P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 16-10-13, 08:10 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - October 19th, '13

Since 2002


































"Search warrants we’ve received have resulted in us producing unopened snaps to law enforcement." – Micah Schaffer






































October 19th, 2013




IsoHunt.com Settles With MPAA, Will Shut Down as Part of the Deal
Ravi Mandalia

Motion Pictures Association of America (MPAA) has revealed today that Gary Fung, owner of IsoHunt.com, has agreed to a settlement and as a part of the deal the torrent indexing site will close down.

The judge presiding over the MPAA vs. IsoHunt.com case, Jacqueline Chooljian, cancelled the hearing which was planned after she was informed that both the parties have settled outside court.

“The website isoHunt.com today agreed to halt all operations worldwide in connection with a settlement of the major movie studios’ landmark copyright lawsuit against the site and its operator Gary Fung” reads the press release.

The settlement includes terms under which Fung will be prohibited globally from profiting by infringing content produced or copyrighted by MPAA and its member studios.

MPAA had a major success back in March when the 9th Circuit Court of Appeals ruled against IsoHunt.com and Fung stating that there was “enough unrebutted evidence in the summary judgment record to prove Fung offered his services with the object of promoting their use to infringe copyrighted material.”

Senator Chris Dodd, Chairman and CEO of the Motion Picture Association of America (MPAA) said that the settlement sends across a strong message to all those who encourage, enable and help others “to commit copyright infringement are themselves infringers, and will be held accountable for their illegal actions.”
http://www.techienews.co.uk/972260/i...hut-part-deal/





LSU File Sharing Numbers Decrease

File shares down to 0-2 per month
Renee Barrow

Since last spring, Information Technology Services has seen a significant decrease in illegal file sharing problems.

“There were times when we would see between 30 and 40 per month,” said James Huval, security analyst. “Now we see between zero and two.”

Students may not realize all of the technicalities surrounding illegal file sharing.

Huval said the problem stems from how many Digital Millennium Copyright Act complaints the University receives. This act, passed in 1998, implements a policy defining illegal file sharing as an instance which copyrighted material is shared without permission.

“Even if you own it and share it, that still is not within the legal definition of file sharing,” Huval said.

According to ITS, copyright holders and their representative organizations often monitor devices sharing their material. When these third parties discover users conducting illegal activity over the University’s network, they send the University a DMCA complaint.

“Torrenting is probably the number one source for our complaints,” Huval said.

The University is required to investigate all DMCA complaints. Huval said each investigation calls for the attention of at least three security analysts.

“It tends to cost the university a lot of money,” Huval said.

Huval said downloads will not adversely impact the University network’s bandwidth.

However, if the University were to experience an influx of complaints similar to last spring, more ITS employees would have to devote their energy to working on those, rather than more University relevant developments, said Sheri Thompson, IT Communications and Planning officer.

As far as consequences for students, they will have restricted network access for their devices after their first offense. First-time culprits will also have to complete an illegal file sharing Moodle course and quiz, along with completing a DMCA incident report.

Second-time offenders will face harsher terms. In addition to restricted network access, they may face a $50 fine, note on their academic record, hold placement on their myLSU account and a reference to the Dean of Students Office for violating the Student Code of Conduct.

Huval said the second offense is assessed by the Office of Advocacy and Accountability.

Thompson advised students against illegal file sharing, as there are easier, more legal means to access files online.

“If you want to listen to music, use Spotify,” Thompson said.

Huval said numbers report websites like Spotify have reduced the problem for the music industry, but the movie industry is still trying to catch up.
http://www.lsureveille.com/news/ille...a4bcf6878.html





TorSearch Launches to be the Google of the Hidden Internet
John Koetsier

The newest search engine in the world is hidden in the shadows of the Internet, but it shines a light on those shadows that ordinary search engines like Google, Bing, and DuckDuckGo can’t.

It’s TorSearch, and it’s the new way for the million-plus users of Tor to find anything, privately.

“Tor is an anonymizing network — for any traffic passing over it, you can’t correlate the start and end points, and websites can’t see who you are,” founder Chris MacNaughton told me this morning. “I want to be the Google of Tor.”

Tor is free software and an open network that functions by connecting you to services you want to access via a separate, third-party introduction point and random relay service. Both you and the sites you want to access talk to that relay, not to each other, and therefore things that you access online are private and confidential — not to mention difficult for law enforcement agencies and shadowy three-letter surveillance agencies to monitor.

With such a challenging black-box connection protocol, it’s not shocking that until now, search on Tor has sucked. That’s a problem that MacNaughton figured he could do something about.

“No Tor hidden service will be crawled by Google, but I built TorSearch the same way Google works,” he said. “I’m spidering a hidden wiki, and it links to other hidden services, and they each link out to a few more.”

Essentially, a Google for the darknet.

Currently TorSearch indexes almost 130,000 Tor resources, and traffic, which surged almost from day one, has doubled in the last three weeks as the Tor community has discovered its new search engine. The site is built as a Ruby on Rails web app, with Apache Soir serving as the search engine.

“It caught me off guard, how quickly it grew,” MacNaughton told me.

Some in the Tor community use the service simply for anonymity and avoidance of tracking, to skip all the surveillance we endure every single hour as we visit Facebook, surf Twitter, view a website with ads, and pretty much go anywhere online.

Others, of course, are on the hidden network for different reasons.

Porn is, of course, a major traffic generator, as is some music, movies, and oddly, according to MacNaughton, “a lot of PDFs,” but there’s also a three-million machine botnet that communicates with its zombie machines via Tor. All of which is juicy material for the FBI and others.

“After the NSA news came out recently, there was a very large spike in Tor users who don’t want to be tracked,” MacNaughton says.

Clearly, of course, Tor is a great place for criminal activity, even communication for terrorists. Just as clearly, it’s an attempt by well-meaning people to restore freedom and privacy to their online activities. MacNaughton clearly falls in the latter category.

“If you use Tor, the NSA will look at you harder,” he says. “But it’s harder for them to see what you’re doing.”
http://venturebeat.com/2013/10/10/to...dden-internet/





China's Black Box For Blockbusters Riles Hollywood Studios
Simon Montlake

Hollywood is schooled in the ways of video pirates, from file-sharing sites like the Pirate Bay to street-corner DVD sellers. Rarely, though, do Tinseltown’s targets warmly invite studios to a “Go to Hollywood” seminar on U.S. soil. “Future TV is dedicated to innovatively propelling the growth of the OTT [over-the-top] ecosystem,” read an invitation sent in August to six major studios for a seminar in Los Angeles. “Hollywood, we are coming!”

How do you say “chutzpah” in Chinese? Future TV is one of seven firms licensed to stream content into Chinese homes via the Internet to set-top boxes and smart TVs. (“Over-the-top” refers to video delivered outside of a cable or satellite service.) It claims to offer 1.5 million hours of content, of which half is high-definition. But among U.S. studios it is notorious for uploading hundreds of copyrighted movies and evading tens of millions of dollars in licensing fees. Chinese production houses also say they’re being cheated. “If you ask anyone in China they’ll tell you Future TV is a pirate,” says a U.S. studio executive in Beijing.

Future pitches itself as a fledgling that needs Hollywood’s support. Yet its biggest shareholder is CCTV, China’s state-owned broadcaster, which enjoys huge subsidies and sells $3.6 billion a year in advertising. Future’s other investor is Tencent Holdings , China’s largest Internet firm, with $9.7 billion in revenue. And Future’s main hardware partner is Xiaomi Corp., a midprice-smartphone maker that outsells Apple’s iPhone in China. A Xiaomi set-top box costs only $50 and streams free content, from Chinese costume dramas to U.S. blockbusters. Xiaomi expects to sell a million boxes this year in a market expected to sell 10 million overall. Partners like these help to explain why Future readily thumbs its nose at Hollywood.

Ironically, Hollywood’s own lobbying group, the Motion Picture Association of America, helped to introduce Future execs to the studios during a February visit. Once bitten, twice shy: Future canceled its Hollywood seminar after studios demurred, though its executives went ahead with their visit. In anticipation Future took down unauthorized content, such as Jurassic Park 3D and Mr. Bean’s Holiday, a Universal title that had been Xiaomi’s most-played movie.

Despite its name, Future is a throwback. Many Chinese video sites and cable channels now pay for popular imported TV shows and movies, says Kristian Kender, a media consultant in Beijing. Tencent signed a licensing deal in September with Disney to stream movies on its video-on-demand service. Kender puts the total market for nontheatrical content (everything but box office) at $60 million to $70 million a year, a pittance compared with what it could be. One studio said it makes more from home viewing in Indonesia than it does in China, whose economy is ten times the size. Asked about the contradiction between its Disney deal and its investment in Future, a Tencent spokesman declined comment.
http://www.forbes.com/sites/simonmon...les-hollywood/





'Breaking Bad' Creator Says Piracy Helped the Show Find New Viewers
Jacob Kastrenakes

The entertainment industry has been getting a little more comfortable with praising the benefits of online piracy, and Breaking Bad creator Vince Gilligan is the latest to speak to its brighter side. "[It] led to a lot of people watching the series who otherwise would not have," Gilligan tells the BBC. Gilligan has previously remarked that TV binge-watching was a large factor in getting viewers wrapped up in his show, noting in May that Netflix in particular brought about an "amazing nitrous-oxide boost of energy and public awareness" that the series was able to take advantage of.

But while Breaking Bad may have benefited from the added buzz generated by piracy as well, Gilligan isn't strictly thrilled that viewers didn't choose another avenue to watch his show through. "The downside is a lot of folks who worked on the show would have made more money, myself included, if all those downloads had been legal," he tells the BBC. The series' finale alone was downloaded over half a million times within just 12 hours of airing. While AMC did sell the series online, it chose not to offer a free, ad-supported stream of it as many other networks do with their own shows, removing a potential avenue to gain viewers who don't want to pay.
http://www.theverge.com/2013/10/18/4...ht-new-viewers





Netflix in Talks With U.S. Cable Companies: WSJ

Netflix Inc is in talks with several U.S. cable television companies including Comcast Corp and Suddenlink Communications to make its streaming video service available through their set-top boxes, the Wall Street Journal reported on Sunday, citing people familiar with the matter.

According to the Journal, the negotiations are in the early stages, with no deal expected soon. The report said that one sticking point in the negotiations is that Netflix wants cable companies to adopt special technology designed to improve the quality of its streaming video.

Last month, two European cable companies -- Sweden's Com Hem and Virgin Media in Britain -- struck deals to allow their customers to access Netflix through Tivo set-top boxes.

Netflix Chief Financial Officer David Wells, speaking at a Goldman Sachs investor conference last month, said that the company was willing to strike similar deals with U.S. cable companies.

"We would love to reduce the friction to the end consumer, and to be available via the existing device in the home which is the set-top box," Wells said. "But it's up to the (pay TV provider) to decide how much a competitor they view us as, or a complement."

Netflix, Comcast and Suddenlink could not be immediately reached for comment.

(Reporting by Michael Erman; Editing by Diane Craft)
http://www.reuters.com/article/2013/...99C0E520131013





Canadian Gov't to Push Cable Providers to Unbundle Channels

The Canadian government will soon require cable and satellite television providers to make it easier for customers to buy only the channels they want rather than pay for bundles, the country's industry minister said on Sunday.

"We don't think it's right for Canadians to have to pay for bundled television channels that they don't watch. We want to unbundle television channels and allow Canadians to pick and pay the specific television channels that they want," Industry Minister James Moore said during an appearance on CTV's "Question Period."

Some Canadian cable and satellite television providers have already begun to offer so-called "a la carte" pricing, a trend some analysts think could begin to take hold in the much larger U.S. market.

Moore said Canada's Conservative government is looking at other consumer-friendly moves when the next parliamentary session resumes such as preventing airline overbooking and curbing wireless roaming rates charged by telecom companies.

"We also think that roaming fees are too high in this country. We know that there's going to be a new regime put in place in the first week of December to cap international roaming fees, but we also want to move on domestic roaming fees as well," he said.

"These are things ... on which our government is going to take action."
http://www.reuters.com/article/2013/...0I30BW20131013





On a New Jersey Islet, Twilight of the Landline
Edward Wyatt

Hurricane Sandy devastated this barrier island community of multimillion-dollar homes, but in Peter Flihan’s view, Verizon Communications has delivered a second blow: the telecommunications giant did not rebuild the landlines destroyed in the storm, and traditional telephone service here has now gone the way of the telegraph.

“Verizon decides then and there to step on us,” said Mr. Flihan, 75, a retired toy designer and marketer.

Verizon said it was too expensive to replace Mantoloking’s traditional copper-line phone network — the kind that has connected America for more than a century — and instead installed Voice Link, a wireless service it insisted was better.

Verizon’s move on this sliver of land is a look into the not-too-distant future, a foreshadowing of nearly all telephone service across the United States. The traditional landline is not expected to last the decade in a country where nearly 40 percent of households use only wireless phones. Even now, less than 10 percent of households have only a landline phone, according to government data that counts cable-based phone service in that category.

The changing landscape has Verizon, AT&T and other phone companies itching to rid themselves of the cost of maintaining their vast copper-wire networks and instead offer wireless and fiber-optic lines like FiOS and U-verse, even though the new services often fail during a blackout.

“The vision I have is we are going into the copper plant areas and every place we have FiOS, we are going to kill the copper,” Lowell C. McAdam, Verizon’s chairman and chief executive, said last year. Robert W. Quinn Jr., AT&T’s senior vice president for federal regulatory issues, said the death of the old network was inevitable. “We’re scavenging for replacement parts to be able to fix the stuff when it breaks,” he said at an industry conference in Maryland last week. “That’s why it’s going to happen.”

The Federal Communications Commission has long agreed. In its National Broadband Plan, published in 2010, the F.C.C. said that requiring certain carriers to maintain plain old telephone service “is not sustainable” and could siphon investments away from new networks.

“The challenge for the country,” the F.C.C. said, is to ensure “a smooth transition for Americans who use traditional phone service and for the businesses that provide it.”

But as far as Mr. Flihan and others in New Jersey are concerned, that transition from a reliable service — one that has given them a sense of security all their lives — is not smooth at all. An array of state-sanctioned consumer advocacy groups, as well as AARP, have petitioned regulators to disallow the replacement of Mantoloking’s copper lines with Voice Link.

Not only will Voice Link not work if the power fails — a backup battery provides two hours of talking time, hardly reassuring to people battered by Sandy — but Verizon warns Voice Link users that calls to 911 under normal conditions might not go through because of network congestion. Medical devices that require periodic tests over phone lines, like many pacemakers, cannot transmit over Voice Link. Fax machines do not work over most wireless phone networks, including Voice Link. Neither do many home security systems, which depend on a copper phone line to connect to a response center.

“They told us this was the greatest thing in the world,” Mr. Flihan said. But he estimates that roughly 25 percent of the calls he makes through the Verizon Voice Link service do not go through the first time he dials, or sometimes the second or third. Occasionally, the call is interrupted by clicking sounds, and sometimes a third party’s voice can be heard on the line, Mr. Flihan said.

Verizon responded that it had offered to visit Mr. Flihan’s house to address the problems. Mr. Flihan said he had refused if Verizon would not bring back his landline. Overall, the company said that a vast majority of Voice Link customers in Mantoloking and elsewhere liked Voice Link, and if not, they could get phone service over cable television lines through Comcast or another provider.

The difference between wired and wireless, however, is a big one.

Traditional copper landlines use electric pulses to carry voice and data signals over a metal wire, which also carries power, so the phone works during a blackout. Fiber-optic lines are made of a thin glass filament and transmit voice and data at high speeds using pulses of light, but they cannot carry electricity and so do not work during a power failure without a battery. Cable television wires, which can also transmit telephone service, are made of copper, but they require a modem powered by electricity. Even cellphones require power at the cell tower, something that was knocked out during Sandy.

The phone companies point out that even among the households that still subscribe to a copper landline, most probably use cordless phones, which need electricity whether the house has a copper line or not.

The F.C.C. rules that apply to wired phone service — for example, the requirement that every home in the United States must be offered service if desired — generally do not apply to wireless service. The F.C.C. also does not regulate voice service over cable television networks, which are used for telephone service by roughly 30 million homes. And the phone companies argue that they should not be subject to F.C.C. regulations when phone service is transmitted like Internet data via options like FiOS — which uses fiber-optic lines that require electricity to work.

The result is that consumer and public-interest groups — many of whom agree with the phone giants that the transition is inevitable — fear that significant customer protections will be lost.

Those protections require that phones must work in power failures; different companies’ networks of wires and switches must connect with one another; emergency calls must automatically give rescue workers the location of callers; and people may keep their phone numbers when they change providers.

“These benefits were not a happy accident,” Gigi B. Sohn, the president of Public Knowledge, a consumer-interest group, told a Senate subcommittee in July. “They were the result of deliberate communications policies that demanded a telecommunications network that served its users first and foremost.”

The phone companies now say many of those protections are outdated and unnecessary.

“The rules that we have in place were designed to regulate what we considered in the 1930s to be a monopoly wireline voice system,” Mr. Quinn of AT&T said. In November, the company asked the F.C.C. to begin tests that would eventually permit AT&T to retire most of its copper lines.

Steven Davis, executive vice president for public policy and government relations at CenturyLink, the third-largest telephone company, said the main concern of phone companies was regulation. “If you burden the new technology with the regulations designed for the old, you will impede deployment, impede growth and hurt profitability,” he said.

Even mere uncertainty about potential changes can wreak havoc once consumers hear of shortcomings in the new services. The first wave of resistance came on Fire Island, N.Y., where this year Verizon told residents who had been devastated by Hurricane Sandy that their landlines would not be coming back.

Fire Island residents objected so loudly that Verizon reversed course and said last month that it would build its fiber-optic FiOS service to the island, satisfying residents who wanted some kind of wire connecting their home phone to the outside world.

Verizon says Voice Link in Mantoloking is a short-term fix, and it is looking into other alternatives. But that solution is most likely to come without wires attached.
http://www.nytimes.com/2013/10/15/te...-landline.html





UPD Scientists Hit 100Gbps Wireless World Record to Aid Rural Broadband
Mark Jackson

A joint team of German researchers based out of the Fraunhofer Institute for Applied Solid State Physics (IAF) and the Karlsruhe Institute of Technology (KIT) have achieved a world record after they successfully completed a 100Gbps (Gigabits per second) data transmission over a wireless radio network at 237.5GHz. The next target is 1Tbps!

The experiment itself, which is an extension of the €2 million Millilink Project that combined the latest photonic (fibre optic) and electronic technologies, was only achieved over a distance of just 20 metres in the lab. But the teams prior outdoor test using a similar setup was able to hit 40Gbps over a more commercially attractive distance of 1km+ (i.e. between two skyscrapers).

Apparently the radio signals are generated by a photon mixer device from the Japanese company NTT-NEL, which uses two optical laser signals of different frequencies that are then superimposed on a photodiode (i.e. this is a type of photodetector that can convert light into either a current or voltage). In this case an electrical signal results (237.5 GHz) that can then be radiated via an antenna. The radio signals are later received by active integrated electronic circuits.

The radio link is designed to cope with advanced modulation formats so that it could be integrated into modern fibre optic networks in a “bit-transparent way“, which would make it useful as an alternative to the expensive process of digging up roads and fields in order to lay new high capacity fibre optic cables.

Professor Ingmar Kallfass explains:

“Our project focused on integration of a broadband radio relay link into fiber-optical systems. For rural areas in particular, this technology represents an inexpensive and flexible alternative to optical fiber networks, whose extension can often not be justified from an economic point of view. At a data rate of 100 gigabits per second, it would be possible to transmit the contents of a blue-ray disk or of five DVDs between two devices by radio within two seconds only.”

It’s perhaps best to think of this as an ultra-fast alternative to the more traditional direct line-of-sight style Microwave links, which means that it would be good for carrying capacity but not necessarily ideal for connecting individual homes. One of the reasons for that is due to the use of a high-frequency signal at 237.5GHz, which would struggle to penetrate through walls like its lower frequency counterparts in the mobile broadband and wifi world. Alternatively it might also be used for indoor transmissions using a miniaturized (compact) antenna design.

But by far the best bit of news is that the team have only just scratched the surface and are yet to test the impact of multiplexing techniques, which would in theory allow them to simultaneously transmit multiple data streams. On top of that there’s also scope for using multiple transmitting and receiving antennas, which could result in wireless transmissions that top 1Tbps (Terabit per second)!

As usual it could take years for such lab trials to reach the mainstream but it’s another promising development and one that’s well worth keeping an eye on.
http://www.ispreview.co.uk/index.php...broadband.html





‘12 Years a Slave,’ ‘Mother of George,’ and the Aesthetic Politics of Filming Black Skin
Ann Hornaday

In one of the first scenes of early Oscar favorite “12 Years a Slave,” the film’s protagonist, Solomon Northup, played by Chiwetel Ejiofor , is seen at night, sleeping alongside a fellow enslaved servant. Their faces are barely illuminated against the velvety black background, but the subtle differences in their complexions — his a burnished mahogany, hers bearing a lighter, more yellow cast — are clearly defined.

“Mother of George,” which like “12 Years a Slave” opens on Friday, takes place in modern-day Brooklyn, not the candlelit world of 19th-century Louisiana. But, like “12 Years a Slave,” its black stars and supporting players are exquisitely lit, their blue-black skin tones sharply contrasting with the African textiles they wear to create a vibrant tableau of textures and hues.

“Mother of George” and “12 Years a Slave” are just the most recent in a remarkable run of films this year by and about African Americans, films that range in genre from the urban realism of “Fruitvale Station” and light romantic comedy of “Baggage Claim" to the high-gloss historic drama of “Lee Daniels’ The Butler” and the evocatively gritty pot comedy “Newlyweeds.” The diversity of these films isn’t reflected just in their stories and characters, but in the wide range of skin tones they represent, from the deepest ebonies to the creamiest caramels.

The fact that audiences are seeing such a varied, nuanced spectrum of black faces isn’t just a matter of poetics, but politics — and the advent of digital filmmaking. For the first hundred years of cinema, when images were captured on celluloid and processed photochemically, disregard for black skin and its subtle shadings was inscribed in the technology itself, from how film-stock emulsions and light meters were calibrated, to the models used as standards for adjusting color and tone.

That embedded racism extended into the aesthetics of the medium itself, which from its very beginnings was predicated on the denigration and erasure of the black body. As far back as “The Birth of a Nation” — in which white actors wearing blackface depicted Reconstruction-era blacks as wild-eyed rapists and corrupt politicians — the technology and grammar of cinema and photography have been centered on the unspoken assumption that their rightful subjects would be white.

The result was that, if black people were visible at all, their images would often be painfully caricatured (see Hattie McDaniel in “Gone With the Wind”) or otherwise distorted, either ashy and washed-out or featureless points of contrast within the frame. As “12 Years a Slave” director Steve McQueen said in Toronto after the film’s premiere there, “I remember growing up and seeing Sidney Poitier sweating next to Rod Steiger in ‘In the Heat of the Night,’ and obviously [that was because] it’s very hot in the South. But also he was sweating because he had tons of light thrown on him, because the film stock wasn’t sensitive enough for black skin.”

Montré Aza Missouri, an assistant professor in film at Howard University, recalls being told by one of her instructors in London that “if you found yourself in the ‘unfortunate situation’ of shooting on the ‘Dark Continent,’ and if you’re shooting dark-skinned people, then you should rub Vaseline on their skin in order to reflect light. It was never an issue of questioning the technology.” In her classes at Howard, Missouri says, “I talk to my students about the idea that the tools used to make film, the science of it, are not racially neutral.”

Missouri reminds her students that the sensors used in light meters have been calibrated for white skin; rather than resorting to the offensive Vaseline solution, they need to manage the built-in bias of their instruments, in this case opening their cameras’ apertures one or two stops to allow more light through the lens. Filmmakers working with celluloid also need to take into account that most American film stocks weren’t manufactured with a sensitive enough dynamic range to capture a variety of dark skin tones. Even the female models whose images are used as reference points for color balance and tonal density during film processing — commonly called “China Girls” — were, until the mid-1990s, historically white.

In the face of such technological chauvinism, filmmakers have been forced to come up with workarounds, including those lights thrown on Poitier and a variety of gels, scrims and filters. But today, such workarounds have been rendered virtually obsolete by the advent of digital cinematography, which allows filmmakers much more flexibility both in capturing images and manipulating them during post-production.

Cinematographer Anastas Michos recalls filming “Freedomland” with Julianne Moore and Samuel L. Jackson, whose dramatically different complexions presented a challenge when they were in the same shot. “You had Julianne Moore, who has minus pigment in her skin, and Sam, who’s a dark-skinned guy. It was a photographic challenge to bring out the undertones in both of them.”

Michos solved the problem during a phase of post-production called the digital intermediate, during which the film print is digitized, then manipulated and fine-tuned. “You’re now able to isolate specific skin tones in terms of both brightness and color,” says Michos, who also shot “Baggage Claim,” “Jumping the Broom” and “Black Nativity,” due out later this year. “It gives you a little bit more flexibility in terms of how you paint the frame.”

Daniel Patterson, who shot “Newlyweeds” on a digital Red One camera, agrees, noting that on a recent shoot for Spike Lee’s “Da Blood of Jesus,” he was able to photograph black actors of dramatically different skin tones in a nighttime interior scene using just everyday house lamps, thanks to a sophisticated digital camera. “I just changed the wattage of the bulb, used a dimmer, and I didn’t have to use any film lights. That kind of blew me away,” Patterson says. “The camera was able to hold both of them during the scene without any issues.”

The multicultural realities films increasingly reflect go hand in hand with the advent of technology that’s finally able to capture them with accuracy and sensitivity. And on the forefront of this new vanguard is cinematographer and Howard University graduate Bradford Young , the latest in a long line of Howard alums — including Ernest Dickerson, Arthur Jafa and Malik Sayeed — who throughout the 1990s deployed the means of production to bring new forms of lyricism, stylization and depth to filmed images of African Americans.

At Howard, Young says, “the question of representation was always first and foremost. . . . When bias is built into the negative, how does that affect the way we see people of color on screen? People like Ernest, Malik and A.J. [found] a sweet spot. There’s always an inherent bias sitting over us. We’ve just got to climb through it and survive, and that’s what’s embodied in the cinematography.”

Whether working on film stock for Dee Rees’s “Pariah,” high-definition video for Ava DuVernay’s “Middle of Nowhere,” or with digital Red cameras for Andrew Dosunmu’s “Restless City” and “Mother of George,” Young is finding a newly rich visual language, one that’s simultaneously straightforward, soft, stylish and intimately naturalistic. His work with Dosunmu — for which Young won the Sundance cinematography award this year — is especially expressive, with the camera coming in and out of focus and often capturing the actors in moments of stillness, like works of sculpture.

“I was trying to be assertive with the imagery as flamboyant, space-age and assertive as African American textiles have been for 10,000 years,” Young explains, adding that he lit “Mother of George” to accentuate blue skin tones and illuminated scenes from above, to suggest natural sunlight. “It takes us back to Tuaregs and Niger and nomads, because the people in the film are kind of like nomads,” he says. “That’s why the top light is always so cool, and their hands are always stained with something. Because that’s what nomadic people do.”

Solomon Northup is a nomad as well in “12 Years a Slave,” in which he and his fellow laborers — often abused, but shown in all their physical types and tonal subtleties — stand in symbolic rebuke to a cinematic apparatus that habitually ignored or despised them. Like their brethren in “Mother of George” and other denizens of this year’s “black new wave,” these characters are claiming aesthetic space that they’ve long been denied.

That space, at long last, seems endless: Young suggested that his next step with Dosunmu might be photographing a movie in 3-D. Having transformed the black body in a two-dimensional format, he says, “let’s work on the perception of the black body in space. Instead of having depth of field, let’s actually take control of each field.” It’s tempting to imagine that Northup and his peers would agree — literally, metaphorically and, not least of all, cinematically.
http://www.washingtonpost.com/entert...d8f_story.html





Protests Follow Google 'Endorsed Advert' Change
BBC

Google is facing a backlash over plans to put people's faces and comments about products and places into adverts.

The "shared endorsements" policy change starts on 11 November and covers the comments, "follows" and other actions people do on Google+.

One protest involves people swapping their profile pictures for that of Google boss Eric Schmidt so his image rather than their own appears on ads.

Google said it had made it easy for people to opt out of the system.

The search giant started alerting people about the upcoming policy change via banners on its main webpage and in a page explaining the change to its "policies and principles".

Google also gave examples of how the "shared endorsement" system might work. This showed people's faces and comments appearing below Street View images of a bagel shop and search results for products and places.

Many people protested about the change to Google, and some altered their image profiles on the Google+ social network in response.

So far, Google has not issued an official comment about the protests over "shared endorsements". However, in its explanatory pages it said it was easy to opt out of the system by clicking a box on the Google+ account settings page.

It warned that if people did not want to be part of the programme some of their comments and follows may no longer be visible to others they know on Google+.

Social network Facebook faced strong criticism over a similar system called "sponsored stories" it rolled out in 2011.

Legal action following the criticism eventually led to Facebook paying out $20m to compensate people whose images it used without permission.
http://www.bbc.co.uk/news/technology-24519300





Google-Backed File-Sharing Service Spreads Chinese Malware

Most people in the West haven’t heard of it, but Xunlei, a file-sharing service that boasts Google as an investor, has hundreds of millions of users in China. And, it was recently found to be distributing a signed malware known as KanKan.

Last June, several complaints appeared on various Chinese forums about a suspicious program signed with a certificate from Xunlei, which is, according to ESET, the most-used torrent client in the world, with more than 100 million peer IDs. In comparison, the better-known uTorrent peaks at 92 million peer IDs.

The news spread rapidly and ended up in the headlines of many Chinese websites – though it was never reported outside of China.

Xunlei is basically a download accelerator: it offers a searchable index of billions of media files that users can download with the proprietary Xunlei software. When a user starts a download via its browser or torrent client, it chooses the best possible location for the file in order to maximize the download speed.

KanKan is not overtly malicious. However, it acts as a backdoor – a way to obtain persistence on the system (it registers an Office plugin with no Office functionalities). It also silently installs mobile applications on Android phones connected to the computer via USB – which is, of course, suspicious in and of itself.

“According to our analysis, all these applications provide real features to the user,” said ESET researcher Joan Calvet. “Three of them are Android markets, which allow the user to download various applications onto his phone. We were not able to find any clearly malicious features in these applications. It is still worth noticing, though, that their code is heavily obfuscated.”

The last one, still available on Google Play at the time of writing, allows the user to make phone calls at what it says are advantageous rates. “Nevertheless, it exhibits some suspicious features, like regular contacts with URLs known to distribute adware for Android phones,” Calvet said.

The use of a fake Office plugin to gain persistence, the ability to silently install Android applications, and the backdoor functionalities, "confirm the validity of the concerns of Chinese users and explains why ESET detects this program as malicious, under the name Win32/Kankan,” according to Calvet.

“There are still some open questions, like the original infection vector and the exact reason the Android applications were installed,” Calvet added. “Finally, the degree to which Xunlei Networking Technologies were implicated is hard to tell from the outside.”

For affected users, Xunlei has released an uninstaller.
http://www.infosecurity-magazine.com...inese-malware/





Thousands of Sites Hacked Via vBulletin Hole
Brian Krebs

Attackers appear to have compromised tens of thousands of Web sites using a security weakness in sites powered by the forum software vBulletin, security experts warn.

In a blog post in late August, vBulletin maker Jelsoft Internet Brands Inc. warned users that failing to remove the “/install” and “/core/install” directories on sites running 4.x and 5.x versions of the forum software could render them easily hackable. But apparently many vBulletin-based sites didn’t get that memo: According to Web site security firm Imperva, more than 35,000 sites were recently hacked via this vulnerability.

The security weakness lets attackers quickly discover which forums are vulnerable, and then use automated, open-source exploit tools to add administrator accounts to vulnerable sites.

Imperva said the compromised sites appear to have been hacked by one of two sets of exploit tools that have been released publicly online. The first was apparently used in a mass Website defacement campaign. A Google search for forums with the the rather conspicuously-named administrator account added in that attack (“Th3H4ck”) shows that many of the hack sites also are hosting malware. Among the sites apparently compromised is a support forum for the National Runaway Safeline and a site selling vBulletin add-ons.

The second tool does effectively the same thing, except with a bit more stealth: The administrator account that gets added to hacked forums is more innocuously named “supportvb”. Here’s a Google search that offers a rough idea of the forums compromised with this exploit, which was apparently authored or at least publicly released by this guy.

Amichai Shulman, Imperva’s chief technology officer, said the company believes the attackers are using some sort of botnet — a collection of hacked PCs — to help scrape Google for compromised sites and to inject the malicious code.

“In order to infect 30,000 targets in such a short period of time you need Google, but the problem is that you can’t retrieve so many search results that easily in an automated way. Google may show you that there are 30,000 [vulnerable target sites], but when you start scrolling through them all you may get to maybe page five or six [before] you get a message that your machine is performing automated queries, and it will start showing you CAPTCHA,” challenges to block automated lookups. “And if I repeat this behavior from the same Internet address, I’ll get blocked for a certain period of time.”

Barry Shteiman, director of security strategy at Imperva, said that distributing the searches through many different Internet addresses solves that problem.

“These guys can instruct each part of that distributed network to perform a partial search that would return a part of the entire results,” Shteiman said. “That way they can get the list sliced into much smaller pieces that a single machine can then crawl and scrape.”

If you run a forum or site powered by vBulletin, take a minute to check if you have followed vBulletin’s advice and removed the “/install” and/or “/core/install” folders. If your vBulletin site still has those directories installed, you may also want to check for new administrator accounts.

I followed up with the vBulletin folks and asked whether the company planned to automate the removal of these forums in future updates. A member of the vBulletin support team said version 4.2.2 “fixes the problem, but we still always recommend removing the install folder.” The same individual promised that the as yet unreleased vBulletin v. 5.1.0 will have additional, unspecified fixes, “however you still need to remove the install folder.”
http://krebsonsecurity.com/2013/10/t...bulletin-hole/





Cyber Warrior Shortage Hits Anti-Hacker Fightback
Peter Apps and Brenda Goh

For the governments and corporations facing increasing computer attacks, the biggest challenge is finding the right cyber warriors to fight back.

Hostile computer activity from spies, saboteurs, competitors and criminals has spawned a growing industry of corporate defenders who can attract the best talent from government cyber units.

The U.S. military's Cyber Command is due to quadruple in size by 2015 with 4,000 new personnel while Britain announced a new Joint Cyber Reserve last month. From Brazil to Indonesia, similar forces have been set up.

But demand for specialists has far outpaced the number of those qualified to do the job, leading to a staffing crunch as talent is poached by competitors offering big salaries.

"As with anything, it really comes down to human capital and there simply isn't enough of it," says Chris Finan, White House director for cyber security from 2011-12, who is now a senior fellow at the Truman National Security Project and working for a start-up in Silicon Valley.

"They will choose where they work based on salary, lifestyle and the lack of an interfering bureaucracy and that makes it particularly hard to get them into government."

Cyber attacks can be expensive: one unidentified London-listed company incurred losses of 800 million pounds ($1.29 billion) in a cyber attack several years ago, according to the British security services.

Global losses are in the range of $80 billion to $400 billion a year, according to research by the Washington-based Center for Strategic and International Studies that was sponsored by Intel Corp's McAfee anti-virus division.

There is a whole range of attacks. Some involve simply transferring money, but more often clients' credit card details are stolen. There is also intellectual property theft or theft of commercially sensitive information for business advantage.

Victims can also suffer a "hacktivist" attack, such as a directed denial of service to bring a website down, which can cost a lot of money to fix.

Quantifying the exact damage is almost impossible, especially when secrets and money are not the only targets.

While no government has taken responsibility for the Stuxnet computer virus that destroyed centrifuges at Iran's Natanz uranium enrichment facility, it was widely reported to have been a U.S.-Israeli project.

Britain says it blocked 400,000 advanced cyber threats to the government's secure intranet last year while a virus unleashed against Saudi Arabia's energy group Aramco, likely to be the world's most valuable company, destroyed data on thousands of computers and put an image of a burning American flag onto screens.

GOING VIRAL?

Most cyber expertise remains in the private sector where companies are seeing an steep increase in spending on security products and services.

Depending on the cyber threat, a variety of firms are bidding for cyber talent. Google is currently advertising 129 IT security jobs, while defense companies such as Lockheed Martin Corp and BAE Systems are looking to hire in this area.

Anti-virus maker Symantec Corp is also doing good business. "The threat environment is exploding," Chief Executive Steve Bennett told Reuters in an interview in July.

The perception of an increased threat, has also led to explosive demand for the best talent.

The U.S. Bureau of Labour Statistics says the number of Information Technology security roles in the U.S. will increase by some 22 percent in the decade to 2020, creating 65,700 new jobs. Experts say it is a similar situation globally, with salaries often rising 5-7 percent a year.

"Recruitment and retention in cyber is a challenge for everybody working in this area," says Mike Bradshaw, head of security and smart systems at Finmeccanica IT unit Selex. "It's an area where demand exceeds supply ... it's going to take a while for supply to catch up."

A growing number of security firms - such as UK-based Protection Group International (PGI) - now also offer cyber services. PGI started out providing armed guards to protect merchant ships against pirates but has now hired former staff from Britain's GCHQ eavesdropping agency.

COUNTRY OR CASH?

A graduate with a good computer studies degree can walk into a $100,000 salary with a similar amount upfront as a golden handshake, several times what the U.S. National Security Agency would be likely to offer.

Western universities turn out far too few graduates with the necessary computer skills while some students complain that many of the courses on offer are too theoretical for the challenges of cyber warfare.

But applicants need not have a computer science degree to get lucrative jobs as long as they can do the hardest-to-fill jobs such as finding bugs in software, identifying elusive infections and reverse engineering computer viruses that are found on computers, said Alan Paller, founder of the non-profit SANS Institute in Washington.

SANS has worked with officials in Illinois, Massachusetts, New Jersey and other states to sponsor hacking contests that test skills in those and other areas. Educational background does not necessarily help in these contests.

Those who have "very good" skills in the most-needed areas can earn $110,000 to $140,000, while the very top get paid as much as $200,000 in private sector jobs, according to Paller.

While the private sector offers big cash, the government is still able to retain some talent by appealing to people's sense of public service and patriotism.

"I want to serve my country. What I am doing is important," one hacker who conducts classified research for the U.S. military told Reuters at the Def Con hacking conference in July. He declined to provide his name because he was not authorized to speak to the press.

There is also an expectation that government workers can move to more lucrative jobs in the private sector after several years in public service.

But some senior officers in Western militaries still fear they may struggle to attract the requisite talent, citing both cultural and administrative problems.

General Keith Alexander, head of both the NSA and Cyber Command, told Reuters earlier this year finding the right talent was a priority. He has attended events such as the Def Con hacker conference, trading his uniform for a black T-shirt.

Hiring outsiders has long been thought to be a tactic employed by the United States as well as China and Russia.

Western security officials believe Russia, China and other emerging cyber powers such as Iran and North Korea have cut deals with their own criminal hacker community to borrow their expertise to assist with attacks.

Russia and China, which have been accused by the West of mounting repeated attacks on government and commercial interests, deny direct involvement in hacking.

"We are at the very beginning of this process and we are building it brick by brick," says Colonel Gregory Conti, head of the cyber Security Department at the U.S. Military Academy, West Point. "It's going to be like the creation of the air force - a process of several decades getting the right people and structures." ($1 = 0.6209 British pounds)

(Additional reporting by Jim Finkle in Boston; Editing by Guy Faulconbridge and Giles Elgood)
http://www.reuters.com/article/2013/...99C03F20131013





Twitter Pays Engineer $10 Million as Silicon Valley Tussles for Talent
Sarah McBride

Among Twitter Inc's highest-paid executives, Christopher Fry's name stands out.

The senior vice president of engineering raked in $10.3 million last year, just behind Twitter Chief Executive Dick Costolo's $11.5 million, according to Twitter's IPO documents. That is more than the paychecks of executives such as Chief Technology Officer Adam Messinger, Chief Financial Officer Mike Gupta and Chief Operating Officer Ali Rowghani.

Welcome to Silicon Valley, where a shortage of top engineering talent amid an explosion of venture capital-backed start-ups is inflating paychecks.

"The number of A-players in Silicon Valley hasn't grown," said Iain Grant, a recruiter at Riviera Partners, which specializes in placing engineers at venture-capital backed start-ups. "But the demand for them has gone through the roof."

Stories abound about the lengths to which employers will go to attract engineering talent - in addition to the free cafeterias, laundry services and shuttle buses that the Googles and Facebooks of the world are already famous for.

One start-up offered a coveted engineer a year's lease on a Tesla sedan, which costs in the neighborhood of $1,000 a month, said venture capitalist Venky Ganesan. He declined to identify the company, which his firm has invested in.

At Hotel Tonight, which offers a mobile app for last-minute hotel bookings, CEO Sam Shank described staging the office to appear extra lively for a prospective hire. He roped in two employees for a game of ping-pong and positioned another group right by the bar.

It worked: the recruit signed on and built a key piece of the company's software.

In Fry's case, his compensation came mostly in the form of stock awards, valued last year at $10.1 million, according to Twitter's IPO documents registered with securities regulators. He drew a salary of $145,513 and a bonus of $100,000.

Some might call that underpaid. Facebook Inc's VP of engineering, Mike Schroepfer, took in $24.4 million in stock awards the year before the social network's 2012 initial public offering. He also drew a salary of $270,833 and a bonus of $140,344. But Facebook that year posted revenue of $3.71 billion, 10 times more than Twitter's $317 million.

Grant said more than three-quarters of candidates who took VP of engineering roles at his client companies over the last two years drew total cash compensation in excess of $250,000. Many also received equity grants totaling 1 to 2 percent of the company, the recruiter added.

LORE OF 10X

The hot demand for engineers is driven in part by a growing number of start-ups, venture capitalists say. Some 242 Bay Area companies received early-stage funding - known as a seed round - in the first half of this year, according to consultancy CB Insights. That is more than the number for all of 2010.

Another factor is the increasing complexity of technology. Many in Silicon Valley like to discuss the lore of the "10x" engineer, who is a person so talented that he or she does the work of 10 merely competent engineers.

"Having 10x engineers at the top is the only way to recruit other 10x engineers," said Aileen Lee, founder of Cowboy Ventures, an early-stage venture fund.

Former colleagues said Fry, who joined Twitter earlier this year, fits the bill. The messaging service poached him from software giant Salesforce.com Inc, where Fry had worked in various positions since 2005, rising from engineering manager in the Web Services team to senior VP of development.

Perhaps most attractive to Twitter is the fact that Fry joined Salesforce when it was also a 6-year-old company with big ambitions of taking on the software establishment. At that time, Salesforce's product development needed help, Fry has said in previous interviews. He whipped them into shape, helping build the company into one of the hottest enterprise-software providers in the industry today.

Twitter has had its share of technical problems, such as the notorious "fail whale" that regularly appeared on screens during outages. That made Fry's experience all the more valuable.

"All it takes is a couple of bad incidents where Twitter is down, or there's a security breach. That could be the end of the company," said Chuck Ganapathi, an entrepreneur who previously worked with Fry at Salesforce, where he was senior vice president for products.

"You need somebody of this caliber to run it."

Neither Twitter nor Fry responded to requests for comment.

PERSONAL DRUM STUDIO

Today, even entry-level engineers can draw lucrative salaries in the Valley. Google Inc offered $150,000 in annual wages plus $250,000 in restricted stock options to snag a recent PhD graduate who had been considering a job at Apple Inc, according to a person familiar with the situation.

The average software engineer commands a salary of $100,049 in Silicon Valley, according to Dice, a technology-recruitment service. That is down from $113,488 last year, due to an increase in hiring of less experienced engineers, said a Dice spokeswoman.

By comparison, the average salary for all professions in San Francisco's Bay Area is $66,070, according to the Bureau of Labor Statistics. Other jobs in the area can command higher wages - physicians make $133,530, a lawyer about $174,440 and a civil engineer makes $107,440 - but the tech industry often offers restricted stock or options on top of salaries.

Even for plain-vanilla engineers, competition is intense, said Dice CEO Mike Durney, leading companies to go to great lengths to attract and hold onto the right people.

Accommodation-search service ApartmentList rents a drum studio on an ongoing basis to help retain a key engineer, said CEO John Kobs.

In one of the better-known examples, Google famously allowed engineers to devote 20 percent of their time on personal projects. It is worth it, many recruiters and industry executives say.

Many of the most talented engineers bring more than programming chops, promoting the sort of career diversity prized in Silicon Valley.

Take Fry, who earned a PhD in cognitive science from the University of California at San Diego in 1998. He is a surfer, a sailor and a snowboarder, according to his personal website.

In a fitting twist for Twitter, known for its blue bird mascot, Fry also has avian expertise. His postdoctoral fellowship at the University of California, Berkeley, focused on the auditory cortex of zebra finches.

(Editing by Edwin Chan, Tiffany Wu and Richard Chang)
http://www.reuters.com/article/2013/...99C03R20131013





Software Engineers Tell Glassdoor that Walmart Pays More than Facebook
Hayley Tsukayama

According to a new survey of the base salaries of software engineers around the country, you don’t necessarily have to work at the hottest tech firms to get a high-paying job.

The job-search Web site Glassdoor compiled self-reported salary data of more than 33,000 software engineers over the past year. According to the results, while firms such as Google, Apple, Microsoft, Amazon, Facebook and Twitter all rank in the top 25 for highest average base salary, so do companies such as Juniper Networks, Integral and even Walmart.

The salary snapshot also shows that software engineers aren’t only in demand at the highest levels of the tech world. Engineers who told the site they work for Walmart reported a higher annual base salary than those who said they work for Facebook. The retailer ranked eighth, with a reported average base salary of $122,110 — just behind Oracle’s $122,905, but ahead of the average salaries reported by engineers from Facebook, eBay, Amazon or Microsoft.

Juniper, which manufactures networking equipment, topped the Glassdoor list. Engineers who said they work for Juniper reported an annual base salary of $159,990, compared with the $136,427 base salary reported by those who said they work for the second-place firm on the list, LinkedIn. Yahoo, Google and Twitter rounded out the top five, while Apple came in sixth.

The site also offered a picture of how salaries vary across the country. The greatest demand for software engineers is in the San Francisco Bay Area, which also boast’s the highest average base salary per area at $111,885. But employers using Glassdoor to recruit are also hunting on the East Coast. New York City has the second-highest concentration of Glassdoor employers looking for software engineers, followed by Washington, D.C. But salaries are lower out East: In Washington, for example, employers using the job search site are offering an average base salary of $83,765, below Glassdoor’s estimated national base salary average of $92,790.

Overall, the averages have jumped up since Glassdoor looked at the same job market last year, but they also show a shift. Last year, according to the site’s survey, Google engineers reported the highest average wage, followed by Facebook, Apple, eBay and Zynga — a firm that didn’t even crack the top 25 this year.
http://www.washingtonpost.com/busine...8ea_story.html





Deutsche Telekom Hopes to Hide German Internet Traffic From Spies

Germany's biggest telecoms operator is pushing to shield local internet traffic from foreign spies by routing it only through domestic connections, Deutsche Telekom said on Saturday.

Public outrage followed revelations that U.S. spy programs had accessed the private messages of German citizens. Deutsche Telekom had already said it would only channel local email traffic through servers within Germany.

The company aims to agree with other internet providers that any data being transmitted domestically would not leave German borders, a Deutsche Telekom spokesman said.

"In a next step, this initiative could be expanded to the Schengen area," the spokesman said, referring to the group of 26 European countries - excluding Britain - that have abandoned immigration controls.

Revelations of snooping by the secret services of the United States and Britain were based on documents leaked by fugitive former National Security Agency contractor Edward Snowden. News magazine Der Spiegel reported in June that the United States taps half a billion phone calls, emails and text messages in Germany in a typical month.

Government snooping is a sensitive subject in Germany due to the heavy surveillance of citizens in the former communist East and under Hitler's Nazis.

One of Deutsche Telekom's competitors, internet service provider QSC, had questioned the feasibility of its plan to shield internet traffic, saying it was not possible to determine clearly whether data was being routed nationally or internationally, WirtschaftsWoche magazine reported.

Other providers, including Vodafone and Telefonica, are currently considering whether they want to join Deutsche Telekom's initiative, it reported.

Vodafone, Telefonica's German unit and QSC were not immediately available for comment.

(Reporting by Peter Dinkloh and Harro Ten Wolde; Editing by Matthew Tostevin)
http://www.reuters.com/article/2013/...99B07Z20131012





TED Talks are Lying to You

The creative class has never been more screwed. Books about creativity have never been more popular. What gives?
Thomas Frank

The writer had a problem. Books he read and people he knew had been warning him that the nation and maybe mankind itself had wandered into a sort of creativity doldrums. Economic growth was slackening. The Internet revolution was less awesome than we had anticipated, and the forward march of innovation, once a cultural constant, had slowed to a crawl. One of the few fields in which we generated lots of novelties — financial engineering — had come back to bite us. And in other departments, we actually seemed to be going backward. You could no longer take a supersonic airliner across the Atlantic, for example, and sending astronauts to the moon had become either fiscally insupportable or just passé.

And yet the troubled writer also knew that there had been, over these same years, fantastic growth in our creativity promoting sector. There were TED talks on how to be a creative person. There were “Innovation Jams” at which IBM employees brainstormed collectively over a global hookup, and “Thinking Out of the Box” desktop sculptures for sale at Sam’s Club. There were creativity consultants you could hire, and cities that had spent billions reworking neighborhoods into arts-friendly districts where rule-bending whimsicality was a thing to be celebrated. If you listened to certain people, creativity was the story of our time, from the halls of MIT to the incubators of Silicon Valley.

The literature on the subject was vast. Its authors included management gurus, forever exhorting us to slay the conventional; urban theorists, with their celebrations of zesty togetherness; pop psychologists, giving the world step-by-step instructions on how to unleash the inner Miles Davis. Most prominent, perhaps, were the science writers, with their endless tales of creative success and their dissection of the brains that made it all possible.

It was to one of these last that our puzzled correspondent now decided to turn. He procured a copy of “Imagine: How Creativity Works,” the 2012 bestseller by the ex-wunderkind Jonah Lehrer, whose résumé includes a Rhodes scholarship, a tour of duty at The New Yorker and two previous books about neuroscience and decision-making. (There was also a scandal concerning some made-up quotes in “Imagine,” but our correspondent was determined to tiptoe around that.) Settling into a hot bath — well known for its power to trigger outside-the-box thoughts — he opened his mind to the young master.

Anecdote after heroic anecdote unfolded, many of them beginning with some variation on Lehrer’s very first phrase: “Procter and Gamble had a problem.” What followed, as creative minds did their nonlinear thing, were epiphanies and solutions. Our correspondent read about the invention of the Swiffer. He learned how Bob Dylan achieved his great breakthrough and wrote that one song of his that they still play on the radio from time to time. He found out that there was a company called 3M that invented masking tape, the Post-it note and other useful items. He read about the cellist Yo-Yo Ma, and about the glories of Pixar.

And that’s when it hit him: He had heard these things before. Each story seemed to develop in an entirely predictable fashion. He suspected that in the Dylan section, Lehrer would talk about “Like a Rolling Stone,” and that’s exactly what happened. When it came to the 3M section, he waited for Lehrer to dwell on the invention of the Post-it note — and there it was.

Had our correspondent developed the gift of foresight? No. He really had heard these stories before. Spend a few moments on Google and you will find that the tale of how Procter & Gamble developed the Swiffer is a staple of marketing literature. Bob Dylan is endlessly cited in discussions of innovation, and you can read about the struggles surrounding the release of “Like a Rolling Stone” in textbooks like “The Fundamentals of Marketing” (2007). As for 3M, the decades-long standing ovation for the company’s creativity can be traced all the way back to “In Search of Excellence” (1982), one of the most influential business books of all time. In fact, 3M’s accidental invention of the Post-it note is such a business-school chestnut that the ignorance of those who don’t know the tale is a joke in the 1997 movie “Romy and Michele’s High School Reunion.”

*

These realizations took only a millisecond. What our correspondent also understood, sitting there in his basement bathtub, was that the literature of creativity was a genre of surpassing banality. Every book he read seemed to boast the same shopworn anecdotes and the same canonical heroes. If the authors are presenting themselves as experts on innovation, they will tell us about Einstein, Gandhi, Picasso, Dylan, Warhol, the Beatles. If they are celebrating their own innovations, they will compare them to the oft-rejected masterpieces of Impressionism — that ultimate combination of rebellion and placid pastel bullshit that decorates the walls of hotel lobbies from Pittsburgh to Pyongyang.

Those who urge us to “think different,” in other words, almost never do so themselves. Year after year, new installments in this unchanging genre are produced and consumed. Creativity, they all tell us, is too important to be left to the creative. Our prosperity depends on it. And by dint of careful study and the hardest science — by, say, sliding a jazz pianist’s head into an MRI machine — we can crack the code of creativity and unleash its moneymaking power.

That was the ultimate lesson. That’s where the music, the theology, the physics and the ethereal water lilies were meant to direct us. Our correspondent could think of no books that tried to work the equation the other way around — holding up the invention of air conditioning or Velcro as a model for a jazz trumpeter trying to work out his solo.

And why was this worth noticing? Well, for one thing, because we’re talking about the literature of creativity, for Pete’s sake. If there is a non-fiction genre from which you have a right to expect clever prose and uncanny insight, it should be this one. So why is it so utterly consumed by formula and repetition?

What our correspondent realized, in that flash of bathtub-generated insight, was that this literature isn’t about creativity in the first place. While it reiterates a handful of well-known tales — the favorite pop stars, the favorite artists, the favorite branding successes — it routinely ignores other creative milestones that loom large in the history of human civilization. After all, some of the most consistent innovators of the modern era have also been among its biggest monsters. He thought back, in particular, to the diabolical creativity of Nazi Germany, which was the first country to use ballistic missiles, jet fighter planes, assault rifles and countless other weapons. And yet nobody wanted to add Peenemünde, where the Germans developed the V-2 rocket during the 1940s, to the glorious list of creative hothouses that includes Periclean Athens, Renaissance Florence, Belle Époque Paris and latter-day Austin, Texas. How much easier to tell us, one more time, how jazz bands work, how someone came up with the idea for the Slinky, or what shade of paint, when applied to the walls of your office, is most conducive to originality.

*

But as any creativity expert can tell you, no insight is an island, entire of itself. New epiphanies build on previous epiphanies, and to understand the vision that washed over our writer in the present day, we must revisit an earlier flash of insight, one that takes us back about a decade, to the year 2002. This time our future correspondent was relaxing in a different bathtub, on Chicago’s South Side, where the trains passed by in an all-day din of clanks and squeaks. While he soaked, he was reading the latest book about creativity: Richard Florida’s “The Rise of the Creative Class.”

Creativity was now the most valuable quality of all, ran Florida’s argument, “the decisive source of competitive advantage.” This made creative people into society’s “dominant class” — and companies that wished to harness their power would need to follow them wherever they went. Therefore cities and states were obliged to reconfigure themselves as havens for people of nonconformist tastes, who would then generate civic coolness via art zones, music scenes, and truckloads of authenticity. The author even invented a “Bohemian Index,” which, he claimed, revealed a strong correlation between the presence of artists and economic growth.

Every element of Florida’s argument infuriated our future correspondent. Was he suggesting planned bohemias? Built by governments? To attract businesses? It all seemed like a comic exercise in human gullibility. As it happened, our correspondent in those days spent nearly all his time with the kinds of people who fit Richard Florida’s definition of the creative class: writers, musicians, and intellectuals. And Florida seemed to be suggesting that such people were valuable mainly for their contribution to a countercultural pantomime that lured or inspired business executives.

What was really sick-making, though, was Florida’s easy assumption that creativity was a thing our society valued. Our correspondent had been hearing this all his life, since his childhood in the creativity-worshipping 1970s. He had even believed it once, in the way other generations had believed in the beneficence of government or the blessings of Providence. And yet his creative friends, when considered as a group, were obviously on their way down, not up. The institutions that made their lives possible — chiefly newspapers, magazines, universities and record labels — were then entering a period of disastrous decline. The creative world as he knew it was not flowering, but dying.

When he considered his creative friends as individuals, the literature of creativity began to seem even worse — more like a straight-up insult. Our writer-to-be was old enough to know that, for all its reverential talk about the rebel and the box breaker, society had no interest in new ideas at all unless they reinforced favorite theories or could be monetized in some obvious way. The method of every triumphant intellectual movement had been to quash dissent and cordon off truly inventive voices. This was simply how debate was conducted. Authors rejoiced at the discrediting of their rivals (as poor Jonah Lehrer would find in 2012). Academic professions excluded those who didn’t toe the party line. Leftist cliques excommunicated one another. Liberals ignored any suggestion that didn’t encourage or vindicate their move to the center. Conservatives seemed to be at war with the very idea of human intelligence. And business thinkers were the worst of all, with their perennial conviction that criticism of any kind would lead straight to slumps and stock market crashes.

*

Or so our literal-minded correspondent thought back in 2002. Later on, after much trial and error, he would understand that there really had been something deeply insightful about Richard Florida’s book. This was the idea that creativity was the attribute of a class — which class Florida identified not only with intellectuals and artists but also with a broad swath of the professional-managerial stratum. It would take years for our stumbling innovator to realize this. And then, he finally got it all at once. The reason these many optimistic books seemed to have so little to do with the downward-spiraling lives of actual creative workers is that they weren’t really about those people in the first place.

No. The literature of creativity was something completely different. Everything he had noticed so far was a clue: the banality, the familiar examples, the failure to appreciate what was actually happening to creative people in the present time. This was not science, despite the technological gloss applied by writers like Jonah Lehrer. It was a literature of superstition, in which everything always worked out and the good guys always triumphed and the right inventions always came along in the nick of time. In Steven Johnson’s “Where Good Ideas Come From” (2010), the creative epiphany itself becomes a kind of heroic character, helping out clueless humanity wherever necessary:

Good ideas may not want to be free, but they do want to connect, fuse, recombine. They want to reinvent themselves by crossing conceptual borders. They want to complete each other as much as they want to compete.

And what was the true object of this superstitious stuff? A final clue came from “Creativity: Flow and the Psychology of Discovery and Invention” (1996), in which Mihaly Csikszentmihalyi acknowledges that, far from being an act of individual inspiration, what we call creativity is simply an expression of professional consensus. Using Vincent van Gogh as an example, the author declares that the artist’s “creativity came into being when a sufficient number of art experts felt that his paintings had something important to contribute to the domain of art.” Innovation, that is, exists only when the correctly credentialed hivemind agrees that it does. And “without such a response,” the author continues, “van Gogh would have remained what he was, a disturbed man who painted strange canvases.” What determines “creativity,” in other words, is the very faction it’s supposedly rebelling against: established expertise.

Consider, then, the narrative daisy chain that makes up the literature of creativity. It is the story of brilliant people, often in the arts or humanities, who are studied by other brilliant people, often in the sciences, finance, or marketing. The readership is made up of us — members of the professional-managerial class — each of whom harbors a powerful suspicion that he or she is pretty brilliant as well. What your correspondent realized, relaxing there in his tub one day, was that the real subject of this literature was the professional-managerial audience itself, whose members hear clear, sweet reason when they listen to NPR and think they’re in the presence of something profound when they watch some billionaire give a TED talk. And what this complacent literature purrs into their ears is that creativity is their property, their competitive advantage, their class virtue. Creativity is what they bring to the national economic effort, these books reassure them — and it’s also the benevolent doctrine under which they rightly rule the world.
http://www.salon.com/2013/10/13/ted_..._lying_to_you/





How Apple Searches the App Store for its New Ideas
Brian Fung

When you break it down, much of the Internet economy works on the back of a platform. Zynga earns money by putting Farmville on Facebook. Crafty people make money by putting their wares on Etsy. This article makes money by way of a blogging platform. For the most part, people talk about platforms as a way to democratize innovation — they allow practically anyone to make their ideas publicly available, often for a profit.

But platforms aren't unidirectional. As much as they help fledgling artists and entrepreneurs, they can also serve as a source of ideas unto themselves, often to the benefit of the companies that run them.

Here's an example. The Verge reported Thursday on Omer Perchik, a 25-year-old developer who hired a bunch of Israeli intelligence officers to help design an app called Any.do. As it happens, Any.do's clean, flat interface attracted the attention of Apple's most influential designer, Jony Ive:

Along with music app Rdio, word game Letterpress, and competing task app Clear, Any.do was among the apps that Apple looked to for inspiration as it redesigned iOS, according to people familiar with the matter. When Jony Ive took over as the company’s head of design, he was given a list of forward-looking apps that suggested how iOS could evolve, these people said — and Any.do was on that list. (Apple did not respond to a request for comment.)

Apple's development processes are such a tightly held secret, only rarely do we hear how its products came to be. This is apparently one of those times. If the report is true, it suggests that the company actively mines the App Store for ideas, developing new projects out of the platform it built to serve customers.

This isn't the first time Apple's drawn concepts from the community and made them its own. Last year, Apple announced it was introducing Notification Center to Mac OS X, a feature that puts little pop-ups in the corner of your screen when you receive an email or calendar item. It mimics the functionality of Growl, a third-party program.

Updates to Apple's mobile browser, Safari, may also have been inspired by another app in the App Store, according to Rob Haining, an iOS developer for Digg. Haining was previously part of a team building a social reader called News.me, which trawled a user's Twitter and Facebook feeds for stories their friends had shared. In mobile Safari, users can integrate the browser with their Twitter feeds to see all the links being shared by those they follow.

"The core idea is similar in that you're pulling your social sources as sources for news," said Haining in an interview.

To say it's copying doesn't seem accurate, per se. What Apple is doing seems more like curation, or perhaps promoting good ideas that it thinks would work at scale.

While it might seem unfair that Apple can grab these ideas whenever it wants, it's simply another effect of a model that's, on the whole, yielded great benefits for the rest of us.
http://www.washingtonpost.com/blogs/...its-new-ideas/





Effort Underway to Declassify Document that is Legal Foundation for NSA Phone Program
Ellen Nakashima and Carol D. Leonnig

In the recent stream of disclosures about National Security Agency surveillance programs, one document, sources say, has been conspicuously absent: the original — and still classified — judicial interpretation that held that the bulk collection of Americans’ data was lawful.

That document, written by Colleen Kollar-Kotelly, then chief judge of the Foreign Intelligence Surveillance Court (FISC), provided the legal foundation for the NSA amassing a database of all Americans’ phone records, say current and former officials who have read it.

Now, more officials are saying that Americans should be able to read and understand how an important precedent was established under the 2001 USA Patriot Act, which was passed after the Sept. 11, 2001, attacks.

“The original legal interpretation that said that the Patriot Act could be used to collect Americans’ records in bulk should never have been kept secret and should be declassified and released,” Sen. Ron Wyden (D-Ore) said in a statement to The Washington Post. “This collection has been ongoing for years and the public should be able to compare the legal interpretation under which it was originally authorized with more recent documents.”

Kollar-Kotelly told associates this summer that she wanted her legal argument out, according to two people familiar with what she said. Several members of the intelligence court want more transparency about the court’s role to dispel what they consider a misperception that the court acted as a rubber stamp for the administration’s top-secret spying programs. The court meets in secret to hear applications for domestic surveillance and its opinions generally are not made public.

Kollar-Kotelly, who is no longer on the FISC, declined to comment, as did the current chief judge, Reggie B. Walton.

Kollar-Kotelly’s interpretation served as the legal basis for a court authorization in May 2006 that allowed the NSA to gather on a daily basis the phone records of tens of millions of Americans, sources say. Her analysis, more than 80 pages long, was “painstakingly thorough,” said one person who read it. The date of the analysis has not been disclosed.

The broad outlines of the judge’s argument have been revealed via a Justice Department “white paper.” And last month, the administration released a 29-page opinion written in August that defended the program by asserting essentially that as long as some Americans’ phone records might be “relevant” to a terrorism investigation, the government may collect them all. But that opinion, current and former officials said, is not a substitute for Kollar-Kotelly’s original interpretation.

“If the question is, ‘How was this program authorized and what type of legal analysis first took place?’ the 2013 opinion is just not responsive,” said one former senior Obama administration official. “It’s hard for me to imagine, with all that’s already out there, that highly classified intelligence material would be so deeply entwined in the legal analysis in that original interpretation that they couldn’t somehow release it.”

Asked to comment, Justice Department spokesman Brian Fallon said, “Already so far, the department has declassified a white paper explaining the legal basis for the [phone records] program, and the court has publicly posted an opinion upholding its lawfulness.” He declined to confirm or deny the existence of Kollar-Kotelly’s original interpretation.

According to a draft NSA inspector general report obtained by The Post from former NSA contractor Edward Snowden, Kollar-Kotelly in 2004 approved the NSA’s collection of Americans’ bulk e-mail metadata records (to-from addresses, dates, time stamps, etc.) using a Patriot Act provision similar to one the court used in 2006 to authorize the phone records program. The argument made for the e-mail metadata program, analysts say, may have been used to justify the phone records collection.

The phone program logs metadata such as numbers called and the time and duration of calls but not names or content.

Fallon said that “additional materials related to the [phone] program are under review for possible declassification and release” in response to lawsuits by the American Civil Liberties Union and the Electronic Frontier Foundation. The original interpretation is one of a number of classified court documents and executive branch rulings that some lawmakers say should be declassified.and released

Government lawyers have told the ACLU that they are withholding at least two significant FISC opinions — one from 2008 and one from 2010 — relating to the Patriot Act’s Section 215, or “business records” provision.

Fallon declined to comment.

The Justice Department also is reviewing a 2006 court opinion related to the Section 215 provision to determine whether it can be released, said Alex Abdo, an ACLU staff lawyer. (A senior department official told The Post that no 2006 Kollar-Kotelly opinion is based on that provision.)

Kenneth Wainstein, a former senior Justice Department official now on the Public Interest Declassification Board, an advisory committee established by Congress, agreed that more disclosure is wise. “Especially when it comes to legal decisions about big programs,” he said at a recent panel discussion sponsored by the New York University School of Law, “we can talk about them in a sanitized way without disclosing sources and methods.”

Senate Judiciary Committee Chairman Patrick J. Leahy (D-Vt.) said in a statement to The Post that he is “particularly interested” in seeing the administration declassify and release “any additional legal analysis” related to the phone records program. “That,” he said, “is exactly the sort of transparency we need in order to have a full and open debate about whether this program is legal and appropriate or needed.”
http://www.washingtonpost.com/world/...7d8_story.html





Privacy Fears Grow as Cities Increase Surveillance
Somini Sengupta

Federal grants of $7 million awarded to this city were meant largely to help thwart terror attacks at its bustling port. But instead, the money is going to a police initiative that will collect and analyze reams of surveillance data from around town — from gunshot-detection sensors in the barrios of East Oakland to license plate readers mounted on police cars patrolling the city’s upscale hills.

The new system, scheduled to begin next summer, is the latest example of how cities are compiling and processing large amounts of information, known as big data, for routine law enforcement. And the system underscores how technology has enabled the tracking of people in many aspects of life.

The police can monitor a fire hose of social media posts to look for evidence of criminal activities; transportation agencies can track commuters’ toll payments when drivers use an electronic pass; and the National Security Agency, as news reports this summer revealed, scooped up telephone records of millions of cellphone customers in the United States.

Like the Oakland effort, other pushes to use new surveillance tools in law enforcement are supported with federal dollars. The New York Police Department, aided by federal financing, has a big data system that links 3,000 surveillance cameras with license plate readers, radiation sensors, criminal databases and terror suspect lists. Police in Massachusetts have used federal money to buy automated license plate scanners. And police in Texas have bought a drone with homeland security money, something that Alameda County, which Oakland is part of, also tried but shelved after public protest.

Proponents of the Oakland initiative, formally known as the Domain Awareness Center, say it will help the police reduce the city’s notoriously high crime rates. But critics say the program, which will create a central repository of surveillance information, will also gather data about the everyday movements and habits of law-abiding residents, raising legal and ethical questions about tracking people so closely.

Libby Schaaf, an Oakland City Council member, said that because of the city’s high crime rate, “it’s our responsibility to take advantage of new tools that become available.” She added, though, that the center would be able to “paint a pretty detailed picture of someone’s personal life, someone who may be innocent.”

For example, if two men were caught on camera at the port stealing goods and driving off in a black Honda sedan, Oakland authorities could look up where in the city the car had been in the last several weeks. That could include stoplights it drove past each morning and whether it regularly went to see Oakland A’s baseball games.

For law enforcement, data mining is a big step toward more complete intelligence gathering. The police have traditionally made arrests based on small bits of data — witness testimony, logs of license plate readers, footage from a surveillance camera perched above a bank machine. The new capacity to collect and sift through all that information gives the authorities a much broader view of the people they are investigating.

For the companies that make big data tools, projects like Oakland’s are a big business opportunity. Microsoft built the technology for the New York City program. I.B.M. has sold data-mining tools for Las Vegas and Memphis.

Oakland has a contract with the Science Applications International Corporation, or SAIC, to build its system. That company has earned the bulk of its $12 billion in annual revenue from military contracts. As the federal military budget has fallen, though, SAIC has diversified to other government agency projects, though not without problems.

The company’s contract to help modernize the New York City payroll system, using new technology like biometric readers, resulted in reports of kickbacks. Last year, the company paid the city $500 million to avoid a federal prosecution. The amount was believed to be the largest ever paid to settle accusations of government contract fraud. SAIC declined to comment.

Even before the initiative, Oakland spent millions of dollars on traffic cameras, license plate readers and a network of sound sensors to pick up gunshots. Still, the city has one of the highest violent crime rates in the country. And an internal audit in August 2012 found that the police had spent $1.87 million on technology tools that did not work properly or remained unused because their vendors had gone out of business.

The new center will be far more ambitious. From a central location, it will electronically gather data around the clock from a variety of sensors and databases, analyze that data and display some of the information on a bank of giant monitors.

The city plans to staff the center around the clock. If there is an incident, workers can analyze the many sources of data to give leads to the police, fire department or Coast Guard. In the absence of an incident, how the data would be used and how long it would be kept remain largely unclear.

The center will collect feeds from cameras at the port, traffic cameras, license plate readers and gunshot sensors. The center will also be integrated next summer with a database that allows police to tap into reports of 911 calls. Renee Domingo, the city’s emergency services coordinator, said school surveillance cameras, as well as video data from the regional commuter rail system and state highways, may be added later.

Far less advanced surveillance programs have elicited resistance at the local and state level. Iowa City, for example, recently imposed a moratorium on some surveillance devices, including license plate readers. The Seattle City Council forced its police department to return a federally financed drone to the manufacturer.

In Virginia, the state police purged a database of millions of license plates collected by cameras, including some at political rallies, after the state’s attorney general said the method of collecting and saving the data violated state law. But for a cash-starved city like Oakland, the expectation of more federal financing makes the project particularly attractive. The City Council approved the program in late July, but public outcry later compelled the council to add restrictions. The council instructed public officials to write a policy detailing what kind of data could be collected and protected, and how it could be used. The council expects the privacy policy to be ready before the center can start operations.

The American Civil Liberties Union of Northern California described the program as “warrantless surveillance” and said “the city would be able to collect and stockpile comprehensive information about Oakland residents who have engaged in no wrongdoing.”

The port’s chief security officer, Michael O’Brien, sought to allay fears, saying the center was meant to hasten law-enforcement response time to crimes and emergencies. “It’s not to spy on people,” he said.

Steve Spiker, research and technology director at the Urban Strategies Council, an Oakland nonprofit organization that has examined the effectiveness of police technology tools, said he was uncomfortable with city officials knowing so much about his movements. But, he said, there is already so much public data that it makes sense to enable government officials to collect and analyze it for the public good.

Still, he would like to know how all that data would be kept and shared. “What happens,” he wondered, “when someone doesn’t like me and has access to all that information?”
http://www.nytimes.com/2013/10/14/te...in-cities.html





NSA Collects Millions of E-Mail Address Books Globally
Barton Gellman and Ashkan Soltani

The National Security Agency is harvesting hundreds of millions of contact lists from personal e-mail and instant messaging accounts around the world, many of them belonging to Americans, according to senior intelligence officials and top-secret documents provided by former NSA contractor Edward Snowden.

The collection program, which has not been disclosed before, intercepts e-mail address books and “buddy lists” from instant messaging services as they move across global data links. Online services often transmit those contacts when a user logs on, composes a message, or synchronizes a computer or mobile device with information stored on remote servers.

Rather than targeting individual users, the NSA is gathering contact lists in large numbers that amount to a sizable fraction of the world’s e-mail and instant messaging accounts. Analysis of that data enables the agency to search for hidden connections and to map relationships within a much smaller universe of foreign intelligence targets.

During a single day last year, the NSA’s Special Source Operations branch collected 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers, according to an internal NSA PowerPoint presentation. Those figures, described as a typical daily intake in the document, correspond to a rate of more than 250 million a year.

Each day, the presentation said, the NSA collects contacts from an estimated 500,000 buddy lists on live-chat services as well as from the inbox displays of Web-based e-mail accounts.

The collection depends on secret arrangements with foreign telecommunications companies or allied intelligence services in control of facilities that direct traffic along the Internet’s main data routes.

Although the collection takes place overseas, two senior U.S. intelligence officials acknowledged that it sweeps in the contacts of many Americans. They declined to offer an estimate but did not dispute that the number is likely to be in the millions or tens of millions.

A spokesman for the Office of the Director of National Intelligence, which oversees the NSA, said the agency “is focused on discovering and developing intelligence about valid foreign intelligence targets like terrorists, human traffickers and drug smugglers. We are not interested in personal information about ordinary Americans.”

The spokesman, Shawn Turner, added that rules approved by the attorney general require the NSA to “minimize the acquisition, use and dissemination” of information that identifies a U.S. citizen or permanent resident.

The NSA’s collection of nearly all U.S. call records, under a separate program, has generated significant controversy since it was revealed in June. The NSA’s director, Gen. Keith B. Alexander, has defended “bulk” collection as an essential counterterrorism and foreign intelligence tool, saying, “You need the haystack to find the needle.”

Contact lists stored online provide the NSA with far richer sources of data than call records alone. Address books commonly include not only names and e-mail addresses, but also telephone numbers, street addresses, and business and family information. Inbox listings of e-mail accounts stored in the “cloud” sometimes contain content, such as the first few lines of a message.

Taken together, the data would enable the NSA, if permitted, to draw detailed maps of a person’s life, as told by personal, professional, political and religious connections. The picture can also be misleading, creating false “associations” with ex-spouses or people with whom an account holder has had no contact in many years.

The NSA has not been authorized by Congress or the special intelligence court that oversees foreign surveillance to collect contact lists in bulk, and senior intelligence officials said it would be illegal to do so from facilities in the United States. The agency avoids the restrictions in the Foreign Intelligence Surveillance Act by intercepting contact lists from access points “all over the world,” one official said, speaking on the condition of anonymity to discuss the classified program. “None of those are on U.S. territory.”

Because of the method employed, the agency is not legally required or technically able to restrict its intake to contact lists belonging to specified foreign intelligence targets, he said.

When information passes through “the overseas collection apparatus,” the official added, “the assumption is you’re not a U.S. person.”

In practice, data from Americans is collected in large volumes — in part because they live and work overseas, but also because data crosses international boundaries even when its American owners stay at home. Large technology companies, including Google and Facebook, maintain data centers around the world to balance loads on their servers and work around outages.

A senior U.S. intelligence official said the privacy of Americans is protected, despite mass collection, because “we have checks and balances built into our tools.”

NSA analysts, he said, may not search within the contacts database or distribute information from it unless they can “make the case that something in there is a valid foreign intelligence target in and of itself.”

In this program, the NSA is obliged to make that case only to itself or others in the executive branch. With few exceptions, intelligence operations overseas fall solely within the president’s legal purview. The Foreign Intelligence Surveillance Act, enacted in 1978, imposes restrictions only on electronic surveillance that targets Americans or takes place on U.S. territory.

By contrast, the NSA draws on authority in the Patriot Act for its bulk collection of domestic phone records, and it gathers online records from U.S. Internet companies, in a program known as PRISM, under powers granted by Congress in the FISA Amendments Act. Those operations are overseen by the Foreign Intelligence Surveillance Court.

Sen. Dianne Feinstein, the California Democrat who chairs the Senate Intelligence Committee, said in August that the committee has less information about, and conducts less oversight of, intelligence gathering that relies solely on presidential authority. She said she planned to ask for more briefings on those programs.

“In general, the committee is far less aware of operations conducted under 12333,” said a senior committee staff member, referring to Executive Order 12333, which defines the basic powers and responsibilities of the intelligence agencies. “I believe the NSA would answer questions if we asked them, and if we knew to ask them, but it would not routinely report these things, and, in general, they would not fall within the focus of the committee.”

Because the agency captures contact lists “on the fly” as they cross major Internet switches, rather than “at rest” on computer servers, the NSA has no need to notify the U.S. companies that host the information or to ask for help from them.

“We have neither knowledge of nor participation in this mass collection of web-mail addresses or chat lists by the government,” said Google spokeswoman Niki Fenwick.

At Microsoft, spokeswoman Nicole Miller said the company “does not provide any government with direct or unfettered access to our customers’ data,” adding that “we would have significant concerns if these allegations about government actions are true.”

Facebook spokeswoman Jodi Seth said that “we did not know and did not assist” in the NSA’s interception of contact lists.

It is unclear why the NSA collects more than twice as many address books from Yahoo than the other big services combined. One possibility is that Yahoo, unlike other service providers, has left connections to its users unencrypted by default.

Suzanne Philion, a Yahoo spokeswoman, said Monday in response to an inquiry from The Washington Post that, beginning in January, Yahoo would begin encrypting all its e-mail connections.

Google was the first to secure all its e-mail connections, turning on “SSL encryption” globally in 2010. People with inside knowledge said the move was intended in part to thwart large-scale collection of its users’ information by the NSA and other intelligence agencies.

The volume of NSA contacts collection is so high that it has occasionally threatened to overwhelm storage repositories, forcing the agency to halt its intake with “emergency detasking” orders. Three NSA documents describe short-term efforts to build an “across-the-board technology throttle for truly heinous data” and longer-term efforts to filter out information that the NSA does not need.

Spam has proven to be a significant problem for the NSA — clogging databases with information that holds no foreign intelligence value. The majority of all e-mails, one NSA document says, “are SPAM from ‘fake’ addresses and never ‘delivered’ to targets.”

In fall 2011, according to an NSA presentation, the Yahoo account of an Iranian target was “hacked by an unknown actor,” who used it to send spam. The Iranian had “a number of Yahoo groups in his/her contact list, some with many hundreds or thousands of members.”

The cascading effects of repeated spam messages, compounded by the automatic addition of the Iranian’s contacts to other people’s address books, led to a massive spike in the volume of traffic collected by the Australian intelligence service on the NSA’s behalf.

After nine days of data-
bombing, the Iranian’s contact book and contact books for several people within it were “emergency detasked.”

In a briefing from the NSA’s Large Access Exploitation working group, that example was used to illustrate the need to narrow the criteria for data interception. It called for a “shifting collection philosophy”: “Memorialize what you need” vs. “Order one of everything off the menu and eat what you want.”

Julie Tate contributed to this report. Soltani is an independent security researcher and consultant.
http://www.washingtonpost.com/world/...d8f_story.html





Lavabit Reinstates Service Briefly So Users Can Download Emails, Change Passwords
Richard Lawler

Email provider Lavabit shut down in August due to government pressure in the wake the Edward Snowden leaks, but it is apparently re-opening -- for a little while. A press release issued by Lavabit indicates that there's a two-step process, with step one giving users a chance to change their password (which started at 8PM ET tonight). Step two kicks in on October 17th or 18th and will let users download an archive of their stored messages and personal account data. The password change is in response to information that the company's SSL certificates have been compromised by the investigation. User's accounts should be secure under a new key after their passwords are reset, not to mention the bonus of having access to their data again. If you had an account, it's accessible at Liberty.Lavabit.com, those interested in founder Ladar Levison's legal battle can provide support at Rally.org.
http://www.engadget.com/2013/10/14/l...y-ssl-archive/





D-Link to Padlock Router Backdoor by End of October

The backdoor lets attackers change a router configuration without authenticating
Lucian Constantin

D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password.

The issue consists of a backdoor-type function built into the firmware of some D-Link routers that can be used to bypass the normal authentication procedure on their Web-based user interfaces.

Craig Heffner, a vulnerability researcher with Tactical Network Solutions, discovered and publicly reported the issue.

"If your browser's user agent string is 'xmlset_roodkcableoj28840ybtide' (no quotes), you can access the web interface without any authentication and view/change the device settings," he wrote Saturday in a blog post.

When read in reverse, the last part of this hard-coded value is "edit by 04882 joel backdoor."

D-Link will release firmware updates to address the vulnerability in affected routers by the end of October, the networking equipment manufacturer said via email.

The updates will be listed on a security page on the D-Link website and in the download section of the support page for each affected product.

The company did not clarify why the backdoor was placed in the firmware in the first place or what router models are affected.

According to Heffner, the affected models likely include D-Link's DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240 and possibly DIR-615. The BRL-04UR and BRL-04CW routers made by Planex Communications might also be vulnerable because they also appear to use the same firmware, he said.

The risk of unauthorized access is higher for routers that have been configured for remote management and have their Web administration interface exposed to the Internet.

However, even when the interface is only accessible from the internal network -- the default setting in D-Link routers -- this backdoor can still pose a threat because any visitor who connects to the wireless network or any piece of malware running on a computer inside the network can exploit it to make unauthorized changes to the router's configuration.

Such changes can have serious security consequences. For example, changing the DNS (Domain Name System) servers used by the router -- and inherently every device on the network -- with DNS servers controlled by an attacker would enable the attacker to redirect users to rogue websites when trying to access legitimate ones.

"Owners of affected devices can minimize any potential risk by ensuring that their router has the Wi-Fi password enabled and that remote access is disabled," D-Link said.

"If you receive unsolicited e-mails that relate to security vulnerabilities and prompt you to action, please ignore it," the company said. "When you click on links in such e-mails, it could allow unauthorized persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something."
http://www.computerworld.com/s/artic...end_of_October





DoJ: If We Can Track One American, We Can Track All Americans

Defendant is one of the few convicted using NSA's phone surveillance program.
Sean Vitka

Seven months after his conviction, Basaaly Moalin’s defense attorney moved for a new trial, arguing that evidence collected about him under the government’s recently disclosed dragnet telephone surveillance program violated his constitutional and statutory rights. Moalin’s is the only thwarted "terrorist plot" against America that the government says also "critically" relied on the National Security Agency phone surveillance program, conducted under Section 215 of the Patriot Act.

The government’s response (PDF), filed on September 30th, is a heavily redacted opposition arguing that when law enforcement can monitor one person’s information without a warrant, it can monitor everyone’s information, “regardless of the collection’s expanse.” Notably, the government is also arguing that no one other than the company that provided the information—including the defendant in this case—has the right to challenge this disclosure in court.

The success of these arguments is critical to the government; the terrorist plot for which Moalin and three other defendants were convicted in February was sending about $8,500 to al-Shabaab, known most recently for the Kenyan Westgate mall attack. The money was sent in 2007 and 2008.

The United States government designated al-Shabaab—which means “The Youth"—a terrorist group in 2008, but the FBI’s extensive wiretapping of Moalin started about two months before that. FBI Deputy Director Sean Joyce recently revealed to Congress that the FBI had also conducted another investigation into Moalin's activities in 2003 and ultimately concluded that there was “no nexus to terrorism.” This evidence was kept from the defense during trial.

The government’s opposition to a new trial relies heavily on a recently declassified opinion from the Foreign Intelligence Surveillance Court, which concluded that “where one individual does not have a Fourth Amendment interest, grouping together a large number of similarly situated individuals cannot result in a Fourth Amendment interest springing into existence ex nihilo.”

In an e-mail interview for this piece, Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, said the government's arguments are consistent with how it has justified these programs in other places. “But one of the most interesting aspects of the response in the Moalin case is… to argue there’s no standing.” The government has always argued that there’s no reasonable expectation to privacy in information handed to a third party like your phone or Internet provider, commonly referred to as the "third-party doctrine." But Fakhoury says that in this case, the government is taking an even more aggressive stance. In essence, its argument is that “these records aren’t even Moalin’s to begin with so he can’t complain.”

Fakhoury disagrees “with the idea that the user has no standing to challenge the use of evidence that says something about him” and thinks the government undermines its own argument about who has standing to contest the evidence. “[T]hey want to use the phone records to prove a fact about Moalin but then claim that these records aren’t his.”

A history of terms

Legally speaking, both sides have an argument. The Supreme Court has broadly endorsed the third-party doctrine since a pivotal case in 1979, and many lower courts have treated digital-age information very similarly. This year, a federal court in Arizona found that the acquisition of 1.8 million IP addresses did not violate a defendant’s Fourth Amendment rights after specifically citing that 1979 case.

But Fourth Amendment analysis is dependent on what constitutes a “reasonable expectation of privacy,” which is an inherently fluid term that has proven to be a dividing line. Within a week of that Arizona decision, a federal court in Michigan found that a warrant was required to track cell phone location data over the course of seven months—even if such information was technically metadata to which third parties have access.

The Supreme Court’s ultimate guidance seems like an inevitability. While the ‘regardless of scope’ argument has proven an impossible hurdle for some defendants, the most recent Supreme Court case on point, US v. Jones, offers significant hope to privacy advocates. There, the government had a similar argument as in Moalin, which the Court thoroughly rebuffed: it argued that an officer could have followed the defendant the whole time without violating any constitutional rights. In Moalin, that’s analogous to saying that the government could have accessed any individual’s phone records without any problem, and therefore, with the help of new technology, it should be able to access every record. Five justices held (in minority and concurring opinions) that continual tracking of a single person over the course of 28 days, through GPS tracking, violated a person’s reasonable expectation of privacy, simply because people expect such comprehensive surveillance to be improbable based on cost to law enforcement alone.

After Jones

If the Supreme Court found a temporal limitation in Jones, could it find a breadth limitation in the Moalin case? Or is the government right this time, and one person's records really do equal those of 314 million people (in America alone)? The arguments could get even more complex: at least one scholar claims that the acquisition of documents for retroactive investigation was repugnant to the founders, and a prohibition on such tactics was built into the Fourth Amendment.

Many of these unresolved questions could be cleared up if Moalin’s case moves up the judicial totem pole.

Because Moalin is a criminal defendant and the government has taken the unique step of citing his case as the example of where this legally questionable dragnet surveillance program was critically important, he has the best standing argument possible. In a legal context, standing refers to a party's right to seek legal remedy from the courts, which depends on that party having suffered or reasonably fearing that they will suffer some kind harm. It's a critical issue that has regularly thwarted other challenges to national security laws, and it's an issue on which the government has founded its opposition.

Beyond the defense’s constitutional argument, the government’s opposition largely dodges the defense’s other rights-based claim: that Moalin’s statutory rights were also violated under the FISA Amendments Act of 2008 (and perhaps under other statutes on which the government based its surveillance, but which have not been revealed by the prosecution). For instance, Section 702 of the FISA Amendments Act provides authority for the attorney general and director of National Intelligence to authorize interception of communications of people reasonably believed to be outside the United States. However, if the evidence about Moalin was collected as part of the NSA's practice of collecting communications two or three hops from a non-US person, which seems likely considering that ultimately four people residing in the United States were convicted in this case, his case would also be an opportunity to challenge the NSA's interpretation that the law provides for such expansive collection. Alternatively, it’s possible that the government's substantive arguments on these fronts occurred behind black bars (PDF, see page 10).

The defense’s other major argument for a new trial stems from the prosecution’s decision not to provide a significant amount of evidence that the defense believes would have helped exonerate Moalin, like the 2003 investigation referenced above that concluded there wasn't a "nexus" to terrorism. Prior to trial, the defense was prevented from obtaining information about that previous investigation—both the conclusion and the information leading to it, as well as about the most recent investigation—by the prosecution and then the court, after the government asserted that revealing the classified information could endanger national security. Moalin’s attorney discovered that his client had been subject to the Section 215 program only after FBI Deputy Director Joyce testified to Congress. And prosecutors are required to provide evidence that favors the defendant or impugns the credibility of a witness.
http://arstechnica.com/tech-policy/2...all-americans/





FISC Approves Phone Metadata Collection Yet Again

Program continues despite unwanted publicity.
Peter Bright

The Foreign Intelligence Surveillance Court has once again approved the blanket collection of telephony metadata from American phone companies.

The controversial program, justified under Foreign Services Intelligence Act, first came to light in June, when documents showing that Verizon was handing over phone metadata were published by The Guardian.

The previous order authorizing the collection of the information expired yesterday. The Office of the Director of National Intelligence has published a press release disclosing that the court has approved the government's request to re-authorize collection and continue the program.
http://arstechnica.com/tech-policy/2...ion-yet-again/





Apple iMessage Open to Man in the Middle, Spoofing Attacks
Dennis Fisher

The Apple iMessage protocol has been shrouded in secrecy for years now, but a pair of security researchers have reverse-engineered the protocol and found that Apple controls the encryption key infrastructure for the system and therefore has the ability to read users’ text messages–or decrypt them and hand them over at the order of a government agency.

The iMessage system is Apple’s proprietary text system, which works only among iOS devices. It uses a series of servers owned by Apple that receive and forward messages. Those messages are sent via Apple’s PUSH notification service, which keeps an IP connection open all the time to check for new notifications and display messages. Each iPhone, iPod or other iOS device serves as a PUSH client, and they communicate with Apple’s servers over SSL. The researchers found that while that basic framework makes sense from a security point of view, there are a number of issues with the iMessage system.

One major issue is that Apple itself controls the encryption key infrastructure use for iMessage, and has the keys for each individual user. The upshot of this is that Apple has the ability to read users’ messages if it so chooses. The researchers who looked at iMessage, known as Pod2g and GG, said that there is no evidence that Apple is in fact reading users’ iMessages, but it’s possible that the company could. Users’ AppleID passwords also are sent in clear text to the Apple servers.

“What we are saying: Apple can read your iMessages if they choose to, or if they are required to do so by a government order. As Apple claims, there is end-to-end encryption. The weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages,” the pair, who work for Quarkslab, wrote in a long analysis of the iMessage protocol.

“Also remember that the content of the message is one thing, but the metadata are also sensitive. And there, you rely on Apple to carry your messages, thus they have your metadata.”

Because the iMessages go through Apple’s servers, they essentially have a man-in-the-middle position on all of the communications among those devices. The company uses proper encryption to protect the communications, but the Quarkslab researchers discovered that Apple does not use certificate pinning for iMessage, meaning that the system is open to a MiTM attack by outside attackers. During their research, Pod2g and GG were able to create a new certificate authority, add it to an iPhone keychain and then proxy the SSL communications to and from the device. Certificate pinning is the process of associating a given host with a specific certificate. That way, if a browser or other client encounters a certificate for a host that isn’t the expected one, it can reject it and warn the user of the problem. Google, for example, use certificate pinning for many of its Web properties.

“I guess they just didn’t get around to it. There’s no great reason, I think they just didn’t do it. The Twitter app does, which is kind of ironic because Twitter isn’t typically handling your sensitive information,” said Matthew Green, a cryptographer and research professor at Johns Hopkins University.

The lack of certificate pinning for iMessage is troubling, the researchers said, as it opens the door for attackers to create a forged CA, and if they can get it onto a device or devices, proxy all of the supposedly encrypted communications. This is especially problematic in enterprise environments that employ Apple’s iPhone Configuration Utility, which enables enterprises to manage iPhones centrally. An attacker could install his CA at enrollment on all of the target devices.

“All communications to Apple’s servers are made through a secure SSL tunnel. We do not need to know what protocol is used or how packets are forged. The first thing we want to try when we see that is adding a certificate to perform a MITM. We were actually very surprised it worked as easily, which means there is no certificate pinning. We created a fake CA, and added it to the iPhone keychain. Then, we could proxify communications much more easily. When a SSL communication arrives to the proxy, we generate a certificate signed by the newly added CA, and everything becomes unencrypted,” the researchers said.

The researchers put together several scenarios through which an attacker could intercept iMessage transmissions through a MiTM attack. They also developed a tool called iMiTMProtect that can defeat certain of these attacks on OS X devices. Green of Johns Hopkins said that there are other methods that Apple could have used for the key infrastructure to avoid some of these problems.

“Companies like Silent Circle do real end-to-end key management and OTR (Off the Record) messaging. So all of these instant message things that use OTR-like protocols , they do end to end key establishment. The idea there is that the two parties establish keys without any central directory. And then what you’re supposed to do is either compare a key fingerprint over another phone line or you’re supposed to check – Silent Circle has an authentication string – so you’re supposed to read this string back and forth over the phone. That is the alternative way. That is the de-centralized version of this where you don’t have to trust Apple or some centralized server. And maybe that’s too hard for some people, but a lot of people will use OTR; it’s pretty easy to use. It certainly wouldn’t be so hard to add something like that as an optional feature for security-conscious people into iMessage. Definitely you can do better,” Green said.
http://threatpost.com/apple-imessage...attacks/102610





Greenwald Exits Guardian for New Omidyar Media Venture
Mark Hosenball

Glenn Greenwald, who has made headlines around the world with his reporting on U.S. electronic surveillance programs, is leaving the Guardian newspaper to join a new media venture funded by eBay founder Pierre Omidyar, according to people familiar with the matter.

Greenwald, who is based in Brazil and was among the first to report information provided by one-time U.S. National Security Agency (NSA) contractor Edward Snowden, wrote in a blog post on Tuesday that he was presented with a "once-in-a-career dream journalistic opportunity" that he could not pass up.

He did not reveal any specifics of the new media venture but said details would be announced soon. Greenwald did not immediately respond to a request for comment.

Two sources familiar with the new venture said the financial backer was Omidyar. It was not immediately clear if he was the only backer or if there were other partners.

Omidyar could not immediately be reached for comment.

Omidyar, who is chairman of the board at eBay Inc but is not involved in day-to-day operations at the company, has numerous philanthropic, business and political interests, mainly through an investment entity called the Omidyar Network.

Forbes pegged the 46-year-old Omidyar's net worth at $8.5 billion.

Among his ventures is Honolulu Civil Beat, a news website covering public affairs in Hawaii. Civil Beat aimed to create a new online journalism model with paid subscriptions and respectful comment threads, though it is unclear how successful it has been.

Omidyar, a French-born Iranian-American, also founded the Democracy Fund to support "social entrepreneurs working to ensure that our political system is responsive to the public," according to its website.

Omidyar's active Twitter account suggests he is very concerned about the government spying programs exposed by Greenwald and Snowden.

The former NSA contractor was granted asylum in Russia on August 1. He is living in a secret location beyond the reach of U.S. authorities who want him on espionage charges because he leaked the details of top-secret electronic spying programs to the media.

"There goes freedom of association: NSA collects millions of e-mail address books globally," Omidyar tweeted on Tuesday, pointing to a new Washington Post story based on Snowden documents.

Jennifer Lindauer, a spokeswoman for the Guardian, said in a statement posted on Greenwald's site: "We are of course disappointed by Glenn's decision to move on, but can appreciate the attraction of the new role he has been offered. We wish him all the best."

The news of Greenwald's departure from the Guardian was reported earlier by Buzzfeed.

(Additional reporting by Jennifer Saba in New York and Jonathan Weber in San Francisco; Editing by Tiffany Wu and Grant McCool)
http://www.reuters.com/article/2013/...99E18D20131015





Snowden Says He Took No Secret Files to Russia
James Risen

Edward J. Snowden, the former National Security Agency contractor, said in an extensive interview this month that he did not take any secret N.S.A. documents with him to Russia when he fled there in June, assuring that Russian intelligence officials could not get access to them.

Mr. Snowden said he gave all of the classified documents he had obtained to journalists he met in Hong Kong, before flying to Moscow, and did not keep any copies for himself. He did not take the files to Russia “because it wouldn’t serve the public interest,” he said.

“What would be the unique value of personally carrying another copy of the materials onward?” he added.

He also asserted that he was able to protect the documents from China’s spies because he was familiar with that nation’s intelligence abilities, saying that as an N.S.A. contractor he had targeted Chinese operations and had taught a course on Chinese cybercounterintelligence.

“There’s a zero percent chance the Russians or Chinese have received any documents,” he said.

American intelligence officials have expressed grave concern that the files might have fallen into the hands of foreign intelligence services, but Mr. Snowden said he believed that the N.S.A. knew he had not cooperated with the Russians or the Chinese. He said he was publicly revealing that he no longer had any agency documents to explain why he was confident that Russia had not gained access to them. He had been reluctant to disclose that information previously, he said, for fear of exposing the journalists to greater scrutiny.

In a wide-ranging interview over several days in the last week, Mr. Snowden offered detailed responses to accusations that have been leveled against him by American officials and other critics, provided new insights into why he became disillusioned with the N.S.A. and decided to disclose the documents, and talked about the international debate over surveillance that resulted from the revelations. The interview took place through encrypted online communications.

Mr. Snowden, 30, has been praised by privacy advocates and assailed by government officials as a traitor who has caused irreparable harm, and he is facing charges under the Espionage Act for leaking the N.S.A. documents to the news media. In the interview, he said he believed he was a whistle-blower who was acting in the nation’s best interests by revealing information about the N.S.A.’s surveillance dragnet and huge collections of communications data, including that of Americans.

He argued that he had helped American national security by prompting a badly needed public debate about the scope of the intelligence effort. “The secret continuance of these programs represents a far greater danger than their disclosure,” he said. He added that he had been more concerned that Americans had not been told about the N.S.A.’s reach than he was about any specific surveillance operation.

“So long as there’s broad support amongst a people, it can be argued there’s a level of legitimacy even to the most invasive and morally wrong program, as it was an informed and willing decision,” he said. “However, programs that are implemented in secret, out of public oversight, lack that legitimacy, and that’s a problem. It also represents a dangerous normalization of ‘governing in the dark,’ where decisions with enormous public impact occur without any public input.”

Mr. Snowden said he had never considered defecting while in Hong Kong, nor in Russia, where he has been permitted to stay for one year. He said he felt confident that he had kept the documents secure from Chinese spies, and that the N.S.A. knew he had done so. His last target while working as an agency contractor was China, he said, adding that he had had “access to every target, every active operation” mounted by the N.S.A. against the Chinese. “Full lists of them,” he said.

“If that was compromised,” he went on, “N.S.A. would have set the table on fire from slamming it so many times in denouncing the damage it had caused. Yet N.S.A. has not offered a single example of damage from the leaks. They haven’t said boo about it except ‘we think,’ ‘maybe,’ ‘have to assume’ from anonymous and former officials. Not ‘China is going dark.’ Not ‘the Chinese military has shut us out.’ ”

An N.S.A. spokeswoman did not respond Thursday to a request for comment on Mr. Snowden’s assertions.

Mr. Snowden said his decision to leak N.S.A. documents developed gradually, dating back at least to his time working as a technician in the Geneva station of the C.I.A. His experiences there, Mr. Snowden said, fed his doubts about the intelligence community, while also convincing him that working through the chain of command would only lead to retribution.

He disputed an account in The New York Times last week reporting that a derogatory comment placed in his personnel evaluation while he was in Geneva was a result of suspicions that he was trying to break in to classified files to which he was not authorized to have access. (The C.I.A. later took issue with the description of why he had been reprimanded.) Mr. Snowden said the comment was placed in his file by a senior manager seeking to punish him for trying to warn the C.I.A. about a computer vulnerability.

Mr. Snowden said that in 2008 and 2009, he was working in Geneva as a telecommunications information systems officer, handling everything from information technology and computer networks to maintenance of the heating and air-conditioning systems. He began pushing for a promotion, but got into what he termed a “petty e-mail spat” in which he questioned a senior manager’s judgment.

Several months later, Mr. Snowden said, he was writing his annual self-evaluation when he discovered flaws in the software of the C.I.A.’s personnel Web applications that would make them vulnerable to hacking. He warned his supervisor, he said, but his boss advised him to drop the matter and not rock the boat. After a technical team also brushed him off, he said, his boss finally agreed to allow him to test the system to prove that it was flawed.

He did so by adding some code and text “in a nonmalicious manner” to his evaluation document that showed that the vulnerability existed, he said. His immediate supervisor signed off on it and sent it through the system, but a more senior manager — the man Mr. Snowden had challenged earlier — was furious and filed a critical comment in Mr. Snowden’s personnel file, he said.

He said he had considered filing a complaint with the C.I.A.’s inspector general about what he considered to be a reprisal, adding that he could not recall whether he had done so or a supervisor had talked him out of it. A C.I.A. spokesman declined to comment on Mr. Snowden’s account of the episode or whether he had filed a complaint.

But the incident, Mr. Snowden said, convinced him that trying to work through the system would only lead to punishment. He said he knew of others who suffered reprisals for what they had exposed, including Thomas A. Drake, who was prosecuted for disclosing N.S.A. contracting abuses to The Baltimore Sun. (He met with Mr. Snowden in Moscow last week to present an award to him for his actions.) And he knew other N.S.A. employees who had gotten into trouble for embarrassing a senior official in an e-mail chain that included a line, referring to the Chinese Army, that said, “Is this the P.L.A. or the N.S.A.?”

Mr. Snowden added that inside the spy agency “there’s a lot of dissent — palpable with some, even.” But he said that people were kept in line through “fear and a false image of patriotism,” which he described as “obedience to authority.”

He said he believed that if he tried to question the N.S.A.’s surveillance operations as an insider, his efforts “would have been buried forever,” and he would “have been discredited and ruined.” He said that “the system does not work,” adding that “you have to report wrongdoing to those most responsible for it.”

Mr. Snowden said he finally decided to act when he discovered a copy of a classified 2009 inspector general’s report on the N.S.A.’s warrantless wiretapping program during the Bush administration. He said he found the document through a “dirty word search,” which he described as an effort by a systems administrator to check a computer system for things that should not be there in order to delete them and sanitize the system.

“It was too highly classified to be where it was,” he said of the report. He opened the document to make certain that it did not belong there, and after he saw what it revealed, “curiosity prevailed,” he said.

After reading about the program, which skirted the existing surveillance laws, he concluded that it had been illegal, he said. “If the highest officials in government can break the law without fearing punishment or even any repercussions at all,” he said, “secret powers become tremendously dangerous.”

He would not say exactly when he read the report, or discuss the timing of his subsequent actions to collect N.S.A. documents in order to leak them. But he said that reading the report helped crystallize his decision. “You can’t read something like that and not realize what it means for all of these systems we have,” he said.

Mr. Snowden said that the impact of his decision to disclose information about the N.S.A. had been bigger than he had anticipated. He added that he did not control what the journalists who had the documents wrote about. He said that he handed over the documents to them because he wanted his own bias “divorced from the decision-making of publication,” and that “technical solutions were in place to ensure the work of the journalists couldn’t be interfered with.”

Mr. Snowden declined to provide details about his living conditions in Moscow, except to say that he was not under Russian government control and was free to move around.
http://www.nytimes.com/2013/10/18/wo...to-russia.html





Europe Moves to Shield Citizens’ Data
James Kanter

Lawmakers here have introduced a measure in the European Parliament that could require American companies like Google and Yahoo to seek clearance from European officials before complying with United States warrants seeking private data.

The measure, an amendment to a broader electronic privacy law pending in Parliament, is a response to Prism, the secret spying program led by the National Security Agency that came to light in June. Europeans were outraged by the revelations that some of the biggest American Internet companies, many of whose users live in Europe, were required by the United States authorities to share information in e-mail, Web searches and other online data.

Parliament’s Committee on Civil Liberties, Justice and Home Affairs may vote on the amendment as soon as Monday, said Jan Philipp Albrecht, the German member who is responsible for steering the legislation through the Parliament. His office later clarified that the vote could be delayed until Thursday. Once it wins approval by the committee, Mr. Albrecht may begin negotiations on the Parliament’s behalf with European governments, which are discussing their own version of new privacy rules.

But a European Union official, who spoke on condition of anonymity, said the vote could be further delayed if the United States intervened or if there was heavy lobbying by tech industry groups that oppose the bill.

The American government successfully lobbied against a similar move by European officials two years ago. The reports about the N.S.A.’s activities gave European privacy rights proponents new incentive to pursue the matter again.

Mr. Albrecht briefed reporters on the amendment on Thursday, saying it was meant to end a system in which European citizens have scant data protection from American law enforcement agencies.

“What happens today is that companies transfer personal data from Europe to a third state like the United States without having a legal base in European Union law,” he said. If the measure becomes law, Mr. Albrecht said, companies “will be forbidden to do that.”

A spokesman for the United States mission to the European Union declined to comment on Thursday. Messages seeking comment from Yahoo received no response. Google declined to comment.

The measure would obligate companies not based in the European Union to nonetheless comply with European data protection rules if they operate in Europe. Violators could face fines of as much as 5 percent of a company’s global annual revenue.

The amendment would require companies to seek approval from a “supervisory authority” in a bloc country before transferring data on a person’s individual electronic communications, whether phone calls, e-mails, Web searches or social media interactions, outside the union at the request of a foreign government or court.

The broader privacy legislation has been debated for more than two years. Mr. Albrecht said he would like a final draft of the legislation to be approved by the spring and to go into effect two years later.

That plan could be stymied by intense lobbying by Silicon Valley companies and other powerful groups in Brussels — and by sparring among European governments about how far to go in protecting privacy.

Ireland, Britain and other countries are concerned that the European Union is failing to take advantage of growth opportunities from Internet businesses that might help revive the economy. Apple, Facebook and Google all have European headquarters in Dublin.

Even if the new rules are approved, existing bilateral agreements between individual European governments and the United States might keep data flowing across the Atlantic as part of efforts to fight terror and crime.
http://www.nytimes.com/2013/10/18/te...-us-reach.html





Snapchat Admits to Handing Unopened 'Snaps' to US Law Enforcement

The director of operations says the company has complied with search warrants under the ECPA about a dozen times since May
Amanda Holpuch

The photo-sharing app Snapchat has admitted to handing over to American law enforcement agencies images not yet seen by its users.

In a blogpost on Monday, the company outlined the circumstances under which it has given photos – which the company calls "snaps" – to investigators.

“Since May 2013, about a dozen of the search warrants we’ve received have resulted in us producing unopened snaps to law enforcement,” said Snapchat director of operations Micah Schaffer. The only photos handed over have been unopened snaps, because those are the only images the company stores on its servers.

Snapchat works by allowing users to take photos or short videos, then share them with friends for up to 10 seconds before the image self-destructs. If a recipient screenshots the photo, the app alerts the original sender, though hacks to interrupt this function do exist.

In a blogpost in May, Snapchat said once a photo has been opened by all of its recipients, it is deleted from the servers. A forensic software company said it can recover the deleted photos from Android phones and was working on a way to recover them from iPhones.

The photos must be uploaded on company servers to get to the recipient, and Schaffer said only he and the co-founder Bobby Murphy have access to a tool that lets them manually retrieve unopened snaps.

The company said it would retrieve an unopened snap if it receives a search warrant and the snap is still on its server, under requirements by the federal Electronic Communications Privacy Act (ECPA).

Schaffer said he was clarifying Snapchat’s access policy following the release of the app’s new stories feature, which organizes snaps together. These photos can be viewed repeatedly in the first 24 hours after being sent and are then deleted from the company’s servers. The same legal requirements apply to stories and snaps.

Snapchat is thought be worth about $800m. A former friend of Murphy and Snapchat’s co-founder Evan Spiegel is suing the pair for 20% share into the company.
http://www.theguardian.com/world/201...aw-enforcement





A Court Order is an Insider Attack
Ed Felten

Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data. They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access?

The answer is simple but subtle: There are good reasons to protect against insider attacks, and a court order is an insider attack.

To see why, consider two companies, which we’ll call Lavabit and Guavabit. At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party—in this case, the drug cartel.

From a purely technological standpoint, these two scenarios are exactly the same: an employee copies user data and gives it to an outside party. Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company. Neither of these differences is visible to the company’s technology—it can’t read the employee’s mind to learn the motivation, and it can’t tell where the data will go once it has been extracted from the company’s system. Technical measures that prevent one access scenario will unavoidably prevent the other one.

Insider attacks are a big problem. You might have read about a recent insider attack against the NSA by Edward Snowden. Similar but less spectacular attacks happen all the time, and Lavabit, or any well-run service that holds user data, has good reason to try to control them.

From a user’s standpoint, a service’s resistance to insider attacks does more than just protect against rogue employees. It also helps to ensure that a company will not be tempted to repurpose or sell user data for commercial gain without getting users’ permission.

In the end, what led to Lavabit’s shutdown was not that the company’s technology was too resistant to insider attacks, but that it wasn’t resistant. The government got an order that would have required Lavabit to execute the ultimate insider attack, essentially giving the government a master key to unlock the data of any Lavabit user at any time. Rather than do this, Lavabit chose to shut down.

Had Lavabit had in place measures to prevent disclosure of its master key, it would have been unable to comply with the ultimate court order—and it would have also been safe against a rogue employee turning over its master key to bad actors.

Users who want ultimate email security will now be looking for a provider that more strongly resists insider attacks. That level of security is very difficult to achieve—but law-abiding users have good reason to seek it.
https://freedom-to-tinker.com/blog/f...nsider-attack/





Copyright Pirates Vow To Fight On After Filesharing Site Isohunt Walks The Plank
Jasper Hamill

Internet pirates are preparing to set sail for new waters following the shutdown of the decade-old filesharing site Isohunt. Following a long court battle, the world-famous site agreed to switch off the lights for good today and pay out a mammoth $110 million settlement, although there’s little sense of where this cash will come from and how it will be handed over to movie studios. However, supporters claimed the court case represented little more than a “paper victory” in an age where content was freely available to anyone who knows where to look. They vowed to continue campaigning for copyright reform.

According to the Motion Picture Association of America (MPAA), which led the case, more than 44 million people used Isohunt to share more than 13.7 million torrent files, which allow swarms of ‘peers’ to share movies, video games, albums or most other kinds of copyrighted content. Isohunt tried to argue that it was merely an innocent search engine which provided an index of links to files, rather than the files themselves, but this failed to save it.

Following a previous ruling, Isohunt’s Canadian founder, Gary Fung, was due to appear in front of a Los Angeles federal court on November 5, where the MPAA were hoping to win a settlement of up to $600 million in damages. But Fung threw in the towel today, admitting defeat and agreeing to pay the smaller – but still huge – sum of $110million. No-one really knows how and when the film studios can expect to receive their money.

Former U.S. Senator Chris Dodd, chairman and chief executive of the MPAA, exulted in the victory. In a triumphant statement, he said: “Today’s settlement is a major step forward in realizing the enormous potential of the Internet as a platform for legitimate commerce and innovation. It also sends a strong message that those who build businesses around encouraging, enabling, and helping others to commit copyright infringement are themselves infringers, and will be held accountable for their illegal actions.”

But while Hollywood and other copyright holders rubbed their hands with glee, many people online were upset to see the demise of such a famous site. On Twitter, one filesharer said the shuttering of his “favourite place” was ”the end of an era” while another simply moaned: “Isohunt is shutting down. Why god? Why?”

In an emotional blog post entitled “Hello, Brave New World”, Fung (or someone claiming to be him) said he would move on to new projects following the demise of his most famous creation. His skills are likely to be in great demand in the age of content streaming, even if he does have a $110million debt hanging over his head.



He wrote: “It’s sad to see my baby go. But I have fought the good fight, I have finished the race and I have remained faithful. 10.5 years of isoHunt has been a long journey by any business definition and forever in Internet startup time.

“It started as a programming hobby in my university days that has become so, so much more. It’s been a learning experience beyond what I imagined. I’ve done the best I could, pushing the social benefits of BitTorrent and file sharing, the searching and sharing of culture itself, but it’s time for me to move on to new software ideas and projects.”

But will the closure actually achieve anything? According to Loz Kaye, leader of the anti-copyright Pirate Party in the UK, the MPAA’s victory was a pointless gesture in the age of Netflix NFLX +2.24% and
Spotify, which offer cheap, legal and unfettered access to the sort of copyrighted music and film pirates once downloaded from filesharing sites.



“The attacks on filesharing sites are an endless, fruitless game of whack a mole,” he said. “We are all consuming media in different ways now, so the idea of downloading and owning content just seems a bit old fashioned. Download culture was a stepping stone to a new sort of society, where people think much more in terms of streaming. Expecting people not to share culture and content is hopeless.”

Kaye also pointed to studies which show that rather than being a drain on the creative industries, filesharers were in fact the biggest cultural consumers of all. According to a report by OFCOM, Britain’s broadcast watchdog, copyright infringers spend £26 on digital content every three months, compared with £16 spent by their law abiding neighbours.

Ernesto, who blogs at the piracy news site TorrentFreak and did not provide his surname, was scathing about the MPAA’s victory, which he derided as little more than a PR stunt, or what he called a “paper victory”.



“The impact of isoHunt’s closure will be pretty much non-existent,” he suggested. “Torrent sites have come and gone for more than a decade and these legal battles don’t seem to impress most other site owners. Four years ago, the MPAA won a similar case against TorrentSpy and very little has changed after that.

“Looking ahead I think that the MPAA and others will continue to crack down on file-sharing sites, most likely outside of court. Their priorities have shifted over the years and they are now putting more efforts into convincing third parties such as ISPs, payment providers, advertisers and search engines to do more to prevent piracy. This, combines with improved legal offerings will eventually make piracy less relevant.”

A search on the internet reveals that torrent sites are still very much available, although with their pop-ups and malware, the experience falls well short of the slick offerings of sites like Netflix. In the end, it might not be attourneys that finally kill off the pirates, but consumers themselves.
http://www.forbes.com/sites/jasperha...lks-the-plank/
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

October 12, October 5th, September 28th, September 21st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 11:19 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)