P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 27-03-13, 07:59 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - March 30th, '13

Since 2002


































"It is the largest publicly announced DDoS attack in the history of the Internet." – Patrick Gilmore


"Despite legitimate critique on the methodical approach of the JCR-study, the results show a weak but significant positive impact of file sharing and streaming on digital music sales." – Peter Tschmuck


"I hope he didn’t need that." – Adam Parker Smith



































March 30th, 2013




How Bad is Music File Sharing? – Part 25
Peter Tschmuck

The Joint Research Centre (JRC) of the EU Commission recently published a study entitled “Digital Music Consumption on the Internet: Evidence from Clickstream Data” with remarkable results. The authors, Luis Aguiar and Bertin Martens, concluded that music file sharing as well as music streaming have a significant positive impact on legal music downloads. The study is based on Clickstream data from Nielsen NetView. The database contains all the clicks of 25,000 Internet users in France, Germany, Italy, Spain and the United Kingdom for the calendar year 2011. In the following the main finding “(…) that digital music piracy does not displace legal music purchases in digital format” will be further investigated.

Data

Aguiar and Martens use Nielsen NetView data which were collected from representative panels of 25,000 Internet users in the five largest European countries – France, Germany, Italy, Spain and UK – for 2011. They classified three types of music consumptions sites on the web: file sharing networks (such as Torrents), music streaming portals (such as Spotify, Simfy, Deezer) and music download shops (such iTunes, Amazon Music). In total, the authors identified 2,759 music consumption related websites, which amounted to 5 million clicks during 2011. However, they restricted their sample to sites with more than 300 clicks per year. This results in a total number of 779 websites which were analysed in detail.

However, the method applied did not allow to observe precise consumer behaviour, but the number of clicks by the Internet users on music consumption sites. This also prevents to detect the music content of a download and stream. Thus, if the purchasing and non-purchasing clicks do not correlate, this would bias the statistical results. The authors realized this measurement problem and therefore states (FN 10, p. 7): „Since we do not expect the error component of our measure to be correlated with our measures of illegal downloading and legal streaming, the consistency of our estimates will not be affected“. Aguiar and Martens counter critical comments by the International Federation of the Phonographic Industry (IFPI) and journalists that they used the number of clicks on legal download platforms as dependent variables instead of the real purchase behaviour. The final measure of legal purchases would be larger, if they could include the clicks corresponding to legal downloads. In the words of the authors: “[O]ur current measure of legal digital music purchases is lower than the true one”. This also means that the real substitution effect of filesharing and streaming on legal download is weaker and the complementary effect is stronger than measured in the applied statistical model.

In contrast, the authors do not clearly address the problem to measure clicks on peer-to-peer file sharing services without differentiating between music, books and movies, whereas the later dominates the file sharing traffic. Nevertheless the authors believe that the number of clicks on file sharing sites is a useful proxy variable for downloading music for free.

Descriptive Statistics

Decriptive statistics show remarkable differences across the five investigated countries. Spain has the largest number of clicks on file sharing sites and the second lowest number of clicks on legal music websites – after Italy. Italy and the UK show also a larger number of clicks on file sharing networks compared to France and Germany.

Males are more active in purchasing, streaming and filesharing music than females, whereas the difference is largest in file sharing. It is less surprising that the under 30 years’ olds are the most intensive users of file sharing and streaming services. The most important age group in purchasing music are the 26-30 years’ olds, followed by the 41-50 years’ olds and the 31-40 years’ olds. The young generation (under 26) and the older generation (over 50) are less interested in purchasing music. Education, however, does not play any significant role whether music is consumed by file sharing, streaming and downloading. Households with a small and high annual income tend to stream music more often than households with an average income. As expected, the lower income groups prefer file sharing. It is remarkable, however, that low income households more often purchase music by downloading than middle and high income households.

Another remarkable difference exists between regular file sharers music purchasers. The later are less active on the Internet (2.5 months per year) than file sharers, who are online 5.8 month per year on average. Thus, file sharers more often click on purchase sites (10% more often) and on streaming sites (40% more often) than non-file sharers. The difference between music streamers and non-streamers is very similar. Music streamers click twice as often on purchase sites than Internet users that do not stream music. This is again an evidence that file sharers use more often legal music download platforms and streaming services than non-file sharers. The cross correlation of the number of clicks on different music consumption channels can be seen in fig. 1:

Statistical Model and Empirical Results

There is need of a statistical model that partially controls for unobserved heterogeneity to measure the impact of file sharing and streaming on legal downloads. All three ways of music consumption are affected by an unobservable variable – musical taste. Thus, a direct measurement of the impact of filesharing and streaming on legal downloads is biased towards a positive correlation. To control for unobserved heterogeneity, the authors used clicks on music-related websites such as radio and music-video sites, but also music related sites without direct music consumption such as websites for songs’ lyrics, musical instruments, music news and music blogs. The statistical test shows that the vector composed of these variables significantly correlate with the independent variables – file sharing and streaming.

In controlling for unobserved heterogeneity more explanatory variables were added step by step. At the end the estimated coefficients show a small but positive impact of file sharing and streaming on digital music purchases. Both models, OLS and Tobit, came to similar results. In addition, a longitudinal approach is operated to overcome the obstacle that file sharing and streaming are endogenous. The results, thus, did not change fundamentally.

After all statistical methods applied, the model shows “(…) that illegal downloading and legal streaming have both a positive and significant effect on legal purchases of digital music” (p. 14). The calculated elasticities are 0.02 between file sharing and legal downloading and 0.07 between streaming and digital music purchases. This means that a 10% increase in clicks on file sharing sites leads to a 0.2% increase in clicks on legal music download sites. In the case of streaming a 10% increase results in a 0.7% increase in clicks on digital purchase websites (p. 1). In the absence of file sharing the clicks on legal download sites would be 2% lower.

The results show remarkable differences across countries, but the impact is always positive or at least not negative – such as in Spain and Italy. In France and UK the elasticity between file sharing and legal downloads is close to 0.04. Therefore, the authors conclude: “All of these results suggest that the vast majority of the music that is consumed illegally by the individuals in our sample would not have been legally purchased if illegal downloading websites were not available to them” (p.16). The results are valid ceteris paribus if no external influences such a changes in relative prices occur. The impact of streaming on digital music purchased also differ across the countries with elasticities of 0.6% in France and UK and 0.35% in Spain and Italy.

Finally the study comes to the conclusion: “[O]ur findings indicate that digital music piracy does not displace legal music purchases in digital format. This means that although there is trespassing of private property rights (copyrights), there is unlikely to be much harm done on digital music revenue.” The authors explicitly state that their findings cannot be generalized for the entire recorded music market (physical sound carriers included) and that the results contradict earlier research that found sales displacements of physical music sales by file sharing. The authors, however, conclude that “(…) music piracy should not be viewed as a growing concern for copyright holders in the digital era. In addition, or results indicate that new music consumption channels such as online streaming positively affect copyrights owners” (p. 17).

Critical Remarks

How reliable are the results of the study? It is problem that the number of clicks on music consumption websites were counted instead of measuring real digital music sales. Further it is questionable if the number of clicks is a good proxy for music consumption without considering the content. In the case of file sharing also other content than music was included in the sample. The authors try to circumvent the problems by using clicks on other music related websites as a proxy for music consumption. They argue that this also solves the problem of unobserved heterogeneity. As a statistical method this approach is legitimate. However, valuable qualitative information on music genres and musicians is lost. Therefore, it is for example impossible to differentiate between single and album sales. Maybe file sharing and streaming have a different impact on single track downloads and album download. It would also be possible that newcomers and less established artists are affected in a different way by file sharing and streaming than superstars. Although the authors could solve the problem of unobserved heterogeneity with the applied graduated statistical model, no qualitative conclusion could be drawn. The overall results, however, are valid a reliable.

Nevertheless an approach that tests the impact of file sharing by using log files and real streaming data on sale figures for digital music downloads would provide more insights into the relationship of different ways of music consumption. It is striking, however, that studies using this kind of method – Blackburn, Oberholzer-Gee/Strumpf and Tanaka – all came to the same conclusion that file sharing does not hurt music sales, which is more or less in line with findings of the JCR study.

Despite legitimate critique on the methodical approach of the JCR-study, the results show a weak but significant positive impact of file sharing and streaming on digital music sales. This should be seriously reflected by the artists and rights holders. A positive impact should be used for one’s own account instead of denying and refusing the results, since they do not fit in the usual thought patterns.
https://musicbusinessresearch.wordpr...aring-part-25/





Biting the Hand that Feeds You: Why are Record Labels Fighting Pandora?

Labels want streaming and web radio to grow the pie, but want their share too
Greg Sandoval

A few years ago, leaders from the major record companies planted the seeds from which they hoped would spring the next generation of music distributors.

Apple's iTunes, the overwhelming leader in the sector, went largely unchallenged. Megastores like Tower Records and Sam Goody had vanished long before. Apple used its position as the top music store to dominate the labels, gradually pushing them to give up DRM while limiting their ability to price music. In response, the record companies licensed unproven streaming and subscription services in the hope that some of them would find audiences. The labels dubbed these services "access models" and the surviving companies — YouTube, Rdio, Spotify, Vevo, Pandora — are now starting to bear fruit.

""This underscores how vital it is to protect these increasingly important revenue streams.""

The money generated from these nascent businesses totaled $1 billion last year, according to a report issued Tuesday by The Recording Industry Association of America (RIAA), the trade group representing the largest record companies. After a decade of plummeting revenue, it's a safe bet that label managers will cling tightly to these new sources of cash, since the access models are the fastest growing segment of the music business.

But the RIAA's numbers also raise the question about how far the labels are willing to go to nurture this new wave of distributors. Spotify and Pandora, neither of which has found profitability, are each seeking to lower music costs. For the record companies, it's like walking a tightrope. They must balance their desire to maximize profits while they avoid killing the new revenue stream in its infancy. If access models fail, the labels risk ending up back in a world where a single player like Apple holds all the power.

""iRadio is coming. There's no doubt about it anymore."" In February, The Verge broke the news that Spotify is in negotiations to renew licenses with the record companies, with Spotify asking for significant price breaks. Music sources have said that the industry is confident that a deal will get done relatively quickly as the labels are eager to help Spotify. But Pandora faces a much tougher road. Sources say the labels have a love-hate relationship with the web's top radio service. Yes, Pandora paid an estimated $275 and $325 million to labels and artists, but the labels argue Pandora chokes off demand for other services that are more profitable for them.

In its biggest market, the United States, Pandora doesn't negotiate for music licenses directly with the record labels. The company takes advantage of a royalty rate set by Congress available for any web radio service. Pandora now says the statutory rate is too high for it to build a profitable business.

Last year, the web's top radio service tried getting the Internet Radio Fairness Act (IRFA) passed. The bill went nowhere, but Pandora, which is looking for a new CEO, is expected to take another run at Congress. Any reduction in the royalty rate cuts directly into the music labels profits. They helped derail IRFA and will continue to fight.

"Battling Pandora will be tricky for the music sector" Battling Pandora will be tricky for the music sector. Multiple music industry insiders have told The Verge that the labels consider Pandora a capable and communicative partner. Then there's the money. According to the RIAA report and statements made by SoundExchange, the group that collects royalties from web radio services, Pandora contributes about 25 percent of all the money the labels receive from the access models. (Incidentally, SoundExchange's revenue was up 58 percent last year.) But this is precisely why the RIAA won't budge on the rates. Sources say that the labels believe web radio is bigger than Pandora and the market will expand soon. Apple is coming.

Much has been written about Apple's plan to launch a Pandora-esque service this year. Now multiple music industry insiders have told The Verge that significant progress has been made in the talks with two of the top labels: Universal and Warner. One of the sources said "iRadio is coming. There's no doubt about it anymore." Apple is pushing hard for a summertime launch.

"Access models are our present and our future," Cary Sherman, the RIAA's CEO, told The Verge. "[This] underscores how vital it is to protect these increasingly important revenue streams."

The New York Post reported last month that Apple wants to pay 6 cents per 100 song streams. According to the Post story, Pandora currently pays under the statutory rate 12 cents per 100 spins. By comparison, Spotify pays as much as 35 cents.

Whatever the ultimate rates, if the labels give Apple a better deal, that would give Pandora plenty of ammunition to argue on Capitol Hill that web radio is getting screwed.
http://www.theverge.com/2013/3/29/41...ghting-pandora





MMS Is Not an Illicit File-Sharing Service, Appeals Court Says
David Kravets

The Multimedia Messaging Service is not an illicit file-sharing protocol, a federal appeals court ruled, setting aside Monday a complaint from an MMS-greeting-card supplier that claimed the nation’s largest telecoms helped consumers infringe via MMS texting.

Luvdarts, which produces greeting-card style messages with text, graphics, video and musical materials that it creates and licenses, claimed Sprint, Verizon, AT&T and Verizon should have prevented the illegal distribution of its proprietary text messages.
“Luvdarts fails to cite any authority to support this proposition, which runs contrary to our precedent,” a three-judge panel of the 9th U.S. Circuit Court of Appeals ruled unanimously.

The Los Angeles company’s policy only allowed their messages to be sent once, meaning it was a copyright violation for phone users to distribute them multiple times. The complaint claimed the carriers profited because they earned MMS fees while failing to implement a system to stop the infringement.

The appeals court said the carriers had no effective means to even police MMS messages. “Luvdart’s failure to allege that the carriers have at least something like a capacity to supervise is fatal to a claim of vicarious liability,” the court ruled.

In its 2010 federal lawsuit, the Los Angeles company alleged MMS amounted to an illicit peer-to-peer file-sharing network.

“Defendants, and each of them, enabled the transfer/transmission and publication of this copyright protected content via mobile devices by building and implementing a peer-to-peer file-sharing network with the dedicated purpose of enabling end users to share multimedia files via this MMS network,” the complaint said. “Defendants, and each of them, profited from these activities by charging the transmitter and receivers of this content a fee or flat rate for the transfer/transmission that resulted in the publication of said content.”

Techdirt commented on the absurdity of the case when it was filed three years ago:

This makes no sense. It’s like saying that any email provider is infringing on the copyrights of email writers by letting recipients forward emails. You know those chain emails that get passed around? Imagine if one of the authors of those then sued all the big email providers. It would get laughed out of court. Hopefully, this lawsuit gets laughed out of court too.

Done and done.
http://www.wired.com/threatlevel/201...-file-sharing/





Spain Proposes Draft Bill to Crackdown on Pirate Sites, Outlaw File-Sharing

Today the Spanish Government released details on amendments to its copyright law (so-called Sinde Law, which was instituted in 2012) that will provide more protections to rights holders and offer stricter rules against infringers. At a press conference this week, Spain's Culture Minister José Ignacio Wert said that the new reforms have three objectives.

The first is to ensure that content rights management entities operate with greater transparency, facing fines if "irregularities" are found. The second objective is to crack down on those who facilitate large-scale downloading of entertainment properties such as movies, music, TV shows and other content. Finally the government will review the right of consumers to make private copies.

The reforms would boost the powers of the Comisión de Propiedad Intelectual (Copyright Commission) as well. The draft of the ‘Lassalle Law’- named after Secretary of State for Culture Jose Maria Lassalle - wants the Commission to be granted new power to deal with infringement.

Sites accused of hosting copyrighted material will be required to remove it on request without having to deal with each instance individually as is the case today. Failure to comply will be costly, with penalties of up to 300,000 euros ($388,400) for sites that repeatedly fail to remove content. The draft also calls for the Commission to be empowered to force companies to remove advertising from illicit sites. Payment processors would also be forced to withdraw their services.

Finally, the draft calls for changes to copying media for personal use. Currently Internet users aren’t prosecuted for their downloads because they are covered by a levy on blank media, but the draft envisions these freedoms being removed.

In theory, file-sharers could be prosecuted for their downloads from unauthorized sources. While the draft calls for the levy on blank media to be removed, the money currently collected from it still be paid to rights holders, but the burden of cost will be put on will be the Spanish tax-payer.
http://gamepolitics.com/2013/03/22/s...w-file-sharing





PayPal's File-Sharing Restrictions Drive Merchants to Rivals
Chris Cumming

PayPal's strict requirements for merchants that sell file-storage services have created an opportunity for competitors including BitPay, which processes payments in the digital currency Bitcoin.

Last week, four vendors that market the cloud-storage services of Mega — the new venture from controversial Internet entrepreneur Kim Dotcom — stopped accepting payments through PayPal. It is unclear whether PayPal dropped them or vice versa.

PayPal, a unit of eBay (NASDAQ: EBAY), allows such merchants to sell only file-sharing services it has approved. PayPal also makes these merchants monitor uploads to prevent copyright infringement — somewhat akin to banks monitoring transactions under anti-money laundering regulations.

Stop File Lockers and other antipiracy groups have accused Mega of facilitating illegal downloads. Its founder, Dotcom, faces extradition to the United States from New Zealand for his previous venture, Megaupload, a file-sharing site the U.S. government shut down last year for alleged copyright violations.

Hosting.co.uk, one of the Mega vendors that stopped using PayPal, turned to BitPay, whose service lets merchants accept bitcoins and converts them into dollars.

"Now that PayPal is trying to clamp down on file-storing sites, these vendors who've made investments in their servers and their infrastructure are saying … 'how are we going to accept payments?'" says BitPay founder Anthony Gallippi. "Some of them are looking at either accepting Bitcoin directly or using BitPay or another payment processor."

The other three Mega vendors that stopped using PayPal accept encrypted credit-card payments through other payment processors — two of them use Wirecard, the third uses Systempay.

A PayPal spokeswoman would not discuss the Mega vendors, but she said that as a general matter, its policy is to part ways with firms offering file-sharing services the company has not approved. She would not say whether PayPal approved Mega.

Unlike PayPal, which requires both the consumer and the merchant to have accounts (unles the retailer offers "quest checkout"), only a merchant needs to have an account with BitPay to accept bitcoins, Gallippi says.

"PayPal is like a walled garden. It's more like the early days of the Internet, when somebody on AOL could talk to somebody on AOL but not somebody on Prodigy," he says. "BitPay is different, because there's no company behind Bitcoin."

Mega, meanwhile, remains under scrutiny for its potential to allow illegal file-sharing. Despite Dotcom's claim that the site is "the most legally scrutinized Internet site in the history of the Internet," the company has fielded 150 copyright-infringement warnings since its launch on Jan. 20, PCWorld reported.
http://www.americanbanker.com/issues...1056407-1.html





Canipre Admits It's Behind Voltage-TekSavvy File Sharing Lawsuits With Speculative Invoicing Scheme
Michael Geist

Canipre, a Montreal-based intellectual property rights enforcement firm, has admitted that it is behind the Voltage file sharing lawsuits involving TekSavvy in what is described as a "speculative invoicing" scheme. Often referred to as copyright trolling, speculative invoicing involves sending hundreds or thousands of demand letters alleging copyright infringement and seeking thousands of dollars in compensation. Those cases rarely - if ever - go to court as the intent is simply to scare enough people into settling in order to generate a profit.

Canadian Business reports that Canipre's goal is to import the speculative invoicing strategy to Canada and that it found a willing partner in Voltage Pictures. Canipre collected thousands of IP addresses that are alleged to have downloaded Voltage films and Voltage is now asking the Federal Court to order TekSavvy to disclose the subscriber names linked to the IP addresses.

The Canipre admission is important because it is consistent with arguments that the case involves copyright trolling and that the Federal Court should not support the scheme by ordering the disclosure of subscriber contact information.

CIPPIC's December letter to the court raised this possibility, arguing that "such a purpose is improper and bars the applicant from establishing a bona fide claim." CIPPIC followed up with an affidavit that identified 22 file sharing cases involving Voltage in the United States. Distributel raised similar arguments in its challenge against NGN Prima Productions, which also involves Canipre. Distributel argued:

The Moving Parties appear to be engaged in a practice to profit by engaging in zealous copyright enforcement, a practice referred to as "copyright trolling". It involves sending letters to customers demanding significant financial compensation for the alleged copyright infringement. The amount of money demanded far exceeds any potential damages to the Plaintiff arising from the alleged breach. The customers are threatened with legal action if they do not comply. Following the November Motion, at least one Distributel customer received such a letter.

The speculative invoicing practice has faced serious criticism from courts in other countries. In the UK, the practice has led to findings of professional misconduct for several lawyers and adverse court rulings. For example, in the ACS case the court considered the possibility of banning the practice, with the lawyer ultimately suspended from practice for two years. In the Golden Eye case, the UK court ruled against sending thousands of letters with set payment demands and sought to discourage speculative invoicing schemes, stating:

I do not consider that the Claimants are justified in sending letters of claim to every Intended Defendant demanding the payment of £700. What the Claimants ought to do is to proceed in the conventional manner, that is to say, to require the Intended Defendants who do not dispute liability to disclose such information as they are able to provide as to the extent to which they have engaged in P2P filesharing of the relevant Claimants' copyright works. In my view it would be acceptable for the Claimants to indicate that they are prepared to accept a lump sum in settlement of their claims, including the request for disclosure, but not to specify a figure in the initial letter. The settlement sum should be individually negotiated with each Intended Defendant.

U.S. courts have also raised questions about copyright trolling practices, with concerns that the lawsuits constitute a "fraud on the courts" and some courts rejecting demands for subscriber disclosures. In fact, just yesterday a U.S. court ordered copyright trolls to appear in court to face allegations of misconduct.

Canipre's admission could have a major impact on the TekSavvy and Distributel cases as it removes any lingering doubt that these lawsuits involve copyright trolling that are unlikely to proceed to trial. Alongside copyright reforms that cap statutory damages in Canada for non-commercial infringement, the Federal Court may think twice before ordering the disclosure of personal information of thousands of subscribers in support of what is now acknowledged to be a speculative invoicing scheme.
http://www.michaelgeist.ca/content/view/6805/125/





AP Wins Big: Why a Court Said Clipping Content is Not Fair Use
Jeff John Roberts

A New York court issued a major ruling that limits the amount of content an internet scraping service can take without paying for it. Here’s a plain English explanation.

A federal court has sided with the Associated Press and the New York Times in a closely-watched case involving a company that scraped news content from the internet without paying for it.

The case has important implications for the news industry and for the ongoing debate about what counts as “fair use” under copyright law. Here’s a plain English explanation of what the case is all about and what it means for content creators and free speech.

Fair use or a free ride? The facts of the case

The defendant in the case is Norway-based Meltwater, a service that monitors the internet for news about its clients. Its clients, which include companies and governments, pay thousands of dollars a year to receive news alerts and to search Meltwater’s database.

Meltwater sends its alerts to client in the form of newsletters than include stories from AP and other sources. Meltwater’s reports include headlines, the first part of the story known as the “lede,” and the sentence in the story in which a relevant keyword first appears. The Associated Press demanded Meltwater buy a license to distribute the story excerpts and, when the service refused, the AP sued it for copyright infringement.

Meltwater responded by saying it can use the stories under copyright’s “fair use” rules, which creates an exception for certain activities. Specifically, Meltwater said its activities are akin to a search engine — in the same way that it’s fair use for Google to show headlines and snippets of text in its search results, Meltwater said it’s fair use to clip and display news stories.

The case has divided the tech and publishing communities. The influential Electronic Frontier Foundation filed in support of Meltwater, arguing that AP could inhibit innovation and free expression if it succeeds with the copyright claim. On the other side, the New York Times and other news outlets filed to support the AP; they claim Meltwater was simply free-riding and that the company is undermining the ability to create the sort of journalism on which a free society depends.

A clean win for the AP

In a decision published Thursday in New York, U.S. District Judge Denise Cote shot down Meltwater in blunt language. While much of the 90-page ruling covers procedural issues and other defenses put forth by Meltwater, the heart of the decision is about fair use.

To decide if something is fair use, courts apply a four-part test that turns in large part on whether the defendant is using the copyrighted work for something new or unrelated to its original purpose. Famous examples of fair use include a parody rap song of “Pretty Woman” and Google’s display of thumb-size pictures in its image search. In the AP case, however, Meltwater’s fair use defense failed.

Judge Cote rejected the fair use claim in large part because she didn’t buy Meltwater’s claim that it’s a “search engine” that makes transformative use of the AP’s content. Instead, Cote concluded that Meltwater is more like a business rival to AP: “Instead of driving subscribers to third-party websites, Meltwater News acts as a substitute for news sites operated or licensed by AP.”

Cote’s rejection of Meltwater’s search engine argument was based in part on the “click-through” rate of its stories. Whereas Google News users clicked through to 56 percent of excerpted stories, the equivalent rate for Meltwater was 0.08 percent, according to figures cited in the judgement. Cote’s point was that Meltwater’s service doesn’t provide people with a means to discover the AP’s stories (like a search engine) — but instead is a way to replace them.

The judgement also points to the amount of content that Meltwater replicated. Whereas fair use allows anyone to reproduce a headline and snippets, Cote suggested Meltwater took “the heart” of the copyrighted work by also reproducing the “lede” and other sentences:

“A lede is a sentence that takes significant journalistic skill to craft. [It shows] the creativity and therefore protected expression involved with writing a lede and the skill required to tweak a reader’s interest.”

The ruling added that Meltwater had taken more of the story than was necessary for a search engine and that its economic harm to AP also weighed against finding fair use. And, in a line that likely had news agencies clicking their heels, the judge wrote:

Paraphrasing James Madison, the world is indebted to the press for triumphs which have been gained by reason and humanity over error and oppression [...] Permitting Meltwater to take the fruit of AP’s labor for its own profit, without compensating AP, injures AP’s ability to perform this essential function of democracy.

These are what I regard as just some of the most important points of a very long decision. You can read it for yourself below; I have underlined key passages.

Common sense or a chill on free expression?

The decision has already caused concern on the part of internet freedom advocates. Techdirt’s Mike Masnick, for instance, says the ruling has “a ton of problems” and that Cote misapplied the four-part fair use test.

Meanwhile, the company has vowed to appeal and and its CEO claims to be “especially troubled by the implications of this decision for other search engines and services that have long relied on the fair use principles for which Meltwater is fighting.”

Meltwater is likely to face an uphill battle on appeal, however. Cote’s ruling is exhaustive and the Second Circuit Court of Appeals is regarded by many lawyers as sympathetic to the hometown publishing community.

The impact of the ruling, however, will be determined by how far it ripples beyond Meltwater. As all of the clipping service’s competitors have already paid AP for a license, the impact could be insignificant for everyone but Meltwater while, at the same time, boosting the AP’s resources for gathering news.

On the other hand, the ruling could embolden the AP and other news outlets to file more lawsuits. While this could bring more licensing revenue for journalism, it may also produce a phenomenon like what is occurring in France and Germany where publishers are treating copyright like a tax to protect outdated industries — and chilling online innovation in the process.
http://paidcontent.org/2013/03/22/ap...-not-fair-use/





AP v. Meltwater: Disappointing Ruling for News Search
Corynne McSherry and Kurt Opsahl

A federal district judge in New York City issued a troubling ruling today holding that an electronic news clipping service infringed copyright when it republished excerpts of news stories in search results for its clients seeking news coverage based on particular keywords.

The case is Associated Press v. Meltwater. Meltwater is a private subscription service that scans news sites for stories relevant to its clients and then delivers the search results in the form of short excerpts from, and links to, the original articles. News service Associated Press claimed the search results infringed its copyrights in the news articles included within them. Meltwater argued that its service was a noninfringing fair use. EFF filed an amicus brief supporting Meltwater.

The court’s fair use analysis is worrisome in at least three respects. First, the court concluded that Meltwater’s purpose was not transformative because it neither added commentary or insight to the excerpts it sent to customers nor served the same information-finding goal as a search engine like Google. Why not? In a nutshell, apparently because it was not public and not very successful at getting its customers to click through to the original articles. Given that the court devoted several pages of text explaining how Meltwater was like a search engine (i.e., it scans the web for news and creates an index that allows customers to search for relevant information) it is difficult for us to see why the fairness of its purpose should turn on its success at getting customers to actually click through the links it provided. The court took great care to distinguish what it saw as “legitimate” search engines – but we can expect more litigation over what counts as “legitimate.”

Second, the court implicitly adopted AP’s dangerous “heart of the work” theory. AP contended that sharing excerpts of a news article must weigh against fair use if those excerpts contain the lede. The court stressed that the lede is “consistently important” and takes “significant journalistic skill to craft.” But that is beside the point – there is no extra protection because something is extra difficult. More important to the fair use analysis is the fact that (1) is primarily factual; and (2) contains precisely the information the user wishes to make known to others. As we explained in our amicus brief, this case illustrates why the heart of the work doctrine does not mesh well with highly factual, published, news articles. When it comes to news articles, an excerpt that is shared will very often be the most “important” aspect of the work – but that importance will derive from the uncopyrightable factual content, not the expression. It is not the “heart of the work,” but a piece of the factual skeleton upon which the expression hangs.

Third, the court discounted the value of robots.txt files to provide permission. Robots.txt files give sites a tool to disallow (or allow) certain crawlers, and other courts have sensibly looked to robots.txt to find whether there was permission to include a site in search results. The default is permission, which a file can remove. This voluntary system has been vital to the development of tool to help users find material online. While the court does not directly disagree with the leading robots.txt cases, it finds they do not apply here.

There’s a lot more in this 91-page ruling, much of it troubling. Meltwater has said "We're considering all of our options, but we look forward to having this decision reviewed by the Court of Appeals."

https://www.eff.org/sites/default/fi..._sdny_copy.pdf
https://www.eff.org/deeplinks/2013/0...ng-news-search





The Chilling Effects of the DMCA

The outdated copyright law doesn’t just hurt consumers—it cripples researchers.
Edward Felten

It was hard to believe, but the student insisted it was true. He had discovered that compact discs from a major record company, Sony BMG, were installing dangerous software on people’s computers, without notice. The graduate student, Alex Halderman (now a professor at the University of Michigan), was a wizard in the lab. As experienced computer security researchers, Alex and I knew what we should do: First, go back to the lab and triple-check everything. Second, warn the public.

But by this point, in 2005, the real second step was to call a lawyer. Security research was increasingly becoming a legal minefield, and we wanted to make sure we wouldn’t run afoul of the Digital Millennium Copyright Act. We weren’t afraid that our research results were wrong. What scared us was having to admit in public that we had done the research at all.

Meanwhile, hundreds of thousands of people were inserting tainted music CDs into their computers and receiving spyware. In fact, the CDs went beyond installing unauthorized software on the user’s computer. They also installed a “rootkit”—they modified the Windows operating system to create an invisible area that couldn’t be detected by ordinary measures, and in many cases couldn’t be discovered even by virus checkers. The unwanted CD software installed itself in the invisible area, but the rootkit also provided a safe harbor for any other virus that wanted to exploit it. Needless to say, this was a big security problem for users. Our professional code told us that we had to warn them immediately. But our experience with the law told us to wait.

The law that we feared, the DMCA, was passed in 1998 but has been back in the news lately because it prohibits unlocking cellphones and interferes with access by people with disabilities. But its impact on research has been just as dramatic. Security researchers have long studied consumer technologies, to understand how they work, how they can fail, and how users can protect themselves from malfunctions and security flaws. This research benefits the public by making complex technologies more transparent. At the same time, it teaches the technology community how to design better, safer products in the future. These benefits depend on researchers being free to dissect products and talk about what they find.

We were worried about the part of the DMCA called 17 U.S.C. § 1201(a)(1), which says that “No person shall circumvent a technological measure that effectively controls access to a work protected under [copyright law].” We had to disable the rootkit to detect what it was hiding, and we had to partially disable the software to figure out what it was doing. An angry record company might call either of those steps an act of circumvention, landing us in court. Instead of talking to the public, we talked to our lawyer.

This wasn’t the first time the DMCA had interfered with my security research. Back in 2001, my colleagues and I had had to withdraw a peer-reviewed paper about CD copy protection, because the Recording Industry Association of America and others were threatening legal action, claiming that our paper was a “circumvention technology” in violation of another section of the DMCA. Later we sued for the right to publish these results—and we did publish, four months later. We had won, but we had also learned firsthand about the uncertainty and chaos that legal threats can cause. I was impressed that some of my colleagues had been willing to risk their jobs for our work, but none of us wanted to relive the experience.

Alex had dealt with his own previous DMCA threat, although this one was more comical than frightening. After he revealed that a CD copy protection product from a company called SunnComm could be defeated by holding down the computer’s Shift key while inserting the disc, the company had threatened him with DMCA action. Given the colorful history of the company—it had started corporate life as a booking agency for Elvis impersonators—and the company’s subsequent backtracking from the threat, we weren’t too worried about being sued. Nevertheless, it showed that the DMCA had become a go-to strategy for companies facing embarrassing revelations about their products.

What was Congress thinking when it passed this part of the DMCA? The act was meant to update copyright law for the 21st century, to shore up the shaky technologies that tried to stop people from copying music and movies. But the resulting law was too broad, ensnaring legitimate research activities.

The research community saw this problem coming and repeatedly asked Congress to amend the bill that would become the DMCA, to create an effective safe harbor for research. There was a letter to Congress from 50 security researchers (including me), another from the heads of major scientific societies, and a third from the leading professional society for computer scientists. But with so much at stake in the act for so many major interests, our voice wasn’t heard. As they say in Washington, we didn’t have a seat at the table.

Congress did give us a research exemption, but it was so narrowly defined as to be all but useless. (So perhaps we did have a seat—at the kids’ table.) I’ll spare you the details, but basically, there is a 116-word section of the Act titled “Permissible Acts of Encryption Research,” and it appears to have been written without consulting any researchers. There may be someone, somewhere, who has benefited from this exemption, but it fails to protect almost all of the relevant research. It didn’t protect Alex and me, because we were investigating spyware that didn’t rely on the mathematical operations involved in encryption.

We sat on our Sony BMG CD spyware results for almost a full month. In the meantime, another researcher, Mark Russinovich, went public with a detailed technical report on one of the two CD spyware systems. When nobody sued him, we decided to go public.

In the weeks that followed, things happened quickly. Sony BMG recognized that it had overstepped, it distributed an uninstaller for the spyware, we discovered that the uninstaller opened further security holes in users’ computers, the record company recalled the affected CDs, and we determined that the CDs were reporting users’ listening habits back to the record company. Class action suits were filed. The Federal Trade Commission investigated, and the company eventually settled the FTC charges, agreeing to reimburse affected consumers up to $150 for damage to their computers.

We had managed to publish our results, but we were troubled by the incident. Our decision to withhold the news of the rootkit from the public seemed necessary, even in hindsight, but it was contrary to our mission as researchers. It was the last research Alex and I did on copy-protected CDs. Although I have a higher tolerance for lawyers than many of our research colleagues do, I still prefer the laboratory and the classroom to the courtroom. My peers seem to feel similarly—the volume of peer-reviewed research on copy protection technologies fell off about this time and has not recovered.

The good news is that this problem is easily fixed. Congress could amend the DMCA to create a robust safe harbor for legitimate research—not limited to encryption, not tied down with detailed requirements and limitations. There is a growing groundswell to address the DMCA’s ban on unlocking cellphones and its roadblocks to access for the disabled. Bills have been introduced in Congress to legalize cellphone unlocking. While we’re tinkering with the statute, let’s create a safe harbor for the researchers who can be our early warning system against unpleasant surprises in the next generation of technologies.

These days almost everything we do in life is mediated by technology. Too often the systems we rely on are black boxes that we aren’t allowed to adjust, repair, or—too often—even to understand. A new generation of students wants to open them up, see how they work, and improve them. These students are the key to our future productivity—not to mention the security of our devices today. What we need is for the law to get out of their way.
http://www.slate.com/articles/techno...ch.single.html





Georgia Court Censorship Order Threatens Message Boards Everywhere

Earlier this month, a Georgia Superior Court issued a breathtaking restraining order against Matthew Chan, the operator of a copyright troll criticism message board, holding him responsible for the posts of his users. As part of the Court’s reasoning, Judge Frank Jordan wrote:

As the owner and operator of the site, Respondent has the ability to remove posts in his capacity as the moderator. However, Respondent chose not to remove posts that were personally directed at [Petitioner Linda] Ellis and would cause a reasonable person to fear for her safety.

The Court used this as a basis to order Chan “to remove all posts relating to Ms. Ellis.” All posts, not just posts that might threaten Ellis, or even just those written by Chan. This woefully overboard restraint on speech not only threatens freedom of expression, it also ignores Section 230 of the Communications Decency Act, the legal cornerstone upon which all user-generated content websites are built.

Background: The Troll Went Down to Georgia

Chan operates Extortion Letter Info, a website dedicated to providing information for recipients of settlement demand letters about copyright infringements. It hosts forums, including some message boards (currently unavailable) that discussed Linda Ellis, the notorious poem copyright troll.

Ellis wrote an inspirational poem, The Dash, and its sentimental musings on the value of focusing on the important things in life resonated with quite a few people, some of whom posted it online on blogs and websites. The poem isn’t going to win the Nobel Prize for Literature, but it led to a career. Between gigs as a motivational speaker, Ellis has a side business of sending copyright infringement notices to alleged infringers, threatening the maximum statutory damages of $150,000 plus attorneys fees. However, she will settle her claims for infringement of the poem, which is available for free on her website, for a mere $7,500.

Eventually Chan and his message board got involved, and people began to comment about Ellis and her demand letters. As many copyright trolls have found, their tactics are often reviled and frequently criticized. As we understand it, many comments on the board were quite negative. According to Ellis, some of these posts, by Chan and others, went beyond the pale, and amounted to stalking and cyber-bullying. She went to a Superior Court in Georgia to get a restraining order against Chan.

Legal Analysis: The Court Order is Overbroad and Dangerous

Stalking and harassment are serious charges, and require a serious and well-reasoned response. The overbroad order is wrong because it violates the First Amendment and federal law.

Under the First Amendment, courts limit injunctions in restraint of speech to the rare circumstances when (1) the activity to be restrained poses either a clear and present danger or a serious and imminent threat to a protected competing interest, (2) the order is narrowly drawn and (3) less restrictive alternatives are not available.

Since the message boards are now down, we can’t read what the messages may have said. But the Court’s order cannot stand, even assuming that some posts fell below the level of protected speech under the strict true threat test: “A true threat is a serious threat and not words uttered as mere political argument, idle talk, or jest.” It has to be considered in context, and with “a commitment to the principle that debate on public issues should be uninhibited, robust, and wide-open.”

Removing “all posts relating to Ms. Ellis” is neither narrowly tailored nor the least restrictive means of addressing any true threats. It fails the First Amendment test because of the collateral damage: it will take down constitutionally-protected criticism of the copyright troll and her demands for money. For example, Ellis complained that “there were vile posts of blasphemy.” While blasphemy is doubtless offensive to Ellis, it remains protected speech.

The Georgia Court’s overreaching order against Chan also contradicts federal law because it holds a service provider to account for users' posts. Section 230 protects websites that host content posted by users, providing immunity for a website from state law claims (including criminal law) based on the publication of "information provided by another information content provider."

There is no exception to Section 230 when the provider can remove content, but fails to do so. To the contrary, as the Fourth Circuit cogently explained in Zeran v. America Online, one of the first major Section 230 decisions,

[L]awsuits seeking to hold a service liable for its exercise of a publisher’s traditional editorial functions – such as deciding whether to publish, withdraw, postpone or alter content – are barred. The purpose of this statutory immunity is not difficult to discern. Congress recognized the threat that tort-based lawsuits pose to freedom of speech in the new and burgeoning Internet medium.

While Georgia is not in the Fourth Circuit, the state Supreme Court has recognized and cited Zeran. Since Zeran, court after court has recognized the same principle: “so long as a third party willingly provides the essential published content, the interactive service provider receives full immunity regardless of the specific editing or selection process."

Instead, the responsibility lies with the speaker. Everyone who posted on the board is responsible for what they wrote, including Chan, though they also enjoy the rights to speak freely enshrined within the Constitutions of the United States and Georgia, including the right to anonymous speech.

The Court’s ruling, ignoring the safe harbor for a website’s editorial decisions, is dangerous because it threatens freedom of expression throughout the internet. All message board operators, and indeed all websites that host user content, have the ability to remove posts. Even message board moderators, often unpaid volunteers, have that ability as part of their job. If the decision were taken to mean that operators are responsible for whatever users post, websites will have no choice but to censor anything marginally questionable. Moderators, ironically a necessity to keep boards on topic and within the online community’s standards, will become hard to find.

Fortunately, this is not the law, and so the internet has been able to thrive as the most vibrant medium of expression the world has ever known. Hopefully the Georgia Court of Appeals will correct the trial court's mistake, and overrule the dangerous language in the Order.
https://www.eff.org/deeplinks/2013/0...rds-everywhere





College Textbook Prices Increasing Faster Than Tuition And Inflation
Tyler Kingkade

College textbook prices have increased faster than tuition, health care costs and housing prices, all of which have risen faster than inflation.

College textbook prices are 812 percent higher than they were a little more than three decades ago, the American Enterprise Institute, a think tank, reports. Textbook costs have well outpaced the 559 percent increase in tuition and fees over roughly the same period.
college textbooks prices

"The 812 percent increase in the price of college textbooks since 1978 makes the run-up in house prices and housing bubble (and subsequent crash) in the 2000s seem rather inconsequential," writes University of Michigan economics professor Mark J. Perry at the AEIdeas blog, "and the nine-fold increase in textbook prices also dwarfs the increase in the cost of medical services over the last three decades."

The National Association of College Stores (NACS) says the average college student will spend $655 on textbooks each year, but with a single textbook easily costing as much as $300, that total can easily be much higher. In fact, the College Board puts the annual cost of books and materials at $1,168. Students at for-profit colleges tend to spend even more.

Roughly one-fifth of a textbook's price goes to the store where it is sold to cover personnel and operating costs, while more than three-quarters goes straight to the publisher, according to a recent article from U.S. News & World Report. The magazine broke down textbok publishing costs:

NACS no longer receives information from publishers about where textbook money goes, but as recently as 2008, they provided that cost breakdown. At that time, around 15.4 cents of every dollar went toward marketing the textbooks, 11.7 cents went to the authors, and the largest chunk—32.2 cents—went to the basics: paper, printing, and paying publishers' employees.

According to the Government Accountability Office, publishers often include supplemental materials such as CD-ROMs and access to websites, which drive up the sticker price for textbooks.

Other moves by the textbook industry, such as issuing new editions, also drive up the cost according to a 2011 survey from the U.S. Public Interest Research Group. New editions are released on average every 3.9 years, but a 2008 report from the California state auditor found many college deans, department chairs and faculty members admitted revisions to textbooks are often minimal and not always warranted.

U.S. PIRG found a majority of students admit to not purchasing at least one textbook required for their classes because the price is too high.

All is not lost, though, AEI's Perry notes. New, cheaper ways to deliver materials may crush the textbook industry the same way Wikipedia killed the encyclopedia, he writes:

Just like the ongoing home price increases and housing bubble of the last decade were unsustainable, there is now growing evidence that rising college textbook prices and the “college textbook bubble” are also unsustainable, especially because of the growing number of low-priced and even free alternatives to over-priced $200-300 college textbooks. The textbook alternatives are part of the growing “open educational resources” movement, which is “terrifying” the college textbook cartel.
http://www.huffingtonpost.com/2013/0...n_2409153.html





Big Data Is Opening Doors, But Maybe Too Many
Steve Lohr

IN the 1960s, mainframe computers posed a significant technological challenge to common notions of privacy. That’s when the federal government started putting tax returns into those giant machines, and consumer credit bureaus began building databases containing the personal financial information of millions of Americans. Many people feared that the new computerized databanks would be put in the service of an intrusive corporate or government Big Brother.

“It really freaked people out,” says Daniel J. Weitzner, a former senior Internet policy official in the Obama administration. “The people who cared about privacy were every bit as worried as we are now.”

Along with fueling privacy concerns, of course, the mainframes helped prompt the growth and innovation that we have come to associate with the computer age. Today, many experts predict that the next wave will be driven by technologies that fly under the banner of Big Data — data including Web pages, browsing habits, sensor signals, smartphone location trails and genomic information, combined with clever software to make sense of it all.

Proponents of this new technology say it is allowing us to see and measure things as never before — much as the microscope allowed scientists to examine the mysteries of life at the cellular level. Big Data, they say, will open the door to making smarter decisions in every field from business and biology to public health and energy conservation.

“This data is a new asset,” says Alex Pentland, a computational social scientist and director of the Human Dynamics Lab at the M.I.T. “You want it to be liquid and to be used.”

But the latest leaps in data collection are raising new concern about infringements on privacy — an issue so crucial that it could trump all others and upset the Big Data bandwagon. Dr. Pentland is a champion of the Big Data vision and believes the future will be a data-driven society. Yet the surveillance possibilities of the technology, he acknowledges, could leave George Orwell in the dust.

The World Economic Forum published a report late last month that offered one path — one that leans heavily on technology to protect privacy. The report grew out of a series of workshops on privacy held over the last year, sponsored by the forum and attended by government officials and privacy advocates, as well as business executives. The corporate members, more than others, shaped the final document.

The report, “Unlocking the Value of Personal Data: From Collection to Usage,” recommends a major shift in the focus of regulation toward restricting the use of data. Curbs on the use of personal data, combined with new technological options, can give individuals control of their own information, according to the report, while permitting important data assets to flow relatively freely.

“There’s no bad data, only bad uses of data,” says Craig Mundie, a senior adviser at Microsoft, who worked on the position paper.

The report contains echoes of earlier times. The Fair Credit Reporting Act, passed in 1970, was the main response to the mainframe privacy challenge. The law permitted the collection of personal financial information by the credit bureaus, but restricted its use mainly to three areas: credit, insurance and employment.

The forum report suggests a future in which all collected data would be tagged with software code that included an individual’s preferences for how his or her data is used. All uses of data would have to be registered, and there would be penalties for violators. For example, one violation might be a smartphone application that stored more data than is necessary for a registered service like a smartphone game or a restaurant finder.

The corporate members of the forum say they recognize the need to address privacy concerns if useful data is going to keep flowing. George C. Halvorson, chief executive of Kaiser Permanente, the large health care provider, extols the benefits of its growing database on nine million patients, tracking treatments and outcomes to improve care, especially in managing costly chronic and debilitating conditions like heart disease, diabetes and depression. New smartphone applications, he says, promise further gains — for example, a person with a history of depression whose movement patterns slowed sharply would get a check-in call.

“We’re on the cusp of a golden age of medical science and care delivery,” Mr. Halvorson says. “But a privacy backlash could cripple progress.”

Corporate executives and privacy experts agree that the best way forward combines new rules and technology tools. But some privacy professionals say the approach in the recent forum report puts way too much faith in the tools and too little emphasis on strong rules, particularly in moving away from curbs on data collection.

“We do need use restrictions, but there is a real problem with getting rid of data collection restrictions,” says David C. Vladeck, a professor of law at Georgetown University. “And that’s where they are headed.”

“I don’t buy the argument that all data is innocuous until it’s used improperly,” adds Mr. Vladeck, former director of the Bureau of Consumer Protection at the Federal Trade Commission.

HE offers this example: Imagine spending a few hours looking online for information on deep fat fryers. You could be looking for a gift for a friend or researching a report for cooking school. But to a data miner, tracking your click stream, this hunt could be read as a telltale signal of an unhealthy habit — a data-based prediction that could make its way to a health insurer or potential employer.

Dr. Pentland, an academic adviser to the World Economic Forum’s initiatives on Big Data and personal data, agrees that limitations on data collection still make sense, as long as they are flexible and not a “sledgehammer that risks damaging the public good.”

He is leading a group at the M.I.T. Media Lab that is at the forefront of a number of personal data and privacy programs and real-world experiments. He espouses what he calls “a new deal on data” with three basic tenets: you have the right to possess your data, to control how it is used, and to destroy or distribute it as you see fit.

Personal data, Dr. Pentland says, is like modern money — digital packets that move around the planet, traveling rapidly but needing to be controlled. “You give it to a bank, but there’s only so many things the bank can do with it,” he says.

His M.I.T. group is developing tools for controlling, storing and auditing flows of personal data. Its data store is an open-source version, called openPDS. In theory, this kind of technology would undermine the role of data brokers and, perhaps, mitigate privacy risks. In the search for a deep fat fryer, for example, an audit trail should detect unauthorized use.

Dr. Pentland’s group is also collaborating with law experts, like Scott L. David of the University of Washington, to develop innovative contract rules for handling and exchanging data that insures privacy and security and minimizes risk.

The M.I.T. team is also working on living lab projects. One that began recently is in the region around Trento, Italy, in cooperation with Telecom Italia and Telefónica, the Spanish mobile carrier. About 100 young families with young children are participating. The goal is to study how much and what kind of information they share on smartphones with one another, and with social and medical services — and their privacy concerns.

“Like anything new,” Dr. Pentland says, “people make up just-so stories about Big Data, privacy and data sharing,” often based on their existing beliefs and personal bias. “We’re trying to test and learn,” he says.
https://www.nytimes.com/2013/03/24/t...r-privacy.html





Mobile Phone Use Patterns: The New Fingerprint
Ledgeditor

Mobile phone use may be a more accurate identifier of individuals than even their own fingerprints, according to research published on the web site of the scientific journal Nature.

Scientists at MIT and the Université catholique de Louvain in Belgium analyzed 15 months of mobility data for 1.5 million individuals who the same mobile carrier. Their analysis, “Unique in the Crowd: the privacy bounds of human mobility” showed that data from just four, randomly chosen “spatio-temporal points” (for example, mobile device pings to carrier antennas) was enough to uniquely identify 95% of the individuals, based on their pattern of movement. Even with just two randomly chosen points, the researchers say they could uniquely characterize around half of the 1.5 million mobile phone users. The research has profound implications for privacy, suggesting that the use of mobile devices makes it impossible to remain anonymous – even without the use of tracking software.

For their research, they studied anonymized carrier data from a “significant and representative part of the population of a small European country.” In the study, the researchers used sample data collected between April 2006 and June 2007. Each time a user interacted with their mobile phone operator network by initiating or receiving a call or a text message, the location of the connecting antenna was recorded, providing both a spatial and temporal data point.

The dataset contained one trace “T” for each user, while each spatio-temporal points contained the region in which the user was and the time of the interaction. The researchers evaluated the uniqueness of each trace given a set of randomly chosen spatio-temporal points.

The data recorded user interactions with his or her phone – around 114 per month scattered across 6,500 mobile antennas. The data collected was highly effective in identifying individuals by their movements. Just four random points, were enough to uniquely characterize 95% of the users studied. ”

Using a complex mathematical and statistical analysis of that data, the researchers discovered that it is possible to find one formula to express what they call the “uniqueness of human mobility”: e 5 a 2 (nh). Roughly stated, the formula says that the more sparse the data becomes (such as among infrequent users, or in areas with fewer cell towers) the less accurate any individual trace is, and the more data points are needed to uniquely identify an individual.

“We show that the uniqueness of human mobility traces is high, thereby emphasizing the importance of the idiosyncrasy of human movements for individual privacy,” the researchers write. “Indeed, this uniqueness means that little outside information is needed to re-identify the trace of a targeted individual even in a sparse, large-scale, and coarse mobility dataset. Given the amount of information that can be inferred from mobility data, as well as the potentially large number of simply anonymized mobility datasets available, this is a growing concern.”

The privacy of mobile data is an increasing concern for privacy advocates and for lawmakers.

Two bills introduced last week in the House and Senate would require law enforcement to obtain a warrant before affixing a GPS device to a vehicle or collecting mobile geolocation data from third party service providers, Wired reported. And, in December, the U.S. Federal Trade Commission announced new guidelines for implementing the Children’s Online Privacy Protection Act (COPPA). Among other things, the changes expand the list of information that cannot be collected from children without parental consent to include photographs, videos and audio recordings of children and geo-location information.

“Unless you get parental consent, you may not track children and use their information to build massive profiles of online behavior,” said FTC Chairman Leibowitz.

The researchers who conducted the work on human mobility say that their work should further inform such legislation. ”These results should inform future thinking in the collection, use, and protection of mobility data. Going forward, the importance of location data will only increase and knowing the bounds of individual’s privacy will be crucial in the design of both future policies and information technologies.”
http://securityledger.com/mobile-pho...w-fingerprint/





When a Secretive Stingray Cell Phone Tracking "Warrant" Isn't a Warrant
Hanni Fakhoury

An Arizona federal court this afternoon will be the battleground over the government's use of a "Stingray" surveillance device in a closely watched criminal case, United States v. Rigmaiden. And in an important development, new documents revealed after an ACLU of Northern California Freedom of Information Act (FOIA) request should leave the government with some explaining to do.

"Stingray" is the brand name of an International Mobile Subscriber Identity locator, or “IMSI catcher.” A Stingray acts as a fake cell-phone tower, small enough to fit in a van, allowing the government to route all network traffic to the fake tower. We've warned that Stingrays are dangerous because they have the capability to obtain the contents of electronic and wire communications while necessarily sucking down data on scores of innocent people along the way.

The Fourth Amendment requires searches be "reasonable," generally meaning they must be accompanied by a warrant. To get a warrant, the government must show there is probable cause to believe the place they want to search will have evidence of a crime. And it means the judge must ensure the warrant is "particular," or limited to only allow searches into areas where the evidence is most likely to be found. The only way a judge can make these tough decisions is with the government being forthright about what it's doing.

But when it comes to Stingrays the government has been extremely secretive about its use, withholding documents in FOIA requests, failing to explain (or even understand) the technology to a Texas federal judge and in Rigmaiden, misleading the court about the fact it's even using one at all.

Daniel David Rigmaiden is charged with a variety of tax and wire fraud crimes. Hoping to pinpoint Rigmaiden's precise location within an apartment complex, federal agents applied for an order requesting the court to order Verizon to help the agents pinpoint the physical location of a wireless broadband access card and cell phone they believed Rigmaiden was using. The order is clearly directed towards Verizon:

The Court therefore ORDERS, pursuant to Federal Rule of Criminal Procedure 41(b); Title 18, United States Code, Sections 2703 and 3117; and Title 28, United States Code, Section 1651, that Verizon Wireless, within ten (10) days of the signing of this Order and for a period not to exceed 30 days, unless extended by the Court, shall provide to agents of the FBI data and information obtained from the monitoring of transmissions related to the location of the Target Broadband Access Card/Cellular Telephone...

Ultimately, it turns out the government did not just get Verizon to give it the data. It also used a Stingray device to find Rigmaiden, sucking up loads of other data from other electronic devices in the complex as well, which it deleted.

When Rigmaiden filed a motion to suppress the Stingray evidence as a warrantless search in violation of the Fourth Amendment, the government responded that this order was a search warrant that authorized the government to use the Stingray. Together with the ACLU of Northern California and the ACLU, we filed an amicus brief in support of Rigmaiden, noting that this "order" wasn't a search warrant because it was directed towards Verizon, made no mention of an IMSI catcher or Stingray and didn't authorize the government—rather than Verizon—to do anything. Plus to the extent it captured loads of information from other people not suspected of criminal activity it was a "general warrant," the precise evil the Fourth Amendment was designed to prevent.

The FOIA documents bolster our argument that this isn't a warrant. The documents are a series of internal emails from DOJ attorneys in the United States Attorney's Office for the Northern District of California, the district where the order in Rigmaiden's case was issued. The emails make clear that U.S. Attorneys in the Northern California were using Stingrays but not informing magistrates of what exactly they were doing. And once the judges got wind of what was actually going on, they were none too pleased:

As some of you may be aware, our office has been working closely with the magistrate judges in an effort to address their collective concerns regarding whether a pen register is sufficient to authorize the use of law enforcement's WIT technology (a box that simulates a cell tower and can be placed inside a van to help pinpoint an individual's location with some specificity) to locate an individual. It has recently come to my attention that many agents are still using WIT technology in the field although the pen register application does not make that explicit.

While we continue work on a long term fix for this problem, it is important that we are consistent and forthright in our pen register requests to the magistrates…


These emails, combined with the text of the disputed order itself, suggest agents obtained authorization to use a pen register without indicating they also planned to use a Stingray. Either at the time of the application or after the fact, the government attempted to transform that order into a warrant that authorized the use of a Stingray.

Judicial superivison of searches is most needed when the government uses new technologies to embark into new and unknown privacy intrusions. But when the government hides what it's really doing, it removes this important check on government power. We hope the court sees its been duped, and makes clear to the government that honesty and a warrant are requirements to using a Stingray.
https://www.eff.org/deeplinks/2013/0...t-isnt-warrant





Bills Would Mandate Warrant for GPS Tracking, Cellphone Location Data
Kim Zetter

Two bills introduced Thursday in the House and Senate would compel law enforcement agents to obtain a warrant before affixing a GPS tracker to a vehicle, using a cell site simulator to locate someone through their mobile device or obtaining geolocation data from third-party service providers.

The comprehensive bills would also prohibit private investigators and other private individuals from using a GPS device to surreptitiously track someone’s location without their consent, thus closing a number of holes that were left open in the wake of the Supreme Court’s landmark decision about GPS trackers last year.

The Geolocational Privacy and Surveillance Act (H.R. 1312), introduced in the House by Rep. Jason Chaffetz (R-Utah) and in the Senate by lawmakers Ron Wyden (D-Oregon) and Mark Kirk (R-Illinois), has gained wide support from the American Civil Liberties Union and the Electronic Frontier Foundation, who say the bills are very strong and, if passed, would finally bring legislation up to date with the invasive use of new technologies.

“Police routinely get people’s location information with little judicial oversight because Congress has never defined the appropriate checks and balances,” said Chris Calabrese, legislative counsel in the ACLU’s Washington Legislative Office in a statement. “Under the GPS Act, all that would change. Police would need to convince a judge that a person is likely engaging in criminal activity before accessing and monitoring someone’s location data. Innocent people shouldn’t have to sacrifice their privacy in order to have a cellphone.”

The bills contain some exceptions for national security cases and emergency circumstances, and would also allow parents to use tracking with children.

The bills are aimed at closing loopholes left last year by a Supreme Court decision in U.S. v. Jones, which ruled that attaching a GPS device to a vehicle constituted a search under the Fourth Amendment. The decision stopped short of requiring agents to obtain a warrant for GPS devices, however, and also bypassed the issue of whether warrants should be required to obtain geolocation information collected by service providers from smartphones and car-tracking systems like OnStar.

“Although Jones was a step in the right direction, the Department of Justice is still arguing in court that they do not need a warrant to track someone’s movements using GPS devices or technology. This highlights the need for Congress to step in and provide clear and reasonable guidelines,” said Chaffetz.

Chaffetz is referring to arguments the Obama administration made this week to a federal appeals court in another case that law enforcement agents should not have to obtain a probable-cause warrant to use a GPS tracker. The administration argued that current broad exemptions that allow agents to conduct warrantless searches at borders and in other circumstances should apply to the use of GPS devices as well.

If passed, the new laws would resolve the warrant question for GPS trackers by law enforcement once and for all and would also curb the unfettered use of commercial trackers by private individuals.

The use of GPS trackers for commercial purposes has widened in recent years as more devices have become available. Companies have increasingly been marketing them to parents for use in tracking young children out of safety concerns. But the devices can easily be used to spy on someone other than a minor child in order to track their movements surreptitiously, such as by private investigators or a suspicious spouse.

A North Carolina man was accused of murdering his estranged wife’s male friend in 2010 after following her to the man’s house with a GPS tracker he purchased at Best Buy.

Under the bills introduced this week, using a GPS tracker for private purposes would be outlawed for private investigators and others in the same way that wiretapping is outlawed.

In addition to the GPS trackers, and geolocation data obtained from service providers, the bills would address another controversial technology being used by law enforcement — cell site simulators, also known generically as stingrays. Cell site simulators spoof a legitimate cellphone tower in order to trick nearby cellphones and other wireless communication devices into connecting to the fake tower, as they would to a real cellphone tower.

When devices connect, stingrays can see and record their unique ID numbers and traffic data, as well as information that points to a device’s location. To prevent detection by suspects, the stingray sends the data to a real tower so that traffic continues to flow.

By gathering the wireless device’s signal strength from various locations, authorities can pinpoint where the device is being used with much more precision than they can get through data obtained from the mobile network provider’s fixed tower location.

Chaffetz introduced a nearly identical bill to the GPS Act in the previous congressional session. That bill got referred to the Judiciary Committee and the Select Committee on Intelligence, but failed to gain the support it needed to progress.

This year, the bill is cosponsored by a bipartisan group of 13 lawmakers, among them former Judiciary Chairman Rep. Jim Sensenbrenner (R-Wisconsin) and current Judiciary Ranking Member, Rep. Jon Conyers (D-Michigan).
http://www.wired.com/threatlevel/201...-gps-tracking/





FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013
Ryan Gallagher

Despite the pervasiveness of law enforcement surveillance of digital communication, the FBI still has a difficult time monitoring Gmail, Google Voice, and Dropbox in real time. But that may change soon, because the bureau says it has made gaining more powers to wiretap all forms of Internet conversation and cloud storage a “top priority” this year.

Last week, during a talk for the American Bar Association in Washington, D.C., FBI general counsel Andrew Weissmann discussed some of the pressing surveillance and national security issues facing the bureau. He gave a few updates on the FBI’s efforts to address what it calls the “going dark” problem—how the rise in popularity of email and social networks has stifled its ability to monitor communications as they are being transmitted. It’s no secret that under the Electronic Communications Privacy Act, the feds can easily obtain archive copies of emails. When it comes to spying on emails or Gchat in real time, however, it’s a different story.

That’s because a 1994 surveillance law called the Communications Assistance for Law Enforcement Act only allows the government to force Internet providers and phone companies to install surveillance equipment within their networks. But it doesn’t cover email, cloud services, or online chat providers like Skype. Weissmann said that the FBI wants the power to mandate real-time surveillance of everything from Dropbox and online games (“the chat feature in Scrabble”) to Gmail and Google Voice. “Those communications are being used for criminal conversations,” he said.

While it is true that CALEA can only be used to compel Internet and phone providers to build in surveillance capabilities into their networks, the feds do have some existing powers to request surveillance of other services. Authorities can use a “Title III” order under the “Wiretap Act” to ask email and online chat providers furnish the government with “technical assistance necessary to accomplish the interception.” However, the FBI claims this is not sufficient because mandating that providers help with “technical assistance” is not the same thing as forcing them to “effectuate” a wiretap. In 2011, then-FBI general counsel Valerie Caproni—Weissmann’s predecessor—stated that Title III orders did not provide the bureau with an "effective lever" to "encourage providers" to set up live surveillance quickly and efficiently. In other words, the FBI believes it doesn’t have enough power under current legislation to strong-arm companies into providing real-time wiretaps of communications.

Because Gmail is sent between a user’s computer and Google’s servers using SSL encryption, for instance, the FBI can’t intercept it as it is flowing across networks and relies on the company to provide it with access. Google spokesman Chris Gaither hinted that it is already possible for the company to set up live surveillance under some circumstances. “CALEA doesn't apply to Gmail but an order under the Wiretap Act may,” Gaither told me in an email. “At some point we may expand our transparency report to cover this topic in more depth, but until then I'm not able to provide additional information.”

Either way, the FBI is not happy with the current arrangement and is on a crusade for more surveillance authority. According to Weissmann, the bureau is working with “members of intelligence community” to craft a proposal for new Internet spy powers as “a top priority this year.” Citing security concerns, he declined to reveal any specifics. “It's a very hard thing to talk about publicly,” he said, though acknowledged that “it's something that there should be a public debate about.”
http://www.slate.com/blogs/future_te...g_po wer.html





Exclusive: U.S. Plans to Let Spy Agencies Scour Americans' Finances
Emily Flitter and Stella Dawson and Mark Hosenball

The Obama administration is drawing up plans to give all U.S. spy agencies full access to a massive database that contains financial data on American citizens and others who bank in the country, according to a Treasury Department document seen by Reuters.

The proposed plan represents a major step by U.S. intelligence agencies to spot and track down terrorist networks and crime syndicates by bringing together financial databanks, criminal records and military intelligence. The plan, which legal experts say is permissible under U.S. law, is nonetheless likely to trigger intense criticism from privacy advocates.

Financial institutions that operate in the United States are required by law to file reports of "suspicious customer activity," such as large money transfers or unusually structured bank accounts, to Treasury's Financial Crimes Enforcement Network (FinCEN).

The Federal Bureau of Investigation already has full access to the database. However, intelligence agencies, such as the Central Intelligence Agency and the National Security Agency, currently have to make case-by-case requests for information to FinCEN.

The Treasury plan would give spy agencies the ability to analyze more raw financial data than they have ever had before, helping them look for patterns that could reveal attack plots or criminal schemes.

The planning document, dated March 4, shows that the proposal is still in its early stages of development, and it is not known when implementation might begin.

Financial institutions file more than 15 million "suspicious activity reports" every year, according to Treasury. Banks, for instance, are required to report all personal cash transactions exceeding $10,000, as well as suspected incidents of money laundering, loan fraud, computer hacking or counterfeiting.

"For these reports to be of value in detecting money laundering, they must be accessible to law enforcement, counter-terrorism agencies, financial regulators, and the intelligence community," said the Treasury planning document.

A Treasury spokesperson said U.S. law permits FinCEN to share information with intelligence agencies to help detect and thwart threats to national security, provided they adhere to safeguards outlined in the Bank Secrecy Act. "Law enforcement and intelligence community members with access to this information are bound by these safeguards," the spokesperson said in a statement.

Some privacy watchdogs expressed concern about the plan when Reuters outlined it to them.

A move like the FinCEN proposal "raises concerns as to whether people could find their information in a file as a potential terrorist suspect without having the appropriate predicate for that and find themselves potentially falsely accused," said Sharon Bradford Franklin, senior counsel for the Rule of Law Program at the Constitution Project, a non-profit watchdog group.

Despite these concerns, legal experts emphasize that this sharing of data is permissible under U.S. law. Specifically, banks' suspicious activity reporting requirements are dictated by a combination of the Bank Secrecy Act and the USA PATRIOT Act, which offer some privacy safeguards.

National security experts also maintain that a robust system for sharing criminal, financial and intelligence data among agencies will improve their ability to identify those who plan attacks on the United States.

"It's a war on money, war on corruption, on politically exposed persons, anti-money laundering, organized crime," said Amit Kumar, who advised the United Nations on Taliban sanctions and is a fellow at the Democratic think tank Center for National Policy.
SUSPICIOUS ACTIVITY

The Treasury document outlines a proposal to link the FinCEN database with a computer network used by U.S. defense and law enforcement agencies to share classified information called the Joint Worldwide Intelligence Communications System.

The plan calls for the Office of the Director of National Intelligence - set up after 9/11 to foster greater collaboration among intelligence agencies - to work with Treasury. The Office of the Director of National Intelligence declined to comment.

More than 25,000 financial firms - including banks, securities dealers, casinos, and money and wire transfer agencies - routinely file "suspicious activity reports" to FinCEN. The requirements for filing are so strict that banks often over-report, so they cannot be accused of failing to disclose activity that later proves questionable. This over-reporting raises the possibility that the financial details of ordinary citizens could wind up in the hands of spy agencies.

Stephen Vladeck, a professor at American University's Washington College of Law, said privacy advocates have already been pushing back against the increased data-sharing activities between government agencies that followed the September 11 attacks.

"One of the real pushes from the civil liberties community has been to move away from collection restrictions on the front end and put more limits on what the government can do once it has the information," he said.

Michael German, senior policy counsel for the American Civil Liberties Union, said that U.S. officials had floated a similar scheme to pool such data a decade ago, but that funding for the plan was later withdrawn by Congress.

He said one of the problematic aspects of the plan is that there is "wiggle room" on how the information will be used. In the past, the National CounterTerrorism Center, which is supposed to ensure that critical threat information is shared among various agencies, was obliged to "promptly identify and purge any innocent U.S. person information."

But the guidelines were subsequently loosened so that "not only can they keep the data for a number of years, but they can continue to use it," German said.

Once spy agencies get such data, German said, "it's in a black hole. Time and again, we have evidence, unfortunately well after the fact, that somebody's civil rights have been violated, that the intelligence community simply ignores the rules."

(Reporting by Emily Flitter in New York, Stella Dawson and Mark Hosenball in Washington; Editing by Tiffany Wu and Leslie Gevirtz)
http://www.reuters.com/article/2013/...92C12720130313





UK "Snoopers Charter" Pits Privacy Against Security
Michael Holden and Kate Holton

At the height of an investigation into a group of Islamists plotting al Qaeda-inspired bomb attacks across Britain in 2004, British spies analyzed more than 4,000 telephone contacts to build up a picture of what they were planning and with whom.

The security services say the information was crucial in helping to thwart what could have been one of the deadliest attacks on Britain and to bring the cell to justice.

But a decade on, the police and intelligence agencies warn they have fallen behind those they are trying to track, as advances in technology and the growth of services like Skype and Facebook, increasingly put criminals beyond their reach.

In response, Britain is seeking to bring in what critics say are the West's most far-reaching surveillance laws that could change the international landscape in this area. The proposals would force communications firms to collect and store vast reams of data about almost every click of British online activity.

By doing so, ministers have provoked the wrath of human rights campaigners, sown division within the coalition government and alarmed major corporations such as Google and Microsoft.

"Nobody wants to live in a tyranny. I certainly don't and I don't want people snooping on what I do," said Gary Beautridge, the lead chief British police officer on the issue.

"This is about maintaining capability. It's not increasing capability, it's maintaining it in the face of change in technology," he said, rejecting talk of an Orwellian scheme.

Beautridge and all those involved in law enforcement say they are now unable to see about 25 percent of all communications data, hindering the secret war against bomb plotters, drug lords and pedophiles.

SECRET WAR

Almost everyone, from lawmakers to privacy campaigners, accepts something needs to be done. But trying to find a solution that is technically possible, will not cost billions and is not overly intrusive is proving a challenge.

Politicians across the world are grappling with the same problem but privacy campaigners say Britain is going further than any other democratic state.

Some countries such as France and Denmark are interested in new laws but campaigners said most other states had so far steered clear.

"The UK is the first mover in this. If the UK is successful, they will have changed the landscape for the rest of the world," said Gus Hosein, Executive Director of Privacy International.

Currently, if British authorities want to find out details about who has been talking to who they make a request to a senior police or intelligence officer who can approve the application without the need for a warrant.

British mobile and landline telephone providers must retain records for 12 months, in line with an EU directive, and figures for 2011 show some 494,078 applications were made.

Now Britain's Home Office, or interior ministry, plans to expand these powers to include online activities, such as which web sites were looked at and who was talking to who on social networks.

The new law would force British Internet service providers (ISP) and mobile operators to store data they would not normally keep for billing purposes and could even require them to keep data generated by internet groups based outside Britain.

The government insists it does not want to look at the content of the exchanges, but merely the details of the contact.

"NO FISHING EXPEDITIONS"

"All we're talking about is keeping the communications log of actually who owns that account, when a call was made and to whom or from whom and that is it," Beautridge said.

"It's not the content, it's never the content. Fishing expeditions should not happen. The processes have been designed to ensure that."

However, last December a draft version of the bill was heavily criticized by a parliamentary committee, which said it was too sweeping in its remit, would give ministers too much power and was likely to be too expensive.

The government is now expected to outline an amended bill in weeks with many of the same powers, according to sources familiar with discussions, having made it clear it cannot wait.

"Technical experts are clear that everything in the bill is feasible and we are continuing to consult with communications service providers on our proposals," said a Home Office spokeswoman, adding the aim was to bring a law forward "at the earliest opportunity" along with its cost implications.

Unlike the original plans which placed huge powers in the hands of the home secretary, the new proposals are likely to give parliament a greater say in what is permissible.

But privacy campaigners warn that might just put a gloss on something still unpalatable, putting in place a system which could be extended at a later date.

"If the police want to investigate me, they should be able to ask any company that has data on me to disclose that information. That's generally not a problem," said Hosein from Privacy International.

"The problem is the Home Office want much more than that. They want these companies to record these activities just in case at some point in the future I may become a suspect. That's not the way things work in a democratic society."

Among the concerns are proposals that service providers keep weblogs - records of websites people have visited - and a "filter" system which would ask them complex questions and filter data accordingly, something Hosein describes as mass surveillance.

"Having a list for 12 months of every single website you go to, that's quite a lot of information about yourself, very personal information," said Julien Huppert, who speaks on the issue for the Liberal Democrats, the junior members of Britain's coalition government.

But it's not just the rights or wrongs of the system at stake, there are also concerns it will not work in a world of mass communications provided by firms located across the globe.

One of the main sticking points will be how the authorities get information from so-called third party service providers based outside British jurisdiction, such as Google's Gmail, Facebook and Microsoft's Skype.

British-based mobile operators have told Reuters they are happy to cooperate with the government, but they insist that the same rules must apply to the likes of Facebook.

"From a security point of view, you need to be able to have access to the full pool of communication otherwise you're fishing in a sub-set of a sub-set," said Ronan Dunne, the chief executive of O2 UK.

DEEP-PACKET INSPECTION

If internet groups based outside Britain do not comply, the Home Office envisages forcing the British Internet Service Providers who carry their services to access the data instead, through a process known as deep-packet inspection.

But, it is not clear if this will be technically possible. Google has said it would not allow another service provider to decrypt its information on its Gmail service, and Jimmy Wales, the founder of Wikipedia, has said he would not cooperate.

"If we find that UK ISPs are mandated to keep track of every web page that someone reads on Wikipedia, I am almost certain ... that we would immediately move to a default of encrypting all the connections to the UK," Wales said.

The government, which has already spent 400 million pounds so far on the scheme without it getting off the ground, has estimated that it would cost 1.8 billion pounds over the 10 years until 2020-1, a figure that has been disputed. The Treasury has also said the funds have not been approved.

"We got widely divergent estimates of the cost and none of them were lower than the Home Office suggestion," said lawmaker Stephen Mosley, a member of Prime Minister David Cameron's ruling Conservative Party who sat on the parliamentary committee which scrutinized the draft bill.

Polls indicate that the majority of Britons do not like the plans, think they are a waste of money and do not have faith that the information will be secure.

Mosley, co-chairman of the Parliamentary Internet, Communications and Technology Forum, warned it was vital that any law could not give succor to draconian regimes which sought to censor their citizens activities.

"We as a country do want to be a beacon for freedom and liberty. We've got to make sure that legislation we introduce can't be misused elsewhere," he said.

(Editing by Guy Faulconbridge and Anna Willard)
http://www.reuters.com/article/2013/...92P0D520130326





SUPREME COURT OF CANADA

Citation: R. v. TELUS Communications Co., 2013 SCC 16


TELUS Communications Company Appellant

v.

Her Majesty The Queen Respondent

and

Attorney General of Ontario, Canadian Civil

Liberties Association and Samuelson‑Glushko

Canadian Internet Policy and Public Interest Clinic Interveners

Indexed as: R. v. TELUS Communications Co.

2013 SCC 16

File No.: 34252.

2012: October 15; 2013: March 27.

Present: McLachlin C.J. and LeBel, Fish, Abella, Cromwell, Moldaver and Karakatsanis JJ.

on appeal from the ontario superior court of justice

Criminal law — Interception of communications — General warrant — Telecommunications company employing unique process for transmitting text messages resulting in messages stored on their computer database for brief period of time — General warrant requiring telecommunications company to produce all text messages sent and received by two subscribers on prospective, daily basis — Whether general warrant power in s. 487.01 of Criminal Code can authorize prospective production of future text messages from service provider’s computer — Whether investigative technique authorized by general warrant in this case is an interception requiring authorization under Part VI of Criminal Code — Whether general warrant may properly issue where substance of investigative technique, if not its precise form, is addressed by existing legislative provision — Criminal Code, R.S.C. 1985, c. C‑46, ss. 487.01.

Unlike most telecommunications service providers, TELUS Communications Company routinely makes electronic copies of all the text messages sent or received by its subscribers and stores them on a computer database for a brief period of time. The police in this case obtained a general warrant and related assistance order under ss. 487.01 and 487.02 of the Criminal Code requiring Telus to provide the police with copies of any stored text messages sent or received by two Telus subscribers. The relevant part of the warrant required Telus to produce any messages sent or received during a two‑week period on a daily basis. Telus applied to quash the general warrant arguing that the prospective, daily acquisition of text messages from their computer database constitutes an interception of private communications and therefore requires authorization under the wiretap authorization provisions in Part VI of the Code. The application was dismissed. The focus of the appeal is on whether the general warrant power can authorize the prospective production of future text messages from a service provider’s computer.

Held (McLachlin C.J. and Cromwell J. dissenting): The appeal should be allowed and the general warrant and related assistance order should be quashed.

Per LeBel, Fish and Abella JJ.: Part VI of the Criminal Code provides a comprehensive scheme for “wiretap authorizations” for the interception of private communications. The purpose of Part VI is to restrict the ability of the police to obtain and disclose private communications.

Telus employs a unique process for transmitting text messages that results in the messages being stored on their computer database for a brief period of time. In considering whether the prospective, daily production of future text messages stored in Telus’ computer falls within Part VI, we must take the overall objective of Part VI into account.

Text messaging is, in essence, an electronic conversation. Technical differences inherent in new technology should not determine the scope of protection afforded to private communications. The only practical difference between text messaging and traditional voice communications is the transmission process. This distinction should not take text messages outside the protection to which private communications are entitled under Part VI.

Section 487.01 of the Code, the general warrant provision, was enacted in 1993 as part of a series of amendments to the Code in Bill C‑109, S.C. 1993, c. 40. It authorizes a judge to issue a general warrant permitting a peace officer to “use any device or investigative technique or procedure or do anything described in the warrant that would, if not authorized, constitute an unreasonable search or seizure”. Notably, s. 487.01(1)(c) stipulates that the general warrant power is residual and resort to it is precluded where judicial approval for the proposed technique, procedure or device or the “doing of the thing” is available under the Code or another federal statute.

Section 487.01(1)(c) should be broadly construed to ensure that the general warrant is not used presumptively to prevent the circumvention of the more specific or rigorous pre‑authorization requirements for warrants, such as those found in Part VI. To decide whether s. 487.01(1)(c) applies, namely, whether another provision would provide for the authorization sought in this case, requires interpreting the word “intercept” in Part VI. “Intercept” is used throughout Part VI with reference to the intercept of private communications. This means that in interpreting “intercept a private communication”, we must consider the broad scope of Part VI and its application across a number of technological platforms, as well as its objective of protecting individual privacy interests in communications by imposing particularly rigorous safeguards. The interpretation should not be dictated by the technology used to transmit such communications, like the computer used in this case, but by what was intended to be protected under Part VI. It should also be informed by the rights enshrined in s. 8 of the Charter, which in turn must remain aligned with technological developments.

A technical approach to “intercept” would essentially render Part VI irrelevant to the protection of the right to privacy in new, electronic and text‑based communications technologies, which generate and store copies of private communications as part of the transmission process. A narrow definition is also inconsistent with the language and purpose of Part VI in offering broad protection for private communications from unauthorized interference by the state.

The interpretation of “intercept a private communication” must, therefore, focus on the acquisition of informational content and the individual’s expectation of privacy at the time the communication was made. To the extent that there may be any temporal element inherent in the technical meaning of intercept, it should not trump Parliament’s intention in Part VI to protect an individual’s right to privacy in his or her communications. The use of the word “intercept” implies that the private communication is acquired in the course of the communication process. The process encompasses all activities of the service provider which are required for, or incidental to, the provision of the communications service. Acquiring the substance of a private communication from a computer maintained by a telecommunications service provider would, as a result, be included in that process.

Text messages are private communications and, even if they are stored on a service provider’s computer, their prospective production requires authorization under Part VI of the Code. If Telus did not maintain its computer database, there is no doubt that the police would be required to obtain an authorization under Part VI to secure the prospective, and in this case continuous, production of text messages. Most service providers do not routinely copy text messages to a computer database as part of their transmission service. Accordingly, if the police wanted to target an individual who used a different service provider, they would have no option but to obtain wiretap authorizations under Part VI to compel the prospective and continuous production of their text messages. This creates a manifest unfairness to individuals who are unlikely to realize that their choice of telecommunications service provider can dramatically affect their privacy. The technical differences inherent in Telus’ transmission of text messages should not deprive Telus subscribers of the protection of the Code that every other Canadian is entitled to.

The general warrant in this case was invalid because the police had failed to satisfy the requirement under s. 487.01(1)(c) of the Code that a general warrant could not be issued if another provision in the Code is available to authorize the technique used by police. Since the warrant purports to authorize the interception of private communications, and since Part VI is the scheme that authorizes the interception of private communications, a general warrant was not available.

Per Moldaver and Karakatsanis JJ.: There is agreement with Abella J. that the police are entitled to a general warrant only where they can show that “no other provision” of the Criminal Code or any other Act of Parliament would provide for the investigative technique, including a substantively equivalent technique, for which authorization is sought. The investigative technique in this case was substantively equivalent to an intercept. The general warrant is thus invalid. Resolution of whether what occurred in this case was or was not, strictly speaking, an “intercept” within the meaning of s. 183 of the Code is unnecessary. A narrower decision guards against unforeseen and potentially far‑reaching consequences in this complex area of the law.

The result is driven by the failure of the authorities to establish the requirement in s. 487.01(1)(c) that there be “no other provision” that would provide for the search. This provision ensures that the general warrant is used sparingly as a warrant of limited resort. In creating the general warrant, Parliament did not erase every other search authorization from the Code and leave it to judges to devise general warrants on an ad hoc basis as they deem fit. Courts must therefore be careful to fill a legislative lacuna only where Parliament has actually failed to anticipate a particular search authorization. The “no other provision” requirement must be interpreted so as to afford the police the flexibility Parliament contemplated in creating the general warrant, while safeguarding against its misuse. There is a need for heightened judicial scrutiny where Parliament has provided an authorization for an investigative technique that is substantively equivalent to what the police seek but requires more onerous pre-conditions. Thus, the test under s. 487.01(1)(c) must consider the investigative technique that the police seek to utilize with an eye to its actual substance and not merely its formal trappings.

The approach to the “no other provision” requirement accepts a measure of uncertainty by tasking judges with the job of inquiring into the substance of purportedly “new” investigative techniques. When uncertainty exists, the police would do well to err on the side of caution. General warrants may not be used as a means to circumvent other authorization provisions that are available but contain more onerous pre-conditions. Judges faced with an application where the investigative technique, though not identical, comes close in substance to an investigative technique covered by another provision for which more rigorous standards apply should therefore proceed with extra caution. Where careful scrutiny establishes that a proposed investigative technique, although similar, has substantive differences from an existing technique, judges may grant the general warrant, mindful of their obligation under s. 487.01(3) to impose terms and conditions that reflect the nature of the privacy interest at stake.

A literal construction of s. 487.01(1)(c) must be rejected. Such an approach strips the provision of any meaning and renders it all but valueless. Legislative history confirms that general warrants were to play a modest role, affording the police a constitutionally sound path for investigative techniques that Parliament has not addressed. Ensuring that general warrants are confined to their limited role is the true purpose of s. 487.01(1)(c). While the “best interest” requirement in s. 487.01(1)(b) serves to prevent misuse of the general warrant, this provision should not be interpreted as swallowing the distinct analytical question that the “no other provision” test asks. A purposive approach to s. 487.01(1)(c) has nothing to do with investigative necessity. Under the “no other provision” test, the police are not asked to show why an alternative authorization would not work on the facts of a particular case, but rather why it is substantively different from what Parliament has already provided.

In this case, the general warrant is invalid because the investigative technique it authorized was substantively equivalent to an intercept. What the police did — securing prospective authorization for the delivery of future private communications on a continual, if not continuous, basis over a sustained period of time — was substantively equivalent to what they would have done pursuant to a Part VI authorization. It was thus, at a minimum, tantamount to an intercept. Though there is no evidence to suggest that the police acted other than in good faith, the police failed to meet their burden to show that the impugned technique was substantively different from an intercept. On the facts here, the general warrant served only to provide a means to avoid the rigours of Part VI. The police could and should have sought a Part VI authorization.

Per McLachlin C.J. and Cromwell J. (dissenting): The question of whether what the police did under this general warrant is an interception of a private communication is one of statutory interpretation. When the text of the statutory provisions is read in its full context, it is clear that the general warrant does not authorize an interception that requires a Part VI authorization. While there is no doubt that the text message is a private communication and that text messages here were intercepted by Telus by means of an electro-magnetic, acoustic, mechanical or other device, the police in this case, did not intercept those messages when Telus turned over to them copies of sent and received messages previously intercepted by Telus and stored in its databases. Therefore, the investigative technique authorized by the general warrant in this case was not an interception of private communication.

Fundamental to both the purpose and to the scheme of the wiretap provisions is the distinction between the interception of private communications and the disclosure, use or retention of private communications that have been intercepted. The purpose, text and scheme of Part VI show that the disclosure, use or retention of intercepted private communications is distinct from the act of interception itself. That is, if disclosure or use of a private communication were an interception of it, there would be no need to create the distinct disclosure or use offence. Similarly, the exemptions from criminal liability show that Parliament distinguished between interception on one hand and retention, use and disclosure on the other.

In this case, it is not disputed that Telus was intercepting text messages when it copied them for its own systems administration purposes. However, it is also agreed that Telus lawfully intercepted private communications. Under the general warrant, the police sought disclosure from Telus of information that it had already lawfully intercepted. The general warrant did not require Telus to intercept communications, but to provide copies of communications that it had previously intercepted for its own lawful purposes. As the scheme of the legislation makes clear, disclosure or use of a lawfully intercepted communication is not an interception. It is inconsistent with the fundamental distinction made by the legislation to conclude that the police were intercepting private communications when Telus provided them with copies of previously intercepted and stored text messages. The distinction in the statute between interception and disclosure cannot be dismissed as a mere “technical difference”. The distinction is fundamental to the scheme of the provisions. When Telus turns over to the police the copies of the communications that it has previously intercepted, Telus is disclosing the communications, not intercepting them again. This disclosure by Telus from its databases cannot be an interception by the police.

Acquiring the content of a previously intercepted and stored communication cannot be an interception because that broad reading is inconsistent with the clear distinction between interception and disclosure in the provisions. Applied broadly, this interpretation of “acquire” would extend the scope of investigative techniques which require wiretap authorizations far beyond anything ever previously contemplated. Further, introducing a temporal aspect of interception would confuse the act of interception with the nature of its authorization. Interception is a technique, a way of acquiring the substance of a private communication. It could not be that exactly the same technique, which acquires information in exactly the same form may be either a seizure of stored material or an interception, depending on the point in time at which the technique is authorized.

The general warrant is not one of limited resort that should be used sparingly. On the contrary, as numerous authorities have acknowledged, the provision is cast in wide terms. Therefore, it is not accepted as an imperative that s. 487.01 must be interpreted with a view to heavily restricting its use. The focus of the inquiry is on two matters (in addition of course to reasonable grounds to believe that an offence has been committed and that information concerning the offence will be obtained): is authorization for the “technique, procedure or device to be used or the thing to be done” provided for in any other federal statute and is it in the best interests of the administration of justice to authorize it to be done? Section 487.01(1)(c) provides that a general warrant may issue if “there is no other provision . . . that would provide for a warrant, authorization or order permitting the technique, procedure or device to be used or the thing to be done”. The words “technique”, “procedure”, “device to be used” and “thing to be done” all are concerned with what the police want to do, not why they want to do it. This paragraph does not require issuing judges to consider whether other techniques are similar or allow access to the same evidence; it simply asks if the same technique can be authorized by another provision. This is not simply a narrow, literal interpretation of s. 487.01. Rather, it is an interpretation that reflects its purpose of conferring a broad judicial discretion to authorize the police to “use any device or investigative technique or procedure or do any thing”, provided of course that the judge is satisfied that it is in the best interests of the administration of justice to do so, having due regard to the importance of the constitutional right to be free of unreasonable searches and seizures. However, courts should not authorize anything the police seek to do simply because it is not authorized elsewhere. The judicial discretion to issue the warrant must give full effect to the protection of reasonable expectations of privacy as set out under s. 8 of the Charter.

There is no support in the text or the purpose of s. 487.01(1)(c), or in the jurisprudence, for building into it a “substantive equivalency” test. The paragraph asks a simple question: Does federal legislation provide for “a warrant, authorization or order permitting the technique, procedure or device to be used or the thing to be done”? Where this threshold is met, the judge is entitled to consider granting the requested authorization. The further question of whether the authorization ought to be granted is not the focus of this paragraph of the section. Rather, whether a general warrant ought to issue is properly considered under s. 487.01(1)(b), which asks whether authorizing the warrant would be in the best interests of the administration of justice. This approach is not only supported by the text, purpose and jurisprudence, but the application of a “substantive equivalency” test creates unnecessary uncertainty and distracts the issuing judge from the question of whether the technique sought to be authorized is inconsistent with the right to be free from unreasonable searches and seizures. Predictability and clarity in the law are particularly important in the area of judicial pre-authorization of searches. The primary objective of pre-authorization is not to identify unreasonable searches after the fact, but to ensure that unreasonable searches are not conducted. The requirements for pre-authorization should be as clear as possible to ensure that Charter rights are fully protected.

The technique sought to be authorized here is not the substantive equivalent of a wiretap authorization. On the facts of this case, a wiretap authorization alone would not allow the police to obtain the information that Telus was required to provide under the general warrant. Three separate authorizations would be required in order to provide the police with the means to access the information provided to them under the general warrant. Therefore, even if one were to accept reading into s. 487.01(1)(c) a “substantive equivalency” test, neither the facts nor the law would support its application in this case.

The police did not seek a general warrant in this case as a way to avoid the rigours of Part VI. The general warrant achieved the legitimate aims of the police investigation in a much more convenient and cost-effective manner than any other provision would have allowed. There is no evidence of “misuse” of s. 487.01. The effective and practical police investigation by a relatively small municipal police force was fully respectful of the privacy interests of the targets of the investigation and other Telus subscribers.
http://scc.lexum.org/decisia-scc-csc...12936/index.do





Luring Young Web Warriors Is a U.S. Priority. It’s Also a Game.
Nicole Perlroth

In the eighth grade, Arlan Jaska figured out how to write a simple script that could switch his keyboard’s Caps Lock key on and off 6,000 times a minute. When friends weren’t looking, he slipped his program onto their computers. It was all fun and games until the program spread to his middle school.

“They called my parents and told my dad I was hacking their computers,” Mr. Jaska, 17 years old, recalled. He was grounded and got detention. And he is just the type the Department of Homeland Security is looking for.

The secretary of that agency, Janet Napolitano, knows she has a problem that will only worsen. Foreign hackers have been attacking her agency’s computer systems. They have also been busy trying to siphon the nation’s wealth and steal valuable trade secrets. And they have begun probing the nation’s infrastructure — the power grid, and water and transportation systems.

So she needs her own hackers — 600, the agency estimates. But potential recruits with the right skills have too often been heading for business, and those who do choose government work often go to the National Security Agency, where they work on offensive digital strategies. At Homeland Security, the emphasis is on keeping hackers out, or playing defense.

“We have to show them how cool and exciting this is,” said Ed Skoudis, one of the nation’s top computer security trainers. “And we have to show them that applying these skills to the public sector is important.”

One answer? Start young, and make it a game, even a contest.

This month, Mr. Jaska and his classmate Collin Berman took top spots at the Virginia Governor’s Cup Cyber Challenge, a veritable smackdown of hacking for high school students that was the brainchild of Alan Paller, a security expert, and others in the field.

With military exercises like NetWars, the competition had more the feel of a video game. Mr. Paller helped create the competition, the first in a series, to help Homeland Security, and likens the agency’s need for hackers to the shortage of fighter pilots during World War II.

The job calls for a certain maverick attitude. “I like to break things,” Mr. Berman, 18, said. “I always want to know, ‘How can I change this so it does something else?’ ”

It’s a far different pursuit — and a higher-minded one, enlightened hackers will say — than simply defacing Web sites.

“You want people who ask: How do things work? But the very best ones turn it around,” said Mr. Paller, director of research at the SANS Institute, a computer security training organization.

It’s no coincidence that the idea of using competitions came, in part, from China, where the People’s Liberation Army runs challenges every spring to identify its next generation of digital warriors.

Tan Dailin, a graduate student, won several of the events in 2005. Soon afterward he put his skills to work and was caught breaking into the Pentagon’s network and sending reams of documents back to servers in China.

“We have no program like that in the United States — nothing,” Mr. Paller said. “No one is even teaching this in schools. If we don’t solve this problem, we’re in trouble.”

At Northern Virginia’s acclaimed Thomas Jefferson High School for Science and Technology, which both Mr. Jaska and Mr. Berman attend, there are five computer science teachers, but none focused on security.

When eight students expressed interest in starting a security club, they had to persuade a Raytheon employee to meet with them once a week. (One idea for a name, the Hacking Club, didn’t last.

“We don’t want people who are going to go around defacing sites,” Mr. Berman said. They recently rebranded from the Cybersecurity Club to the Computer Security Club. The group dropped the “Cyber” because “it sounds like you’re trying to be cool but you’re not,” clarified Mr. Jaska.)

Mr. Jaska and Mr. Berman heard about the Virginia competition through their school. To qualify, they had to identify bad passwords and clean up security settings — a long way from a Caps Lock program.

Some 700 students from 110 Virginia high schools applied, but only 40, including Mr. Jaska and Mr. Berman, made the cut.

So, three weeks ago, the pair traveled to the Governor’s Cup Cyber Challenge at George Mason University.

There, they found something they rarely encounter in high school — a thriving community of like-minded teenagers, the best and brightest of a highly specialized task.

“For some of the kids, who tended to be a little bit loners, this was the first time they had a peer group,” Mr. Paller said. “They were having excited conversations about arcane technical issues — something they never get to do — and their parents exalted in it.”

The students faced the same five-level test that the military uses to test its own security experts. They earned points for cracking passwords, flagging vulnerabilities and breaking into a Web site administrator’s account where, had they changed any settings or defaced a site, they would have been eliminated. Their scores were displayed in real time on a leader board.

After several hours, the winners were announced. A third of the students had made it to Level 3 — a level that Rear Adm. Gib Godwin, chairman of the Governor’s Cup, said typically requires someone with seven to 10 years of experience to achieve. Mr. Jaska won, earning a $5,000 scholarship. Mr. Berman won $1,500 for third place.

The idea for such competitions is nothing new. For years, a hacking conference called DefCon has hosted games like Capture the Flag in which teams earn points for hacking into each other’s computers. The Air Force started a Cyber Patriot competition in which hackers defend against a “Red Team” trying to steal data. And the Defense Department has its own Digital Forensics Challenge. But none of these was meant for high school students.

“The goal is to create a continuum, similar to the way kids go to junior high, high school, college and get their Ph.D.,” Admiral Godwin said. “We want to create the same flow for kids in the cyber domain.”

This summer, Mr. Jaska is hoping to be an intern at Northrop Grumman. Mr. Berman is considering an internship at Homeland Security. But Ms. Napolitano still has some convincing to do.

But asked about their dream job, both said they wanted to work in the private sector. “The problem with going into the government is you’re going to make a lot less,” said Mr. Berman.

“Everything’s slower, there’s budget cuts and bureaucracy everywhere and you can’t talk about what you do,” Mr. Jaska added. “It just doesn’t seem like as much fun.”
https://www.nytimes.com/2013/03/25/t...ic-sector.html





Drone Industry Worries About Privacy Backlash
Joan Lowy

It's a good bet that in the not-so-distant future aerial drones will be part of Americans' everyday lives, performing countless useful functions.

A far cry from the killing machines whose missiles incinerate terrorists, these generally small, unmanned aircraft will help farmers more precisely apply water and pesticides to crops, saving money and reducing environmental impacts. They'll help police departments find missing people, reconstruct traffic accidents and act as lookouts for SWAT teams. They'll alert authorities to people stranded on rooftops by hurricanes and monitor evacuation flows.

Real estate agents will use them to film videos of properties and surrounding neighborhoods. States will use them to inspect bridges, roads and dams. Oil companies will use them to monitor pipelines, while power companies use them to monitor transmission lines.

With military budgets shrinking, drone makers have been counting on the civilian market to spur the industry's growth. But there's an ironic threat to that hope: Success on the battlefield may contain the seeds of trouble for the more benign uses of drones at home.

The civilian unmanned aircraft industry worries that it will be grounded before it can really take off because of fear among the public that the technology will be misused. Also problematic is a delay in the issuance of government safety regulations that are needed before drones can gain broad access to U.S. skies.

Some companies that make drones or supply support equipment and services say the uncertainty has caused them to put U.S. expansion plans on hold, and they are looking overseas for new markets.

"Our lack of success in educating the public about unmanned aircraft is coming back to bite us," said Robert Fitzgerald, CEO of The BOSH Group of Newport News, Va., which provides support services to drone users.

"The U.S. has been at the lead of this technology a long time," he said. "If our government holds back this technology, there's the freedom to move elsewhere ... and all of a sudden these things will be flying everywhere else and competing with us."

Since January, drone-related legislation has been introduced in more than 30 states, largely in response to privacy concerns. Many of the bills are focused on preventing police from using drones for broad public surveillance, as well as targeting individuals for surveillance without sufficient grounds to believe they were involved in crimes.

Law enforcement is expected to be one of the bigger initial markets for civilian drones. Last month, the FBI used drones to maintain continuous surveillance of a bunker in Alabama where a 5-year-old boy was being held hostage.

In Virginia, the state General Assembly passed a bill that would place a two-year moratorium on the use of drones by state and local law enforcement. The measure is supported by groups as varied as the American Civil Liberties Union on the left and the Virginia Tea Party Patriots Federation on the right.

Gov. Bob McDonnell is proposing amendments that would retain the broad ban on spy drones but allow specific exemptions when lives are in danger, such as for search-and rescue operations. The legislature reconvenes on April 3 to consider the amendments.

"Any legislation that restricts the use of this kind of capability to serve the public is putting the public at risk," said Steve Gitlin, vice president of AeroVironment, a leading maker of smaller drones, including some no bigger than a hummingbird

Seattle abandoned its drone program after community protests in February. The city's police department had purchased two drones through a federal grant without consulting the city council.

Drones "clearly have so much potential for saving lives, and it's a darn shame we're having to go through this right now," said Stephen Ingley, executive director of the Airborne Law Enforcement Association. "It's frustrating."

In some states economic concerns have trumped public unease. In Oklahoma, an anti-drone bill was shelved at the request of Republican Gov. Mary Fallin, who was concerned it might hinder growth of the state's drone industry. The North Dakota state Senate killed a drone bill in part because of concern that it might impede the state's chances of being selected by the Federal Aviation Administration as one of six national drone test sites, which could generate local jobs.

A bill that would have limited the ability of state and local governments to use drones died in the Washington legislature. The measure was opposed by The Boeing Co., which employs more than 80,000 workers in the state and which has a subsidiary, Insitu, that's a leading military drone manufacturer.

Although the Supreme Court has not dealt directly with drones, it has OK'd aerial surveillance without warrants in drug cases in which officers in a plane or helicopter spotted marijuana plants growing on a suspect's property. But in a case involving the use of ground-based equipment, the court said police generally need a warrant before using a thermal imaging device to detect hot spots in a home that might indicate that marijuana plants are being grown there.

In Congress, Rep. Ed Markey, D-Mass., co-chairman of the House's privacy caucus, has introduced a bill that prohibits the Federal Aviation Administration from issuing drone licenses unless the applicant provides a statement explaining who will operate the drone, where it will be flown, what kind of data will be collected, how the data will be used, whether the information will be sold to third parties and the period for which the information will be retained.

Sentiment for curbing domestic drone use has brought the left and right together perhaps more than any other recent issue. "The thought of government drones buzzing overhead and constantly monitoring the activities of law-abiding citizens runs contrary to the notion of what it means to live in a free society," Sen. Charles Grassley, R-Iowa, said at a recent hearing of the Senate Judiciary Committee.

Privacy advocates acknowledge the many good uses of drones. In Mesa County, Colo., for example, an annual landfill survey using manned aircraft cost about $10,000. The county recently performed the same survey using a drone for about $200.

But drones' virtues can also make them dangerous, they say. Their low cost and ease of use may encourage police and others to conduct the kind of continuous or intrusive surveillance that might otherwise be impractical. Drones can be equipped with high-powered cameras and listening devices, and infrared cameras that can see people in the dark.

"High-rise buildings, security fences or even the walls of a building are not barriers to increasingly common drone technology," Amie Stepanovich, director of the Electronic Privacy Information Council's surveillance project, told the Senate panel.

Civilian drone use is limited to government agencies and public universities that have received a few hundred permits from the FAA. A law passed by Congress last year requires the FAA to open U.S. skies to widespread drone flights by 2015, but the agency is behind schedule and it's doubtful it will meet that deadline. Lawmakers and industry officials have complained for years about the FAA's slow progress.

The FAA estimates that within five years of gaining broader access about 7,500 civilian drones will be in use.

Sen. Rand Paul, R-Ky., recently drew attention to the domestic use of drones when he staged a Senate filibuster, demanding to know whether the president has authority to use weaponized drones to kill Americans on American soil. The White House said no, if the person isn't engaged in combat. But industry officials worry that the episode could temporarily set back civilian drone use.

"The opposition has become very loud," said Gitlin of AeroVironment, "but we are confident that over time the benefits of these solutions (drones) are going to far outweigh the concerns, and they'll become part of normal life in the future."

___

Associated Press writer Michael Felberbaum in Richmond, Va., contributed to this report.
http://www.newstimes.com/business/te...sh-4393773.php





What You Didn’t Post, Facebook May Still Know
Somini Sengupta

Debra Aho Williamson, an advertising industry analyst and devoted coffee drinker, was intrigued by a promotion that popped up on her Facebook page recently. Sign up for a Starbucks loyalty card, it said, and get $5 off.

“When I saw that, I thought, I’m already a member of their loyalty club,” she said. “Why don’t they know that?”

Despite the streams of data Facebook has collected about people like Ms. Williamson, the social network needs to know its users much better if it is going to become, as the company hopes, the Web’s most effective advertising platform. And Facebook is scrambling to do just that.

In shaping its targeted advertising strategy, it is no longer relying solely on what Facebook users reveal about themselves. Instead, it is tapping into outside sources of data to learn even more about them — and to sell ads that are more finely targeted to them. Facebook says that this way, marketers will be able to reach the right audience for the right products, and consumers will see advertisements that are, as the company calls it, “relevant” to them.

In late February, Facebook announced partnerships with four companies that collect lucrative behavioral data, from store loyalty card transactions and customer e-mail lists to divorce and Web browsing records.

They include Acxiom, which aggregates data from a variety of sources, including financial services companies, court records and federal government documents; Datalogix, which claims to have a database on the spending habits of more than 100 million Americans in categories like fine jewelry, cough medicine and college tuition; and Epsilon, which also collects transaction data from retailers.

Acxiom and Datalogix are among nine companies that the Federal Trade Commission is investigating to see how they collect and use consumer data.

Facebook’s fourth partner is BlueKai, based in Cupertino, Calif., which creates tracking cookies for brands to monitor customers who visit their Web sites. That data can be used to show an advertisement when those users log on to Facebook.

“Our goal is to improve the relevance of ads people see on Facebook and the efficacy of marketing campaigns,” Gokul Rajaram, product director for ads at Facebook, said in an interview on Friday.

In announcing the partnerships, Facebook said it would allow, for instance, a carmaker to customize an advertisement to users interested in a new car.

The push to refine targeted advertising reflects the company’s need to increase its revenue. Its shares are worth far less than its ambitious initial public offering price of $38 a share last May, and Wall Street wants to see it take concrete steps to prove to advertisers that it can show the right promotions to the right users and turn them into customers.

The partnerships are part of a continuum of efforts by Facebook to hone targeted advertising. Last fall, it invited potential advertisers to provide the e-mail addresses of their customers; Facebook then found those customers among its users and showed them ads on behalf of the brands.

JackThreads, a members-only online men’s retailer, tried this tactic recently. Of the two million customer e-mails it had on file, Facebook found more than two-thirds of them on the social network, aided in part by the fact that JackThreads allows members to sign in using Facebook login credentials. Facebook then showed those customers ads for the items they had once eyed on the JackThreads site.

The nudge seemed to get people to open up their pocketbooks. Sales increased 26 percent at JackThreads, according to AdParlor, an agency that buys the company’s advertisements on Facebook.

Targeted advertising bears important implications for consumers. It could mean seeing advertisements based not just on what they “like” on Facebook, but on what they eat for breakfast, whether they buy khakis or jeans and whether they are more likely to give their wives roses or tulips on their wedding anniversary. It means that even things people don’t reveal on Facebook may be discovered from their online and offline proclivities.

Facebook says that in devising targeted ads, no identifying information about users is shared with advertisers. E-mail addresses and Facebook user names are encrypted and then matched. Users can opt out of seeing specific brand advertisements on their page, and they can opt out of receiving any targeted messages by visiting each third-party data partner’s Web site.

That is a somewhat complicated process, though, which has prompted the Electronic Frontier Foundation to issue step-by-step instructions. The foundation suggests that consumers who want to avoid ubiquitous tracking install tools to block Web trackers and be mindful about sharing their e-mail addresses with marketers. Facebook declined to provide data on how often users opt out of seeing ads.

“It’s ultimately good for the users,” Mr. Rajaram said. “They get to see better, more relevant ads from brands and businesses they care about and that they have a prior relationship with.”

He added, “There is no information on users that’s being shared that they haven’t shared already.”

Whether Facebook users will enjoy seeing “relevant” ads or be alienated by more intensive tracking remains to be seen.

At the very least, said Ms. Williamson, an analyst with the research firm eMarketer, consumers will be “forced to become more aware of the data trail they leave behind them and how companies are putting all that data together in new ways to reach them.” She knows, for instance, that if she uses her supermarket loyalty card to buy cornflakes, she can expect to see a cornflakes advertisement when she logs in to Facebook.

After all, she said, “data is the new currency of marketing.”

These efforts speak volumes about the data trail that consumers leave every day, online and off — a trail that can follow them back to Facebook or to any other advertising platform on the Web. They offer lucrative information every time they provide their e-mail address to a dressmaker or a doctor, and even when they give their ZIP code at the checkout counter. They use loyalty cards to buy snorkeling gear or antidepressants. They browse a retail Web site, leaving a detailed portrait of whether they are interested in ergonomic work chairs or nursery furniture.

Facebook said it was too early to reveal details about how the data collected through its new partnerships would be put to use by marketers.

1-800-Flowers, the online florist, said it had been experimenting with targeted ads on Facebook. What the company was most looking forward to was a new advertising conceit, which Facebook calls Lookalike, that would allow 1-800-Flowers to show its ads to other Facebook users who are similar to the company’s known customers.

Christopher G. McCann, president of 1-800-Flowers, said he had no idea how Facebook planned to identify “look-alikes,” only that it had promised to find potential new customers through a proprietary algorithm that matches demographic traits.

Last year, Facebook also introduced a so-called retargeting campaign. A travel Web site could track what its customers were looking at — hotels in New York, for instance — and show those customers an ad once they logged on to Facebook. The tracking is done by a piece of code embedded in the travel company’s site.

For marketers, more data could mean getting closer to the ultimate goal of advertising: sending the right message to the right consumer at the right time.

When Facebook announced its targeted ad offerings, Justin Bazan, an optometrist in Park Slope, Brooklyn, immediately saw an opportunity for his business. He combed through his office records for the e-mail addresses of patients who were overdue for an annual exam. Facebook matched most of those e-mails to Facebook user names, and Dr. Bazan paid $50 to show those users an advertisement. “You’re overdue,” the ad read. “Click here to make an appointment.”

Within a week, more than 50 people had clicked on his ad, he said.

Dr. Bazan dismissed concerns about federal confidentiality laws that protect health information. Facebook, he said, encrypts the e-mail addresses furnished by any advertiser, including doctors.
https://www.nytimes.com/2013/03/26/t...a-sources.html





Digital Cameras Easily Turned Into Spying Devices, Researchers Prove
Daniel Mende and Pascal Turbing

Users' desire to share things online has influenced many markets, including the digital camera one.

Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them.

But, as proven by Daniel Mende and Pascal Turbing, security researchers with German-based IT consulting firm ERNW, these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices.

Mende and Turbing chose to compromise Canon's EOS-1D X DSLR camera an exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it.

In this presentation from Shmoocon 2013, they explained in detail how they managed to mount the attacks, and have also offered advice for users on how to secure their cameras and connections against these and similar attacks.
https://www.net-security.org/secworld.php?id=14651





MP Turns Herself In for Child Porn Offence

A Swedish parliamentarian has reported herself to the police for possessing child pornography, in a bid to get Swedes to question the current laws.

Moderate Party MP Maria Abrahamsson chose on Wednesday to tell Swedish police that she may have child pornography at home. She told them that she had a copy of the Dagens Nyheter (DN) newspaper, which last weekend contained an illustration showing a child surrounded by half-naked men.

Abrahamsson is a known critic of the current Swedish law, which makes no distinction between photographs depicting sexual violation or assault of a child or children and illustrations showing similar scenarios.

According to the Svenska Dagbladet (SVD) newspaper, Abrahamsson petitioned parliament last autumn to amend the text of the law. She argued it should distinguish between photography and non-photographic art.

Her latest attempt to raise awareness on the issue follows DN's publication on Saturday of a reproduction of a painting by US artist Tala Madanis, whose work is currently on display at an exhibition in Malmö. The artwork shows a child in a crib surrounded by men with their genitals pointing at the child.

The newspaper's editor Peter Wolodarski defended the decision to publish the reproduction.

"I agree that Swedish law is unclear and problematic," he was quoted as saying.

"But the picture in question has nothing to do with child pornography crimes. We wouldn't have published it if we thought it broke the law."

Abrahamsson, meanwhile, wants Swedish police and prosecutors to investigate whether she has broken the law by having a copy of the paper at home.

SvD reported on Wednesday that the police had opened an investigation into the case.

Abrahamsson originally got involved in the debate when Swedish manga translator Simon Lundström was convicted of child pornography crimes because of images in his cartoon library at home.

Lundström was eventually acquitted when Sweden's Supreme Court (Högsta domstolen) looked at the case in June 2012, but the ruling still stated that illustrations can be considered in breach of child pornography laws.
http://www.thelocal.se/46990/20130328/





Firm Is Accused of Sending Spam, and Fight Jams Internet
John Markoff and Nicole Perlroth

A squabble between a group fighting spam and a Dutch company that hosts Web sites said to be sending spam has escalated into one of the largest computer attacks on the Internet, causing widespread congestion and jamming crucial infrastructure around the world.

Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time.

However, for the Internet engineers who run the global network the problem is more worrisome. The attacks are becoming increasingly powerful, and computer security experts worry that if they continue to escalate people may not be able to reach basic Internet services, like e-mail and online banking.

The dispute started when the spam-fighting group, called Spamhaus, added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam. Cyberbunker, named for its headquarters, a five-story former NATO bunker, offers hosting services to any Web site “except child porn and anything related to terrorism,” according to its Web site.

A spokesman for Spamhaus, which is based in Europe, said the attacks began on March 19, but had not stopped the group from distributing its blacklist.

Patrick Gilmore, chief architect at Akamai Networks, a digital content provider, said Spamhaus’s role was to generate a list of Internet spammers.

Of Cyberbunker, he added: “These guys are just mad. To be frank, they got caught. They think they should be allowed to spam.”

Mr. Gilmore said that the attacks, which are generated by swarms of computers called botnets, concentrate data streams that are larger than the Internet connections of entire countries. He likened the technique, which uses a long-known flaw in the Internet’s basic plumbing, to using a machine gun to spray an entire crowd when the intent is to kill one person.

The attacks were first mentioned publicly last week by Cloudflare, an Internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target.

“These things are essentially like nuclear bombs,” said Matthew Prince, chief executive of Cloudflare. “It’s so easy to cause so much damage.”

The so-called distributed denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second.

“It is a real number,” Mr. Gilmore said. “It is the largest publicly announced DDoS attack in the history of the Internet.”

Spamhaus, one of the most prominent groups tracking spammers on the Internet, uses volunteers to identify spammers and has been described as an online vigilante group.

In the past, blacklisted sites have retaliated against Spamhaus with denial-of-service attacks, in which they flood Spamhaus with traffic requests from personal computers until its servers become unreachable. But in recent weeks, the attackers hit back with a far more powerful strike that exploited the Internet’s core infrastructure, called the Domain Name System, or DNS.

That system functions like a telephone switchboard for the Internet. It translates the names of Web sites like Facebook.com or Google.com into a string of numbers that the Internet’s underlying technology can understand. Millions of computer servers around the world perform the actual translation.

In the latest incident, attackers sent messages, masquerading as ones coming from Spamhaus, to those machines, which were then amplified drastically by the servers, causing torrents of data to be aimed back at the Spamhaus computers.

When Spamhaus requested aid from Cloudflare, the attackers began to focus their digital ire on the companies that provide data connections for both Spamhaus and Cloudflare.

Questioned about the attacks, Sven Olaf Kamphuis, an Internet activist who said he was a spokesman for the attackers, said in an online message that, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.” Mr. Kamphuis said Cyberbunker was retaliating against Spamhaus for “abusing their influence.”

“Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” Mr. Kamphuis said. “They worked themselves into that position by pretending to fight spam.”

A typical denial-of-service attack tends to affect only a small number of networks. But in the case of a Domain Name System flood attack, data packets are aimed at the victim from servers all over the world. Such attacks cannot easily be stopped, experts say, because those servers cannot be shut off without halting the Internet.

“The No. 1 rule of the Internet is that it has to work,” said Dan Kaminsky, a security researcher who years ago pointed out the inherent vulnerabilities of the Domain Name System. “You can’t stop a DNS flood by shutting down those servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them.”

The heart of the problem, according to several Internet engineers, is that many large Internet service providers have not set up their networks to make sure that traffic leaving their networks is actually coming from their own users. The potential security flaw has long been known by Internet security specialists, but it has only recently been exploited in a way that threatens the Internet infrastructure.

An engineer at one of the largest Internet communications firms said the attacks in recent days have been as many as five times larger than what was seen recently in attacks against major American banks. He said the attacks were not large enough to saturate the company’s largest routers, but they had overwhelmed important equipment.

Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team.

“Dutch authorities and the police have made several attempts to enter the bunker by force,” the site said. “None of these attempts were successful.”
https://www.nytimes.com/2013/03/27/t...ng-attack.html





Provocateur Comes Into View After Cyberattack
Eric Pfanner and Kevin J. O’Brien

Sven Olaf Kamphuis calls himself the “minister of telecommunications and foreign affairs for the Republic of CyberBunker.” Others see him as the Prince of Spam.

Mr. Kamphuis, who is actually Dutch, is at the heart of an international investigation into one of the biggest cyberattacks identified by authorities. He has not been charged with any crime and he denies direct involvement. But because of his outspoken position in a loose federation of hackers, authorities in the Netherlands and several other countries are examining what role he or the Internet companies he runs played in snarling traffic on the Web this week.

He describes himself in his own Web postings as an Internet freedom fighter, along the lines of Julian Assange of WikiLeaks, with political views that range from eccentric to offensive. His likes: German heavy metal music, “Beavis and Butt-head” and the campaign to legalize medicinal marijuana. His dislikes: Jews, Luddites and authority.

Dutch computer security experts and former associates describe Mr. Kamphuis as a loner with brilliant programming skills. He did not respond to various requests for interviews, but he has communicated with the public through his Facebook page, which includes photos of himself, a thin, angular man with close-cropped hair and dark, bushy eyebrows, often wearing a hoodie sweatshirt.

“He’s like a loose cannon,” said Erik Bais, the owner of A2B-Internet, an Internet service provider that used to work with Mr. Kamphuis’s company, but severed ties two years ago. “He has no regard for repercussions or collateral damage.”

Mr. Kamphuis’s current nemesis is Spamhaus, a group based in Geneva that fights Internet spam by publishing blacklists of alleged offenders. Clients of Spamhaus use the information to block annoying e-mails offering discount Viagra or financial windfalls. But Mr. Kamphuis and other critics call Spamhaus a censor that judges what is or isn’t spam. Spamhaus acted, he wrote, “without any court verdict, just by blackmail of suppliers and Jew lies.”

The spat that rocked the Internet escalated in mid-March when Spamhaus blacklisted two companies that Mr. Kamphuis runs, CB3ROB, an Internet service provider, and CyberBunker, a Web hosting service. Spamhaus contended that CyberBunker was a conduit for vast amounts of spam. CyberBunker says it accepts business from any site as long as it does not deal in “child porn nor anything related to terrorism.”

Mr. Kamphuis responded by soliciting support for a hackers’ campaign to snarl Spamhaus’s Internet operations. “Yo anons, we could use a little help in shutting down illegal slander and blackmail censorship project ‘spamhaus.org,’ which thinks it can dictate its views on what should and should not be on the Internet,” he wrote on Facebook on March 23.

Mr. Kamphuis later disavowed any direct role in the so-called distributed denial of service, or DDoS, attack, which spilled over from Spamhaus to affect other sites. He took to Facebook to inform the world that the flood of Internet traffic that threatened to cripple parts of the Web emanated from Stophaus, an ad-hoc, amorphous group set up in January with the aim to thwart Spamhaus, a company it claims uses its “tiny business to attempt to control the Internet through underhanded extortion tactics.” Stophaus, which lists no contact or location for the group, claims to have members in the United States, Canada, Russia, Ukraine, China and Western Europe.

Mr. Kamphuis said Stophaus was not a front for him; he is merely acting as a spokesman.

Nonetheless, the authorities are curious. The Dutch national prosecutor’s office said on Thursday that it had opened an investigation. Wim de Bruin, a spokesman for the agency, which is based in Rotterdam, said prosecutors were first trying to determine whether the DDoS attacks had originated in the Netherlands. Authorities in Britain and several other European countries are also looking into the matter.

Mr. Kamphuis, who is believed to be about 35, is singled out because of his vocal role. “For the Dutch Internet community, it’s very clear that he has a big role in this, even if there isn’t 100 percent airtight proof that he is behind it,” said J. P. Velders, a security specialist at the University of Amsterdam. “He could not be not involved. How much is he involved — that is for law enforcement to figure out and to act upon.”

Greenhost, a Dutch Internet hosting service, said in a detailed blog post that it had found the digital fingerprints of CB3ROB when it examined the rogue traffic that had been directed at Spamhaus.

Mr. Kamphuis created CB3ROB in 1996 and helped set up CyberBunker in 1999. From 1999 to 2001, he worked on the help desk at a Dutch Internet service provider, XS4ALL, according to one senior manager at the company who declined to be named, citing company policy. One co-worker said Mr. Kamphuis was constantly being reprimanded for hacking into his employer’s computer system. He was known for eccentric behavior; during a company trip to Berlin, the former co-worker said, Mr. Kamphuis refused to travel with his colleagues and rode alone in a bus.

“Sven absolutely hates authority in any form,” this person said. “He was very smart. Too smart for customers, by the way. Oftentimes they couldn’t understand his technobabble when he tried to help them.”

After leaving XS4ALL, he continued to run his Web hosting business, which was based for a time in a former army bunker in Goes, the Netherlands. Photos on Mr. Kamphuis’s Facebook page show him holding a flag in front of the bunker, like a freedom fighter defending his redoubt.

CyberBunker still lists its address as the bunker. But Joost Verboom, a Dutch businessman, says the address is occupied by his own company, BunkerInfra Datacenters, which is building a subterranean Web hosting center at the site. Mr. Verboom said CyberBunker and Mr. Kamphuis left the site a decade ago. It is not clear where the servers of CyberBunker and CB3ROB are now.

Associates say Mr. Kamphuis moved to Berlin in about 2006, and his Facebook page displays photos indicating his interest in the Pirate Party, a small political movement focusing on Internet issues that holds some opposition seats in Berlin’s city-state government assembly, and in the Chaos Computer Club, a group that discusses computer issues.

For a time, CyberBunker’s clients included WikiLeaks and The Pirate Bay, a Web site whose founders were convicted by a Swedish court in 2009 of abetting movie and music piracy. In May 2010, six American entertainment companies obtained a preliminary injunction in a German court ordering CB3ROB and CyberBunker to stop providing bandwidth to The Pirate Bay.

Since the attacks, Mr. Kamphuis has given television interviews from what appeared to be an empty Internet cafe or office. In a Russian television interview, he suggested that the people responsible for the attacks were in countries where there were no laws against cyberattacks or no serious enforcement.

Mr. Kamphuis also continued to provoke people in Facebook postings. “The Internet is puking out a cancer, please stand by while it is being removed,” he wrote.
https://www.nytimes.com/2013/03/30/b...stigation.html





Cyberattacks Seem Meant to Destroy, Not Just Disrupt
Nicole Perlroth and David E. Sanger

The assault, which took American Express offline for two hours, was the latest in an intensifying campaign of unusually powerful attacks on American financial institutions that began last September and have taken dozens of them offline intermittently, costing millions of dollars.

JPMorgan Chase was taken offline by a similar attack this month. And last week, a separate, aggressive attack incapacitated 32,000 computers at South Korea’s banks and television networks.

The culprits of these attacks, officials and experts say, appear intent on disabling financial transactions and operations.

Corporate leaders have long feared online attacks aimed at financial fraud or economic espionage, but now a new threat has taken hold: attackers, possibly with state backing, who seem bent on destruction.

“The attacks have changed from espionage to destruction,” said Alan Paller, director of research at the SANS Institute, a cybersecurity training organization. “Nations are actively testing how far they can go before we will respond.”

Security experts who studied the attacks said that it was part of the same campaign that took down the Web sites of JPMorgan Chase, Wells Fargo, Bank of America and others over the last six months. A group that calls itself the Izz ad-Din al-Qassam Cyber Fighters has claimed responsibility for those attacks.

The group says it is retaliating for an anti-Islamic video posted on YouTube last fall. But American intelligence officials and industry investigators say they believe the group is a convenient cover for Iran. Just how tight the connection is — or whether the group is acting on direct orders from the Iranian government — is unclear. Government officials and bank executives have failed to produce a smoking gun.

North Korea is considered the most likely source of the attacks on South Korea, though investigators are struggling to follow the digital trail, a process that could take months. The North Korean government of Kim Jong-un has openly declared that it is seeking online targets in its neighbor to the south to exact economic damage.

Representatives of American Express confirmed that the company was under attack Thursday, but said that there was no evidence that customer data had been compromised. A representative of the Federal Bureau of Investigation did not respond to a request for comment on the American Express attack.

Spokesmen for JPMorgan Chase said they would not talk about the recent attack there, its origins or its consequences. JPMorgan has openly acknowledged previous denial of service attacks. But the size and severity of the most recent one apparently led it to reconsider.

The Obama administration has publicly urged companies to be more transparent about attacks, but often security experts and lawyers give the opposite advice.

The largest contingent of instigators of attacks in the private sector, government officials and researchers say, remains Chinese hackers intent on stealing corporate secrets.

The American and South Korean attacks underscore a growing fear that the two countries most worrisome to banks, oil producers and governments may be Iran and North Korea, not because of their skill but because of their brazenness. Neither country is considered a superstar in this area. The appeal of digital weapons is similar to that of nuclear capability: it is a way for an outgunned, outfinanced nation to even the playing field. “These countries are pursuing cyberweapons the same way they are pursuing nuclear weapons,” said James A. Lewis, a computer security expert at the Center for Strategic and International Studies in Washington. “It’s primitive; it’s not top of the line, but it’s good enough and they are committed to getting it.”

American officials are currently weighing their response options, but the issues involved are complex. At a meeting of banking executives, regulators and representatives from the departments of Homeland Security and Treasury last December, some pressed the United States to hit back at the hackers, while others argued that doing so would only lead to more aggressive attacks, according to two people who attended the meeting.

The difficulty of deterring such attacks was also the focus of a White House meeting this month with Mr. Obama and business leaders, including the chief executives Jamie Dimon of JPMorgan Chase; Brian T. Moynihan of Bank of America; Rex W. Tillerson of Exxon Mobil; Randall L. Stephenson of AT&T and others.

Mr. Obama’s goal was to erode the business community’s intense opposition to federal legislation that would give the government oversight of how companies protect “critical infrastructure,” like banking systems and energy and cellphone networks. That opposition killed a bill last year, prompting Mr. Obama to sign an executive order promoting increased information-sharing with businesses.

“But I think we heard a new tone at this latest meeting,” an Obama aide said later. “Six months of unrelenting attacks have changed some views.”

Mr. Lewis, the computer security expert, agreed. “The Iranian attacks have tilted private sector opinion,” he said. “Hence the muted reaction to the executive order versus squeals of outrage. Companies are much more concerned about this and much more willing to see a government role.”

Neither Iran nor North Korea has shown anywhere near the subtlety and technique in online offensive skills that the United States and Israel demonstrated with Olympic Games, the ostensible effort to disable Iran’s nuclear enrichment plants with an online weapon that destabilized hundreds of centrifuges, destroying many of them. But after descriptions of that operation became public in the summer of 2010, Iran announced the creation of its own Cyber Corps.

North Korea has had hackers for years, some of whom are believed to be operating from, or through, China. Neither North Korea nor Iran is as focused on stealing data as they are determined to destroy it, experts contend.

When hackers believed by American intelligence officials to be Iranians hit the world’s largest oil producer, Saudi Aramco, last year, they did not just erase data on 30,000 Aramco computers; they replaced the data with an image of a burning American flag. In the assault on South Korea last week, some affected computers displayed an ominous image of skulls.

“This attack is as much a cyber-rampage as it is a cyberattack,” Rob Rachwald, a research director at FireEye, a computer security firm, said of the South Korea attacks.

In the past, such assaults typically occurred through a denial-of-service attack, in which hackers flood their target with Web traffic from networks of infected computers until it is overwhelmed and shuts down. One such case was a 2007 Russian attack on Estonia that affected its banks, the Parliament, ministries, newspapers and broadcasters.

With their campaign against American financial institutions, the hackers suspected of being Iranian have taken that kind of attack to the next level. Instead of using individual personal computers to fire Web traffic at each bank, they infected powerful, commercial data centers with sophisticated malware and directed them to simultaneously fire at each bank, giving them the horsepower to inflict a huge attack.

As a result, the hackers were able to take down the consumer banking sites of American Express, JPMorgan Chase, Bank of America, Wells Fargo and other banks with exponentially more traffic than hit Estonia in 2007.

In the attack on Saudi Aramco last year, the culprits did not mount that type of assault. Instead, they created malware designed for the greatest impact, coded to spread to as many computers as possible.

Likewise, the attacks last week on South Korean banks and broadcasters were far more sophisticated than coordinated denial-of-service attacks in 2009 that briefly took down the Web sites of South Korea’s president and its Defense Ministry. Such attacks were annoyances; they largely did not affect operations.

This time around in South Korea, however, the attackers engineered malware that could evade popular South Korean antivirus products, spread it to as many computer systems as possible, and inserted a “time bomb” to take out all the systems at once for greatest impact.

The biggest concern, Mr. Lewis said: “We don’t know how they make decisions. When you add erratic decision making, then you really have something to worry about.”
https://www.nytimes.com/2013/03/29/t...troy-data.html





Draft House Judiciary Cybersecurity Bill Would Stiffen Anti-Hacking Law
Jennifer Martinez

A draft cybersecurity bill circulating among House Judiciary Committee members would stiffen a computer hacking law used to bring charges against Internet activist Aaron Swartz.

The bill draft would tighten penalties for cyber crimes and establish a standard for when companies would have to notify consumers that their personal data has been hacked, according to a copy obtained by The Hill.

It would also change existing law so that an attempt at a cyber crime can be punished as harshly as an actual offense.

Such measures could spark concern among advocates outraged over the death of Swartz, the 26-year-old Internet activist and computer programmer who killed himself earlier this year while facing a possible 35-year prison term for hacking. Advocates have called on Congress to make changes to what they say is a draconian law that led to too harsh a prosecution of Swartz.

Swartz faced a fine of up to $1 million and up to 35 years in prison for charges that he broke into a university computer network and stole more than four million academic articles from a subscription service. His family believes the charges contributed to Swartz’s death.

It’s unclear which Judiciary members are sponsoring the draft bill, which is unnamed. A House Judiciary Committee aide said the bill is still in the early drafting stage and is being circulated to stakeholders for their feedback on possible changes.

While the draft proposal increases the maximum sentence a judge can impose for computer crimes, the aide noted that it's still up to a judge to determine the length of a sentence. The aide said the proposed changes in the bill would likely not have changed how a federal judge calculated Swartz's sentence under the federal sentencing guidelines.

Orin Kerr, a law professor at George Washington University, wrote in a blog post that the draft bill is similar to another measure Senate Judiciary Chairman Patrick Leahy (D-Vt.) introduced in Nov. 2011. Kerr was critical of Leahy's bill, arguing that it was written too broadly.

"In short, this is a step backward, not a step forward," Kerr writes about the new bill draft. "This is a proposal to give [Justice Department] what it wants, not to amend the CFAA in a way that would narrow it."

Momentum for cybersecurity legislation has increased in recent weeks amid alarms from top administration officials about hacker attacks on American companies and key infrastructure. Lawmakers and government officials have raised concern about reports of Chinese hackers siphoning valuable intellectual property and trade secrets from American companies.

Several House committees are teeing up bills that could come to the House floor as early as next month.

Key language in the draft bill would modify the Computer Fraud and Abuse Act to state that an attempt or conspiracy to conduct computer fraud or a related crime “is punishable to the same extent as a completed offense.”

It also proposes to amend the law so it would crack down on people who gain unauthorized access to a computer and obtain “sensitive or non-public information of an entity or another individual,” including “medical records, wills, diaries, private correspondence ... photographs of a sensitive and private nature, trade secrets, or sensitive or non-public commercial business information.”

People would also run afoul of the law if they gain unauthorized access to a computer and the offense involve information that “exceeds $5,000 in value.” Some concerns have been raised about how that threshold has been set and who determines the value of the accessed information.

Additionally, the draft bill would allow authorities to seize “real property used or intended to be used” to commit or facilitate a cyber crime.

The first section of the bill targets foreign economic espionage. It proposes to stiffen the penalties for hackers that steal intellectual property from U.S. companies by raising the statutory maximum punishment for economic espionage offenses to 20 years from 15 years.

The draft bill would also create a new section in the anti-hacking law that is focused on punishing those who attempt to cause damage or inflict damage on a computer that powers critical infrastructure, such as water supply systems or telecommunications networks. It would impose a maximum 30-year sentence; a person convicted of violating that section would be ineligible for probation.

The final section of the draft bill establishes a data breach notification standard, which tells companies when they need to notify consumers about data breaches on their computer systems. The White House has called for a federal data breach notification standard to replace the patchwork of laws used by various states.

The draft bill would require companies that acquire, store or use personal information to report a security breach to its customers within 14 days. That number is bracketed in the bill draft and is therefore subject to change.

If a company suffers a massive data breach, the draft bill would require them to notify the FBI or Secret Service within 72 hours. That number is also bracketed in the draft bill.

Additionally, third parties and service providers would be also required to notify a company about a breach.
http://thehill.com/blogs/hillicon-va...er-hacking-law





F.C.C. Shift May Thwart a Murdoch Media Deal
Amy Chozick

In weighing a bid for The Los Angeles Times, Rupert Murdoch finds himself in a familiar role: waiting for rule changes from the government. With the resignation last week of Julius Genachowski, the chairman of the Federal Communications Commission, he may have to wait a little longer.

Mr. Murdoch, who has never shied away from a regulatory battle, has been beefing up News Corporation’s lobbying efforts in Washington in the last few months to urge regulators to revise a media ownership rule that would prevent the company from acquiring The Los Angeles Times and other newspapers in markets in which it already owns television stations.

“He wants it,” one person close to Mr. Murdoch said of The Los Angeles Times.

“They’re working on getting a waiver now,” added this person, who spoke on the condition of anonymity to discuss internal talks. But another person close to Mr. Murdoch said he currently considered a potential deal more trouble than it is worth given the regulatory hurdles in Washington.

The resignation of Mr. Genachowski, a Democrat, could further stall a plan favored by the departing chairman that would relax a longtime ban on consolidation between television stations and newspapers in local markets. The F.C.C. signaled on Friday that a vote on easing media ownership rules would move forward despite Mr. Genachowski’s departure.

Initially expected to be presented for a vote early this year, the measure has already faced several setbacks. Last month, Mr. Genachowski said there would be no vote until the Minority Media and Telecommunications Council, a Washington-based nonprofit, completed a study of the impact of cross-ownership on news gathering. That process could take several weeks, potentially pushing a vote to the summer.

In a series of letters sent to the F.C.C. late last year, Maureen A. O’Connell, News Corporation’s senior vice president for regulatory and government affairs, and Jared S. Sher, a vice president and associate general counsel at the company, argued that regulators should dissolve the cross-ownership rule. “There can be little debate today that the newspaper industry faces existential threats,” Ms. O’Connell wrote in a Dec. 7 letter documenting a meeting with agency officials. “We urged the F.C.C. to eliminate the cross-ownership rule as a relic from a bygone era.”

Any easing of the media ownership rule would face fierce opposition from groups that say too much consolidation threatens a free press. If Mr. Murdoch owned a major Hollywood studio and a newspaper known as the paper of record for the entertainment industry, it could spark additional skepticism.

Mr. Murdoch has given mixed signals about his interest in The Los Angeles Times, which is being put on the market by the Tribune Company, along with its other seven newspapers. A longtime reader of the paper, Mr. Murdoch is weighing whether a bid would be worth the headache and regulatory battles, said several people close to him who spoke on the condition of anonymity to discuss private conversations. (The Tribune Company has indicated that it may prefer to sell its newspapers as a bundle.)

Under the Obama administration, Mr. Murdoch has lost some of his muscle in Washington. Even Representative Eric Cantor, Republican of Virginia, considered a Murdoch ally, recently supported shelving the Stop Online Piracy Act, which News Corporation and other media companies had lobbied to pass.

“It won’t get through with the Democratic administration in place,” Mr. Murdoch told a Los Angeles Times reporter when asked at the Golden Globes in January whether he wanted to buy the paper.

This summer, News Corporation will separate its newspapers into a smaller, mostly publishing-based company. Even if regulators were to grant a waiver of the cross-ownership rule, The Los Angeles Times would need significant investment that could strain the new company, said one of the people close to Mr. Murdoch.

News Corporation spent $6.3 million on lobbying last year, working mostly with the Washington firms Fritts Group, Glover Park Group, Cormac Group and Quinn Gillespie & Associates, according to the Center for Responsive Politics.

A spokeswoman for News Corporation declined to comment.

Under Mr. Genachowski’s proposal to modify media ownership rules, a company or an individual could own both a television station and a newspaper in the same top-20 market as long as the station was not in the top four in audience size based on Nielsen ratings. News Corporation owns the Los Angeles stations KTTV and KCOP, and KCOP rates between fourth and fifth among local stations.

A spokesman for the F.C.C. has said the proposed rules would make it more difficult to acquire a waiver. “The assertion that the F.C.C.’s order would make it easier for a top-four TV station — or for a TV station that moves between fourth and fifth in the rankings — to acquire a newspaper is simply false,” the spokesman, Justin Cole, said in a statement last month.

Craig Aaron, president and chief executive of Free Press, an advocacy group that supports diverse media ownership, agreed that there was “very little wiggle room” in the current rules. But if the rules change, he said, “the opportunity to obtain a waiver becomes much closer to reality.”

Cross-ownership rules were first put in place in 1975, when the media landscape was drastically different. From Nov. 26 to Dec. 5 last year, officials from News Corporation’s government affairs office met with all five F.C.C. commissioners to discuss cross-ownership and other issues affecting the media industry, according to documents filed with the commission.

The company and many of its competitors have long argued that local television stations and newspapers should be able to share resources. In 1993, after threatening to shut The New York Post, Mr. Murdoch received a permanent waiver from the F.C.C. to own the tabloid and the local television station WNYW.

Ms. O’Connell, a company lobbyist who specializes in the cross-ownership issue, pointed out in News Corporation’s letters to the F.C.C. that The New York Post’s daily circulation declined 42 percent from 2002 to 2011, to less than 345,000.

“In an era of profound distress for the newspaper industry, the commission should embrace the ways in which television stations and newspapers can share resources and realize economic efficiencies,” she wrote.

Analysts said the coming split could help News Corporation’s chances of receiving an F.C.C. waiver, because the Los Angeles stations will be part of the Fox Group, along with the company’s cable assets and Hollywood studio. Mr. Murdoch will be chairman of both companies. In 2014, the Fox Group is expected to have to renew the stations’ licenses with the F.C.C.

“If their TV stations are going to be spun off from the larger conglomerate, then they might be given a waiver on the instance that they won’t directly own newspapers and stations in those particular markets anymore,” said Justin Nielson, an analyst at SNL Kagan.

News Corporation’s publishing company will receive a $2.6 billion infusion of cash and have no debt when it separates from the cable channels, according to documents filed with the Securities and Exchange Commission. (In 2007, News Corporation paid $5.6 billion for Dow Jones & Company, publisher of The Wall Street Journal. That deal was not subject to F.C.C. cross-ownership rules because The Journal is considered a national newspaper.)

The F.C.C. cannot rule specifically against Mr. Murdoch or News Corporation; it must instead create broad regulations that apply to all media companies. But Mr. Aaron of Free Press said the continuing investigation into phone hacking at the company’s British tabloids would complicate a deal.

“We’re talking about Murdoch owning more newspapers in a year when people are still being arrested at the News of the World,” he said.
https://www.nytimes.com/2013/03/25/b...c-changes.html





Announcing a New TV White Spaces Trial in South Africa

White spaces are unused channels in the broadcast TV spectrum. They offer the potential to improve Internet connectivity where they are most needed - in the developing world. Today we’re announcing the launch of a trial with ten schools in the Cape Town area, which will receive wireless broadband over a white space network.

White space has the advantage that low frequency signals can travel longer distances. The technology is well suited to provide low cost connectivity to rural communities with poor telecommunications infrastructure, and for expanding coverage of wireless broadband in densely populated urban areas.

Google supported its first white space trial in the US in 2010, and Google.org recently launched its spectrum database for 45 day public comment period with the FCC. In October 2011, we hosted a workshop in Johannesburg, along with partners, at which the Independent Communications Authority of South Africa (ICASA) lent support for an industry-led white spaces trial in South Africa. We then worked together with the CSIR Meraka Institute, Tertiary Education and Research Network of South Africa, e-Schools Network, the Wireless Access Providers’ Association, Comsol Wireless Solutions, Carlson Wireless, and Neul to take up the challenge.

The service will be broadcast from three base stations located at Stellenbosch University’s Faculty of Medicine and Health Sciences in Tygerberg, Cape Town. Ten schools in the Cape Town area will receive wireless broadband to test the technology. During the trial, we will attempt to show that broadband can be offered over white spaces without interfering with licensed spectrum holders. To prevent interference with other channels, the network uses Google’s spectrum database to determine white space availability. To confirm results, the CSIR Meraka Institute will take spectrum measurements and frequently report back to ICASA and the local broadcasters.

White Space technology is gaining momentum around the world. In the US, it is already available for licensed exempt uses. In the UK, regulator Ofcom is working on a model regulatory framework based on a licence-exempt or ‘managed access’ use of television white spaces spectrum. We hope the results of the trial will drive similar regulatory developments in South Africa and other African countries.
http://google-africa.blogspot.com/20...-trial-in.html





Moviegoers Welcoming Animation And Thriller
Brooks Barnes

Hollywood finally lured moviegoers out of their caves.

For the first time this year two movies arrived to $30 million or more in ticket sales in North America, giving studios hope that a dismal box-office stretch was behind them. “The Croods,” about a prehistoric family’s road trip, took in an estimated $44.7 million over the weekend, easily enough for No. 1, while “Olympus Has Fallen” took in a stronger-than-expected $30.5 million, for second place.

Even “Spring Breakers,” Harmony Korine’s lurid art-house tale of bikini-clad killers, lived up to its hype, taking in about $5 million in relatively limited national release.

Still, moviegoing in the United States and Canada remains deeply troubled. Ticket sales for the year to date total $2.06 billion, a 13 percent decline from the same period a year ago, according to Paul Dergarabedian, a box-office analyst for Hollywood.com. Attendance has fallen 14 percent.

Star-packed movies like “Gangster Squad” and “The Incredible Burt Wonderstone” have arrived to virtual shrugs. An expensive fantasy, “Jack the Giant Slayer,” flopped outright. Movies aimed at men (“The Last Stand,” “Broken City” and “21 & Over”) have disappointed in assembly-line fashion.

One of the few exceptions, “Oz the Great and Powerful” from Walt Disney Studios, sold an additional $22 million in tickets over the weekend, placing third. “Oz” has now taken in $177.6 million in North America over three weeks. (Crucial overseas sales, however, have been soft.)

“The Call” (Sony) was fourth, selling about $8.7 million in tickets, for a two-week total of $30.9 million. “Admission,” a new comedy starring Tina Fey and Paul Rudd, was an underwhelming fifth, taking in about $6.4 million. But it cost Focus Features only an estimated $13 million to make.

DreamWorks Animation urgently needed the cave people of “The Croods” to succeed. The studio’s last release, “Rise of the Guardians,” was a box-office failure, prompting an $87 million write-down. “The Croods” also represents the beginning of a new distribution partnership for DreamWorks Animation, which parted ways with Paramount Pictures late last year in favor of 20th Century Fox.

Opening-weekend results for “The Croods,” which cost at least $135 million to make, are on par with “How to Train Your Dragon,” also from DreamWorks with a March release date, which took in $46.5 million over its first three days in 2010 (after adjusting for inflation) and went on to gross about $500 million worldwide and spawn two sequels, a TV series and a live arena show. But “How to Train Your Dragon” also received much stronger reviews than “The Croods.”

“Olympus Has Fallen,” an R-rated White House action thriller starring Gerard Butler, cost Millennium Films about $70 million to make and was distributed by FilmDistrict. Aside from giving Mr. Butler’s career a much-needed lift, the strong turnout puts pressure on Sony’s similar “White House Down,” planned for June release.

The inexpensive “Spring Breakers,” distributed by A24, played in 1,104 theaters — a huge release by independent film standards but a modest one compared with mainstream Hollywood. (“The Croods,” for example, was booked into 4,046 theaters.) Mr. Korine, still best known for writing “Kids” (1995), has never had this kind of success as a director; his previous four films took in less than $500,000 combined.

Starring Selena Gomez, Vanessa Hudgens and James Franco and fueled by drugs, sex and violence, “Spring Breakers” was backed by an aggressive social media marketing campaign orchestrated by A24, an upstart distributor, and theAudience, a company partly owned by the William Morris Endeavor talent agency that seeks to build (and exploit) networks of fans across Facebook, Twitter and YouTube.
https://www.nytimes.com/2013/03/25/m...ox-office.html





The End Of Basic Cable Without A Box?
Kevin Hunt

Basic-cable television subscriptions might be getting a little less basic in the coming months.

A Federal Communications Commission ruling last October allows cable companies to shut down unencrypted basic channels — the major networks ABC, CBS, FOX, NBC and PBS, and public-access — whenever they want. To cable subscribers, that would mean the end of plugging the cable line directly from the wall to a television while adding, and eventually paying for, another set-top box.

It's already happening around the country. Here, Comcast acknowledges it's in the works. Cox spokeswoman Dana Nolfe says the company has "no current plans" to encrypt local broadcast channels. Charter, which serves towns in the western and northeastern parts of the state, says it will encrypt the local channels when it converts to an all-digital delivery format in the next one to two years.

Most cable subscribers, at least those with high-definition service or extended-cable channel subscriptions, have a least one set-top box in the house. Yet many houses also have secondary televisions, maybe in the kitchen or basement, with a no-box, direct cable feed. The poor, the elderly and those who find fulfillment in a basic-cable package are most likely to pay no monthly set-top box rental fees.

As part of the FCC ruling, cable companies must offer that latter group with no boxes in the house either a set-top box or a CableCard (for those few HDTVs that accept one) free for two years. If you're a Medicaid recipient, you'll get a box, no charge, for five years.

For those with a set-top box for one television and a no-box setup for a second television, cable companies must offer a set-top or CableCard for one set for a year. The offer must be available at least a month before the cable company begins encrypting basic-cable channels and for at least 120 days thereafter.

"We will proactively notify customers once we begin to encrypt limited basic channels in their respective areas," says Comcast spokeswoman Laura Brubaker Crisco.

Subscribers ultimately will pay more for service, the $5 or $6 a month for each television that now needs a box. But let's not pile on the cable companies. The unencrypted channels were easily stolen — wiring multiple televisions from a single cable feed using a splitter. And unlike the cable industry, DirecTV, Dish Network, Verizon's Fios TV and other satellite/telecom services were not required to carry unencrypted channels.

"An all-digital format," says Charter spokewswoman Heidi Vandenbrouck, "provides a high-quality picture and sound that customers value and frees up space for even faster Internet speeds and additional services going forward."

Two things to know:

>> Until the cable companies switch to a fully unencrypted service, some subscribers who don't use a set-top box but have an HDTV with a built-in QAM tuner (most do) can receive several high-definition channels free. In the TV menu, look for the channel-scan function and search for digital channels. The numbering might look unusual, but TBL still found all the local channels and others, including TNT, on a small HDTV connected directly to the incoming cable line.

>> A second HDTV tuner, ATSC, still pulls in free over-the-air digital channels broadcast locally. Just hook up an antenna . Visit http://www.antennaweb.org for information on what channels are available, transmitter locations and what type of antenna you'll need. It's basic cable (almost) without the cable.

New Wi-Fi Hotspots

The super Wi-Fi proposed by the FCC that extends for miles with a signal that penetrates trees and almost anything else in its path makes a dreamy wireless future. Today's expanded-wireless reality is a growing number of Wi-Fi hotspots erected by local cable companies.

Several cable providers, including Comcast and Cox Communications, have collaborated on a nationwide hotspot network to counter moves by cell-service providers like Verizon and AT&T into TV access and in-home broadband.

Cox's hotspots arrived first in Connecticut: In late January, it launched a 750-hotspot network available to subscribers to the company's high-speed Internet services. A searchable hotspot map is available at Cox.com/wifi, but results produce only street addresses, not business or building names.

The hotspots are not like those at the neighborhood Starbucks or town libraries. These hotspots are outside.

"Most of our Wi-Fi access locations are along bus routes, parks or walking paths to shopping districts," says Cox spokeswoman Dana Nolfe. "As an example, there are 20 Cox Wi-Fi access locations around Center Springs Park and neighboring shopping [locations] in Manchester."

To access the service, subscribers should select the Cox Wi-Fi service from the list of available networks, then enter the same user ID and password used to access the company's website or mobile apps.

It was more complicated, however, when TBL tested the service recently outside the Riverfront Community Center in Glastonbury. The Cox network showed up, fleetingly, but produced no log-in option. The workaround, from Cox tech support: Entering a random web address, like http://www.google.com, takes the user to a "walled garden" where a log-in prompt for Cox.com appears. Once in, the access location allows automatic access without re-entering log-in information for 30 days.

Cox promises download speeds of up to 15 megabits per second and upload speeds of 4 megabits per second. TBL's tests using the SpeedTest.net app showed much faster speeds, topping out at 24.7 Mbps for downloads and 10.71 Mbps for uploads. You also can check your in-home broadband speeds using a computer by visiting SpeedTest (www.speedtest.net) or BandwidthPlace (www.bandwidthplace.com).
http://www.courant.com/business/cust...,5034723.story





Right to Be Forgotten On the Web Unworkable, Argue Data Watchdogs
Alastair Stevenson

Privacy groups' calls for European citizens to have the right to be forgotten online are unrealistic and could damage the economy, according to representatives from the Information Commissioner's Office (ICO) and European Commission (EC).

ICO deputy commissioner David Smith said that the right to be forgotten was a step too far, during a Westminster debate attended by V3 on Tuesday.

"The right to be forgotten worries us as it makes people expect too much," said Smith.

Instead, Smith said the focus should be on the "right to object" to how personal data is used, as this places the onus on businesses to justify the collection and processing of citizens' data.

"It is a reversal of the burden of proof system used in the existing process. It will strengthen the person's position but it won't stop people processing their data."

EC data protection supervisor Peter Hustinx added the right to be forgotten is currently unworkable as most countries are divided on what qualifies as sensitive personal data.

"I believe the right to be forgotten is an overstatement," said Hustinx.

"There needs to be more transparency. I think all parties need to be aware of their accountability, they need to know their share of the responsibility."

Hustinx said increased transparency will increase users' level of trust, making them more willing to let businesses use their data, thus boosting the digital economy.

"Nobody wants to stifle innovation, no-one wants that. But innovation needs effective data protection laws to increase trust. Investment in innovation and trust go hand in hand," said Hustinx.

Smith added that the lack of consensus within the EC about what data is sensitive proves individual states should be able create their own rules.

"The problem with having exact same rules in every state across EU is the only way you do it is having very specific legislation," said Smith.

"My concerns about my privacy are not the same as those of somebody in Sweden or Italy or the Czech Republic. Too much harmonisation is a problem but we need more consistency."

The deputy commissioner highlighted the recent privacy case against Google as proof of the need for self legislation.

"Look at Google with the payload data they take from Street View. We didn't do a very good job there," said Smith.

"Some of our colleagues have found Street View unacceptable, but we think banning Street View because of privacy invasion would be a step too far and not what our citizens want. Other nation's citizens may feel differently."

Earlier, UK justice minister Lord McNally had attacked the proposed privacy overhaul, warning the costs accrued by businesses would cause untold harm to the region's economy.
http://www.v3.co.uk/v3-uk/news/22575...data-watchdogs





Why Startups Are Beating Carriers (Or The Curious Case Of The Premium SMS Horoscope Service & The Lack Of Customer Consent)
Natasha Lomas

Any startups out there seeking to build a business by setting out to confuse as many users as possible with overly complex pricing structures, while tricking those who can’t afford the full-fat service into signing up for ridiculously over-priced rubbish and then making it really hard for them to opt out? If so you’ll want to look to carriers for inspiration.

Startups aren’t immune to dubious and irresponsible behaviour, of course — appropriating address book data without asking properly first, for instance, or playing fast and loose with TOS and scaring the bejesus out of users – but those that act like douches have to worry that their douchey behviour will cause them to (rightly) lose users. Carriers operate differently: their infrastructure has created captive markets, making it tough for customers to switch to a better alternative. Hence the shoddy behaviour.

But the carrier oligopoly is being challenged by over the top data services. And while the network operators are not about to lose their fiefdoms entirely, they are being pushed onto the back foot. The shift from circuit switched voice-plus-text services to all-IP mobile data has allowed Internet companies to come in and start disrupting their lucrative walled gardens. The traditional carrier revenue streams of voice and SMS are being eroded by more flexible and cheaper VoIP and over-the-top messaging alternatives, whether it’s Skype or Viber or Whatsapp or Line. According to a recent report by Strategy Analytics more than $3 billion in operator messaging revenue will be eradicated between 2012 and 2017 — thanks to the rise of OTT services.

Carriers becoming ‘dumb pipes’ — or to put it slightly less pejoratively, a utility service, a la water, electricity and gas — seems all but inevitable (not that anyone is going to weep on their behalf). But this outcome is not exclusively the result of faster and more innovative startups. To say so is to gloss over how badly carriers have adapted and evolved their business models — preferring, instead, to try to block upstart rivals in order to milk as much as they can from ailing cash cows, rather than accepting that the technology landscape is shifting — and moving on to pastures new.

Having built businesses on restricting and locking in customers — to contracts, to irritating portals, to complex tariff structures, you name it — telcos clearly have trouble thinking outside their locked box approach. And while it’s fair to say that many established companies have trouble rekindling an entrepreneurial spirit — and let’s face it telcos have network infrastructure not software in their DNA — carriers could still have done more to dig themselves out of this innovation hole. Ultimately they still have themselves to blame.

Some carriers are attempting to get in on the over the top services action individually, or by banding together via collective initiatives such as Joyn. But setting aside their conservative, reactionary mindset and suspicion of new ideas — which already puts them at a disadvantage vs startups and app makers — a massive problem they face in a pick ‘n’ mix world of opt in and out data services is a chronic lack of customer trust. Why should anyone opt in to a new service from a company that’s been doing its best to screw its users for years?

Telcos have blotted their own copybook by treating customers like cattle to be penned in and milked dry. Carriers are not service businesses or entertainment businesses, they are tax collectors — putting up as many toll gates and penalty policed speed limits on your use of their roads as they can. Little wonder they are held in near universal contempt by users. And that’s a pretty terrible position to be in when the walls of your citadel are under attack like never before. (Joyn us? No thanks!)

Here’s one example of current carrier car-crash behaviour, involving T-Mobile U.K. — which in my view is symptomatic of carriers’ wider failings, and illustrates how far they have to go to reform their operations if they are ever going to be able to successfully compete in the popularity contest of apps and services.

Before I go any further, it’s worth noting this is not, by any means, an isolated example — see the following forum posts for example (such as the one screengrabbed below) complaining of near identical issues with T-Mobile, dating back years.

1) A 70-year-old member of my family ordered a pay-as-you-go SIM from T-Mobile UK, with £10 preloaded. This tariff means you don’t pay a monthly fee to use the network, you just pay for your actual usage (phone calls, texts and mobile data)

2) The SIM was left in its packet for three days until the smartphone (an iPhone) was given to her. On activating the SIM we noticed unsolicited horoscope text messages from a shortcode ’3030′. None of the messages indicated the texts cost money to receivet-mo horoscope

3) On checking the PAYG balance the morning after putting the SIM in the phone, the £10 was found to have dropped to £8.22 — despite no calls having been made or chargeable texts sent. (Being as it’s an iPhone there is no carrier portal where horoscope ‘services’ could have been signed up for in error either)

4) A T-Mobile customer service representative told us the horoscope service was a premium SMS service (each SMS cost 40p to receive). It said it was operated by a third party company. We were told we had opted in to receive the texts on March 6 — which was two days before the SIM was taken out of its packet and put in the phone. On pointing this out, the rep said T-Mobile would investigate the issue and call back the next morning. He also said he would put a block on third party SMSes

5) T-Mobile did not call back. And another horoscope text arrived. On calling T-Mobile again, a different spokesperson said we should text STOP to the number to stop the texts. This spokesperson claimed the texts were sent by a company called MX Telecom who we would need to contact to secure a refund

To my eye, it was pretty obvious that something dubious was going on — so at the same time as we tried to sort the issue out via T-Mobile’s customers services phone line I contacted the T-Mobile press office to ask how they could explain a customer being signed up to a premium service without their consent or knowledge? Had there been a data breach, or were they in fact opting PAYG customers into paid services without their consent?

After several days investigating the issue, T-Mobile’s press office told me the 3030 service is actually a T-Mobile service, not a third party service at all. (Worth reiterating that T-Mobile’s customer services never gave us this information, despite multiple calls about 3030. We were incorrectly informed it was a third party, multiple times.)

The company then claimed that the reason the PAYG SIM had been automatically signed up to receive SMS horoscopes at 40p a pop was because the associated phone number was an old number and the prior owner of it had signed up to the service. It said the failure to remove the old subscription was down to “human error”.

Here’s the statement the company provided in full:

As part of an Ofcom directive to ensure that the UK doesn’t run out of numbers, PAYG numbers are recycled. In this instance, it appears that the premium text service attached to the number remained when the number was transferred to [the customer]. When PAYG numbers are recycled, they are attached to new SIMs so no personal data is transferred.

We have placed a block on [the customer's] account to stop any further texts and we have credited her account to cover the charges incurred.

This was an isolated human error and no personal data was shared. We apologise for any inconvenience caused.

Now, it is possible this problem was caused by human error. But it’s not an isolated error — judging by others complaining of this same problem with T-Mobile on various forums (and let’s not pretend, T-Mobile is the only offender here — I’ve found similar complaints on forums associated with other UK carriers). The problem has apparently recurred for years, judging by some of these posts.

Moreover, it seems rather — shall we say — suspicious that the horoscope service that was never signed up for by my family member (indeed, could not have been signed up for since the SIM was still in its packet when the service was activated) was for the correct star sign. There are 12 signs of the Zodiac. Eleven of them would have been incorrect. But T-Mobile’s horoscope service delivered premium SMS for the star sign that is associated with my family member’s birth date.

Coincidence? That’s what T-Mobile claimed when I asked about this (and about why we were never told T-Mobile operates the 3030 service):

We apologise for the misinformation you have received.

We have training processes in place for all our customer service staff, to ensure they are aware of all details relating to the products and services we offer. We continually look to review this process to make improvements, as well as address any specific issues as and when informed.

The star sign being the same was a coincidence, and with the forum posts we can’t comment on specifics without investigating each case further. If customers believe they have mistakenly signed up for the service, we’re happy to talk to them on a case-by-case basis.

It is certainly possible that the prior owner of the phone number was also a pisces so it could be a coincidence. But when you consider that part of the ordering process for the SIM involved my family member providing T-Mobile with her birth date it does seem rather less convincingly coincidental. T-Mobile had the data to calculate her star sign, as well as having her phone number and deductible PAYG balance — all the data it needed, in other words, to sign her up to a premium service and deduct money. All it lacked was her consent.

But let’s be charitable and assume it was just coincidence in this case, and human errors in all the various forum complaints (some carrier led, some customer caused), part of the problem why carrier premium SMS services are so apparently sloppy is the lack of regulatory oversight to rein in these “errors”.

In the UK, an organisation called Phonepayplus regulates premium SMS services — but only third party premium SMS services. It referred me to telecoms watchdog Ofcom when I asked if it had received complaints about T-Mobile’s 3030 service. But Ofcom doesn’t regulate this service either — having decided to remove ‘own-portal’ services (which a spokeswoman told me the premium SMSes would fall under) from the scope of its regulation in July 2012. Meaning carrier premium SMS services are currently unregulated (at least in the U.K.).

Among the reasons Ofcom gave for removing own-portal services from its regulatory remit last year (see: pages 21 & 22 here) was:

It is sufficiently clear to the consumer who provides the service and to whom they should complain if there is any problem

– which is spectacularly ironic, given that the T-Mobile premium SMSes contained no information identifying T-Mobile as the sender; contained no information that the SMSes cost money to receive; and T-Mobile’s own customer services staff repeatedly misidentified the sender as a third party, and never as T-Mobile.

T-Mobile did not provide me with information on how many premium SMS services it operates, despite my asking multiple times. However it is possible to dig this information out of its website, by using — ironically — a third party text service checker it hosts on the website (buried under multiple sub-menus). The listing of T-Mobile’s 3030 services ran to three pages — which I have composited into the below graphic.

Perhaps carriers think they can get away with a few “human errors” in the premium SMS department because these services aren’t regulated. Perhaps it’s also symptomatic of the command and control mindset of these oligarchs. What’s certain is that if carriers dedicated a little of the energy they plough into maintaining these anachronistic, valueless (to their customers, that is) premium SMS ‘services’ into creating genuinely useful services that customers want to use then they would have a better shot at competing with the startups leapfrogging their gates.

Or they would, if they hadn’t spent years destroying the trust of their users by treating them like numbers on a spreadsheet. There’s a lesson here, for any business — large or small.
http://techcrunch.com/2013/03/25/sta...ting-carriers/





Debate Over Music Piracy Writ Large, on Billboard
Ben Sisario

For the last week a mysterious ad has flashed on the LED billboard above the American Eagle Outfitters store at Broadway and 46th Street, just over the bronze shoulder of George M. Cohan. Variably positing piracy as “criminal,” “progress” and “the future,” it asks the observer to “pick a side” on Twitter, as #artistsforpiracy or #artistsagainstpiracy.

The display runs for just 30 seconds, four times an hour, alternating with images of tourists and scantily clad models. But the discussion it has stirred shows that unauthorized file sharing still touches a nerve in the music industry. The campaign asks artists to make what can be a torturous choice: Is it better to charge for music and probably limit your audience, or embrace all the ways music can spread online, without permission or remuneration?

The party behind the billboard and its related Web site, ArtistsVsArtists.com, is Ghost Beach, a two-man Brooklyn band whose profile is low even by indie Brooklyn standards: about 8,800 Facebook likes and zero Pitchfork hits. Ghost Beach was approached by American Eagle, which wanted to license the band’s song “Miracle” for an online ad. As it has done with a few other bands the retailer offered a fee as well as access to the billboard.

The ArtistsVsArtists billboard has been booked for two weeks, ending on Sunday. The group’s use of the billboard is worth $50,000, an American Eagle spokeswoman said.

“When we were offered the space on the billboard, we were perplexed about what to do with it,” said Josh Ocean, 27, the band’s lead singer. “Since we started we’ve given away all our music for free, so just telling people to purchase our music somewhere didn’t seem natural for us. So we said, ‘What if we take advantage of this and open up a discussion about the new music industry?’ ”

The band’s manager, Will Suter, has a background in advertising, and approached some agencies. “I said, ‘Our budget is zero, but we have this wonderful canvas,’ ” he recalled.

TBWA\Chiat\Day New York, one of the world’s leading advertising agencies, took the account as a pro bono project and devised a stark, text-heavy design in black, red and white.

So far the #artistsforpiracy hashtag has been used far more than #artistsagainstpiracy: 2,802 versus 93 on Tuesday afternoon. But comments by artists (and others) show it is not so easy for them simply to pick a team. One blog writer, identified as a guitar student in Milwaukee, struggled with the idea and concluded, “So, if anyone wants to support me as a musician, come to my shows, listen to what I have to say, or let me crash on your couch.”

The effect of piracy continues to be intensely debated in the entertainment industry. Many studies have shown that it negatively affects sales, but they have not been unanimous. Last week a European Commission report found that piracy did not hurt digital sales, but music industry groups immediately blasted it as flawed.

The ArtistsVsArtists site offers another choice, ostensibly about piracy: pay $5 to download a Ghost Beach EP from iTunes, or get it free from the band.

David Lowery of the bands Camper Van Beethoven and Cracker, who has been an outspoken advocate for artists’ rights in the digital age, said the site misrepresented piracy. (He was quick to add, though, that he could not blame a struggling band for some clever self-promotion.)

“This conflates piracy and giving music away for free,” Mr. Lowery said. “Piracy is eliminating your rights as artists, whereas if you are for copyright, you have the choice to sell your work or give it away.”

Some music industry bloggers were alarmed at the involvement of TBWA\Chiat\Day, which is part of the TBWA Worldwide division of the Omnicom Group. The agency’s other clients include the Grammy Awards, and the recording industry’s official stance on piracy has always been strongly negative. A Grammy spokeswoman had no comment on Tuesday.

Ghost Beach’s own position is absent from the campaign. In an interview Mr. Ocean and his band mate, Eric Mendelsohn, 26, said they opposed piracy. But they also expressed a pragmatic view of piracy that is widely shared by musicians of their generation: If you can’t fight it, at least try to use it.

“We are against piracy in the sense that we are for new technologies and using the Internet in a way that wins over it by us giving away our music directly to fans,” Mr. Ocean said. “That way we know where the music is going and can establish that connection directly with fans.”

“We never want to promote blatantly going out and stealing music,” he added. “What we do want to do is offer choices that we think are right.”
https://www.nytimes.com/2013/03/27/a...billboard.html





Sticky Fingers Make the Show
Melena Ryzik

THE art heist began, as art heists should, with a planning session in a nearby bar. Though he had already committed more than 60 such thefts, the perpetrator, Adam Parker Smith, a 34-year-old Brooklyn artist, was nervous. “Everyone whose work I like and who I respect, I’ve been lying to and stealing from,” he said, sipping a beer.

Nonetheless he proceeded to the Bushwick studio of an artist he knew, Aaron Williams. It was a scheduled but informal visit, with subterfuge its agenda: Mr. Parker Smith intended to swipe Mr. Williams’s work for his own artistic ends.

Well practiced, he strategically left his leather satchel, holding various-size folders he could stash things in, by the studio door, along with the beer he had brought to relax his mark. Two minutes in, he offered Mr. Williams one, popping the top with his belt buckle. As Mr. Williams showed off his canvases, the two delved into the problems of contemporary artists. “How do you deal with people asking about your relationship to pop iconography?” Mr. Parker Smith asked, studying a large poster of James Dean overlaid with purple stripes.

Soon Mr. Williams was chattily uncovering smaller mock-ups — perfectly sized for filching. Mr. Parker Smith shuffled through, making piles, three-card-Monte-style, the better to distract from whatever went missing. Several beers later Mr. Williams excused himself to go to the bathroom, and Mr. Parker Smith simply slipped an original artwork into his bag.

“I hope he didn’t need that,” Mr. Parker Smith said later, safely in a getaway car with his accomplice for the night, a reporter.

Mr. Williams’s piece, a landscape collage, appears in “Thanks,” a show opening under Mr. Parker Smith’s name Friday at the Lu Magnus gallery on the Lower East Side. The exhibition is made up entirely of works Mr. Parker Smith meticulously stole from 77 artists: paintings, sculptures, sketchbooks, video, architectural objects, artmaking devices and more. Equal parts group show and conceptual installation, prank and boundary-pusher, it raises messy art world questions about aesthetic ownership and influence, the division between curator and artist, and the value of nontraditional and repurposed work. And it reveals something about how artists generate ideas.

For Mr. Parker Smith, who trained as a painter and sculptor and holds an M.F.A. from Temple University, friends and colleagues — the gamut of the New York art scene — are essential to his conceptual pieces. “The project has this gimmick, that I’m stealing from everybody, but it’s really about community,” he said. “Appropriation and theft are part of that.” Scoff if you like. “I feel like so many of my ideas start out as jokes,” he said, “for better or worse.”

Lauren Scott Miller, a founder and director of Lu Magnus, was one of the handful of people apprised of Mr. Parker Smith’s artistic thievery in the five months it took. She said she “agreed immediately” to host the show after he described it. As gallerists “one of our missions is to bring the creative community together,” she said, “and we’re very interested in process — in terms of this show, each artist’s individual practice and how they influence each other.” She thought of Mr. Parker Smith as both curator and conceptual artist: “He’s very thoughtful about each acquisition.”

The artists were notified of the thefts several weeks ago in an e-mail. “Your work is being held in a secure and climate controlled environment,” Mr. Parker Smith wrote. (It was stored in his apartment in Williamsburg, Brooklyn, to which he’d added extra renter’s insurance.) “I chose to acquire your work in this unconventional manner to bring attention to the community that we all work within and the diverse methodology in which we share, appropriate and occasionally steal ideas and materials. I value your practice and work and think of you as an important member of my creative world.” He followed up with a phone call, expressing contrition.

That helped, Mr. Williams said. He hadn’t noticed that his piece, “Two Mountains III,” was missing. “I felt, like, slightly stupid,” he said. “It was a convincing crime.” But he was more tickled than hurt. Likewise Alfred Steiner, an artist and lawyer who specializes in intellectual property, whose glass and silver “Ring Pop” is one of the most expensive pieces in the show. “Any difficulty I had that he had breached a trust was overwhelmed by the humor I found in the overall project,” he said, adding that he considered it merely borrowing. All 77 artists gave permission to have their work displayed.

In 90 studio visits Mr. Parker Smith did not always leave with purloined treasure, but he was caught just once, he said, by an artist’s 5-year-old daughter, who ratted him out to daddy. That artist’s work is not in the show. A collector who is a lawyer also offered legal counsel, advising him not to amass more than $80,000 worth of pilfered stuff. But his kleptomania was boundless. From Naama Tsabar, whose studio space he rents, he took a piece akin to a Molotov cocktail, but made with an open liquor bottle — a hard thing to sneak out with. From his art dealer in San Francisco he nabbed a stash of pricey marijuana, going through a reality-show’s worth of high jinks to avoid physically transporting it across the country. And from his pregnant girlfriend, Carolyn Salas, a sculptor who teaches moldmaking at Yale, he stole something entirely personal and unexpected: her mouth guard.

“This is a mold of the inside of her body,” he said, delighted. Ms. Salas: “Really, you picked that, of all things? Couldn’t you have taken something better? I think it’s pretty disgusting.” She knew about the project from the start, and it made her uneasy. “Mostly I was worried that people would hate him,” she said, “and, in turn, not like me.” (They live together so she knew she was an easy target, but she really thought the mouth guard was lost.)

“Thanks” follows a period in which Mr. Parker Smith was audacious in collecting ideas. He visited psychics, asking them what he would make next, but found them insufficiently creative minded. “They all wanted to tell me about my cholesterol,” he said. About a year ago he simply bought an idea, paying the artist Brent Birnbaum $200 for the suggestion to make a pair of Kanye West’s slitted sunglasses out of Venetian blinds. (They’ve been on view at the Ever Gold Gallery in San Francisco, priced around $10,000.) He also let other contacts know he was in the market for inspiration. “This one guy wrote me,” he recalled, “and said, ‘Buying ideas is for suckers, why not just steal them like everybody else?’ ”

So even the idea for “Thanks” is appropriated, in its fashion. “I give him credit for coming up with new ways of working,” said Mr. Birnbaum, a close friend who doesn’t mind their dynamic. “He’s always short of ideas, and I always have too many.”

A $100 limited-edition “Gagosian” baseball hat Mr. Birnbaum made was lifted for the show. Many artists decided to consign their work for “Thanks”; should it sell, Mr. Parker Smith will get a cut, but out of the gallery’s fee, not the artist’s. (At $36, the mouth guard is the cheapest item; the gallery owner called it her favorite.)

For Mr. Parker Smith the project has been surprisingly discomfiting, and rewarding. “Ideas, and our creativity — that’s the most valuable thing I have, as an artist,” he said. “For me to give that up was actually very powerful.” He paused, considering his bravura display of stolen ambition. “What the hell am I going to do next?”
https://www.nytimes.com/2013/03/29/a...s-gallery.html
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

March 16th, March 9th, March 2nd, February 23rd

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 03:26 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)