P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 08-10-14, 07:42 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - October 11th, '14

Since 2002


































"The problem isn't that we're giving up all our personal data. The problem is that we're giving it up for nothing." – Mike Elgan


"I know one of the things people are most concerned about is paid prioritization, the notion that somehow, some folks can pay a little more money and get better service, more exclusive access to customers through the Internet. That’s something I oppose. I was opposed to it when I ran; I continue to be opposed to it now." – President Obama






































October 11th, 2014



A Peek Inside the Internet's Favorite File-Sharing Network
Jia You

More than a quarter of all Internet traffic belongs to BitTorrent, a file-sharing system that allows users to swap everything from music to movies. Now, for the first time, researchers have revealed a link between a country’s economy and the type of files its residents download from BitTorrent. The findings are shedding new light on online behavior and could help law enforcement track down Internet pirates.

“[The researchers] found an intriguing and creative approach,” says Johan Pouwelse, a computer scientist at Delft University of Technology in the Netherlands, who was not involved in the work. “I’ve never seen a study done like that.”

BitTorrent is a so-called peer-to-peer (P2P) communication protocol. Unlike traditional networks that store information on a central server, which power well-known services like Google and Facebook, P2P relies on users to make their resources directly available to other users. The technology supports everything from Skype calls to the U.S. military’s intelligence-sharing network. Though people use BitTorrent to swap legal material such as free software, the network has proved particularly attractive to those sharing copyrighted music, movies, and games illegally. Just last month, the parent company of the Ultimate Fighting Championship settled a multimillion-dollar lawsuit against a New York resident who confessed to uploading pay-per-view events to popular BitTorrent repositories like the Pirate Bay.

The decentralized nature of BitTorrent not only presents a challenge to law enforcement officials, but also to researchers seeking large-scale data on user behavior. Investigators can’t conveniently retrieve information from a central server, but instead must monitor individual users to gain a global picture.

So computer scientist Jordi Duch at Rovira i Virgili University, Tarragona, in Spain and his colleagues collaborated with computer scientists at Northwestern University, who developed a software plug-in called Ono. The software accelerates BitTorrent download speed. In exchange for this benefit, Ono’s 1.4 million users can choose to release information on their file-sharing behavior, such as the timing of downloads and the size of the shared files, for research purposes. To protect the users’ privacy and entice cooperation, the researchers did not collect data on the content of the shared files. They also used an algorithm to anonymize the data, so that the researchers themselves did not know the IP addresses of the users, which can be used to track them down.

Without information about the file content, the researchers invented a creative way to gauge what exactly users were sharing. Sampling files shared on the Pirate Bay, they found that different types of content correspond to specific file sizes. A 100-megabyte file is more likely to be a digital music CD, whereas a 2-gigabyte file tends to be a high-definition movie.

After more than 4 years tracking user behavior, the researchers analyzed the activities of about 10,000 active BitTorrent users during a typical month. The users—at least those who agreed to use the Ono plug-in—behaved in a highly predictable manner, the team reports online today in the Proceedings of the National Academy of Sciences. A majority downloaded files on a weekly basis, and most focused on sharing one or two types of files. By looking at a user’s first 100 downloads, the team could predict with 80% accuracy what type of file the user would download next, Duch says.

But what really stood out is that users from the same country displayed a tendency to download the same types of content. After factoring socioeconomic indicators such as a country’s gross domestic product per capita and Internet access, analysis showed that users from rich countries such as the United States tended to download more music files, whereas users from poorer countries such as Spain favored movie files.

Alex Kigerl, a cybercrime researcher at Washington State University, Pullman, who was not involved in the study, says he finds the results surprising, as he would expect users from richer countries to take advantage of better Internet infrastructure to download larger files. Duch suggests that the availability of online streaming services such as Netflix may have curbed the tendency for Americans to download movies and TV shows. In contrast, in countries like Spain, where no such services are available, downloading became the prevalent way to access such content.

The study could help engineers design better file-sharing algorithms that optimize download speed by matching users who share the same interests, Duch says. The data could also be used to evaluate the efficacy of antipiracy policies, he says. In an unpublished study using the same data, the researchers found that regulations on online downloading tend to produce only short-term effects. For instance, when the U.S. Department of Justice in 2012 shut down Megaupload, one of the largest online file-sharing sites, on charges of illegal content sharing, BitTorrent user activities dampened for a few months, only to climb back up later, Duch says. “Law enforcement agencies … are trying to put walls in a field where there are several ways to evade them.”
http://news.sciencemag.org/economics...haring-network





British Trade Body BPI to Prosecute File-Sharing Forum Dancing Jesus
Richard Smirke

In September 2011, the copyright infringing internet forum Dancing Jesus was shut down and two of its associates were arrested, following a joint investigation by British labels trade body BPI and the International Federation of the Phonographic Industry's (IFPI).

This month, just over three years since those arrests were made, the case finally comes to trial at Newcastle Crown Court in a private prosecution being made by BPI. With criminal proceedings due to begin in the coming weeks, BPI declined to comment on the case although a spokesperson did confirm that the trial was the result of a "private prosecution being brought by the BPI following an initial joint investigation by BPI and the IFPI, with assistance from US Department of Homeland Security and the City of London Police."

The now-defunct U.K.-based forum Dancing Jesus specialized in offering access to pre-release music titles from a large number of predominantly U.K. and U.S. pop and rock acts, with its since-abandoned Twitter account boasting "because we listen to music before you."

It is understood that following BPI and IFPI's joint investigation the U.S. Department of Homeland Security assisted in the case by seizing the site's server in Dallas where the content was being hosted. The site's administrator and one of its most prolific uploaders, reportedly known as "Trix," were arrested by City of London Police in September 2011.

According to a BPI spokesperson, "One defendant in the case has already pleaded guilty to illegally distributing music and will be sentenced at the end of the trial."

The BPI's private prosecution against Dancing Jesus – the trade body's first such action in a number of years - follows the conviction of Philip Danks in August this year for the recording, uploading and distribution of the Universal Pictures film Fast and Furious 6. That too was a private prosecution, brought about by the Federation Against Copyright Theft (FACT), and resulted in Danks and his co-defendant Michael Bell being sentenced to 33 months' imprisonment and a community service order, respectively.

In 2012, FACT also secured a criminal conviction against Anton Vickerman, founder of surfthechannel.com which provided links to infringing TV shows and films. Vickerman was sentenced to four years in jail at Newcastle Crown Court.

Private prosecutions against music infringing sites have, however, historically been less successful, with Alan Ellis, the creator/administrator of music linking site OiNK and the first British man to be charged for illegal file sharing, found not guilty of conspiracy to defraud the music industry in 2010.
http://www.billboard.com/articles/bu...haring-pirates





Iceland's Pirate Party: 'We're 70% of the Way to Creating the Switzerland of Bits'
Anthony Cuthbertson

It was a bright cool evening in August, and the clocks were striking nineteen. Iceland's national broadcaster RUV had just been handed a gagging order as the nightly news was about to air, prohibiting any reports on documents released earlier that day by WikiLeaks. Less than a year had passed since the start of the 2008 financial crisis that decimated the country's economy and the leaks implicated Iceland's largest bank in the collapse.

Faced with the decision of either cancelling the 7pm broadcast or running a different story, RUV instead chose to broadcast a screenshot of the WikiLeaks homepage, together with news that it had been forbidden to report on the matter. For Birgitta Jónsdóttir, a poet, WikiLeaks volunteer and political activist, this was the spark that would ignite one of the most intriguing social and political movements of recent times.

Five years later, Jónsdóttir now leads Iceland's Pirate Party, the world's first political organisation of its type to hold office. Her work with WikiLeaks has finished but her ambition to transform her country is in full flow.

"I'm just sort of a geeky poet that accidentally got inside the parliament," Jónsdóttir told IBTimes UK from the Pirate Party's office within Iceland's Parliament House. "And now I'm just hacking at it a bit to figure out how the system works, just like any good old hacker."

Jónsdóttir's parlance stems from her former career as a web developer, with the "hacker" moniker now denoting a mindset rather than any computer-related capabilities.

"There are hackers in many different fields," Jónsdóttir said. "It's basically a certain kind of mentality where you look at a system in a holistic way to understand if there are any holes in it.

"Our current systems, everywhere in the world, need a lot of patching and at some stage patching doesn't work so you have to create new hardware."

The new hardware Jónsdóttir has developed with comes in the form of the International Modern Media Institute (IMMI), a parliamentary resolution that cherry-picks all the best transparency, freedom of expression and source protection laws and policies from around the world into one comprehensive vision.

Through her work with WikiLeaks, Jónsdóttir was able to learn how documents and stories were kept safe no matter what sort of legal threats they faced by keeping different stories in different places, depending on their legal sensitivity within various state's jurisdictions.

"There is no historical protection on news, stuff is just vanishing left, right and centre. Stories change - it's like modern book burnings all the time and nobody knows about it," she said. "So we felt that there needed to be a new standard for dealing with the digital era, asking how does democracy function in the digital era."

After winning the support of all the major politicians from all the major parties, the IMMI is well on its way to achieving just such a digital democracy.

A recent white paper published by Gigaom Research, credited the IMMI with having created an international haven for data privacy and freedom of speech, capable of protecting data from warrants, subpoenas and espionage.

"Iceland, through the combination of the IMMI regulations and status as an European Economic Area state, is uniquely positioned as a data privacy haven," the paper found.

The IMMI is also helping to fulfill Jónsdóttir's vision of transforming Iceland into the "Switzerland of bits", a notion suggested by John Perry Barlow, the founder of the Electronic Frontier Foundation, in 2008.

The haven created by the Pirate Party and the IMMI, together with Iceland's cool climate and cheap and renewable energy, have meant companies and organisations are increasingly looking to Iceland to store their data.

The first major company to capitalise on this has been Verne Global, a data storage provider that set up shop in Iceland in 2012 and now provides its services to everyone from car manufacturers to Hollywood production companies - all eager to keep the development of new projects away from prying eyes.

"One of the great things about Iceland and one of the reasons that we really liked it for a data centre location is that the data privacy laws here are excellent and very much at the top among its European peers and we think this is going to be even more important over the next five to 10 years," Jeff Monroe, CEO of Verne Global, told IBTimes UK on a recent visit to the firm's data centre in Iceland.

The data centre itself is both a digital and physical fortress. Nine "challenge points" protect the data on the servers from the outside world, including fences, "man-trap" entrances, two-factor authentication codes and a bomb-proof security room.

It's still early days for Iceland's data centre industry but a measure of its success so far can be seen through Verne Global's exponential growth.

"We're a private company and we can't disclose our customers in general," Monroe said. "But we've doubled our capacity initially from our first launch and then we doubled again just in the past year.

"So our growth is substantial and we see a tremendous amount of interest in our offering."

Jónsdóttir may be close to finally achieving her vision of a digital democracy but she claimed it was not a simple case of putting the laws in place and declaring "mission accomplished". It was more a case of revolution with a silent "R".

"For creating the Switzerland of bits, I'd say we're about 70% of the way there," she said. "But of course we're constantly faced with challenges because all these things are always shifting and changing. The transformative evolution that is revolutionary is all the technology that's happening right now.

"So that's my mission: to try and figure out if it's possible at all," she smiled. "Without a bloody revolution."
http://www.ibtimes.co.uk/icelands-pi...d-bits-1468100





Country's Economy Plays Role in Internet File-Sharing Patterns

Big data study provides first insights into behavior of users of peer-to-peer file sharing
Press release

Contact: Megan Fellman
fellman@northwestern.edu
847-491-3115
Northwestern University
@northwesternu

Peer-to-peer file sharing of movies, television shows, music, books and other files over the Internet has grown rapidly worldwide as an alternative approach for people to get the digital content they want -- often illicitly. But, unlike the users of Amazon, Netflix and other commercial providers, little is known about users of peer-to-peer (P2P) systems because data is lacking.

Now, armed with an unprecedented amount of data on users of BitTorrent, a popular file-sharing system, a Northwestern University research team has discovered two interesting behavior patterns: most BitTorrent users are content specialists -- sharing music but not movies, for example; and users in countries with similar economies tend to download similar types of content -- those living in poorer countries such as Lithuania and Spain, for example, download primarily large files, such as movies.

"Looking into this world of Internet traffic, we see a close interaction between computing systems and our everyday lives," said Luís A. Nunes Amaral, a senior author of the study. "People in a given country display preferences for certain content -- content that might not be readily available because of an authoritarian government or inferior communication infrastructure. This study can provide a great deal of insight into how things are working in a country."

Amaral, a professor of chemical and biological engineering in the McCormick School of Engineering and Applied Science, and Fabián E. Bustamante, professor of electrical engineering and computer science, also at McCormick, co-led the interdisciplinary research team with colleagues from Universitat Rovira i Virgili in Spain.

Their study, published this week by the Proceedings of the National Academy of Sciences (PNAS), reports BitTorrent users in countries with a small gross domestic product (GDP) per capita were more likely to share large files, such as high-definition movies, than users in countries with a large GDP per capita, where small files such as music were shared.

Also, more than 50 percent of users' downloaded content fell into their top two downloaded content types, putting them in the content specialist, not generalist, category.

"Our study serves as a window on society as a whole," Bustamante said. "It was very interesting to see the separations between users based purely on content. Individuals tend to interact only with others who are interested in the same content."

One goal of decentralized peer-to-peer file sharing is to make communication on the Internet more efficient. (In certain parts of the world, BitTorrent users are responsible for up to one-third of the total Internet traffic.) The BitTorrent protocol enables users to share large data files even when they don't have access to broadband connections, which often is the case in rural areas or less developed countries. BitTorrent breaks files into smaller pieces that can be shared quickly and easily from home computers over networks with lower bandwidth.

The researchers analyzed 10,000 anonymous BitTorrent users from around the world during a typical month using data reported by users of the BitTorrent plugin Ono. File content types shared by users included small files, music, TV shows, movies and books. (The type of content was easily determined based on file size.)

The Ono app, developed by Bustamante and his lab, allows users to improve the performance of BitTorrent while reducing the impact of their traffic on Internet network providers. Ono users can give informed consent for research use of their activity, providing a rich source of data on which new studies and projects can be built.

The title of the paper is "Impact of heterogeneity and socioeconomic factors on individual behavior in decentralized sharing ecosystems."
http://www.eurekalert.org/pub_releas...-cep100814.php





BitHammer, the BitTorrent Banhammer

Its name is BitHammer. It searches out and bans BitTorrent users on your local sub-net.
Michael Cole

I'm a digital nomad. That means I travel and work, often using shared Wi-Fi. Over the last year, I've been plagued by rogue BitTorrent users who've crept onto these public hostpots either with a stolen/cracked password, or who lie right to my face (and the Wi-Fi owners) about it.

These users clog up the residential routers' connection tables, and make it impossible to use tools like SSH, or sometimes even web browsing. Stuck for a day, bullied from the Wi-Fi, I wrote BitHammer as a research project. It worked rather well. It's my first Python program. I hope you find it useful.
http://tech.slashdot.org/story/14/10...rent-banhammer





Sony Sets High Price Bar for Web TV
Claire Atkinson

Sony’s upcoming Internet-delivered TV service will carry 100 channels and a surprisingly high price tag of as much as $80 a month, The Post has learned.

The Japanese media and electronics giant is set to launch the service before year’s end as a way to goose sales of its Web-connected TV sets during the crucial holiday season.

But the price is on par with that of a traditional cable and satellite programming package and is on the high side for a so-called over the top service.

One source told The Post that the price would be around the $80 mark, while a second person said, “We hear its going to be competitive with a traditional basic cable package at between $60 to $65.”

Analysts predicted that Sony’s streaming service and another from Dish Network would be designed to appeal to consumers interested in less expensive programming options and would charge closer to $30 a month.

Sony last month revealed a big deal with Viacom to carry 22 of its channels, including MTV, Comedy Central and Nickelodeon. It has also held talks with Fox and Disney.

“They had huge ambitions of breaking up the bundle and being the champion of the consumer, but they’ve had no success in doing that and they’re licking their wounds,” said one source.

“They got creamed in negotiations.”

It is expected the new Web TV service will be made available over Sony’s PlayStation.
http://nypost.com/2014/10/05/sony-se...ar-for-web-tv/





Tying Up the Cable Business

Lobbying over Comcast’s bid to create a cable-TV behemoth is coming to a head

EMPLOYEES joining Comcast, America’s largest pay-television and internet provider, are given a copy of “An Incredible Dream”, a history of the company commissioned by the firm. On the cover is Ralph Roberts, its founder, standing with arms outstretched, like the Christ statue on Rio de Janeiro’s mountaintop. Comcast’s dramatic rise since 1963, when Mr Roberts bought a small cable system in Mississippi, is an inspirational American business story, and represents how tiny companies can become monumental ones. Today Comcast is run by Mr Roberts’ son, Brian, employs 140,000 people and has a market capitalisation of around $140 billion.

But when does “big” become “too big”? Regulators in Washington, DC, will have to decide. In February Comcast announced a $45 billion bid for Time Warner Cable (TWC), America’s second-largest cable company. Comcast has agreed to divest around a quarter of TWC subscribers voluntarily, leaving it with around 30% of the national pay-TV market and 40% of high-speed broadband should the deal go through, according to Moffett Nathanson, a research firm. Regulators at America’s Department of Justice and Federal Communications Commission (FCC) are reviewing the merger on antitrust grounds, with the FCC also assessing its impact on the public interest. They are expected to make a decision by early next year.

The deal would give more might to a firm that, besides the largest pay-TV and internet business in America has, thanks to its 2011 takeover of NBCUniversal, broadcast networks, cable channels, a film studio and other media assets. Most crucially, it would cede to Comcast more control over America’s high-speed internet, a buoyant business that is set to be the future conduit of content delivery, but one in which Comcast already faces less competition than in pay-TV. Comcast says it will invest more in broadband infrastructure and provide more low-cost internet access to the poor, but it is far from clear that the public will benefit from Kabletown (as Comcast was called in “30 Rock”, an NBC comedy about life inside NBC) turning into Kablecountry.

The way this giant deal is progressing reveals a lot about corporate America. On October 8th and 9th shareholders of both Comcast and TWC are expected to vote to approve the merger without hesitation. In doing so, TWC investors will be breezily signing off on an $80m golden parachute for Robert Marcus, who has been the firm’s boss for less than a year. The chief financial officer, chief technology officer and chief operating officer will receive a combined $55m for helping sell their company. If these numbers appeared in a fictional television drama, they might seem somewhat implausible.

To get its deal signed off by regulators Comcast has taken lobbying to new heights. Last year it spent around $19m on this, reckons the Centre for Responsive Politics, more than both Boeing and Lockheed Martin, two giant defence contractors. The firm has always made sure that the cord linking its Philadelphia headquarters to the government in Washington is taut. Brian Roberts has played golf with Barack Obama; David Cohen, Comcast’s chief lobbyist, has repeatedly had the president round for supper at his home. This week Mr Obama asked Joe Clancy to return from a stint as Comcast’s head of security to become acting head of the Secret Service.

Supporting America’s power-brokers can pay off. For example, Rahm Emanuel, the mayor of Chicago, publicly expressed his support for the merger, without mentioning the campaign contributions he received from Mr Cohen and other Comcast executives. Comcast’s roots are in cable, a business that depends on local-government relationships, and it knows how to win hearts. Since 1999 it has given away $145m to organisations in the areas it serves, a generous act but also a strategic one. It helps explain why organisations that would appear to have no stake in a national cable deal, such as the Virginia Holocaust Museum, have supported the bid.

There are grounds to worry that proper scrutiny of the proposed deal will be impaired because of “regulatory capture”, especially since Comcast has hired former regulators to advise it and lobby for it. For example, Meredith Attwell Baker, when an FCC commissioner, voted to approve Comcast’s bid for NBCUniversal in 2011. Four months later she left to join Comcast (she has since gone on to work for the wireless-telecoms lobby). “It is such a revolving door at the FCC and Congress that you can’t keep track of whether people are cable lobbyists or working in government,” says Marvin Ammori, a lawyer who represents technology firms. “People might expect that of defence and pharma, but not of their broadband providers.”

Likewise there are reasons to fear a sort of “journalistic capture”. Comcast owns two prominent cable-news channels, MSNBC and CNBC, and two broadcast networks with extensive news programming, NBC and Telemundo. Their newsrooms, which might otherwise have reported critically on such a big deal, have been largely silent. One CNBC reporter says he cannot dig into the story as he normally would, for fear of losing his job.

Reporters who want to investigate the deal struggle to find anyone who will comment publicly anyway. Since Comcast is already so large, few television stations want to speak out, because Comcast pays them lots of money to carry their channels. “It doesn’t make good business sense to argue against your biggest client,” explains one executive. In order to hear opponents’ honest opinions, the FCC has taken the unusual step of letting them give testimony in private—something it rarely does in a merger review.

Recently Comcast lashed out at some of its opponents, including Netflix, an online-video company, and Discovery, which owns television channels, accusing them of “extortion”. According to Comcast some firms have come forward seeking gifts in return for supporting the deal, which would have cost Comcast around $5 billion. This unsavoury favour-trading sometimes happens during a big merger process, as Comcast knows, given its battle to get the NBCUniversal deal through.

Some say that Comcast’s decision to criticise its competitors shows that Mr Cohen may be worried that the deal, which at first looked set to sail through, is running into trouble. Opponents have been heartened by recent negative noises from Tom Wheeler (pictured), now the FCC’s boss but formerly a leading lobbyist. For instance, in a recent speech he noted that already around three-quarters of Americans have no “competitive choice” when it comes to high-speed internet.

The outcome of this deal could influence the development of both the television and internet businesses in America. Comcast argues that there will be no loss of competition, since it does not compete with TWC in any market. That is true only because cable companies long ago divided the country among themselves. This deal highlights that custom: Comcast and a rival, Charter (which had wanted to buy TWC but was trumped by Comcast) are swapping subscribers in the places they want, much as they might trade cards in a game. The rest will be transferred to a newly formed firm, GreatLand Connections.

What matters most to Comcast and to consumers is broadband. Cable companies have strikingly little competition when it comes to delivering high-speed internet, because satellite companies do not offer fast internet speeds and telephone firms cap the amount of data that can be downloaded in return for the monthly fee. Letting Comcast buy TWC will not eliminate an existing competitor, but it could deter prospective ones in broadband and pay-TV, because they know they stand no chance of felling a giant.

Comcast’s power does not end there. If the deal is approved, it will control 17 of America’s 25 largest advertising markets, dominating the top ten (see chart). Comcast’s huge customer base will also give it a near-veto over innovations, such as which new channels can launch and which set-top-box technologies are adopted.

That Comcast owns some of the biggest television channels matters too, because of the potential for it to favour these over rival channels, or to charge other pay-TV operators unreasonable rates for its channels. Comcast also has an interest in seeing its impressive “cloud-based” set-top-box become the industry standard, so it can license the technology to other cable companies. TWC was reportedly close to a deal with Apple to distribute its set-top TV boxes, but talks stopped when Comcast announced its bid. They seem unlikely to resume if Comcast takes over TWC.

Comcast, like other pay-TV operators, is set on preserving the television ecosystem in its present form for as long as possible, whereas it is in the interest of consumers to see viable, cheaper alternatives take off. One potential competitor might have been Hulu, an online-video firm jointly owned by Comcast, 21st Century Fox and Disney. Comcast came by its stake when it bought NBCUniversal, but as a condition of that purchase regulators made Comcast agree not to intervene in Hulu’s operations. However, last year, when Hulu was put up for sale by Disney and Fox, insiders close to the deal have told The Economist that Comcast executives made it clear to Hulu’s other two owners that they would prefer not to see it go to AT&T, which, along with Chernin Group, an entertainment firm, had put in the highest bid.

Comcast denies any intervention. AT&T would have been able to make Hulu a viable competitor to Comcast’s pay-TV business. Ultimately Hulu stayed with its owners, who called off the sale.

In all, the reasons to oppose the Comcast-TWC deal are even more numerous than the number of unwatched channels a cable subscriber is forced to buy as part of the expensive “bundle”. Americans already pay more for television and internet than people in other rich countries, for slower internet speeds. Comcast would become the judge and jury on which new services and devices survive in the TV and internet businesses. Comcast would have incentives to favour its own channels and businesses, and policing it effectively would be a huge and complex job.

Regulators have the choice of approving or rejecting the deal outright, or approving it with conditions. It is not their only headache. The FCC also has to consider new “net neutrality” rules on whether broadband providers can favour certain types of online content or charge certain companies more for faster delivery. Craig Moffett, an industry analyst, says the FCC could decide to attach specific net-neutrality conditions to the Comcast deal, although others think a separate ruling is more likely before a merger decision is reached. Regulators also have to review AT&T’s proposed bid for DirecTV, a satellite-TV company, which it has made in direct response to Comcast’s deal. Other firms will inevitably follow too. In the media business sequels are all the rage.
http://www.economist.com/news/busine...tying-up-cable





Cable Industry Targets Millennials With Hip Astrorturf Effort
Karl Bode

A new group named "Onward Internet" popped up a few weeks ago, offering a sassy, sexy website that rather ambiguously discusses how the Internet is a "wild, free thing" that is "unbounded by limits" and "unfettered by rules." The website and accompanying video discuss how it's "everyone's responsibility" to protect the Internet. The group doesn't really explain what its purpose is, though after a few weeks ProPublica discovered that it's a new effort by the cable industry's biggest lobbying group, the NCTA.

The website asks visitors for their input on how to best protect the Internet. Employees of the group are also canvasing some city streets collecting user input. A chirpy Twitter account similarly asks for user input.

What is a cable-industry group targeting Millennials funded by the cable industry doing with this information? Likely collecting fodder in the campaign against Title II and/or net neutrality, if the industry's rich astroturfing history is any guide. Calling the organization's phone number suggests you get to find out next month:

"Sorry we can't come to the phone right now," the call-in greeting says. "We just got wind of the juiciest celebrity rumor and we're working to confirm it. So please leave your suggestion for the future of the internet at the beep and visit Onward Internet dot com next month to see what we've done with it."

Amusingly, ProPublica notes that the cable industry tried to dance around the fact they were behind the organization:

NCTA officials did not respond to questions about Onward Internet and would not confirm they're behind it. "What led you to the conclusion that this is an NCTA effort...?" asked Brian Dietz, a vice president for the organization, before he stopped responding to emails.

Later, that same spokesman admits cable is behind the group, but states they're really just looking for honest opinions:

"We know that network neutrality is important to Internet users and we share the vision that the Internet remains an open and unfettered experience for all to enjoy," he said in his statement. "We've kept NCTA's brand off Onward, Internet because we want to collect unbiased feedback directly from individuals about what they want for the future of the Internet and how it can become even better than it is today. The cable industry is proud of our role as a leading Internet provider in the U.S. but we feel it's important to hear directly from consumers about how they envision the future so we can work hard on delivering it."

One wonders how requests for an Internet free of duopoly control, aggressive usage caps, and protected by Title II reclassification will fare during the comment vetting process? We'll apparently get to see in a few weeks precisely what the cable industry will use your input for. Assuming that the cable industry doesn't scratch the effort entirely now that their involvement with it has been made clear.
https://secure.dslreports.com/showne...-Effort-130810





Providers Are Still Confused About Why You Want Faster Broadband
Phillip Dampier

It took Google Fiber to change the paradigm that you only need enough broadband speed to run the basics — anything extra is extravagant and unnecessary. At least that is the argument broadband providers continue to make when asked about speed upgrades.

“When Google announced it was offering a gigabit, everybody was (like), ‘Huh? What are you going do with that?'” said Heather Burnett Gold, president of the Fiber to the Home Council Americas.

Time Warner Cable and AT&T are in the process of finding out in both Kansas City and (soon) in Austin, Tex. But when you don’t have what the other guy is offering, providers predictably switch to the cheaper-than-upgrades-argument, ‘you don’t need it.’

Before Google Fiber began a serious advance into Time Warner Cable territories and the cable company’s top speed of 50/5Mbps became an embarrassing outlier, then chief financial officer Irene Esteves poo-poohed the notion that people need anything faster than what Time Warner was already delivering. Esteves told an investment-phobic crowd of Wall Street analysts at a Morgan Stanley Tech Conference everyone was happy with what they already had.

“We just don’t see the need of delivering that [gigabit speed] to consumers,” Esteves said back in 2013.

Comcast didn’t think much of speed upgrades either… until it did in its regulatory filings to acquire Time Warner Cable, where Comcast championed the fact it offers more speed upgrades than Time Warner Cable ever did. But who can forget Comcast repeatedly telling customers their speeds were fast enough, and with their then-ubiquitous 250GB usage cap, you couldn’t use faster speeds for that much anyway.

“For some, the discussion about the broadband Internet seems to begin and end on the issue of “gigabit” access,” David L. Cohen, Comcast’s executive vice president, wrote in an editorial in the summer of 2013. “The issue with such speed is really more about demand than supply. Our business customers can already order 10-gig connections. Most websites can’t deliver content as fast as current networks move, and most U.S. homes have routers that can’t support the speed already available to the home.”

(Today, Comcast touts it has new routers that will support the fastest speeds on offer from cable companies and promises Time Warner Cable customers long overdue speed upgrades.)

Other providers that cannot possibly compete with Google Fiber’s speed also like to change the subject.

The Wireless Cowboys blog, run by a Wireless Internet Service Provider (WISP), believes the real issue isn’t about speed at all.

“All of the discussions about ‘Gigabit Internet’ and coming up with uses for it focuses too much on the American obsession with ‘bigger, faster, moar!’ while obscuring what I feel are the more important issues of accessibility, affordability, choice of provider, freedom from data exploitation and dependency on the cloud,” wrote the editor.

Unfortunately for him, it isn’t the American obsession with ‘bigger, faster, moar’ that is the issue. It is just about everywhere else where nations are treating major broadband upgrades as a national priority, while we depend almost entirely on a barely competitive private sector to deliver upgrades most of them don’t believe we need in the first place.

Dan Tesch wrote in InformationWeek earlier this year he wants the United States to sit this one out.

“Even if Latvians enjoy faster connections than Texans (2.5 x faster), I’m really curious how broadband speeds of more than a few slowMbps for average households can have a material impact on the economy,” he writes. “A 6Mbps connection could easily support several home users simultaneously shopping on multiple e-commerce sites, downloading iTunes, streaming Spotify, and so on. Do Americans really need gigabit to the home?”

Back in the early 1990s, dial-up was plenty for the online applications of the day and faxing managed just fine at 9600bps over landlines, so why do we need more? Perhaps because dial-up is effectively dead to us and faxing has become quaint, like carrying cassettes in your car. Technology marches forward, and providers must follow (or preferably lead).

It is inevitable that faster broadband will drive development of new applications designed to take advantage of gigabit speeds as they become more common. That isn’t likely to happen for years in the United States and Canada, but those speeds are already becoming common in Europe and Asia. Where superfast broadband predominates, so shall high-tech app developers and other digital economy businesses. North America will be left behind until we finally catch up to Romania, Bulgaria, and South Korea.

The evidence is already there.

“I just returned from Stockholm where fiber connections are cheap and as available as running water,” said Susan Crawford, a visiting professor at Harvard Law School and author of “Captive Audience: The Telecom Industry & Monopoly Power in the New Gilded Age.” As a result, she said, developers there have “a digital sandbox to play in,” which means they are more likely to develop the next generation of software and hardware.

“Most people don’t really get it yet,” Synthia Payne, who moved from Denver to Kansas City, Kan., for a $70-a-month Google Fiber connection told the New York Times. She needed superfast broadband to develop an app called Cyberjammer that allows musicians around the world to jam online and in real-time. “People just haven’t conceived of what fiber will mean and how it will change the way we live and work.”

Brad Kalinoski and Tinatsu Wallace fled Time Warner Cable country in Los Angeles and moved to Wilson, N.C. They co-own Exodus FX, a company that provides special effects for commercials, television and feature films like “The Black Swan” and “Captain America.”

“We were doing so much business that we had to have increased bandwidth, so we started looking around and found Wilson,” said Kalinoski.

If they stayed in Hollywood, gigabit fiber broadband requires an extremely expensive commercial account with a substantial buildout/installation fee to reach the building and monthly charges starting at $1,500-3,000. Today, he pays Greenlight, Wilson’s publicly owned fiber to the building provider, $150 a month for gigabit access.

Any digital economy business dependent on fast Internet can see the economics, and often relocate.

“In New York, I pay four times as much as someone in Stockholm would pay for a connection that is 17 times as slow on the download and 167 times as slow on upload,” Crawford noted. “Most of us are paying enormous rents for second-class service.”

It’s the same in Seattle, where Eric Blank moved his 20-employee IT security firm from Seattle to Mount Vernon, Wash., which has its own fiber network. Blank could have kept paying CenturyLink or Comcast around $985 a month for vastly slower service or pay Mount Vernon for access to its public broadband service, which costs $250 a month. Blank told the New York Times he gets better service for his $250 in Mount Vernon than what he got at a higher price in Seattle.

Remarkably, for all the talk about why Americans don’t need faster Internet service, the moment a competitor starts selling it, the cheap talk turns into service upgrades (or at least press releases promising upgrades).

In Kansas City, speeds are rising not just because of Google Fiber. Akamai has found AT&T and Time Warner Cable are upgrading to deliver faster speeds as well.

We’re seeing faster speeds everywhere,” said David Belson, who authors the State of the Internet Report for Akamai. “Part of that is that the technology is improving to get better speeds out of existing networks, part of it is consumer demand, and part is the pressure that Google Fiber’s existence creates on everybody else.”

Today Time Warner Cable delivers 50Mbps for what it used to charge for 15Mbps service in Kansas City. AT&T has also boosted speeds of its U-verse service in many Kansas City neighborhoods, with promises to deliver gigabit speeds in Overland Park in the not-too-distant future.
http://stopthecap.com/2014/10/06/pro...ter-broadband/





Obama: I Want the FCC to Ban Paid Internet Fast Lanes

President is “unequivocally committed to net neutrality.”
Jon Brodkin

President Barack Obama yesterday said he is still “unequivocally committed to net neutrality” and that he wants the Federal Communications Commission to issue rules that prevent Internet service providers from creating paid fast lanes.

Pay-for-play is fine for Web users? That's not what the FCC said in 2010.

“There are a lot of aspects to net neutrality,” Obama said in response to a question at an event hosted by Cross Campus in Santa Monica, CA. “I know one of the things people are most concerned about is paid prioritization, the notion that somehow, some folks can pay a little more money and get better service, more exclusive access to customers through the Internet. That’s something I oppose. I was opposed to it when I ran; I continue to be opposed to it now.”

Obama pointed out that the FCC is “an independent agency” but said he wants the commission to prevent paid prioritization.

“My appointee, [FCC Chairman] Tom Wheeler, knows my position,” Obama said. “Now that he’s there, I can’t just call him up and tell him exactly what to do. But what I’ve been clear about, what the White House has been clear about, is that we expect whatever final rules to emerge to make sure that we’re not creating two or three or four tiers of Internet.”

Obama said in January that his own presidential campaign "was empowered by a free and open Internet" and that it wouldn't have been successful "if there were a lot of commercial barriers and roadblocks."

Waiting for FCC action

Under previous chairman Julius Genachowski, the FCC issued net neutrality rules in 2010 that banned “unreasonable discrimination” by Internet service providers. The 2010 order didn’t ban fast lanes outright but noted, “It is unlikely that pay for priority would satisfy the 'no unreasonable discrimination' standard."

A federal appeals court struck those rules down this year, saying that the FCC imposed common carrier obligations upon broadband providers without first reclassifying them as common carriers. ISPs are opposed to such reclassification, which would open them up to utility-style regulation under Title II of the Communications Act.

The FCC voted for a net neutrality proposal in May that does not reclassify ISPs. Wheeler has insisted that Title II is still “on the table,” but he hasn’t issued a final proposal.
http://arstechnica.com/tech-policy/2...et-fast-lanes/





In Net Neutrality Discussion, Lawsuits Loom Large
Edward Wyatt

After discussion and debate at six Federal Communications Commission roundtables stretching over 24 hours, a consensus has finally emerged on net neutrality: Whatever rules the F.C.C. adopts, someone will take it to court.

That was the judgment on Tuesday of the final two panels in the commission’s effort to examine the economic, technological and legal aspects of its net neutrality authority.

“There will be blood,” said Tim Wu, a Columbia University law professor who coined the term network neutrality in a 2003 academic paper. Which is to say, he added, “there will be litigation.”

Others concurred. “The chance is pretty slim that litigation will be avoided,” said Pantelis Michalopoulos, a partner at Steptoe & Johnson who has worked on net neutrality proposals for AOL.

Gus Hurwitz, assistant professor at the Nebraska College of Law, agreed, saying, “Litigation is probably inevitable.”

What the panelists did not agree on was the best way for the F.C.C. to structure its rules for net neutrality, the concept that all Internet traffic should be treated equally, with no type of traffic being favored over another as it makes its way from a provider to a consumer.

Mr. Wu, for example, firmly held that the best way for the F.C.C. to ensure an open Internet was for it to invoke its full authority under Title II of the Communications Act.

To do so, the F.C.C. would have to reclassify Internet service as a telecommunications service, a change from its current status as a Title I information service. The difference between the two is that the commission has more authority to regulate under Title II, which also covers utilitylike services, like traditional telephone service.

To some, that would cause big problems.

“Title II would be a bonanza for attorneys,” said Thomas J. Navin, a partner at Wiley Rein. “But not for innovators.”

Mr. Navin favored drawing up net neutrality rules based on Section 706 of the Telecommunications Act of 1996. That is the part of the law that a federal appeals court cited in January, when it struck down the previous rules, as the likely source of F.C.C. authority.

Nuala O’Connor, president and chief executive of the Center for Democracy & Technology, was one of several participants who favored a hybrid approach, using elements of both Title II and Section 706 to outlaw blocking of and discrimination against web applications by Internet service providers.

But focusing on whether or not a given approach is more likely to attract litigation “is not the way to make a rule,” Ms. O’Connor said. “We should look at the principles we are concerned about and act.”

Mark Cooper, director of research for the Consumer Federation of America, who also favors a hybrid approach to net neutrality rules, agreed.

“Nobody should make a decision based on whether or not there will be litigation,” he said. “Because there will be litigation.”
http://bits.blogs.nytimes.com/2014/1...ts-loom-large/





Caught by FCC for Wi-Fi Jamming, Marriott's Still Not Sorry.
Adriana Lee

The message from the Federal Communications Commission is loud and clear: Do not mess with people’s access to the Internet. That's a lesson it's trying to teach the wireless carriers and, it turns out, hotels too.

According to the FCC, Marriott's Gaylord Opryland Hotel and Convention Center intentionally used Wi-Fi jamming tactics on its own guests. The interference made it impossible for people to use their own personal hotspots, leaving Marriott's costly Wi-Fi as the only other option. In response to the investigation, the hotel agreed Friday to pay a penalty of $600,000 and promised to stop its signal-blocking activities.

But that's as close as it has come to an apology.

Despite getting caught in this mafia-worthy shakedown and consenting to pay the fine, the hotel doesn't admit any wrongdoing. Instead, it offers this excuse: We're squashing guests' Wi-Fi because we care about our security and theirs.

According to the FCC’s filing, the Marriott location's Wi-Fi-blocking activities were discovered last year, when an event attendee noticed the dead zone in the hotel's convention center.

[A] complainant alleged that the Gaylord Opryland was “jamming mobile hotspots so that you can’t use them in the convention space.” Marriott has admitted that one or more of its employees used containment features of a Wi-Fi monitoring system at the Gaylord Opryland to prevent consumers from connecting to the Internet via their own personal Wi-Fi networks.

CNN reports that Marriott didn't use a typical wireless-signal jammer, which the FCC defines as a radio frequency device that illegally interferes or impedes with "authorized radio communications." The news outlet spoke to a senior FCC official, who said that staffers used the hotel's own Wi-Fi system to interfere and dampen outside signals.

However, details in the commission's filing clearly shows that some specialized equipment from a third-party vendor was used:

Marriott operates a Wi-Fi monitoring system manufactured by a third party that was installed at the Gaylord Opryland. Among other features, the system includes a containment capability that, when activated, will cause the sending of de-authentication packets to Wi-Fi Internet access points that are not part of Marriott’s Wi-Fi system or authorized by Marriott and that Marriott has classified as “rogue.

Either way, the result is the same: All Wi-Fi, other than Marriott's own, was blocked. And its fee for access ran up to a hefty sum—as much as a thousand dollars in the conference center.

"It is unacceptable for any hotel to intentionally disable personal hotspots while also charging customers and small businesses high fees to use the hotel's own Wi-Fi network," FCC Enforcement Bureau Chief Travis LeBlanc said in a statement. "This practice puts customers in the untenable position of either paying twice for the same service or forgoing Internet access altogether."

According to Recode, a Marriott rep shrugged off the accusation with this excuse: Jamming external Wi-Fi signals protects the hotel's own “from rogue wireless hotspots that can cause degraded service, insidious cyber-attacks and identity theft." The rep went on to say:

Like many other institutions and companies in a wide variety of industries, including hospitals and universities, the Gaylord Opryland protected its Wi-Fi network by using FCC-authorized equipment provided by well-known, reputable manufacturers.

That's not exactly a mea culpa. Signal interference amid numerous wireless connections can be an issue, but when it comes to security, piling loads of strangers onto a single network usually poses more risks, not less. As for the "everyone else is doing it" excuse, Marriott may not realize that the FCC doesn't take too kindly to that. (Just ask Verizon Wireless.)

To cap it off, the rep added that Marriott's activities didn’t break any laws, and that's not quite true.

The company agreed to pay the $600,000 penalty—a slap on the wrist for a corporation that earns billions—but more importantly, the hotel agreed to cease all jamming activities. It will also submit compliance reports for the next three years, which should put an end to these shenanigans.

Taking aim at a hotel's Wi-Fi manipulation is a first for the FCC. But now that the issue is on the feds' radar, this may not be the last time it scrutinizes the industry.

Hotels in general appear to have a love-hate affair with connected technology. Hilton and Starwood seem to embrace it. Both are reportedly eager to finally let guests skip the check-in desk and unlock doors with their phones. That's a scenario tech companies have been promising for years now. Marriott itself also tries to cater highly connected business guests. And in some of its properties, the chain doesn't even charge for broadband at all.

But the old lodging business has seen newcomers like AirBnB enter the fray and connected gadgets chip away at its profits from ancillary services. Our phones, tablets and laptops can now handle things people used to rely on—and pay—hotels to supply.

For all their cash, the Marriotts of the world might be looking at their vast coffers and wondering how much bigger they could've been, if those devices hadn't stepped in to provide an array of services.

• Phone calls (of course)
• Premium TV: Netflix, Hulu, Amazon Prime and even streaming from your own TiVo recordings easily replace on-demand movies and even some premium sporting events.
• Room service: It used to be a treat, but now it seems like a relic in the post-Seamless and Eat24 world.
• Laundry and dry cleaning pick-up: Washio, Postmates and mobile sites of local cleaners themselves offer pick-up and delivery.
• Honor bar: Apps like Instacart can deliver booze to your door—maybe even for a better value than the overpriced tiny bottles in that compact fridge.
• And, of course, Internet access.

Thanks to 4G technology and the mobile carriers' push to build out their networks, hotspots have become viable alternatives for hotel Wi-Fi in many areas of the country. They might even be better, if you're in a busy hotel overloaded with hundreds of guests.

That is, assuming the hotel doesn't put a hit out on your hotspot.
http://readwrite.com/2014/10/04/marr...i-internet-wtf





US Says it Can Hack Into Foreign-Based Servers Without Warrants

Feds say it would have been "reasonable" for FBI to hack into Silk Road servers.
David Kravets

The US government may hack into servers outside the country without a warrant, the Justice Department said in a new legal filling in the ongoing prosecution of Ross Ulbricht. The government believes that Ulbricht is the operator of the Silk Road illicit drug website.

Monday's filing in New York federal court centers on the legal brouhaha of how the government found the Silk Road servers in Iceland. Ulbricht said last week that the government's position—that a leaky CAPTCHA on the site's login led them to the IP address—was "implausible" and that the government (perhaps the National Security Agency) may have unlawfully hacked into the site to discover its whereabouts.

Assistant US Attorney Serrin Turner countered.

"In any event, even if the FBI had somehow 'hacked' into the SR Server in order to identify its IP address, such an investigative measure would not have run afoul of the Fourth Amendment," Turner wrote. "Because the SR Server was located outside the United States, the Fourth Amendment would not have required a warrant to search the server, whether for its IP address or otherwise."

Turner added, "Given that the SR Server was hosting a blatantly criminal website, it would have been reasonable for the FBI to 'hack' into it in order to search it, as any such 'hack' would simply have constituted a search of foreign property known to contain criminal evidence, for which a warrant was not necessary."

The prosecution's papers were in response to Ulbricht's defense team crying foul on the government's explanation of how they discovered the servers. Experts suggested that the FBI didn't see leakage from the site's login page but contacted the site's IP directly and got the PHPMyAdmin configuration page. That raises the question of how the authorities obtained the IP address and located the servers.

"Thus, the leaky CAPTCHA story is full of holes," said Nicholas Weaver, a University of California, Berkeley computer scientist who analyzed traffic logs the government submitted as part of the case.

The authorities also disputed assertions that they found the servers through illegal wiretapping.

"However, no wiretap of any kind was used in the FBI’s investigation—let alone any wiretap intercepting Ulbricht’s communications," Turner wrote. "Indeed, Ulbricht did not even become a suspect in the FBI’s investigation until well after the SR Server was searched. Hence, no information collected from or about Ulbricht, through a wiretap or otherwise, was ever used to locate the SR Server."

The underground drug website Silk Road was shuttered last year as part of a federal raid, and it was only accessible through the anonymizing tool Tor. The government alleges that Ulbricht, as Dread Pirate Roberts, "reaped commissions worth tens of millions of dollars” through his role as the site's leader. Trial is set for next month. Ulbricht has pleaded not guilty.
http://arstechnica.com/tech-policy/2...hout-warrants/





Jitters Over US Surveillance Could Break the Internet, Tech Leaders Warn

Loss of trust in Internet companies could lead to protectionism and a splintered Internet, they say
Stephen Lawson

Overly broad U.S. government surveillance is breaking down trust on the Internet in ways that could hurt users everywhere and make it harder to launch new kinds of services, tech executives told a U.S. senator pushing for reforms.

Revelations about National Security Agency (NSA) monitoring are leading foreign governments to consider erecting barriers against the global Internet and requiring their citizens' data be stored in the same country, according to Sen. Ron Wyden, a Democrat from Oregon, and tech leaders who joined him at a roundtable in Palo Alto, California.

Wyden gathered executives from Google, Facebook, Microsoft, Dropbox and venture capital firm Greylock Partners in a high school gym to talk about the economic impact of U.S. digital surveillance as it affects international attitudes toward American Internet companies. Wyden said he supports surveillance where necessary but is worried about "dragnet" spying such as the wholesale collection of phone records. That kind of spying is turning users against U.S. companies, he said. "This is going to cost America jobs," Wyden said.

The breakdown of trust is bad not just for well-known American tech companies but for anyone trying to start or operate a Web-scale business, executives said.

"The simplest outcome is that we're going to end up breaking the Internet," said Eric Schmidt, Google's executive chairman. A splintering of the Internet would have costs in terms of science, knowledge, jobs and other areas, he said.

The Internet was designed to work without borders and can't reach its full potential with barriers between countries, said Colin Stretch, Facebook's general counsel. The result of data localization for most consumers would be a slower Internet experience and less personalized services, because Internet companies couldn't take advantage of economies of scale.

"It costs more to run a network where you have to put data centers around the world," Stretch said. In time, higher costs could prevent the Internet from reaching people in poor countries who aren't connected yet, he said.

It's also bad news for smaller companies, according to Ramsey Homsany, general counsel at Dropbox. If a two-person startup had to build a data center in Germany just to serve customers there, it would never get off the ground, he said.

But U.S. tech companies have concerns for their own business, too. Protectionism against U.S. Internet products may be heightened because Internet services are so close to consumers' lives, Schmidt said.

"It's a harder problem to solve because it's seen as personal," he said. "We're very concerned that there will be a sort of 'Buy European' movement."

Wyden thinks Congress will pass the USA Freedom Act, an NSA reform bill with strong tech-industry support, this year. But before that can happen, it will have to get onto a congressional calendar that isn't yet written, he said.

The House passed a watered-down version of the USA Freedom Act in May, but several senators have pushed for a strengthened version that they say would end the NSA's bulk collection of U.S. phone records. The Senate hasn't passed the bill yet.

Microsoft Executive Vice President and General Counsel Brad Smith says reform should move ahead despite everything else Congress has on its plate.

"We need to resolve that we will not allow the dangers of the world to freeze this country in its tracks," Smith said. "We need to recognize that antiquated laws will not keep the public safe."
http://www.itworld.com/security/4408...h-leaders-warn





Europe Digital Nominee Demands Stronger U.S. Data Rules
Mark Scott

Europe may suspend data-sharing agreements with the United States if American policy makers do not improve how Europeans’ online information is protected, according to Andrus Ansip, the nominee to lead Europe’s digital agenda.

His statements could have major implications for American tech giants like Google and Facebook, which routinely compile data generated by their European customers through web searches and other online activities. Those companies’ data policies have come under greater scrutiny in Europe in the wake of the revelations about spying by the National Security Agency, using online data.

Mr. Ansip, 58, said that the United States still had to convince European lawmakers that it took a hard line on data protection.

“Americans have to deliver and provide real trust to European citizens,” Mr. Ansip, a former prime minister of Estonia, said during a three-hour hearing in Brussels on Monday.

In reference to the so-called safe harbor agreement between Europe and the United States, which allows American tech companies to move Europeans’ data to America as long as the companies uphold the same privacy rules, he added: “If we don’t get clear answers, suspension has to stay as an option.”

Mr. Ansip’s comments follow similar warnings by other European politicians, who have criticized the United States for taking a relatively lax approach to online privacy. In response, American officials, particularly those at the Federal Trade Commission who oversee the safe harbor agreement, say they regularly fine companies that flout the rules.

The public hearing on Monday was part of two weeks of questions at the European Parliament in which lawmakers have questioned the prospective new members of the European Commission, the executive arm of the European Union that will start work on Nov. 1.

If he becomes chief of Europe’s digital agenda, Mr. Ansip — who led Estonia, one of the world’s most digitally advanced countries, for nearly a decade — will most likely have to tackle reforms of the Continent’s privacy rules and efforts to build digital collaboration across the 28-member bloc.

He would also be in charge of completing an overhaul of Europe’s digital rules — call the Connected Continent proposals — that are aimed at creating one single digital market across the European Union. These are expected to be completed early next year.

During the lengthy hearing on Monday, Mr. Ansip regularly emphasized that the protection of people’s online data was his most important goal.

“We have to protect everyone’s privacy,” he said. “Trust is a basic principle. If people can’t trust e-services, they will never use them.”

As part of this online privacy push, Mr. Ansip said he backed efforts by some European politicians to create a so-called charter of Internet rights, a legally binding document that would outline people’s digital freedoms. A similar law was recently passed in Brazil.

The proposed new European commissioner also supported plans to impose so-called net neutrality rules, which are based on the principle that everyone should have equal access to online content. Local lawmakers recently passed legislation proposing that no company could charge for better access to their networks.

But in a slight opening for European telecommunications and broadband operators, which would like to charge more for improved Internet access, Mr. Ansip said that they could offer different services as long as basic Internet access was not affected.

“Higher prices for higher speeds are acceptable, but not at the price of others,” he said.

For a politician whose own country won independence from the Soviet Union only in the early 1990s, Mr. Ansip took a somewhat hard line on efforts to control how information was spread online.

In response to questions about Europe’s so-called right to be forgotten, which allows people to ask search engines like Google to remove links to online information about them, he said keeping information public was important.

“The right to be forgotten has to stay as an exception,” Mr. Ansip said.
http://bits.blogs.nytimes.com/2014/1...-s-data-rules/





National Crime Agency Director General: UK Snooping Powers are Too Weak

Exclusive: Crime agency boss says he needs to persuade public to reduce digital freedoms
Vikram Dodd

Britons must accept a greater loss of digital freedoms in return for greater safety from serious criminals and terrorists in the internet age, according to the country’s top law enforcement officer.

Keith Bristow, director general of the National Crime Agency, said in an interview with the Guardian that it would be necessary to win public consent for new powers to monitor data about emails and phone calls.

Warning that the biggest threats to public safety are migrating to the internet and that crime fighters are scrambling to keep up, the NCA boss said he accepted he had not done a good enough job explaining to the public why the greater powers were necessary.

“What we have needs to be modernised … we are losing capability and coverage of serious criminals.”

But the boss of the organisation known informally as Britain’s FBI warned that support must be gained from the public for any new powers that would give the state greater access to communications data, dubbed the “snoopers’ charter” by critics.

He said: “If we seek to operate outside of what the public consent to, that, for me, by definition, is not policing by consent … the consent is expressed through legislation.”

He added that it was necessary to win “the public consent to losing some freedoms in return for greater safety and security”.

Last week the home secretary, Theresa May, backed the introduction of greater mass surveillance powers, and committed the Conservatives to implementing the communications data bill that had been blocked by the Liberal Democrats amid protests over civil liberties.

Bristow warned it would be wrong to grant the greater powers to access email and call data without public agreement. Some may see that as an implicit criticism of how previous secret mass surveillance powers, revealed by the US whistleblower Edward Snowden, were enacted.

The NCA boss said Snowden’s leaks, principally to the Guardian, were a betrayal. He said he thought the concerns about excessive government invasion of privacy and secret mass surveillance programmes were legitimate. But he thought once the need for greater surveillance was explained, the public would understand. Bristow said loss of privacy concerned him too: “I recognise there is a tension and a balance.”

Bristow accepted that it would be harder now to win support for greater surveillance powers. “The Snowden revelations have damaged public confidence in our ability, whether it’s law enforcement or the intelligence agencies, to access and use data in an appropriate and proportionate way.”

The National Crime Agency was set up by the coalition to spearhead the national response to serious and organised crime. It has been called Britain’s version of America’s FBI with ministers considering giving it even greater powers and handing it the lead role in counter terrorism. It replaced the Serious and Organised Crime Agency, which was beset by problems from its birth.

Bristow’s seniority as head of the NCA is such that he has the power in law to direct the work of other police chiefs, including Sir Bernard Hogan-Howe, the Metropolitan police commissioner.

Bristow insisted his agency had got off to a strong start. In the interview he told the Guardian that:

• A series of scandals such as allegations of corruption in the handling of the Stephen Lawrence case had left policing’s reputation damaged and lower than it had been in years. “I think our stock … the esteem in which we are held … is in my judgment not where it was a few months or years ago,” he added.

• He could see “advantages” if the government stripped Scotland Yard of its leadership of the fight against terrorism, as the capabilities and tactics in fighting organised criminals and terrorists are often the same.

• The US pullout from Afghanistan was predicted by his experts to lead to an increase in the amount of heroin heading to Britain’s streets.

Speaking before the home secretary’s conference speech, Bristow argued that cybercrime posed a threat to Britain’s national security and way of life, and that powers he had to investigate criminals using modern technology were inadequate and needed boosting.

Bristow said law enforcement organisations investigating suspected paedophiles and drug and human traffickers were now operating in a digital world, and needed the ability to prove a communication took place between identified persons at a particular time and place. “We are running some very serious risks. This is about public safety – we need the powers to do our job in a digital age. We need to set out our case,” he added.

Bristow said cybercrime posed a direct threat to national security, and even to Britain’s way of life. The NCA was leading new ways to tackle cybercrime: ”Some of the cybercriminals we are dealing with, it’s not as easy as finding a door that we can kick in.”

The NCA launched in October last year, led by Bristow. He was for some a surprise choice of the job, having previously been the chief constable of the small Warwickshire force.The government is considering stripping the Met of its national lead in counter-terrorism and handing it to the NCA. In the interview Bristow for the first time commented on the advantages of such a radical shake up, which Scotland Yard is resisting. He said terrorists and organised criminals often operate in the same way and that “the tactics of law enforcement to tackle these people are often the same”.

Bristow, formerly chief constable of the small Warwickshire force, said that in a time of austerity it would be sensible to look at shared capabilities with Scotland Yard to tackle the twin threats. “The judgment that will need to be made is how do we get best effect out of our collective effort against terrorists and organised criminals … the strategic national threats that can’t be tackled in isolation.”

Asked if he sees advantages for terrorism and organised crime fighting being led by the same organisation, Bristow said: “I can see advantages for shared capability.”

Bristow said NCA experts were also predicting a spike in heroin heading to the UK from Afghanistan after US forces pull out from the war-torn country later this year. Heroin from Afghanistan accounts for 90% of the class A drug on Britain’s streets: “We are predicting … that the availability and purity of Afghan heroin may well go up.” The director general is answerable directly to Theresa May – leading some in the police to suggest that in effect the NCA is a national police force directly under the control of government. But Bristow said he was not under government’s control, saying the home secretary had a democratic mandate to set the NCA’s priorities and budget, and he directed its operations.
http://www.theguardian.com/uk-news/2...orism-crime-uk





Federal Bureau Seeks Sac State Students for Service
Elizabeth Zelidon

Sacramento State students with limited leadership positions, language skills or who download content off the Internet may not be eligible for the FBI’s recruitment standards.

On Monday, Sac State’s Career Center welcomed the FBI for an informational on its paid internship program where applications are now being accepted. One of the highly discussed topics in the presentation was the list of potential traits that disqualify applicants.

This list included failure to register with selective services, illegal drug use including steroids, criminal activity, default on student loans, falsifying information on an application and illegal downloading music, movies and books.

FBI employee Steve Dupre received questions ranging from the use of cell phone apps to download free music , to Spotify and other means of retrieving music.

“If you’re doing that, stop doing it.” Dupree said.

He explained how the FBI will ask people during interviews how many songs, movies and books they have downloaded because the FBI considers it to be stealing.

During the first two phases of interviews, everything is recorded and then turned into a report. This report is then passed along to a polygraph technician to be used during the applicant's exam, which consists of a 55-page questionnaire. If an applicant is caught lying, they can no longer apply for an FBI agent position.

“If you are accepted to intern at FBI and fail the polygraph you can no longer apply to FBI again.” Dupre said.

Dupre listed law, accounting, computer science, engineering and languages as the types of leadership positions and majors that are specifically sought out for.

“Grades are not an end all but get a 3.0 and get involved in campus. Hold a position in a club, community service, and be careful with your social media,” Dupre said.

These are the leadership skills that distinguish an applicant from most competitive to least. Students must also demonstrate experience in oral and written communication, initiative and motivation, adaptability and flexibility, and organizing, planning and prioritizing.

Dupre ended the presentation by mentioning how two Sac State students, whose identities could not be released, were recently hired into the program. One was a psychology major and the other government.

Although it is a long process into the FBI, Dupre encouraged students to apply to the internship program and start changing their actions now so it can benefit them in the future.

To apply to the FBI internship program visit www.fbi.gov or for more information contact Steve Dupre at fbiapps@gmail.com. Applications are available the first few weeks of October.
http://www.statehornet.com/news/fede...a4bcf6878.html





Politicians Cynically Using JP Morgan Hack To Try To Pass Laws To Diminish Your Privacy
Mike Masnick

So, as you probably heard last week, JP Morgan revealed more details of how it had been hacked, noting that the number of households impacted shot up to 76 million, thus impacting a pretty large percentage of Americans. The hack involved getting access to customer names, addresses, phone numbers and emails. It doesn't appear to have gotten anything else, but that's plenty of information to run some sophisticated phishing attacks that could lead to some serious problems. It's expected that the fallout from this could be quite long lasting.

Almost immediately, politicians leapt into action... but not in any good way. They're cynically using this as an excuse to push questionable cybersecurity legislation. Specifically, Senator Angus King used it to push CISA, a bill that actually undermines privacy, rather than protect it, by giving companies incentives to share info more freely, opening up greater opportunities for leaks and breaches. CISA gives those companies a blanket get-out-of-jail-free card by taking away any liability in sharing such info.

What no one explains is how something like CISA would actually have helped stop the JP Morgan hack. That's because it wouldn't have helped. Congressional supporters of cybersecurity legislation keep playing the "something must be done!" card, without ever bothering to explain how the something (CISA) will actually help. They just make vague promises that by somehow letting companies share info without liability, we'll magically all be better protected. Given the recent revelations about how government has regularly abused access to information, it's hard to accept the "just trust us" explanation for why companies should just hand over more information.

Even worse is that King went for the FUD-based "cyber Pearl Harbor" claim -- one that's been trotted out regularly, usually by intelligence community folks who just want access to your data, when the reality is that even James Clapper has admitted that there's little real chance of such a thing happened. But that doesn't stop King:

“Congress must work to pass legislation that will improve our capabilities and protect us against more attacks like these,” King added. “The next Pearl Harbor will be cyber, and shame on us if we're not prepared for it.”

Okay, sure. Shame on us if we're not prepared, but how will this law help us prepare for it? This is a question that no one in Congress seems willing to answer. They just insist we have to "do something."

King wasn't the only one:

Sen. Ed Markey called the hack “yet another example of how Americans’ most sensitive personal information is in danger.”

"It is time to pass legislation to protect Americans against these massive data breaches,” he added.

Rep. Yvette Clarke tweeted that the U.S. “must keep up on cybersecurity.”

Right, but again, how will the proposed law actually help? The problem is that no one answers because the truth is that it's unlikely to actually help keep companies and your data secure, though it might just make it easier for the intelligence community to get their hands on your data.
https://www.techdirt.com/articles/20...-privacy.shtml





Adobe is Spying on Users, Collecting Data on Their eBook Libraries
Nate Hoffelder

Adobe has just given us a graphic demonstration of how not to handle security and privacy issues.

A hacker acquaintance of mine has tipped me to a huge security and privacy violation on the part of Adobe. That anonymous acquaintance was examining Adobe’s DRm for educational purposes when they noticed that Digital Editions 4, the newest version of Adobe’s Epub app, seemed to be sending an awful lot of data to Adobe’s servers.

My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.) Edit: Adobe responded Tuesday night.

And just to be clear, I have seen this happen, and I can also tell you that Benjamin Daniel Mussler, the security researcher who found the security hole on Amazon.com, has also tested this at my request and saw it with his own eyes.

Update: I can now report that Ars Technica has independently confirmed many of the details in this post.

Update: Liza Daly of Safari Books has confirmed some details:

I can confirm that AD4 (OSX) is sending reading data even for non-DRMed EPUBs. Can’t confirm it searching my drive. pic.twitter.com/5MaUYQWKOi

— Liza Daly (@liza) October 7, 2014


Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.

I am not joking; Adobe is not only logging what users are doing, they’re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything,

But wait, there’s more.

Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.

In. Plain. Text.

And just to be clear, this includes not just ebooks I opened in DE4, but also ebooks I store in calibre and every Epub ebook I happen to have sitting on my hard disk.

And just to show that I am neither exaggerating nor on drugs, here is proof.

The first file proves that Adobe is tracking users in the app, while the second one shows that Adobe is indexing my ebook collection.

The above two files were generated using data collected by an app called Wireshark. This nifty little app can be used to log all of the information that is sent or received by your computer over a network. Muussler and I both saw that data was being sent to 192.150.16.235, one of Adobe’s IP addresses. Wireshark logged all of the data sent to Adobe, and on request spat out the text files.

This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects.

On a technical level, this kind of mistake is not new. Numerous apps have been caught sending data in clear text, and others have been caught scraping data without permission (email address books, for example). What’s more, LG was caught in a very similar privacy violation last November when one of their Smart TVs was shown to be uploading metadata from a user’s private files to LG’s servers – and like Adobe, that data was sent in clear text.

I am sharing these details not to excuse or justify Adobe, but to show you that this was a massively boneheaded stupid mistake that Adobe would have seen coming had they had the brains of a goldfish.

As for the legal aspects, I am still unsure of just how many privacy laws have been violated. Most states have privacy laws about library books, so if this app was installed in a library or used with a library ebook then those laws may have been violated. What’s more, Adobe may have also violated the data protection sections of FERPA, the Family Educational Rights and Privacy Act, and similar laws passed by states like California. (I’m going to have to let a lawyer answer that.)

And then there are the European privacy laws, some of which make US laws look lax.

Speaking of Europe, the Frankfurt Book Fair is coming up later this week. Adobe will be exhibiting at the trade show, and something tells me they will not be having a nice trip. (I for one hope that the senior management is detained for questioning.)

In any case, I would highly recommend that users avoid running Adobe’s apps for the near future – ever again, for that matter. Luckily for us there are alternatives.

Rather than use Adobe DE 4, I would suggest using an app provided by Amazon, Google, Apple, or Kobo. Amazon uses the Kindle format, and each of the last three ebook platforms uses their own unique DRM and Epub (-ish) file format inside their apps. (While Google and Kobo will let you download an ebook which can be read in Adobe DE, that DRM is not used internally by either Kobo or Google.)

None of those 4 platforms are susceptible to Adobe’s security hole. Of course, I can’t say for sure whether those platforms are more secure and private than Adobe’s, but I’m sure they will be made more secure in the next few weeks.
http://the-digital-reader.com/2014/1.../#.VDQhI_ldWYA





Using the Windows 10 Technical Preview? Microsoft Might be Watching Your Every Move to Help with Feedback
Zac Bowden

One of the main goals with the Windows 10 Technical Preview is for Microsoft to collect feedback to help shape the final version of the operating system, which is said to be coming sometime in summer 2015. The Technical Preview requires users to register with the Windows Insider Program, which allows users to submit their own feedback about the operating system... but is Microsoft collecting more than what you think you're submitting?

Taking a closer look at the Privacy Policy for the Windows Insider Program, it looks like Microsoft may be collecting a lot more feedback from you behind the scenes.

Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks. Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage.

This isn't the only thing Microsoft is collecting from Insider Program participants. According to the Privacy Policy, the company is collecting things like text inputted into the operating system, the details of any/all files on your system, voice input and program information.

One of the more interesting bits of data the company is collecting is text entered. Some are calling this a keylogger within the Windows 10 Technical Preview, which isn't good news. Microsoft is collecting data on text entered as is it trying to improve auto correct within the system, however I don't think many users will be happy with Microsoft watching text being inputted into the system. One concern would be whether or not Microsoft can see when you input a password or bank details.

Is there a way to turn this feedback collecting off? We're not sure. You could attempt to leave the Windows Insider Program, however we're unsure if that turns off all feedback collected in the Windows 10 Technical Preview. The only way you could be sure of this is going back to Windows 8.1 for now.

Not too long ago, Mary Jo Foley from ZDNet talked about a new way Microsoft is collecting feedback. She claims Microsoft has developed a "real-time telemetry system" which can "see in near real-time what's happening on users' machines." So it looks like Microsoft could be watching your every move.

This isn't too much of a big deal for users who are casually testing the operating system, but for hardcore enthusiasts who have opted to use the Windows 10 Technical Preview as their main operating system for the time being, this could be a little worrying. It's highly unlikely that the final version of Windows 10 will include data collection of this sort, or so we'd hope.

One of the biggest complaints with the development of Windows 8 was how Microsoft didn't listen to feedback. Now with Windows 10, Microsoft is listening to feedback more than ever... Maybe a little too much?

Update: We must stress that the feedback being collected in the Windows Technical Preview will only occur within the Technical Preview period. Once Windows 10 launches to the public as RTM, the data Microsoft collects will be removed from the operating system. This isn't a permanent feature within Windows 10, and therefore should not be a concern to your average Joe.

Microsoft has issued a response to WinBeta, but did not clarify anything. This is what they said:

The Windows 10 Technical Preview is a pre-release build of the OS designed for testing, evaluation and feedback. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure. For example, all data sent from the Windows 10 Technical Preview to Microsoft is encrypted in transit and we store the personal information you provide on computer systems that have limited access and are in controlled facilities.

Once you download Tech Preview and become a member of the Windows Insider Program, you provide information about how you use the product, including what devices you use it with, along with your detailed feedback to make adjustments before we launch the product.

http://www.winbeta.org/news/using-wi...-help-feedback





Secret Ad Beacon Network Uncovered, Shut Down in New York City
Colin Neagle

The discovery of secret beacons installed in New York City pay phone booths opens up some questions.

For almost a year, a company called Titan has operated a network of advertising beacons, devices that are capable of identifying nearby smartphones and which are often used to push advertisements and information to them, installed within pay phone booths throughout New York City without the knowledge of its residents, BuzzFeed News reported today.

BuzzFeed discovered the beacons with an Android app called iBeacon Detector, which shows information about beacons operating within reach of the device on which the app is installed. With the app, BuzzFeed uncovered more than 13 of Titan's beacons operating "on a 20-block stretch along Broadway and Sixth Avenue" in Manhattan. A spokesman for New York City’s Department of Information Technology and Communications (DoITT) told BuzzFeed that Titan had installed about 500 of the devices throughout the city.

Titan told the DoITT in 2013 that the beacon project was intended "for maintenance purposes only," according to BuzzFeed. The department permitted the project without a formal review process, and Titan installed the devices between September and November of last year. The DoITT has received criticism for declining to inform the public about the project from both public interest groups and other companies in the beacon industry.

Since the report was published this morning, a spokesman for New York Mayor Bill de Blasio told BuzzFeed that the city of New York has ordered Titan to remove the beacons from the phone booths.

The full report, which provides details on the extent of Titan’s project and is definitely worth a read, claims that "a source with knowledge of the situation" anonymously tipped BuzzFeed to the project. Presumably, the iBeacon Detector app was used to quantify the source with hard evidence of the beacons operating on the street level.

Beacons, although largely used to push promotions in retail stores or spread information at large events, are controversial in regards to their relationship with the general public. As Network World’s rundown on the technology explains, "the app can monitor location, estimate your distance to the beacon, and define the location based on the [Bluetooth Low Energy] signal instead of on GPS." Just last week, the U.S. Justice department arrested the CEO of InvoCode for selling mobile apps designed for spying on peoples' smartphones, which, among other things, monitored the devices’ location. In that context, a project that deploys beacons throughout a major city without the knowledge of those living in that city might actually be illegal.

What stands out from the BuzzFeed News report is how easy it could be for anyone to find unauthorized beacons operating in their neighborhoods.Titan admitted to BuzzFeed that it has deployed beacons in other markets, although it declined to provide any detail on those. If people keep sniffing the devices out on their own, the company might not have to.
http://www.networkworld.com/article/...york-city.html





Why Do Contextual Ads Fail?

Companies like Google, Facebook and Amazon violate our privacy in order to show us relevant ads. So why do their ads miss the mark?
Mike Elgan

The issue of the decade is privacy.

We used to have it. We still expect it. But everyone keeps taking it away.

Hackers take our privacy away when they breach the companies we do business with.

Governments take our privacy away when they conduct mass surveillance or industrial espionage.

And companies like Google, Facebook and Amazon take our privacy away when they harvest our personal data and monitor our online and offline actions to serve contextual ads and content to us.

Ironically, of these three major categories of privacy-violating organizations, people are generally most vexed by the third -- tech companies that track us in order to serve up more relevant ads and content -- even though it is, or should be, the least harmful.

Companies whose business models don't depend on algorithmic filtering shamelessly exploit anxiety about companies that do rely on algorithmic filtering.

Apple CEO Tim Cook told Charlie Rose: "Our business is not based on having information about you. You're not our product.... If [other companies] are making money mainly by collecting gobs of personal data, I think you have a right to be worried."

A newish social network called Ello has a "manifesto" that reads in part: "Every post you share, every friend you make, and every link you follow is tracked, recorded, and converted into data. Advertisers buy your data so they can show you more ads. You are the product that’s bought and sold."

"You're the product." I'll admit that I've used that line myself. But I've come to believe that it's pretty clearly a misleading and unsophisticated view.

With contextual advertising, you're not the product. Advertisers don't own you. They usually don't even get to know who you are. The companies selling the advertising theoretically (and algorithmically) display ads to you if you meet the advertiser's criteria.

Personal data harvesting for contextual ads and content should be a beautiful thing. Companies monitor what you do, where you go, who you interact with and what your interests are. They do it privately and securely, and it's all automated so that no human being actually learns anything about you. And then the online world becomes customized, just for you. The ads are always the things you want to buy. The services are just what you're looking for. The content is exactly the stuff you enjoy.

It doesn't always work that way, but that's how it's supposed to work.

What's wrong with the public anxiety about this scenario? People are mostly concerned about the privacy violation. But it could be argued that there is no such violation, in most cases. It's really a philosophical question as to whether your privacy has been violated if no human being sees your data.

The real problem with this scenario is that is we're paying for contextual ads and content with our personal data, but we're not getting what we pay for.

That's true of most supposedly contextual advertising. And it's true of most personalized content.

I crowdsourced some questions about contextual advertising and contextual content on Google+. It was an unscientific survey, of course. But several strong consensuses formed that perfectly matched my own observations.

The strongest consensus was that Facebook advertising is off target and almost completely irrelevant.

The question is: Why? Facebook has a database of our explicitly stated interests, which many users fill out voluntarily. Facebook sees what we post about. It knows who we interact with. It counts our likes, monitors our comments and even follows us around the Web. Yet, while the degree of personal data collection is extreme, the advertising seems totally random.

What is Facebook doing with all that personal data?

When I go to Facebook, I never see an ad that demonstrates the company's intimate knowledge of me and what products I might want to buy.

Google search sometimes gets it right, as do a few other Google services. But those experiences are rare. More often, the ads miss the mark. When I go to YouTube, I see ads for cars (which I'm not in the market for and have no interest in). Google's privacy policy lets it take what it learns about me via one Google product and use that information to serve up ads on another Google venue.

Advertising on Google Search and in Google Ads on Amazon and other websites mostly seems to promote things that I've looked at or already purchased. For example, if I buy a wallet, I see hundreds of ads for wallets for months afterward -- the one thing I definitely don't need.

But seeing that I was shopping for a wallet, then serving up ads based on that behavior is hardly sophisticated contextual advertising. Where does the endless list of personal data and signals go? Google and Amazon both know what I read, what TV and movies I like, where I live, how old I am, my gender, my interests, my professional interactions, and so much more. What are they doing with that information? It's clearly not doing me any good on the advertising front.

And it's not just advertising, but content, too. Google and Facebook algorithmically filter what you see in your Circle Streams or News Feed, respectively. They show you some of what your family and friends post, but not all of it. We're supposed to trust their algorithms to show us what we want, based on our personal data and activity. Yet in both cases, they fail miserably.

Everyone on Google+ has a Notifications view. In my experience, half of my notifications are relevant -- showing the kind of content I want -- and half of them couldn't possibly be relevant to anyone.

How is that even possible? I use Google services every day, from Google+ and YouTube to Google News and Google Search and much more. How could Google possibly have no idea what I'm interested in?

Facebook seems fine, until you learn what it's holding back from your News Feed. Here's something to try: Pick any close family member who you know is on Facebook and go look at their posts. You'll notice lots of posts you've never seen before -- the ones that Facebook's algorithms have filtered out from your News Feed. Did it do a good job of knowing which posts you wanted? Or did it filter out as "noise" posts that you actually wanted to see. Now compare those against the posts Facebook did deliver. Astonishing, isn't it?

The ugly reality is that we have granted permission for companies like Google, Facebook and Amazon to have access to countless points of personal data, from our location and our actions to our relationships and our interests. And we did it in exchange for relevant advertising and content.

We're doing our part. Why can't the personal-data-harvesting companies do theirs?

The problem isn't that we're giving up all our personal data. The problem is that we're giving it up for nothing.
http://www.computerworld.com/article...-ads-fail.html





Not on a Social Network? You’ve Still Got a Privacy Problem
Robert McMillan

We already know that if you use an online social network, you give up a serious slice of your privacy thanks to the omnivorous way companies like Google and Facebook gather your personal data. But new academic research offers a glimpse of what these companies may be learning about people who don’t use their massive web services. And it’s a bit scary.

Because they couldn’t get their hands on data from the likes of Facebook or LinkedIn, the researchers studied publicly available data archived from an older social network, Friendster. They found that if Friendster had used certain state-of-the-art prediction algorithms, it could have divined sensitive information about non-members, including their sexual orientation. “At the time, it was possible for Friendster to predict the sexual orientation of people who did not have an account on Friendster,” says David Garcia, a postdoctoral researcher with Switzerland’s ETH Zurich university, who co-authored the study.

Garcia’s findings showed that for people in minority classes—homosexual men or women, for example—his profiling techniques were 60 percent accurate. That’s a pretty high accuracy, he says, “since a random, uniformed classification would have a precision of less than 5 percent.”

The paper only examines sexual orientation, but Garcia thinks this type of analysis could model things such as age, relationship status, occupation, even political affiliation. “Basically, anything that is already shared by the users inside the social network could be predicted,” he says.

It’s yet another reason to be wary of Facebook in particular, as the social network’s growing size, massive user database, and increasing emphasis on advertising revenue continues to worry users. Last week, a two-month-old Facebook alternative called Ello was generating 50,000 new member requests per hour—not only because it was ad-free but because it provided a safe haven for members of the lesbian, gay, bisexual, and transgender community unhappy that Facebook forced them to use their real names. But even if they flee Facebook, it seems, the social network may still have ways to betray their privacy.

Shadow Profiles

The problem Garcia identifies lies in something called “shadow profiles,” and as a consequence, we all could be intimately profiled by the Facebooks and Googles and LinkedIns of the world—whether we agree to it or not.

Garcia says this kind of statistical analysis—essentially using machine learning to study the known tastes and relationships of one person’s contacts, and making a guess about who they are likely to be—could be used to build disturbingly detailed profiles of people who do not even use the social network. Although the Friendster data dates to the last decade, Garcia believes that Facebook could make the same type of predictions with its data—and probably do this better because it has so many more users than Friendster ever did.

We learned about shadow profiles last year when security researchers at a company called Packetstorm discovered Facebook was maintaining its own files on users’ contacts. For example, if Facebook found two users were connected to a non-member—say, bob@wired.com—it would pool other information—different phone numbers, for example—into one master dossier.

A Facebook spokesman says the company “doesn’t have shadow accounts or profiles – hidden or otherwise – for people who haven’t signed up for our service,” and a 2011 audit by Ireland’s Data Protection Commissioner confirmed this. But the company does store information on non-users when Facebook members import their contact lists.

‘A Major Problem’

That doesn’t sit well with everyone. “The fact that I have no control over additional email addresses and phone numbers added to their data store on me is frightening,” Packetstorm wrote in a blog post last year. The man who wrote this post, Packetstorm Partner Todd Jarvis, says that he believes that Facebook still collects this data, despite his company’s recommendation that they delete it. “As long as it exists, it is a liability in my opinion,” he says.

These types of practices worry Garcia, too, because they could be used to infer private information on existing users. Or worse, they could be used to build dossiers on people who aren’t even on the social network. Facebook may not have shadow profiles today, but it could build them. And so could other social networks. Technically, it can be done; and there’s no clear way to stop this. “This is a major problem in privacy,” he says. “These people who are getting their privacy lost have never agreed to [the social network's] terms of use.”

He thinks that because it’s such a tricky technical and ethical issue, that the only way to really protect the data of people outside of the network is through legislation. “It is not enough to get a statement from Facebook saying we promise not to build those profiles,” he says.
http://www.wired.com/2014/10/privacy-friendster/





Why Apple's iPhone Encryption Won't Stop NSA (Or Any Other Intelligence Agency)
Andrew Zonenberg

Recent news headlines have made a big deal of Apple encrypting more of the storage on their handsets, and claiming to not have a key. Depending on who you ask this is either a huge win for privacy, or a massive blow to intelligence collection and law enforcement capabilities. I'm going to try avoiding expressing any opinions of government policy here and focus on the technical details of what is and is not possible - and why disk encryption isn't as much of a major game-changer as people seem to think.

Matthew Green at Johns Hopkins wrote a very nice article on the subject recently, but there are a few points I feel it's worth going into more detail on.

The general case here is that of two people, Alice and Bob, communicating with iPhones while a third party, Eve, attempts to discover something about their communications.

First off, the changes in iOS 8 are encrypting data on disk. Voice calls, SMS, and Internet packets still cross the carrier's network in cleartext. These companies are legally required (by CALEA in the United States, and similar laws in other countries) to provide a means for law enforcement or intelligence to access this data.

In addition, if Eve can get within radio range of Alice or Bob, she can record the conversation off the air. Although the radio links are normally encrypted, many of these cryptosystems are weak and can be defeated in a reasonable amount of time by cryptanalysis. Numerous methods are available for executing man-in-the-middle attacks between handsets and cell towers, which can further enhance Eve's interception capabilities.

Second, if Eve is able to communicate with Alice or Bob's phone directly (via Wi-Fi, SMS, MITM of the radio link, MITM further upstream on the Internet, physical access to the USB port, or using spearphishing techniques to convince them to view a suitably crafted e-mail or website) she may be able to use an 0day exploit to gain code execution on the handset and bypass any/all encryption by reading the cleartext out of RAM while the handset is unlocked. Although this does require that Eve have a staff of skilled hackers to find an 0day, or deep pockets to buy one, when dealing with a nation/state level adversary this is hardly unrealistic.

Although this does not provide Eve with the ability to exfiltrate the device encryption key (UID) directly, this is unnecessary if cleartext can be read directly. This is a case of the general trend we've been seeing for a while - encryption is no longer the weakest link, so attackers figure out ways to get around it rather than smash through.

Third, in many cases the contents of SMS/voice are not even required. If the police wish to geolocate the phone of a kidnapping victim (or a suspect) then triangulation via cell towers and the phone's GPS, using the existing e911 infrastructure, may be sufficient. If intelligence is attempting to perform contact tracing from a known target to other entities who might be of interest, then the "who called who when" metadata is of much more value than the contents of the calls.

There is only one situation where disk encryption is potentially useful: if Alice or Bob's phone falls into Eve's hands while locked and she wishes to extract information from it. In this narrow case, disk encryption does make it substantially more difficult, or even impossible, for Eve to recover the cleartext of the encrypted data.

Unfortunately for Alice and Bob, a well-equipped attacker has several options here (which may vary depending on exactly how Apple's implementation works; many of the details are not public).

If the Secure Enclave code is able to read the UID key, then it may be possible to exfiltrate the key using software-based methods. This could potentially be done by finding a vulnerability in the Secure Enclave (as was previously done with the TrustZone kernel on Qualcomm Android devices to unlock the bootloader). In addition, if Eve works for an intelligence agency, she could potentially send an NSL to Apple demanding that they write firmware, or sign an agency-provided image, to dump the UID off a handset.

In the extreme case, it might even be possible for Eve to compromise Apple's network and exfiltrate the certificate used for signing Secure Enclave images. (There is precedent for this sort of attack - the authors of Stuxnet appear to have stolen a driver-signing certificate from Realtek.)

If Apple did their job properly, however, the UID is completely inaccessible to software and is locked up in some kind of on-die hardware security module (HSM). This means that even if Eve is able to execute arbitrary code on the device while it is locked, she must bruteforce the passcode on the device itself - a very slow and time-consuming process.

In this case, an attacker may still be able to execute an invasive physical attack. By depackaging the SoC, etching or polishing down to the polysilicon layer, and looking at the surface of the die with an electron microscope the fuse bits can be located and read directly off the surface of the silicon.

Since the key is physically burned into the IC, once power is removed from the phone there's no practical way for any kind of self-destruct to erase it. Although this would require a reasonably well-equipped attacker, I'm pretty confident based on my previous experience that I could do it myself, with equipment available to me at school, if I had a couple of phones to destructively analyze and a few tens of thousands of dollars to spend on lab time. This is pocket change for an intelligence agency.

Once the UID is extracted, and the encrypted disk contents dumped from the flash chips, an offline bruteforce using GPUs, FPGAs, or ASICs could be used to recover the key in a fairly short time. Some very rough numbers I ran recently suggest that an 6-character upper/lowercase alphanumeric SHA-1 password could be bruteforced in around 25 milliseconds (1.2 trillion guesses per second) by a 2-rack, 2500-chip FPGA cluster costing less than $250,000. Luckily, the iPhone uses an iterated key-derivation function which is substantially slower.

The key derivation function used on the iPhone takes approximately 50 milliseconds on the iPhone's CPU, which comes out to about 70 million clock cycles. Performance studies of AES on a Cortex-A8 show about 25 cycles per byte for encryption plus 236 cycles for the key schedule. The key schedule setup only has to be done once so if the key is 32 bytes then we have 800 cycles per iteration, or about 87,500 iterations.

It's hard to give exact performance numbers for AES bruteforcing on an FPGA without building a cracker, but if pipelined to one guess per clock cycle at 400 MHz (reasonable for a modern 28nm FPGA) an attacker could easily get around 4500 guesses per second per hash pipeline. Assuming at least two pipelines per FPGA, the proposed FPGA cluster would give 22.5 million guesses per second - sufficient to break a 6-character case-sensitive alphanumeric password in around half an hour. If we limit ourselves to lowercase letters and numbers only, it would only take 45 seconds instead of the five and a half years Apple claims bruteforcing on the phone would take. Even 8-character alphanumeric case-sensitive passwords could be within reach (about eight weeks on average, or faster if the password contains predictable patterns like dictionary words).
http://siliconexposed.blogspot.com/2...wont-stop.html





Why Can't Apple Decrypt Your iPhone?
Matthew Green

Last week I wrote about Apple's new default encryption policy for iOS 8. Since that piece was intended for general audiences I mostly avoided technical detail. But since some folks (and apparently the Washington Post!) are still wondering about the nitty-gritty details of Apple's design, I thought it might be helpful to sum up what we know and noodle about what we don't.

To get started, it's worth pointing out that disk encryption is hardly new with iOS 8. In fact, Apple's operating system has enabled some form of encryption since before iOS 7. What's happened in the latest update is that Apple has decided to protect much more of the interesting data on the device under the user's passcode. This includes photos and text messages -- things that were not previously passcode-protected, and which police very much want access to.*

So to a large extent the 'new' feature Apple is touting in iOS 8 is simply that they're encrypting more data. But it's also worth pointing out that newer iOS devices -- those with an "A7 or later A-series processor" -- also add substantial hardware protections to thwart device cracking.

In the rest of this post I'm going to talk about how these protections may work and how Apple can realistically claim not to possess a back door.

One caveat: I should probably point out that Apple isn't known for showing up at parties and bragging about their technology -- so while a fair amount of this is based on published information provided by Apple, some of it is speculation. I'll try to be clear where one ends and the other begins.

Password-based encryption 101

Normal password-based file encryption systems take in a password from a user, then apply a key derivation function (KDF) that converts a password (and some salt) into an encryption key. This approach doesn't require any specialized hardware, so it can be securely implemented purely in software provided that (1) the software is honest and well-written, and (2) the chosen password is strong, i.e., hard to guess.

The problem here is that nobody ever chooses strong passwords. In fact, since most passwords are terrible, it's usually possible for an attacker to break the encryption by working through a 'dictionary' of likely passwords and testing to see if any decrypt the data. To make this really efficient, password crackers often use special-purpose hardware that takes advantage of parallelization (using FPGAs or GPUs) to massively speed up the process.

Thus a common defense against cracking is to use a 'slow' key derivation function like PBKDF2 or scrypt. Each of these algorithms is designed to be deliberately resource-intensive, which does slow down normal login attempts -- but hits crackers much harder. Unfortunately, modern cracking rigs can defeat these KDFs by simply throwing more hardware at the problem. There are some approaches to dealing with this -- this is the approach of memory-hard KDFs like scrypt -- but this is not the direction that Apple has gone.

How Apple's encryption works

Apple doesn't use scrypt. Their approach is to add a 256-bit device-unique secret key called a UID to the mix, and to store that key in hardware where it's hard to extract from the phone. Apple claims that it does not record these keys nor can it access them. On recent devices (with A7 chips), this key and the mixing process are protected within a cryptographic co-processor called the Secure Enclave.

The Apple Key Derivation function 'tangles' the password with the UID key by running both through PBKDF2-AES -- with an iteration count tuned to require about 80ms on the device itself.** The result is the 'passcode key'. That key is then used as an anchor to secure much of the data on the phone.

Since only the device itself knows UID -- and the UID can't be removed from the Secure Enclave -- this means all password cracking attempts have to run on the device itself. That rules out the use of FPGA or ASICs to crack passwords. Of course Apple could write a custom firmware that attempts to crack the keys on the device but even in the best case such cracking could be pretty time consuming, thanks to the 80ms PBKDF2 timing.

(Apple pegs such cracking attempts at 5 1/2 years for a random 6-character password consisting of lowercase letters and numbers. PINs will obviously take much less time, sometimes as little as half an hour. Choose a good passphrase!)

So one view of Apple's process is that it depends on the user picking a strong password. A different view is that it also depends on the attacker's inability to obtain the UID. Let's explore this a bit more.

Securing the Secure Enclave

The Secure Enclave is designed to prevent exfiltration of the UID key. On earlier Apple devices this key lived in the application processor itself. Secure Enclave provides an extra level of protection that holds even if the software on the application processor is compromised -- e.g., jailbroken.

One worrying thing about this approach is that, according to Apple's documentation, Apple controls the signing keys that sign the Secure Enclave firmware. So using these keys, they might be able to write a special "UID extracting" firmware update that would undo the protections described above, and potentially allow crackers to run their attacks on specialized hardware.

Which leads to the following question? How does Apple avoid holding a backdoor signing key that allows them to extract the UID from the Secure Enclave?

It seems to me that there are a few possible ways forward here.

1. No software can extract the UID. Apple's documentation even claims that this is the case; that software can only see the output of encrypting something with UID, not the UID itself. The problem with this explanation is that it isn't really clear that this guarantee covers malicious Secure Enclave firmware written and signed by Apple.

Update 10/4: Comex and others (who have forgotten more about iPhone internals than I've ever known) confirm that #1 is the right answer. The UID appears to be connected to the AES circuitry by a dedicated path, so software can set it as a key, but never extract it. Moreover this appears to be the same for both the Secure Enclave and older pre-A7 chips. So ignore options 2-4 below.

2. Apple does have the ability to extract UIDs. But they don't consider this a backdoor, even though access to the UID should dramatically decrease the time required to crack the password. In that case, your only defense is a strong password.

3. Apple doesn't allow firmware updates to the Secure Enclave firmware period. This would be awkward and limiting, but it would let them keep their customer promise re: being unable to assist law enforcement in unlocking phones.

4. Apple has built a nuclear option. In other words, the Secure Enclave allows firmware updates -- but before doing so, the Secure Enclave will first destroy intermediate keys. Firmware updates are still possible, but if/when a firmware update is requested, you lose access to all data currently on the device.

All of these are valid answers. In general, it seems reasonable to hope that the answer is #1. But unfortunately this level of detail isn't present in the Apple documentation, so for the moment we just have to cross our fingers.

Addendum: how did Apple's "old" backdoor work?

One wrinkle in this story is that allegedly Apple has been helping law enforcement agencies unlock iPhones for a while. This is probably why so many folks are baffled by the new policy. If Apple could crack a phone last year, why can't they do it today?

But the most likely explanation for this policy is probably the simplest one: Apple was never really 'cracking' anything. Rather, they simply had a custom boot image that allowed them to bypass the 'passcode lock' screen on a phone. This would be purely a UI hack and it wouldn't grant Apple access to any of the passcode-encrypted data on the device. However, since earlier versions of iOS didn't encrypt all of the phone's interesting data using the passcode, the unencrypted data would be accessible upon boot.

No way to be sure this is the case, but it seems like the most likely explanation.

Notes:

* Previous versions of iOS also encrypted these records, but the encryption key was not derived from the user's passcode. This meant that (provided one could bypass the actual passcode entry phase, something Apple probably does have the ability to do via a custom boot image), the device could decrypt this data without any need to crack a password.

** As David Schuetz notes in this excellent and detailed piece, on phones with Secure Enclave there is also a 5 second delay enforced by the co-processor. I didn't (and still don't) want to emphasize this, since I do think this delay is primarily enforced by Apple-controlled software and hence Apple can disable it if they want to. The PBKDF2 iteration count is much harder to override.
http://blog.cryptographyengineering....ur-iphone.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

October 4th, September 27th, September 20th, September 13th


Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 08:35 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)