchers admitted that some of their findings may be inaccurate, as some targets may using VPN and satellite connections that may place their location in another country. But they also say this doesn't rule out that some Pegasus operators may be spying on dissidents living abroad, even in Western and well-developed countries where cross-border surveillance against their own citizens is strictly forbidden.

Also: Microsoft: Windows Defender can now spot FinFisher government spyware

In a statement provided to Citizen Lab researchers before the publication of today's report, an NSO Group spokesperson denied that the company was breaking any software export laws, adhering to the previously stated dogma that they're only selling Pegasus for crime-fighting purposes.

"Contrary to statements made by [Citizen Lab], our product is licensed to government and law enforcement agencies for the sole purpose of investigating and preventing crime and terror. Our business is conducted in strict compliance with applicable export control laws."

To this statement, Citizen Lab responded with their own, pointing out that NSO Group, even after three years, continues to fail to see the reason the company is being heavily criticized online, and that's for selling Pegasus to oppressive regimes in the first place.

"Citizen Lab research does not speak to what statements NSO may make during marketing, sales, or export compliance. However, our research continues to demonstrate some highly concerning real-world examples of the abuse of NSO Group technology in practice. These uses have included apparent government customers of NSO Group abusing Pegasus spyware to target civil society groups, human rights defenders, lawyers, politicians, and journalists."

The full list of countries where researchers found instances of Pegasus spyware deployed on victims' systems includes Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d'Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia.

In July this year, Israeli authorities arrested a former NSO Group employee for stealing the source code of the Pegasus spyware and attempting to sell it on the Dark Web for $50 million.
https://www.zdnet.com/article/lawful...-45-countries/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

September 15th, September 8th, September 1st, August 25th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - November 24th, '12 JackSpratts Peer to Peer 0 21-11-12 09:20 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 05:58 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)