P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 11-04-18, 07:24 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - April 14th, ’18

Since 2002































April 14th, 2018




Telegram is the Hot New Source for Pirated Content

Law-abiding citizens: Please do NOT download. Thank you.
Manish Singh

Since its launch in 2013, the instant messaging platform Telegram has maintained a special appeal to journalists, activists, and others who care about privacy. On numerous occasions, the platform has boasted about the efforts it has made — such as enforcing “heavy encryption” — to bolster privacy for its users.

But there is one more incentive to use Telegram, which has been an open secret among hundreds of thousands of users. For much of its existence, the platform has served as a haven for online pirates, rivaling the access to illegally shared files provided by the open internet.

The instant messaging platform, which as of last month is used by more than 200 million users, is riddled with thousands of groups and channels whose sole purpose of existence is to share illegally copied movies, music albums, apps, and other content.

Channel admins told The Outline that they have not come across any resistance from Telegram despite the company, along with Apple and Google, maintaining a “zero tolerance” stance on copyright infringement. This permissiveness on Telegram’s part has led to the proliferation of a cottage industry of piracy marketplaces on the service. (Channel owners and members spoke to The Outline on the condition of anonymity.)

These channels, many of which have more than 100,000 members, have been illegally distributing hundreds of movies, television shows, and songs for years, an analysis by The Outline has found. But despite being flooded with sketchy channels, Telegram has yet to acknowledge the scope of the issue and has banned only a handful of the offenders.

To understand the scale of Telegram's piracy issue, look no further than Global Search, a platform feature that is designed to help users discover groups and channels. Looking up innocuous terms such as “movies,” “Hollywood,” “music,” and “Netflix” returns channels that offer content for direct download. For instance, Telegram users who wish to download “Annihilation,” the sci-fi movie that premiered on Netflix earlier this year, can do so by visiting the first channel that appears when they look up “Netflix” in Global Search results.

At the same time, many average Telegram users are unaware of the vast swathes of movies and other freely flowing questionable content on the platform (Global Search, while accessible from the main screen of the app, doesn’t advertise that it provides access to open channels with shared media; a user who doesn’t happen to search the name of a movie or other piece of content might never know it could do that). Some users who have been using Telegram to get their weekly dose of free media content say they don’t publicly talk about it as they believe Telegram would someday ban these channels if the word got out.

Those who have been using Telegram to download media files from the shady channels say they are in awe of the simplicity the service provides. (It feels worth saying at this point that there is no way to know what a file actually contains before inviting it onto your device, which is a flat-out huge risk.) “I think, people love the simplicity of Telegram, it’s akin to the 1990-2000s websites when Internet was really a freedom island for all,” one user Russia-based user said. Instead of linking to annoying, ad-filled file-sharing websites or asking users to install additional software (as is common on torrent websites such as The Pirate Bay and 1337x, and other questionable forums like mobilism.org and mega.co.nz) most channels upload the content directly to Telegram's cloud-based servers. This has enabled users to download a movie or a song directly to their phone or computer with a single tap. (On Telegram, too, there are a few channels that direct users to third-party websites.)

It's actually a challenge to use Telegram and not run into these sketchy groups.

The Outline spoke to 13 administrators and owners of these channels to understand their rationale for using Telegram to distribute pirated content. Most people said that the variety of options Telegram provides to keep their identities private were immensely useful.

Not only can the channel creators on Telegram remain anonymous to the outside world, even channel members cannot know who runs them. This is possible thanks to the bot platform that Telegram introduced in 2015. Aimed at developers, the bot platform offers APIs to control how interactions take place on Telegram. (From a privacy standpoint, this is perhaps a better approach to handle user identity on a platform. Groups on WhatsApp, by contrast, don’t conceal the phone numbers of participating members.)

“Telegram is also very popular here,” a Russia-based channel owner told The Outline. According to analytics firm SensorTower, Telegram is the second most popular iPhone app in Russia, its largest market. “We estimate that the app has been installed more than 32 million times in Russia,” Randy Nelson, Head of Mobile Insights at SensorTower told The Outline. “Downloads in Russia have seen significant growth. Last year, we estimate it was downloaded about 24 million times there, a 118 percent or 2.2 times increase year-over-year from 2016.”

“Facebook frequently bans our groups. Telegram doesn’t police things like them,” said an administrator whose two-year old channel distributes Bollywood titles. India is the second largest market of Telegram, according to SensorTower. Brazil, and the United States are among the top five markets for the service.

Some Telegram channel owners said they also appreciate the enormous amount of free storage they get on the platform. Telegram restricts a user from uploading a file that is larger than 1.5GB in size (a two-hour movie, encoded with HEVC media codec, with a variable bitrate between 400KBps to 2MBps would weigh under 1.5GB, for instance) but there is no limit to the number of files they can upload. This has enabled some channels to share hundreds of gigabytes of content. On other platforms, they would need to pay for the storage. The Bollywood-channel administrator cited above said he has likely distributed more than 10TB of content on the platform.

For several newcomers, Telegram is a goldmine. “The thing is I started my channel to earn money,” owner of a channel, which trades courses of Lynda, Udemy, Masterclass, and The Teaching Company, told The Outline. “All the right audience is here on Telegram,” he said.

A music industry source told The Outline that several content creators have sent takedown notices to Telegram and have expressed "significant displeasure" with Apple for letting the service stay in the iPhone’s and Mac's App Stores. A spokesperson for Recording Industry Association of America said the group was aware of the issue and was looking into it. Apple and Google declined to comment.

In a statement, Telegram spokesperson Markus Ra acknowledged that "new challenges" have mushroomed on the platform as it has grown. "We’re constantly improving our moderation tools for public content,” he said. Ra did not elaborate on the current moderation tools Telegram uses and the improvements it is planning to introduce. For Telegram’s elusive founder Pavel Durov, piracy has not historically been a pressing issue. VK, the Russian social-networking website Durov founded in 2006, has faced issues with illegal trading of movies and music. “Almost everything was illegal,” one user of the site told Motherboard in 2015.

As Internet service providers, search engines, and local government-backed authorities block torrent websites, online pirates are increasingly finding creative ways to illegally distribute movies, television shows, and applications.

For cybercriminals, finding a large audience is a challenge. In the past, one channel owner told The Outline, credentials would have been sold on obscure forums, Alphabay, and other darknet markets. But most potential customers are either unaware of darknet markets or find it too onerous to find them. While some of those operations are still in existence, Telegram has emerged as a hassle-free place to conduct business. Security researcher Ran Levy, who tracks activity on the platform, told The Outline that he has noticed cybercriminals use Telegram when they wish to drive a significant amount of traffic to their offerings.

The Outline discovered several groups and channels on Telegram in which stolen credentials — i.e., the username and password for a website — from Netflix, Spotify, Hulu, HBO, CBS, EA Sports, Lynda, Sling, WWE Network, Mega, India's Hotstar, and dozens of other services were being offered to tens of thousands of members each day.

The Outline sourced nearly three-dozen free credentials from six Telegram channels, all of which worked as advertised. Two group owners said they offered some of their services for free to gain users’ trust and incentivize them to pay for other things (when the credentials are not given away for free, the channel managers take payment via PayPal or other methods).

All the credentials we tested appear to have been compromised in one or more data breaches in the recent years. (We ran the credentials by security researcher Troy Hunt's Have I Been Pwned website, which helps people determine if their account has been compromised in recent security breaches.) Attempts to contact the rightful owner of the compromised accounts were unsuccessful. A Telegram spokesperson did not comment on the instances of illegal trading of credentials on the platform.

These Telegram channels have been widely discussed on Reddit and other social networks. But despite the names of and direct links to the channels being shared in public view, most continue to thrive, seeing hundreds of new users join every few days.

Looking up “Spotify” in Global Search returns three channels (by default; the Global Search feature only returns three popular results to any query), two of which are being used to share and discuss modified versions of Spotify that boast of special “features,” such as no ads for free users (Spotify offers a paid tier with no advertising, so accounts that users don’t pay for and don’t serve ads interfere with Spotify’s business model). In a filing with the SEC last month, Spotify said more than two million users were using modified versions of its service, such as the ones available on Telegram, and that this was making a dent in its revenue.

It is unclear how frequently Telegram squashes piracy-focused groups, but the figure is likely to be lower than Facebook and other services, which take action against piracy groups on a daily basis. Telegram has been a sporadic anti-piracy enforcer at best. Last year, for instance, the company made headlines after it shut down a music channel called @top_pop. In a statement reviewed by The Outline, Telegram told Anton Vagin, the channel’s owner, that the company had received copyright violation complaints about his channel from Apple and Google. Vagin told The Outline that he is still puzzled why his channel was singled out. “They didn't send any message,” he said. “One moment I just saw that the channel is banned, that’s all.”

In a series of tweets late last year, Durov boasted about the openness of his platform and how his company restricts itself from taking any action on the groups and channels, unless users make public calls for violence or share porn or copyright infringement content.

“And even those limitations we do have,” Durov tweeted on December 31, “are forced on us by the mobile platforms which threaten to kick @telegram from AppStore/Google Play every once in a while for being too libertarian.” He added, “Realistically, you can't have more freedom than on @telegram in a mobile app for iOS/Android.” Thousands of online pirates would agree.
https://theoutline.com/post/4143/tel...egal-downloads





Govt Seeks to Cut Off Pirating Websites

The government is considering requesting that internet service providers block connections to pirating websites — on which people can read popular manga, magazines, animation and other material for free — aiming to prevent copyright violations, according to sources.

It will decide as early as Friday during a meeting of the Intellectual Property Strategy Headquarters and a separate ministerial meeting concerning measures against such crimes.

So far, providers and other entities have blocked internet access only to child pornography sites as a measure to “avert present danger” as stipulated under the Penal Code, after they receive tips from the National Police Agency and other organizations.

The government also plans to ask the advertising industry not to place any ads on such pirating websites, sources said.

Losses stemming from pirating websites are estimated to have come to about ¥320 billion from September last year to February, according to the Content Overseas Distribution Association.

“[Pirating websites] could shake the foundations of the content industry,” said Chief Cabinet Secretary Yoshihide Suga at a press conference on Wednesday. “We will take action as soon as possible.”
http://www.the-japan-news.com/news/article/0004367278





It’s Surprisingly Easy to Make Government Records Public on Google Books
Steven Melendez

While working on a recent story about hate speech spread by telephone in the ’60s and ’70s, I came across an interesting book that had been digitized by Google Books. Unfortunately, while it was a transcript of a Congressional hearing, and therefore should be in the public domain and not subject to copyright, it wasn’t fully accessible through Google’s archive.

It’s not surprising that Google might be cautious about making documents available, since its book search project resulted in over a decade of controversy over copyrights, with authors and publishers arguing that the search giant was exceeding its rights, and users clamoring to see the full texts of books, especially those that are in public domain.

But, as it turns out, Google provides a form where anyone can ask that a book scanned as part of Google Books be reviewed to determine if it’s in the public domain. And, despite internet companies sometimes earning a mediocre-at-best reputation for responding to user inquiries about free services, I’m happy to report that Google let me know within a week after filling out the form that the book would now be available for reading and download. (Under an agreement with universities, copies of Google’s scans are also stored in the HathiTrust Digital Repository, where public domain material can be universally accessed.)

Here’s an excerpt from the book—Anonymous Use of Automatic Telephone Devices . . . Hearings Before the Eighty-Ninth Congress—a hefty but timely read, in light of this week’s congressional hearings with Facebook CEO Mark Zuckerberg about the abuse of social networks:

You can read my piece about the “Let Freedom Ring” and the “dial-a-hate” phenomenon here.
https://www.fastcompany.com/40556856...n-google-books





European Copyright Law Isn't Great. It Could Soon Get a Lot Worse.
Jeremy Malcolm

EFF has been writing about the upcoming European Digital Single Market directive on copyright for a long time now. But it's time to put away the keyboard, and pick up the phone, because the proposal just got worse—and it's headed for a crucial vote on June 20-21.

For those who need no further introduction to the directive, which would impose an upload filtering mandate on Internet platforms (Article 13) and a link tax in favor of news publishers (Article 11), you can skip to the bottom of this post, where we link to an action that European readers can take to make their voice heard. But if you're new to this, here's a short version of how we got here and why we're worried.

A Brief History

The European Copyright Directive was enacted in 2001 and is now woefully out of date. Thanks in large part to the work of Pirate Party MEP Julia Reda, many good ideas for updating European copyright law were put forward in a report of the European Parliament in July 2015. The European Commission threw out most of these ideas, and instead released a legislative proposal in October 2016 that focused on giving new powers to publishers. That proposal was referred to several of the committees of the European Parliament, with the Parliament's Legal Affairs (JURI) Committee taking the lead.

As the final text must also be accepted by the Council of the European Union (which can be considered as the second part of the EU's bicameral legislature), the Council Presidency has recently been weighing in with its own "compromise" proposals (although this is something of a misnomer, as they do little to improve the Commission's original text, and in some respects make it worse). Not to be outdone, German MEP (Member of the European Parliament) Axel Voss last month introduced a new set of his own proposals [PDF] for "compromise," which are somehow worse still. Since Voss leads the JURI committee, this is a big problem.

Link Tax Proposal: A Turn for the (Even) Worse

The biggest and most worrisome changes are to the "link tax" proposal, which would establish a special copyright-like fee to be paid by websites to news publishers, in exchange for the privilege of using short snippets of quoted text as part of a link to the original news article. Voss's latest amendments would make the link tax an inalienable right, that news publishers cannot waive even if they choose to.

The practical effect of this could be to make it impossible for a news publisher to publish their stories for free use, for example by using a Creative Commons license. When a similar inalienable link tax was passed into law in Spain, the country's biggest news aggregation website, which had been Google News, simply closed its Spanish operation. We can well imagine similar results if the link tax went Europe-wide.

That's not all. Voss proposes that the beneficiaries of the link tax should include press agencies (who often provide the raw information based upon which other journalists write stories), and that libraries should also be responsible for paying extra fees to publishers in "compensation" for their rental and lending activities.

Although Voss hasn't managed to make the upload filtering proposal any worse than it was before, it was plenty bad enough already. Although targeted mainly at sites that host video and music uploaded by users, it's broad enough to extend to extend to any sort of user-uploaded content, including code contributed to platforms like Github, and even text contributed to a user-edited encyclopedia (although Voss would support an amendment excluding non-profit encyclopedias from the law, which may or may not save Wikipedia).

How You Can Take Action

These proposals benefit large publishers, but punish those who use the Internet as an open platform for sharing and innovation. Europeans are running out of time to convince their representatives to reject them. Our friends at Mozilla have developed an excellent tool that Europeans can use to directly contact their representatives to deliver a simple message—delete Article 11, delete Article 13, and instead give us copyright laws that promote competition and innovation online.
https://www.eff.org/deeplinks/2018/0...-get-lot-worse





Apple Sued an Independent iPhone Repair Shop Owner and Lost

Apple said an unauthorized repair shop owner in Norway violated its trademark by using aftermarket iPhone parts, but a court decided in favor of the shop owner.
Jason Koebler

Last year, Apple’s lawyers sent Henrik Huseby, the owner of a small electronics repair shop in Norway, a letter demanding that he immediately stop using aftermarket iPhone screens at his repair business and that he pay the company a settlement.

Norway’s customs officials had seized a shipment of 63 iPhone 6 and 6S replacement screens on their way to Henrik’s shop from Asia and alerted Apple; the company said they were counterfeit.

In order to avoid being sued, Apple asked Huseby for “copies of invoices, product lists, order forms, payment information, prints from the internet and other relevant material regarding the purchase [of screens], including copies of any correspondence with the supplier … we reserve the right to request further documentation at a later date.”

The letter, sent by Frank Jorgensen, an attorney at the Njord law firm on behalf of Apple, included a settlement agreement that also notified him the screens would be destroyed. The settlement agreement said that Huseby agrees “not to manufacture, import, sell, market, or otherwise deal with any products that infringe Apple’s trademarks,” and asked required him to pay 27,700 Norwegian Krone ($3,566) to make the problem go away without a trial.

“Intellectual Property Law is a specialized area of law, and seeking legal advice is in many instances recommended,” Jorgensen wrote in the letter accompanying the settlement agreement. “However, we can inform you that further proceedings and costs can be avoided by settling the case.”

Huseby decided to fight the case.

“That’s a letter I would never put my signature on,” Huseby told me in an email. “They threw all kinds of claims against me and told me the laws and acted so friendly and just wanted me to sign the letter so it would all be over. I had a good lawyer that completely understood the problem, did good research, and read the law correctly.”

Apple sued him. Local news outlets reported that Apple had five lawyers in the courtroom working on the case, but Huseby won. Apple has appealed the decision to a higher court; the court has not yet decided whether to accept the appeal.

Why a Norwegian court case should matter to Americans

The specifics of Huseby’s legal case apply only in Norway, of course, but his case speaks to a problem faced by independent iPhone repair shops around the world. Apple’s use of the legal system and trademark law turns average repair professionals into criminals and helps the company corner the repair market for Apple products.

In the United States, Apple has worked with the Department of Homeland Security and ICE to seize counterfeit parts in the United States and to raid the shops of independent iPhone repair professionals. ICE’s National Intellectual Property Rights Coordination Center rejected a Freedom of Information Act request I filed in 2016 regarding Apple’s involvement in its “Operation Chain Reaction” anti counterfeiting team, citing that doing so “could reasonably be expected to interfere with enforcement proceedings.” Apple declined to comment for this article.

“In this case, Apple indirectly proves what they really want,” Par Harald Gjerstad, Huseby’s lawyer, told me in an email. “They want monopoly on repairs so they can keep high prices. And they therefore do not want to sell spare parts to anyone other than ‘to themselves.’”

Apple makes its own replacement parts available only to Apple Stores and shops in its “Authorized Service Provider” program. By becoming “authorized,” repair companies have to pay Apple a fee (and buy parts from the company at a fixed rate.) They are also restricted from performing certain types of repairs; there are many types of repairs—most commonly ones that require microsoldering for Logic Board damage—that independent companies can do that Apple itself does not do, so there are many reasons why a repair shop might want to remain independent.

Apple continues to lobby against right to repair legislation in 18 states around the United States, which would require electronics manufacturers to sell replacement parts and repair tools to the general public and independent repair companies.

“Apple is proving themselves to be the worldwide poster child of the Right to Repair movement,” Gay Gordon-Byrne, executive director of Repair.org, which is pushing for this legislation, told me. “They continue to make our case for us—suing legal repair providers, such as Henrik, lying to consumers about CPU performance throttling instead of battery replacements, and the coup de grace of hypocrisy—building products that are hard to repair and then proclaiming they care about the environment.”

In the absence of right to repair legislation, there are few ways for repair professionals to get replacement parts for iPhones and Apple computers. They can harvest parts from broken phones and computers, or they can buy aftermarket parts from the Chinese grey market, which is what Huseby and thousands of repair shops in the United States and around the world opt to do.

Parts on the grey market are of varying quality. Some are made in the same factories as original manufacturer parts; others are parts that “fell off the back of a truck,” or otherwise went missing or were stolen from production lines; others were made by the original manufacturer but didn’t pass diagnostic tests; others are copies made by third parties.

The legal status of many of these parts remains an unanswered question around the world, but the general consensus seems to be that a part is “counterfeit” if it is masquerading as an original manufacturer part rather than an aftermarket one. Counterfeit parts are “tangible goods that infringe trademarks,” the Organization for Economic Cooperation and Development, a partnership between 35 countries and a United Nations observer, wrote in a report last year.

This definition seems straightforward, but is further muddied because often broken parts—with original manufacturer logos—are sent back to China to be refurbished and sent back to independent repair companies. Are those “counterfeit” parts or are they repaired or refurbished genuine parts?

For his repair operation, called PCKompaniet, Huseby imported 67 iPhone 6 and iPhone 6S screens that fell into this grey area. They were seized by Norwegian customs officials because Apple logos on the inside components of the screens “had been covered up by ink marker. The ink marker could be removed with rubbing alcohol,” according to the Oslo District Court decision that ruled in favor of Huseby.

Huseby told me in an email that he bought the screens from a company he found at an electronics fair in Hong Kong, and that they were “refurbished screens assembled by a third party.” Huseby told the court that ‘the logo is covered up because it has never been relevant to market the products as Apple products,” the court decision states. “PCKompaniet has never removed the coverup of the Apple logo on the screens that have been imported and has no interest in doing so. PCKompaniet does not pretend or market itself as Apple authorized and does not give any indication that the repair comes with an Apple warranty.”

The court decided that Norwegian law “does not prohibit a Norwegian mobile repair person from importing mobile screens from Asian manufacturers that are 100 percent compatible and completely identical to Apple’s own iPhone screens, so long as Apple’s trademark is not applied to the product.”

The court noted that importing refurbished parts with visible Apple logos on them would be in violation of European Union trademark law (it would be legal, the court said, if the refurbishment of these screens had happened in the EU rather than Asia), but, crucially, decided that because the Apple logo would not be visible to customers while the product was in use, Huseby had not actually used Apple’s trademark.

The court also acknowledged that Huseby doesn’t have many other options when it comes to importing quality parts that either have Apple logos permanently removed or never had them to begin with: “It is not obvious to the court what trademark function justifies Apple’s choice of imprinting the Apple logo on so many internal components,” the court wrote. “Huseby is largely dependent on being able to import screens with covered up Apple logos to be able to operate in the market as a non-authorized iPhone repair technician.”

Gjerstad believes Apple will lose its appeal: “Apple does not ‘own’ the product after they have sold it,” he said. “Others have the right to remove the logo and sell it as an unoriginal, compatible part.”

The specifics of Huseby’s case won’t matter for American repair shops, but that Apple continues to aggressively pursue a repair shop owner over 63 iPhone screens signals that Apple is not interested in changing its stance on independent repair, and that right to repair activists and independent repair companies should expect a long fight ahead of them: “I feel that this case was extremely important for them to win,” Huseby said.

He just hopes to get back to his shop, he told me.

“I will continue to repair iPhone like I did before, no change,” he said. “I’m glad I now don’t have to be afraid of importing compatible spare parts for iPhone again.”
https://motherboard.vice.com/en_us/a...owner-and-lost





Sweeping New Legislation Highlights Just How Much Music And Tech Need Each Other
Andrew Flanagan

Last year, from spring to summer, two organizations — the Nashville Songwriters Association International (NSAI) and the National Music Publishers Association (NMPA) — made their case to the Copyright Royalty Board that Spotify, Apple, Google, Amazon and Pandora weren't paying songwriters enough when people streamed their compositions, a process that NMPA head David Israelite likened to "war." Those compositions, which are legally discrete from the recordings of those songs, are covered by "mechanical" licenses, a term that's roughly 100 years old and originally referred to the punch-card copies of songs that player pianos would use to keep sarsaparilla joints bopping, but now simply means any reproduction of a composition, including hearing it through a streaming service.

The giant knot that is music licensing in the U.S. is particularly spaghetti-like when it comes to these mechanicals, which have also been front-and-center in the tug-of-war between tech and the established music industry since people first began thumbing up and down on Internet radio stations.

But now, a year later, songwriters and streaming platforms are sitting on the same side of the table, professing support for a new piece of legislation that will update several byzantine areas of how music is treated legally — foremost among them, the way songwriters are paid in the new era of streaming.

"Politics makes for strange bedfellows," Chris Harrison, CEO of the Digital Media Association — a trade association that represents big tech's interests in the content wars — tells NPR.

The "music omnibus" bill, introduced Tuesday from a bipartisan group including outgoing House Judiciary Committee chairman Bob Goodlatte (R-Va.) and Jerry Nadler (D-NY) and approved unanimously by the House Judiciary Committee today, is the first significant piece of legislation around music in about two decades that has a prayer of being passed. At its core is a recognition of the nearly inextricable relationship that the music industry now has with streaming companies.

"Because of inadequacies and loopholes in the law, there has been litigation in federal and state courts on a variety of fronts with mixed results," wrote Rep. Nadler in a statement. "This has put music creators' rights at risk, and created uncertainty for digital streaming services."

As NPR has previously reported, the bill will establish a public database of compositions, who owns those compositions, who wrote them and who administers them. This will be accomplished by establishing a new non-governmental organization called the Music Licensing Collective (but is rumored to eventually be named SongExchange, a sister to the similarly situated SoundExchange) to run that database, with a board made up of representatives from the major publishing companies and songwriters themselves. The deal brokered between tech and the music industry is that tech companies will assent to much-needed statutory changes (discussed below) and foot the bill for the creation and administration of that new database; in exchange, those companies would receive a "blanket license" that would shield them from, say, being hit with several billion-dollar lawsuits over failing to secure the rights to those compositions in the first place.

"Having billion-dollar lawsuits is not productive, ultimately," says Richard Burgess, CEO of the American Association of Independent Music (A2IM), a trade group that represents indie labels in the U.S. "What's really impressive about this particular endeavor is that everybody's been prepared to compromise and to set aside the smaller differences in order to recognize the fact that there's a bigger win here for everybody."

"This is something that Congress asked of us," writes Daryl Friedman, an industry and government relations officer for the Recording Academy, the parent organization of the Grammy Awards that is heavily involved in music advocacy on the Hill. "There had been a few different music bills introduced throughout the past few years, segmented out for various creators. They wanted us to come together and with consensus, present the key issues that the whole music community could get behind."

In addition to adopting the bulk of the already-introduced Music Modernization Act (and its name), the music omnibus bill also includes three other pieces of legislation: the Allocation for Music Producers (AMP), the Compensating Legacy Artists for their Songs, Service, and Important Contributions to Society (or CLASSICS, an acronym which lawmakers were perhaps reaching for) and Songwriter Equity acts. Here's a quick run-through of those bills' aims:

• AMP: To give a statutory framework for assigning royalties to producers and engineers.

• CLASSICS: To spackle over a loophole that allowed digital broadcasters like Sirius XM to not pay royalties when they played songs recorded prior to 1972.

• Songwriter Equity Act: Allows for the Copyright Royalty Board judges to consider market conditions (what's called "willing buyer, willing seller") when setting its rates. Also, a "wheel" mechanism will be introduced to the court proceedings of ASCAP and BMI that will free them from arguing their cases in front of the same judge(s).

The substance of CLASSICS and the Equity act amount to concessions from the tech industry, which had a vested interest in them not passing because they would, eventually, lead to higher licensing costs. But the bigger win for those companies is fewer roadblocks in front of streaming's growing popularity (nevermind that the model's highest-profile companies have yet to turn a profit).

"We've had two, consecutive, double-digit years of growth in our industry, and we expect that to continue," Burgess says.

"We wouldn't have gotten to this point but for the fact that both sides were willing to come to the table and willing to negotiate," says DiMA's Harrison, whose organization represents the interests of companies whose are squarely at odds with those of songwriters — his clients want to pay less, songwriters want to make more. "I do think it's the success of streaming and everybody's recognition that this is the way people are going to consume music going forward. If we have a system that is broken, that's going to curtail investment and it's going to slow consumer adoption, it means, at the end of the day, everybody makes less."

"There's just no chance that either side would be able to run over the other side in the legislative process," says David Israelite, president and CEO of the NMPA. "I approached the other side with that message, that look, if we can come to an agreement we can pass something, if not we can both dig in and fight with each other."

"It's not that everybody is one-hundred-percent in love with every provision of it," says A2IM's Burgess. "There are definitely things that people have concerns about."

Some of these concerns include a "black box" distribution, which means that if Spotify, or any other streaming company, can't find the songwriters its supposed to pay, they hold that money in an "interest-bearing account" for three years. After that, this black box of money is distributed to publishers based on their market share, raising the possibility of major companies being given money put aside for those whose names are least well-known. Another is the representation of the Music Licensing Collective's board — 10 of its voting members will be representatives from publishing companies while four will be songwriters.

Since the turn of the new century, tech companies and the music industry have been in something of a lopsided dance-off. As the music industry jitterbugged along in the late '90s, controlling the means by which people could hear music (as it always had), a new generation arrived and shattered that control to pieces, like a daisy in a mosh pit. The music industry responded to this digital generation with trepidation, and sought through the intervening years to hold steady to the reins of peoples' listening as their revenues cratered. Daniel Ek, the co-founder and now-billionaire CEO of Spotify, even had to steal their music and present it to them to prove to them his little Swedish startup could work.

Now that it, and the business model it popularized, have overcome doubts and scandals and myriad lawsuits, all that's left is to figure out the future. And, at least for the time being, they have to do it together.
https://text.npr.org/s.php?sId=601167518





Spotify Acquires Rights Company Loudr While Congress Weighs Pay Act
Meghan Genovese

Spotify is buying rights company Loudr in a move to beef up its ability to track and pay royalties to music publishers.

The move comes a day after the House Judiciary Committee approved legislation that would revamp digital licensing rules. Loudr will contribute to Spotify’s "continued effort towards a more transparent and efficient music publishing industry for songwriters and rights holders," Spotify said on its website. Loudr will add a team of publishing specialists and technologists to the company, which may aid the streaming service in navigating conflicts with artists over pay.

"This acquisition is clearly a direct response to the lawsuits and other risks Spotify is enduring," said Songtrust co-founder Joe Conyers. Loudr "is tackling the impossible task of determining who companies like Spotify should actually pay for certain songs."

Loudr was founded in 2013 and offered digital music providers services to identify, track and pay royalties to music publishers.

The world’s three biggest pop stars -- Taylor Swift, Adele and Drake -- had previously restricted online access to their new works to paid services and rang up big sales as a result. The Music Modernization Act, which would create a new royalty collecting organization, sailed through the House panel on April 11.
https://www.bloomberg.com/news/artic...weighs-pay-act





“High Definition Vinyl” Is Happening, Possibly as Early as Next Year

With a new $4.8 million investment, an Austrian startup says it could have “HD vinyl” in stores by 2019
Marc Hogan

“High Definition Vinyl” has moved closer to a turntable near you. In 2016, a European patent filing described a way of manufacturing records that the inventors claimed would have higher audio fidelity, louder volume, and longer playing times than conventional LPs. Now, the Austrian-based startup Rebeat Innovation has received $4.8 million in funding for the initiative, founder and CEO Günter Loibl told Pitchfork. Thanks to the investment, the first “HD vinyl” albums could hit stores as early as 2019, Loibl said.

The HD vinyl process involves converting audio digitally to a 3D topographic map. Lasers are then used to inscribe the map onto the “stamper,” the part that stamps the grooves into the vinyl. According to Loibl, these methods allow for records to be made more precisely and with less loss of audio information. The results, he said, are vinyl LPs that can have up to 30 percent more playing time, 30 percent more amplitude, and overall more faithful sound reproduction. The technique would also avoid the chemicals that play a role in traditional vinyl manufacturing. Plus, the new-school HD vinyl LPs would still play on ordinary record players.

What’s next? Rebeat Innovation has ordered a big laser system, for about $600,000, with hopes that it will be shipped by July, Loibl said. Once that system is up and running, Loibl said he plans to produce test stampers for five to-be-determined “early mover” pressing plants. In September, the first test stampers would arrive at those plants. “Our goal is to officially present our test stampers at the Making Vinyl conference in October,” Loibl said, referring to the vinyl trade event held in Detroit. “It will take another eight months to do all the fine adjustments. So by summer 2019 we shall see the first HD vinyls in the stores.”
https://pitchfork.com/news/high-defi...-as-next-year/





Oregon Governor Signs Net Neutrality Bill Alongside the Middle Schoolers Who Fought for Its Passage
Melanie Ehrenkranz

In February, three middle school students helped push a statewide net neutrality bill. Today, Gov. Kate Brown is headed to the girls’ middle school in Portland, where she will sign the bill into law.

“It’s an honor for the Governor to come to our school and sign a bill that’s so important to the three of us,” Luca, a 12-year-old at Mt. Tabor Middle School, told Gizmodo in an email. Luca, along with friends Lola, 13, and Athena, 13, testified before the Oregon House Committee on Rules in support of the bill, helping bring greater attention to it before the state’s lawmakers voted it through to Gov. Brown’s desk.

The legislation, House Bill 4155, aims to help guarantee that Oregon residents get the net neutrality protections that the Federal Communications Commission killed in December of last year. Specifically, the Republican-led FCC voted to overturn the agency’s 2015 Open Internet Order, which forbade internet service providers from throttling or blocking legal online content or “paid prioritization,” better known as “fast lanes” for companies that pay to have their services delivered to customers at greater speeds.

Oregon’s new law makes it illegal for the state’s public bodies to work with ISPs that take part in discriminatory activities such as paid prioritization and blocking content online. However, as Ars Technica points out, it is likely ISPs will sue to strike down Oregon’s new law, as companies like AT&T and Verizon had said they would do in response to other state efforts.

“When the federal government repealed net neutrality, they took a step backward,” Gov. Brown said in a speech on Monday at Mt. Tabor. “In Oregon, we want to move forward, to make sure that the internet is a level playing field, instead of exacerbating economic disparity.”

All three girls said they feel they are getting too much praise for their efforts, crediting Gov. Brown, State Reps. Jennifer Williamson and Paul Holvey, other individuals who testified on behalf of the bill, as well as digital-rights group the Electronic Frontier Foundation. “I think we are getting this much credit and attention because we are kids, and you don’t usually see kids testifying for a bill,” Lola said. Or, as Athena said at the closing of her testimony in February, “When kids get involved, you know someone really screwed up.”

The girls said that the passing of this bill marks an important step toward their ultimate goal, which is for the government to reinstate net neutrality on a federal level.

“I’ve been really inspired over the past few months by students across the country getting involved in a variety of issues, driving action as well as conversation,” Gov. Brown said. “It bodes well for the future of our democracy.”
https://gizmodo.com/oregon-governor-...the-1825107042





'Gold Rush' for Wi-Fi on Board Planes Spurs Innovation
Victoria Bryan

Satellite technology to provide Wi-Fi on board planes has matured to a point where more and more airlines are looking to use it, triggering a “gold rush” among suppliers.

That brings opportunities for a vast array of companies, from satellite firms such as Viasat and Inmarsat, to connectivity providers such as Gogo, Global Eagle, and Panasonic Avionics and software and hardware companies such as Lufthansa Systems and Lufthansa Technik.

“It’s like a gold rush feeling at the moment,” Jan-Peter Gaense, head of passenger experience products & solutions at Lufthansa Systems, said at the Aircraft Interiors trade fair in Hamburg this week.

But as competition for a slice of the business intensifies, Gaense foresees a wave of mergers very soon, predicting that out of around 17 connectivity companies around today, only a handful would remain in the future.

Some are hitting bumps on the way. Gogo started with air-to-ground services but is now offering a satellite-based service. Customer American Airlines is de-installing Gogo systems in favor of Viasat after performance problems with the older ATG systems, which will weigh on Gogo’s revenues this year.

“It’s competitive but competitive in a growing market. It makes you all the more agile, keeps you on the edge of innovation,” Gogo’s Chief Technology Officer Anand Chari said at the Hamburg event, which drew a host of industry players.

Gogo is already looking into how it can make its existing hardware suitable for the next round of technology, which could see lower orbit satellites come into play.

Satellite company Inmarsat has had to cut its dividend so it can invest in Wi-Fi on board and its shares have been hit as investors worry that the business won’t be as lucrative as once hoped.

“Everybody’s trying to grab a piece,” Panasonic Avionics’ Chief Technology Officer David Bartlett said.

“This will separate the companies who are in it for the long haul, who can sustain a business, which are financially viable.”

SCRAMBLE

According to a 2018 report by Routehappy, which provides information on flight amenities, Wi-Fi is now accessible on 43 percent of all available seat miles worldwide, up 10 percent from early 2017.

Best Wi-Fi, which Routehappy classes as comparable to a home connection and capable of streaming media, is now available on 16 percent of available seat miles worldwide, more than doubling from 2016.

“The technology has finally matured to the point where airlines aren’t as apprehensive to pick the latest generation technology,” Jason Rabinowitz, director airline research at Routehappy, said. “Airlines are cost-conscious and they prefer to know it’s not going to need replacing in two years,” he said.

The technology doesn’t come cheap. Lufthansa Systems says it costs several hundred thousand euros just to install the systems, never mind buying the bandwidth or maintaining it.

Airlines can make money on the systems by signing up sponsors, as JetBlue did with Amazon, to make broadband free for its passengers on board, or by charging passengers, which is still commonplace unlike in hotels.

Having passengers connected to their software platforms on board also gives airlines a chance to drive ancillary revenues via onboard retail or via booking restaurants and taxis from the plane.

Inmarsat cited a recent study by the London School of Economics, which forecasts that broadband could bring airlines an extra $30 billion in revenue from ancillary services by 2035, almost doubling their profits.

Airlines can use broadband connectivity to make savings on maintenance for example, by ensuring that spare parts can be requested en route and made available when the plane lands to minimize the amount of time the jet spends on the ground.

Panasonic Avionics in Hamburg also unveiled a new partnership with onboard catering and retail company Gate Group, which aims to help airlines cut costs by analyzing data to help them more accurately predict which food and shopping products they should stock, reducing weight and waste.

Reporting by Victoria Bryan; Editing by Susan Fenton
https://uk.reuters.com/article/us-ai...-idUKKBN1HK2NO





Broadband Industry Aims To Use Facebook Fracas To Saddle Silicon Valley With Crappy New Laws
Karl Bode

For years now, the nation's broadband industry has clung to one, consistent message: anti-competitive giants like Comcast are innocent, ultra-innovative daisies, and Silicon Valley companies are a terrible, terrible menace. From Ajit Pai's bizarre attacks on Netflix to an endless wave of ISP-payrolled consultants falsely accusing Google of stealing bandwidth, major ISPs have long made it clear they see Silicon Valley not as a collaborator, but as a mortal enemy. Given ISPs routinely try to use their last-mile monopolies to harm disruptive new services with arbitrary barriers and higher, extortion-esque costs, the feeling is generally mutual.

As companies like Comcast NBC Universal and AT&T (and soon Time Warner) grow and push into the internet ad industry, the ISP lobbying message has been consistent: more regulation for Silicon Valley, and virtually no regulation for the broadband industry. Given many of these ISPs are growing natural monopolies, the rules governing them have been (and should be) notably different, and sometimes stronger. After all, however bad Facebook is, you can choose not to use them, whereas if you're like more than half of America, Comcast is your only option if you're looking for real broadband.

Needless to say, the entire (justified) Facebook and Cambridge Analytica fracas has given ISP lobbyists a wonderful new opportunity to push for bad legislation they'll likely be writing. Former FCC boss turned top cable lobbyist Mike Powell has been beating the "regulate Silicon Valley" drumbeat for several weeks now, blaming rising social media "mindshare" for all manner of evils. And I've noticed the arrival of several new astroturf groups calling for regulation of Facebook and Google that are tied to co-opted "minority" organizations with a history of helping AT&T covertly lobby.

With Zuckerberg headed to a hearing this week, the broadband industry has ramped up its tap dance. This blog post by USTelecom, an AT&T backed lobbying organization, proclaims that we should look to the same industry that gave us zombie cookies for examples of exemplary behavior moving forward:

"And, in the search for privacy best practices, Congress need look no further than America’s broadband providers. For over twenty years, internet service providers (ISPs) have protected their consumers’ data with strong pro-consumer policies. ISPs know the success of any digital business depends on earning their customers’ trust on privacy."

From charging users more for privacy to using credit data to provide customers even worse customer service, the broadband industry has been a privacy circus for decades, making this USTelecom's apparent attempt at comedy.

Charter CEO Tom Rutledge this week also joined the festivities by penning a new blog entry proclaiming that Charter really, really wants a new, comprehensive privacy law:

"Tomorrow, Congress will begin important hearings to examine who is collecting what, how that data is shared and sold, and how best to protect and secure personal data when much of our lives are increasingly taking place online. As a company with over 95,000 employees that has the privilege of providing Internet service to 22.5 million homes across 41 states, we at Charter have an important stake in this conversation."

Keep in mind, Charter was one of several major ISPs that lobbied the GOP and Trump administration to kill modest broadband consumer privacy protections before they could take effect last year. Those rules, crafted after endless examples of bad ISP behavior, simply would have required that ISPs clearly disclose what data is being collected and sold. They also would have required that ISPs provide working opt-out tools, and (the biggest reason ISPs opposed the rules) they would have required that consumers opt in to the sharing of more sensitive data.

Yet mysteriously here is Charter, now calling for the creation of new privacy regulations:

"Charter believes individuals deserve to know that no matter where they go online or how they interact with online services, they will have the same protections. Different policies leading to inconsistent protections sow confusion and erode consumer confidence in their interactions online, threatening the Internet’s future as an engine of economic growth. And as an Internet Service Provider, that’s bad for business. So we are urging Congress to pass a uniform law that provides greater privacy and data security protections and applies the same standard to everybody in the Internet ecosystem, including us."

Again, Charter knows it has enough political power right now under the Trump administration and GOP that it will likely be one of the companies that gets to write whatever new privacy legislation gets proposed. And given Charter and Comcast's history, you can be pretty damn sure their version of a "uniform law" likely includes massive loopholes for ISPs, while hamstringing many of the companies large ISPs plan to compete with in the video ad wars to come.

Meanwhile, the rhetoric about "applying the same standards" to everybody in the chain again hopes to confuse folks that don't understand that natural monopolies may need tougher consumer protections (which is what net neutrality was all about). It's much like the calls on some fronts for things like "search neutrality" by people that usually have no earthly understanding of what net neutrality's actually about: protecting consumers from last mile monopoly harms.

As we've been noting, the broadband industry has been attempting to neuter FCC authority over ISPs, then shovel any remaining authority to an FTC that's ill-equipped to handle it. Applauding the FTC as the exclusive handler of telecom privacy concerns actually weakens oversight of telecom monopolies, (especially given AT&T is trying to gut all FTC oversight over ISPs entirely).

Of course Google and Facebook are not innocent victims here either, and they don't want tough, meaningful privacy protections any more than the telecom industry does.

In fact, AT&T, Comcast, Verizon and Charter have recenty put aside some of their animosity to work hand in hand with Google and Facebook to scuttle meaningful privacy rules in California. This entire call for "privacy legislation" may serve multiple functions for ISPs: put a bullet in any efforts to restore tougher and more meaningful FCC authority over ISPs, while working with Facebook and Google on privacy legislation that simply doesn't do much, but does pre-empt the possibility for tougher federal or state protections. Knowing ISPs well, they'll also try to sneak in language that harms their newfound "allies" at the last second.

Giving how corrupt this current Congress is, there's a universe of ways this well-intentioned effort for new meaningful privacy guidelines could go south with genuine consumer privacy being a distant afterthought. There's certainly a case to be made for tough new privacy protections in the wake of IOT dysfunction and the Cambridge Analytica scandal. But it should probably go without saying that we don't want Comcast lawyers (or Facebook and Google lobbyists) writing them.
https://www.techdirt.com/articles/20...new-laws.shtml





A Broken Submarine Cable Knocked a Country Off the Internet for Two Days

West Africa’s internet is more fragile than you might think
Russell Brandom

On March 30, the ACE Submarine cable cut out, dropping connectivity for much of West Africa. According to reports, the breach came off the coast of Mauritania, resulting in significant connectivity drops for at least ten neighboring countries. Mauritania itself was offline for nearly 48 hours before connectivity was partially restored. Other countries had enough terrestrial cable and satellite connections to route around the downed cable, but they still saw significant disruptions in internet access for most of the weekend.

Outages like this rarely make the headlines, but it’s a good reminder of exactly how fragile much of the internet’s infrastructure still is — particularly in places like West Africa. When a major cable gets cut, every other connection has to strain to pick up the slack. When there’s no other infrastructure to rely on, connectivity simply drops out. Lacking investment, the internet becomes less reliable for the entire region.

This is the problem that projects like Alphabet’s balloons and Facebook’s solar drones are trying to solve, at least in theory. But in practical terms, all that’s really needed is more cables and landing points — the kind of thing Nigeria has but Mauritania doesn’t. And after years of moonshot development, we still don’t have many options when a cable gets cut.
https://www.theverge.com/2018/4/8/17...ritania-broken





FTC Warns Companies ‘Warranty Void if Removed’ Stickers Are Flatly Illegal
Joel Hruska

If you’ve ever purchased a game console or other piece of electronics gear, chances are you’ve seen a “Warranty Void if Removed” sticker stuck somewhere on the device. There’s typically a peel-away tape used to confirm whether a device has been opened. If it has, companies will often attempt to deny warranty claims.

What many people don’t realize is that this is illegal. The 1975 Magnuson-Moss Warranty Act made it illegal for companies to force users to only repair hardware using specific components or via “authorized” resellers. While companies are not required to offer warranties, if they do offer a warranty, they aren’t allowed to void it simply because the customer has the device repaired elsewhere. Companies are allowed to require you to ship the device to them for warranty service or to return it to the store you purchased it from, but they can’t void your warranty just because you repaired an unrelated problem yourself. The Mag-Moss Act states:

“No warrantor of a consumer product may condition his written or implied warranty of such product on the consumer’s using, in connection with such product, any article or service (other than article or service provided without charge under the terms of the warranty) which is identified by brand, trade, or corporate name.”

We’ve covered this issue before, but the topic is back on the radar thanks to recent FTC action. The government agency announced it has sent warnings to six specific companies, notifying them that their continued use of “Warranty Void if Removed” stickers is in direct violation of federal law. They even wrote a song about it. I quote:

When the screen goes blue
And the car breaks down
And the smartphone keeps rebooting eternally
Consumers won’t be afraid
No, they won’t be afraid
Just as long as you stand by your warranty.

(The song appears in an accompanying blog post as opposed to being part of the letter. Thank God the author isn’t relying on his scansion skills for job security).

This practice isn’t unique to Microsoft. Image by iFixit

The FTC didn’t name which companies it contacted, but notes that the firms in question sell “automobiles, cellular devices, and video gaming systems in the United States.” The FTC does give three examples of offending warranty language, however, which let us hone in on some of the targets by searching for the text strings directly:

“The use of [company name] parts is required to keep your… manufacturer’s warranties and any extended warranties intact.” = Hyundai.

“This warranty shall not apply if this product… is used with products not sold or licensed by” = Nintendo.

“This warranty does not apply if this product… has had the warranty seal on the [product] altered, defaced, or removed” = Sony.

The FTC continues:

“FTC staff has requested that each company review its promotional and warranty materials to ensure that such materials do not state or imply that warranty coverage is conditioned on the use of specific parts of services. In addition, FTC staff requests that each company revise its practices to comply with the law. The letters state that FTC staff will review the companies’ websites after 30 days and that failure to correct any potential violations may result in law enforcement action.”

Don’t put up with any BS from Nintendo, Sony, or Microsoft (Microsoft has used the same types of warnings on the Xbox One). Your warranty is not void simply because you opened a box. They’re not allowed to tell you differently, and neither are firms like Apple (another likely recipient of one of these letters). This consumer-hostile bullshit is illegal, period, full stop. For more information on this topic and a breakdown of what actions can or cannot void a warranty, see this article.
https://www.extremetech.com/gaming/2...flatly-illegal





Over 80% of Teenagers Prefer iPhone to Android — and that’s Great News for Apple
Kif Leswing

• American teenagers prefer Apple's iPhone to Android phones.
• 82% of American teenagers currently own an iPhone, the highest percentage ever in the history of a Piper Jaffray study about teens.

American teenagers continue to deeply prefer Apple's iPhone to phones running Android.

82% of teens of teens currently own an iPhone, according to Piper Jaffray's "Teens Survey," which questions thousands of kids across 40 states with an average age of 16.

That's up from 78% in last fall, and it's the highest percentage of teen iPhone ownership Piper's seen in its survey.

iPhone ownership among teens could go even higher — 84% of teens say their next phone will be an iPhone.

The enduring popularity of the iPhone in America's high schools may also be leading to a boom in Apple Watch interest. 20% of teens plan to buy an Apple Watch in the next 6 months, and Apple is the 2nd-most desired brand among upper-income teens, behind only Rolex, according to the survey.

Piper's analysts thinks this sets Apple up well for the fall, when it is expected to release three new iPhones, including one low-cost version with facial recognition and an end-to-end screen, features which currently cost $1,000 or more.
http://www.businessinsider.com/apple...jaffray-2018-4





Cops Around the Country Can Now Unlock iPhones, Records Show
Joseph Cox

A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors.

This is part of an ongoing Motherboard series on the proliferation of phone cracking technology, the people behind it, and who is buying it. Follow along here.

FBI Director Christopher Wray recently said that law enforcement agencies are “increasingly unable to access” evidence stored on encrypted devices.

Wray is not telling the whole truth.

Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI’s argument for introducing backdoors into consumer devices so authorities can more readily access their contents.

“It demonstrates that even state and local police do have access to this data in many situations,” Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, told Motherboard in a Twitter message. “This seems to contradict what the FBI is saying about their inability to access these phones.”

As part of the investigation, Motherboard found:

• Regional police forces, such as the Maryland State Police and Indiana State Police, are procuring a technology called ‘GrayKey’ which can break into iPhones, including the iPhone X running the latest operating system iOS 11.
• Local police forces, including Miami-Dade County Police, have also indicated that they may have bought the equipment.
• Other forces, including the Indianapolis Metropolitan Police Department, have seemingly not bought GrayKey, but have received quotations from the company selling the technology, called Grayshift.
• Emails show the Secret Service is planning to buy at least half a dozen GrayKey boxes to unlock iPhones.
• The State Department has already bought the technology, and the Drug Enforcement Administration is interested in doing so.

THE KEY

Grayshift has been shopping its iPhone cracking technology to police forces. The firm, which includes an ex-Apple security engineer on its staff, provided demonstrations to potential customers, according to one email.

“I attended your demo presentation recently held at the Montgomery County Police Headquarters and was pleased by your product’s potential,” an Assistant Commander from the Technical Investigations Section at the Maryland State Police wrote in an email to Grayshift in March.

The GrayKey itself is a small, 4x4 inches box with two lightning cables for connecting iPhones, according to photographs published by cybersecurity firm Malwarebytes. The device comes in two versions: a $15,000 one which requires online connectivity and allows 300 unlocks (or $50 per phone), and and an offline, $30,000 version which can crack as many iPhones as the customer wants. Marketing material seen by Forbes says GrayKey can unlock devices running iterations of Apple’s latest mobile operating system iOS 11, including on the iPhone X, Apple’s most recent phone.

The issue GrayKey overcomes is that iPhones encrypt user data by default. Those in physical possession normally cannot access the phone’s data, such as contact list, saved messages, or photos, without first unlocking the phone with a passcode or fingerprint. Malwarebytes’ post says GrayKey can unlock an iPhone in around two hours, or three days or longer for 6 digit passcodes.

And police forces are ready to use GrayKey. David R. Bursten, chief public information officer from the Indiana State Police, wrote in an email to Motherboard that the force had only recently obtained the GrayKey device, but that “this investigative tool will be used, when legally authorized to do so, in any investigation where it may help advance an investigation to identify criminal actors with the goal of making arrests and presenting prosecutable cases to the proper prosecuting authority.”

Greg Shipley, Maryland State Police spokesperson, told Motherboard “the connection of electronic devices to a wide range of crimes continues to increase, so the need to obtain investigative information from these devices during a criminal investigation continues to grow.” Last week Maryland State Police told Motherboard that the force is in the early stage of procuring GrayKey; one of the documents obtained includes a price quote from GrayKey dated March 22.

Multiple employees of Grayshift did not respond to requests for comment. In response to a Freedom of Information Act request, the FBI refused to say whether it had purchased GrayKey.

KICKING DOWN THE BACKDOOR

In 2016, the Department of Justice infamously tried to compel Apple to create a new operating system that would allow investigators to break into the iPhone 5C of one of the San Bernardino terrorists. The tweak, it was proposed, would allow the FBI to quickly churn through potential passcodes to open the device without triggering the device’s delay feature or wiping its contents. (After several incorrect passcode guesses, iPhones disable any further attempts for an increasing amount of time; some iPhones may delete a user’s data after too many failed guesses.) The Justice Department tried a similar legal approach in other cases involving iPhones.

Cryptographers and technologists generally refer to this addition as a backdoor; that is, a new way to circumvent the protections on a device. But the existence, purchase, and price of GrayKey puts serious doubt on whether law enforcement require any sort of iPhone backdoor.

“The availability and affordability of these tools undercuts law enforcement's continual assertions that they need smartphone vendors to be forced to build 'exceptional access' capabilities into their devices," Riana Pfefferkorn, cryptography fellow at the Stanford Center for Internet and Society, told Motherboard in a Twitter message.

To be clear, the FBI already makes heavy use of technology similar to GrayKey, and spends millions of dollars on equipment that cracks phones without using mandated backdoors. Motherboard previously found that the FBI bought over $2 million worth of forensics tools from established vendor Cellebrite. Back in 2016, the Bureau’s General Counsel said the FBI could unlock most phones it seized.

"Adding backdoors isn’t so much a question of adding a secure door to the walls of a stone castle. It’s like adding extra holes in the walls of a sandcastle."

In March, the New York Times reported that FBI and Justice Department officials have reignited the hunt for backdoors, and have been quietly meeting with security researchers. And earlier this month, Cyberscoop reported that staffers of the Senate Judiciary Committee have been contacting US tech companies regarding potential future legislation around encryption.

Adding an iPhone backdoor, by its nature, adds new vulnerabilities into a otherwise fairly secure phone that provides robust encryption by default. GrayKey’s existence and widespread availability “means that adding backdoors isn’t so much a question of adding a secure door to the walls of a stone castle. It’s like adding extra holes in the walls of a sandcastle,” Green, the Johns Hopkins cryptographer, said. “It seems totally reckless to add additional mandatory vulnerabilities.”

Instead of backdoors, some technologists say the current system of hacking is the best we can hope for: a phone is released; companies such as Grayshift look for ways to access the device; for a time their tools work; then the phone manufacturer issues a fix or a new operating system version, and the cycle repeats.

“The success of companies like Grayshift in finding and exploiting ways to gain access to even the latest, most secure smartphone models demonstrates that flaws will always exist despite manufacturers' best efforts,” Pfefferkorn said.

But to be clear, GrayKey is not the end of this debate. Whatever exploits GrayKey is taking advantage of may stop working at some point. The FBI wanted to force Apple to tweak the San Bernardino iPhone running in February 2016; Cellebrite announced it could crack devices running iOS 9—the particular iOS version the phone was using—in July 2016. Even when phone crackers eventually catch up, there can still be a period of time when agencies may indeed be dark on a suspect’s phone.

This is, presumably, the reason the DOJ and FBI would like backdoors: they provide more guaranteed access over a period of time, rather than catching up with each iteration of a phone cracking product. Cost might be a factor too—forcing tech companies to facilitate access could be cheaper than buying more cracking tools.

“The FBI does not comment on specific tools or technologies; however, there is no one size fits all solution to Going Dark,” an FBI spokesperson told Motherboard in a statement.

In March, FBI Director Wray said the Bureau had nearly 7,800 phones it could not unlock last year. Maybe the FBI could get in touch with the country’s local police forces.
https://motherboard.vice.com/en_us/a...ayshift-police





Some Android Device Makers are Lying About Security Patch Updates
Alex Wagner

Security patches for smartphones are extremely important because many people store personal data on their devices. Lots of Android phones out there get regularly security patches, but according to a new report, some of them are lying about the patches that they've actually gotten.

According to a study by Security Research Labs, some Android phones are missing patches that they claim to have. Wired explains that SRL tested 1,200 phones from more than a dozen phone makers for every Android security patch released in 2017. The devices tested include ones from Google, Samsung, Motorola, LG, HTC, Xiaomi, OnePlus, Nokia, TCL, and ZTE.

The study found that outside of Google and its Pixel phones, well-known phone makers had devices that were missing patches that they claimed to have. "We found several vendors that didn't install a single patch but changed the patch date forward by several months," says SRL founder Karsten Nohl.

The number of missing security patches on phones varied between device makers. For example, Google, Samsung, and Sony devices were found to be missing 0 or 1 patches on average. Xiaomi, OnePlus, and Nokia devices were missing 1 to 3 patches on average, while HTC, Huawei, LG, and Motorola were missing 3 to 4 patches on average. Devices from TCL and ZTE fared the worst, missing an average of 4 or more patches that they claimed to have.

When asked for comment on this report, Google told Wired that some of the devices tested may not have been Android certified, meaning that they aren't held to Google's security standards. Google also noted that Android devices have security features to make them more difficult to hack and that, in some cases, a device maker may have simply removed a device's vulnerable feature rather than patching it.

"We’ve launched investigations into each instance and each OEM to bring their certified devices into compliance when we’ve been able to reproduce their findings...[but] each instance really needs further investigation," Google said.

This report is a pretty big deal for Android devices. As I said before, security patches are a big deal because a lot of people store private, personal data on their phones, and so it's important that those devices are secure. And while it is very possible that some devices tested by SRL aren't Android certified and that some devices may have just had their vulnerable features removed, it's also possible that there are some instances in which an OEM said that they had updated a phone with new security patches when they actually hadn't.
https://www.phonedog.com/2018/04/12/...-patch-updates





Trump Just Signed SESTA/FOSTA, a Law Sex Workers Say Will Literally Kill Them

The controversial Fight Online Sex Trafficking Act (FOSTA) was framed as anti-trafficking, but it’s already harming consensual sex workers.
Samantha Cole

At 11 a.m. EST Wednesday, President Donald Trump signed a bill into law that’s already started hurting people in the consensual sex trade.

The bill—a mashup of the Fight Online Sex Trafficking Act (FOSTA) and the Stop Enabling Sex Traffickers Act (SESTA), which is commonly referred to as the latter—passed Congress in March. It makes websites liable for what users say and do on their platforms, and many advocacy groups have come out against the bill, saying that it undermines essential internet freedoms.

It could be months—or as late as January 2019—before FOSTA is enacted and anyone could be charged under the law. But even in the days immediately after the bill passed in Congress, platforms started scrambling to proactively shut down forums or whole sites where sex trafficking could feasibly happen. Fringe dating websites, sex trade and advertising forums, and even portions of Craigslist were taken down in the weeks following, while companies like Google started strictly enforcing terms of service around sexual speech.

One of the websites key to the FOSTA debate was Backpage, a site where users posted advertisements, frequently for sexual services. Federal authorities seized Backpage on Monday, two days before Trump even signed it, demonstrating that the FBI never really needed FOSTA’s backing to indict the site to begin with.

Lola, a community organizer with Survivors Against SESTA, told me in a Signal message that this is literally a life-or-death law for sex workers. “I know so many people who were able to start working indoors or leave their exploitative situations because of Backpage and Craigslist,” she said. “They were able to screen for clients and keep themselves safe and save up money to leave the people exploiting them. And now that those sites are down, people are going back to pimps. Pimps are texting providers every day saying ‘the game’s changed. You need me.’”

FOSTA/SESTA is empowering abusive clients to exploit workers, Lola said, leading directly to more pimping and ultimately, more harm and potential for actual trafficking. “SESTA is putting people on the streets, where we face more violence and harassment and arrest and brutality by the police. SESTA is killing us.”
https://motherboard.vice.com/en_us/a...o-law-sex-work





Mark Zuckerberg's Personal Notes Hint that Facebook Isn't Ready for GDPR

• One section that stood out was a clear instruction: "Don't say we already do what GDPR requires."
• This refers to a new European privacy law that will force Facebook to give users much more control over what data they share.
• The notes suggest Facebook isn't fully ready for GDPR, which comes into effect on May 25.

Shona Ghosh

Mark Zuckerberg had an awful lot to remember during his grilling by Congress on Tuesday, judging by pages of private briefing notes captured by a quick-witted AP photographer.

The pages give us an insight into how Zuckerberg was thoroughly coached not only on predictable topics like Russian election interference, but wider areas such as the lack of diversity in Silicon Valley.

There's one section right at the bottom of notes which will stand out to anyone interested in online privacy.

The note reads: "Don't say we already do what GDPR requires."

GDPR is the upcoming General Data Protection Regulation, a new European law designed specifically to bring web giants like Facebook to heel over the way they suck up vast amounts of user data. The regulation comes into effect on May 25.

One of the most important changes under the regulation is that Facebook will have to proactively ask for your explicit consent to process data on your ethnicity, race, sexual orientation, political views, and religion.

The note suggests that Facebook hasn't quite worked out how it will do this. According to Fox Rothschilds lawyer Mark McCreary, this won't be some small pop-up box but something "disruptive" to your day-to-day browsing experience. To that end, Zuckerberg's notes read: "GDPR does a few things ... Requires consent — done a little bit, now doing more in Europe and around the world."

The note also reads: "Provides control over data use — what we've done for a few years."

That's only true to an extent. You can determine what data you share with Facebook, but you can't then control or really understand how Facebook uses that data unless you go digging around in your privacy settings. Under GDPR, Facebook and advertisers will need to be much clearer with you about what data they are using and why.

Facebook will soon need to let people download their data then take it to a rival service

Zuckerberg's briefing notes makes absolutely no mention of data portability, another big, important requirement under GDPR. This essentially means that European users will be able to download their data from Facebook, then take it to a competing service.

As consultancy firm PwC puts it: "[Users] should be able to move between service providers without any loss of data and, therefore, enjoy a seamless transition that avoids the data subject having to re-input any information."

It's possible that Facebook hasn't really worked out how it will do this — how exactly are you meant to transfer all your wall posts to another service? What would that look like and what format would the data take?

Facebook did not immediately respond to a request for comment.

GDPR could cost Facebook and Google a lot of money

Not only will GDPR potentially rewrite how users actually use Facebook, Google, and other big tech services, it could cost those companies an awful lot of money if they don't comply with the rules and if users decide to revoke access to their data.

Companies face fines of up to 4% of their annual turnover if they break the rules.

And users opt out of sharing their data, that could wipe 2% of Google's revenue, and cost Facebook $2.8 billion.
https://www.newstimes.com/technology...t-12824460.php





As Zuck Testifies to Senate, Democrats Propose Tough Opt-in Privacy Law

Democrats propose opt-in privacy rules for Facebook, Google, and other websites.
Jon Brodkin

Two Democratic US senators today proposed a "privacy bill of rights" that would prevent Facebook and other websites from sharing or selling sensitive information without a customer's opt-in consent.

The proposed law would protect customers' Web browsing and application usage history, private messages, and any sensitive personal data such as financial and health information.

"The avalanche of privacy violations by Facebook and other online companies has reached a critical threshold, and we need legislation that makes consent the law of the land," Sen. Ed Markey (D-Mass.) said in an announcement.

Facebook CEO Mark Zuckerberg is testifying today in a Senate hearing. Facebook recently acknowledged that the private data of up to 87 million Facebook users was improperly shared with Cambridge Analytica, a firm that did consulting work for Donald Trump's presidential campaign.

While Zuckerberg has promised to do a better job protecting Facebook users' privacy, Markey said that "voluntary standards are not enough; we need rules on the books that all online companies abide by that protect Americans and ensure accountability."

Markey teamed with Sen. Richard Blumenthal (D-Conn.) to propose the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. You can read the full legislation here.

"Edge providers" refers to websites and other online services that distribute content over consumer broadband networks. Facebook and Google are the dominant edge providers when it comes to advertising and the use of customer data to serve targeted ads. No current law requires edge providers to seek customers' permission before using their browsing histories to serve personalized ads.

The online advertising industry uses self-regulatory mechanisms in which websites let visitors opt out of personalized advertising based on browsing history, and websites can be punished by the Federal Trade Commission (FTC) if they break their privacy promises.

The Markey/Blumenthal bill's stricter opt-in standard would require edge providers to "obtain opt-in consent from a customer to use, share, or sell the sensitive proprietary information of the customer." Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service. The FTC and state attorneys general would be empowered to enforce the new opt-in requirements.

Personal data protected by the proposed opt-in standard would include financial information, health information, information pertaining to children, Social Security numbers, precise geolocation information, the content of communications, call-detail information, Web-browsing history, application-usage history, and "any other personally identifiable information that the Commission determines to be sensitive."

"Our privacy bill of rights is built on a simple philosophy that will return autonomy to consumers: affirmative informed consent," Blumenthal said. "Consumers deserve the opportunity to opt in to services that might mine and sell their data—not to find out their personal information has been exploited years later."

The bill would require edge providers to notify users about all collection, use, and sharing of their information. The bill also requires edge providers "to develop reasonable data security practices" and to notify customers about data breaches that affect them.

GOP blocked privacy rules for ISPs

The Federal Communications Commission voted in 2016 to impose a similar opt-in privacy regime on Internet service providers such as Comcast, AT&T, Verizon, and Charter. The rules for ISPs never took effect, however, because the Republican-controlled Congress and President Trump overturned them before they could be implemented.

ISPs bitterly opposed the opt-in requirements, saying they shouldn't face stricter rules than Facebook and Google. Like edge providers, ISPs follow voluntary guidelines in which they let customers opt out of the use of browsing histories for "personalized third-party marketing."

If the Markey/Blumenthal bill passes, it's possible that Facebook and Google could face stricter privacy requirements than Internet service providers. Alternatively, Congress could impose an opt-in standard that covers both websites and Internet service providers. Rep. Marsha Blackburn (R-Tenn.) proposed an opt-in requirement for both websites and ISPs last year, and Charter CEO Tom Rutledge said this week that Charter supports opt-in requirements as long as they apply to both websites and ISPs.

Although Charter opposed the FCC's opt-in rules for ISPs, Rutledge now says that "Internet users should have 'opt-in' protections, meaning all entities must receive opt-in consent to collect and share their data for purposes other than the actual service they engaged in."

Still, any attempt to impose an opt-in law will likely face opposition from Internet and advertising companies. A lobby group for Facebook, Google, and other online companies objected to Blackburn's proposal last year, saying that websites already face "strict FTC privacy enforcement."

Republican and Democratic lawmakers were split nearly down the middle on the repeal of privacy rules for ISPs, with Democrats supporting the rules and Republicans supporting the repeal. The partisan split on privacy regulation could doom the Markey/Blumenthal proposal.
https://arstechnica.com/tech-policy/...-proposed-law/





Failed by Facebook, We’ll Return to the Scene of the Crime. We Always Do.
Andrew Ross Sorkin

As Mark Zuckerberg, Facebook’s co-founder, begins two days of testimony on Capitol Hill, where he will undoubtedly face withering criticism over his site’s handling of user data, millions of people will spend the day the way they always do: scrolling through their News Feeds, sending each other messages and “liking” posts, oblivious to any privacy concerns.

The reality is that when it comes to privacy, the trade-off has already been made: We decided long ago to give away our personal information in exchange for free content and the ability to interact seamlessly with others.

With the latest disclosure about Facebook’s data missteps — that the personal information of some 87 million users had been improperly harvested and shared with a British analytics firm — politicians can scream from the rooftops about privacy, and they should. But the public has proved over and over again that it doesn’t care.

The evidence is all too clear: After just about every big privacy hack over the past decade, people quickly returned to scene of the crime, using the same store or online site that had been compromised. Remember the massive breaches at Home Depot, Target and Yahoo? The number of consumers who never went back is minuscule.

Perhaps Facebook’s latest privacy scandal — combined with its role in the spread of false news and in foreign interference in United States elections — will be a turning point in consumer behavior. But if history is any guide, we won’t do anything differently, unless regulators take steps to save us from ourselves.

For all the head-scratching and criticism over Facebook’s slow response to various breaches and privacy fiascos, it wasn’t completely irrational. The incentive for companies to go to great lengths to protect our data — with the exception of banks and financial firms — just isn’t there.

Benjamin Dean, the president of Iconoclast Tech, a technology consulting firm, and a former fellow in cybersecurity and internet governance at the Columbia School of International and Public Affairs, has studied some of the biggest data hacks, poring over companies’ financial records before and after a breach. The financial pain they experienced was small, he found.

“The actual expenses from the recent and high-profile breaches at Sony, Target and Home Depot amount to less than 1 percent of each company’s annual revenues,’’ he wrote in a 2015 article titled “Why Companies Have Little Incentive to Invest in Cybersecurity.’’ “After reimbursement from insurance and minus tax deductions, the losses are even less.”

When Google first introduced Gmail in 2004, this newspaper raised questions about the prospect of users objecting to a service that displayed advertising to them based on the content of their email: “For many, the bottom line appears to be that sifting through personal email with an eye toward making a sale is beyond the pale.”

Well, now more than 1.2 billion people have active accounts with Gmail, a service whose entire business model rests on Google being able to sift through your private messages. Apparently, it wasn’t beyond the pale.

For consumers, the transaction has always been pretty clear: The convenience of free service in exchange for information that allowed advertisers to specifically target us. The distinction in that equation was motivation; we figured our data was being used by benign companies seeking to sell us that pair of sneakers we wanted, not by bad actors trying to influence our political votes — or incite violence in places like in Myanmar.

None of this is to suggest that Facebook handled these situations properly; it clearly did not. And over the past week, Mr. Zuckerberg has repeatedly said as much to just about anyone who would listen.

The problem is that Mr. Zuckerberg has been apologizing for years for all sorts of breaches of trust with his “community.” And guess what? After each mea culpa, the Facebook community has grown.

Notwithstanding the #DeleteFacebook campaign, the only way companies are going to change the way they protect our data is if users abandon them — or if regulators step in.

Perhaps the biggest obstacle to behavioral change — besides our insatiable desire for all things “free” — is that it is unusual for most consumers to truly feel the effects of a massive data breach. For most people, it’s a theoretical problem — the way some people view climate change or the growing national debt.

The people who are most directly affected by privacy breaches are those who have had money stolen or whose email was exposed. But in huge data breaches, those people are a statistical anomaly.

Amy Pascal, the former of top film executive at Sony Pictures, has an authentic claim to being a victim of a data breach; she suffered national embarrassment when her emails were revealed, and she later lost her job. John D. Podesta, Hillary Clinton’s campaign chairman in 2016, also had his email compromised, to deleterious effect.

But most people don’t feel it.

Over the weekend, I asked users on Twitter whether they had deleted their Facebook accounts or reduced their activity on it. Nearly 700 users replied. For every one saying they were spurning Facebook, there were more saying they were continuing to use it.

“Understand nothing in social media is truly private and recognize that in most areas of life someone is trying to sell you something or affect your behavior,” one user wrote. Another wrote: “People love the service they get from Facebook but forget nothing is free. We pay for using it by providing our demographic and personal information so that they can sell ads to businesses to better understand and target us. We benefit by getting more relevant ads sent to us.”

And while a number of people said they were distancing themselves from Facebook, they cited not only privacy concerns but said the service had become less relevant to them.

In 2010, Mr. Zuckerberg was asked about privacy during an interview. His answer reflected where we are right now.

“People have really gotten comfortable not only sharing more information — and different kinds — but more openly with more people,’’ he said. “And that social norm is just something that’s evolved over time. And we view it as our role in the system to constantly be innovating and updating what our system is, to reflect what the current social norms are.”

Unless our social norms change, Facebook and other sites probably won’t, either.
https://www.nytimes.com/2018/04/09/b...book-data.html





Survey Claims that 9% of Facebook Users have Deleted their Accounts
Yoni Heisler

While Facebook has endured a number of scandals over the past few years, the fallout and controversy stemming from the Cambridge Analytica saga undoubtedly represents the biggest public relations challenge the social networking giant has ever faced. Speaking to the gravity of the situation, Facebook CEO Mark Zuckerberg traveled down to Capitol Hill this week where he fielded pointed questions from lawmakers about data privacy and a range of other issues.

With the outrage surrounding Facebook’s privacy policies reaching a fever pitch over the past few weeks, there has been something of an underground movement calling for users to delete their Facebook account altogether. To this point, you may have seen the DeleteFacebook hashtag pop up on any number of social media platforms in recent weeks, including, ironically enough, on Facebook itself.

While Zuckerberg last week said that the company hasn’t seen a meaningful drop off in cumulative users, a new survey from Creative Strategies claims that 9% of Americans may have deleted their accounts.

The report (via TechPinions) reads in part:

“Privacy matters to our panelists. Thirty-six percent said they are very concerned about it and another 41% saying they are somewhat concerned.

Their behavior on Facebook has somewhat changed due to their privacy concerns. Seventeen percent deleted their Facebook app from their phone, 11% deleted from other devices, and 9% deleted their account altogether. These numbers might not worry Facebook too much, but there are less drastic steps users are taking that should be worrying as they directly impact Facebook’s business model.”

The 9% figure seems impossibly high as it would mean that of Facebook’s estimated 214 million users in the United States, 19.2 million deleted their account over the past few weeks alone.

Truth be told, we’ll probably have to wait until Facebook’s forthcoming earnings report in order to get a more accurate gauge as to how the ongoing controversy enveloping the company has impacted its user base.
http://bgr.com/2018/04/12/delete-fac...dge-analytica/






After Cambridge Analytica, Privacy Experts Get to Say ‘I Told You So’
Nellie Bowles

Doc Searls met with a group of fellow internet privacy experts one recent afternoon here at the Computer History Museum. On a whiteboard were the words “OUTRAGE” and “MAKE HAY” — capitalized, underlined and surrounded by lines jutting in all directions like a cartoon “BOOM!”

For the first time in years, their field of expertise was front and center. Facebook had just come under intense scrutiny over how the political data firm Cambridge Analytica had improperly harvested the information of up to 87 million its users.

Seated in a wide circle of folding chairs, members of the group excitedly discussed what they could do next.

“A lot of geeks in the world are looking at Facebook as a redwood that’s starting to fall,” said Mr. Searls, whose given name is David and who created ProjectVRM, a program at Harvard University’s Berkman Klein Center for Internet & Society that seeks to empower internet users to protect personal privacy. “They’re saying, ‘O.K., it’s barn-raising time.’ ”

The scandal swirling around Facebook and Cambridge Analytica has begun to usher in a new era for this once-ignored community of privacy researchers and developers. After years of largely disregarding their warnings about exactly what companies like Facebook were doing — that is, collecting enormous amounts of information on its users and making it available to third parties with little to no oversight — the general public suddenly seemed to care about what they were saying.

The outcry over data privacy has been so strong that it pushed Mark Zuckerberg, Facebook’s chief executive, into testifying on Capitol Hill this week over the company’s failures to protect users’ information. Protesters rallied outside the Capitol during his testimony. Someone even arrived at a hearing dressed as a Russian troll.

In their own lives, privacy experts are now fielding a spike in calls from their relatives asking them for advice about protecting their personal data. Engineers are discussing new privacy projects with them. Even teenagers are paying attention to what they have to say.

For many developers, this is the right time to push ahead with testing more privacy solutions, including more advanced advertising blockers; peer-to-peer browsers that decentralize the internet; new encryption techniques; and data unions that let users pool their data and sell it themselves. Others want to treat tech giants more as information fiduciaries, which have a legal responsibility to protect user data.

And for the first time, many privacy experts think internet users will be more willing to put up with a little more inconvenience in return for a lot more privacy.

“This is the first blink of awakening of the world to a danger that’s been present for a long time, which is that we are exposed,” Mr. Searls said. “Cambridge Analytica is old, old news to privacy folks.”

John Scott-Railton, who researches digital rights and privacy at the Citizen Lab at the University of Toronto, said he recently thought back to all the PowerPoint presentations and papers he had given and seen that cautioned about how third parties might access and abuse user data.

“It didn’t stick until now,” he said. “Now it’s changed, or at least people nod along when we talk about it.”

Neema Singh Guliani, legislative counsel at the American Civil Liberties Union, recalled the organization’s years of efforts to get Facebook to monitor how third parties were using data. Yet few paid attention at the time, even though the group specifically called out Facebook’s quizzes in 2009. (Cambridge Analytica used a third-party quiz app from an independent researcher to harvest Facebook users’ data.)

The social network has said it will investigate many third-party apps that have had access to large amounts of users information. Nonetheless, the A.C.L.U. is pushing for users to have tighter control over what Facebook apps can do and arguing that Facebook ought to audit its developers. The organization also believes that more privacy protections should be enshrined in law.

“We’re having the conversation now that we should have had over a decade ago,” Ms. Singh Guliani said.

Some privacy experts are prepared for disappointment. There have been privacy scandals before that did not lead to sea changes. For example, Google once collected private Wi-Fi information as it was building out Google Maps. The ensuing outrage did not have a lasting effect on the Silicon Valley company’s vast data collection effort.

But this Facebook scandal seems to be enduring even in the new frenetic news cycle.

“This has kept the national attention for what: three or four weeks now?” said Allie Bohm, policy counsel at Public Knowledge, a nonprofit in Washington that promotes an open internet. “It really feels like, hey, we could get some stuff done.”

One reason it has always been hard to get consumers interested in security and privacy is that the harms were vague and hard to understand. With Facebook and Cambridge Analytica, the harms are identifiable and frightening, said Ashkan Soltani, an independent researcher specializing in privacy and a former chief technologist of the Federal Trade Commission.

“Much like a car accident, the harms on social media are low-probablility events with extremely variable outcomes,” he said. “ ‘So what if my boss saw me doing a keg stand?’ But all of a sudden the ‘so what if’ becomes more serious — ‘I get denied insurance or my information is used by a nation state actor to manipulate me.’ ”

Cambridge Analytica’s work, which included using Facebook data to build psychological profiles of voters, tapped into an anxiety many Americans already had over the outcome of the 2016 presidential election.

“This one stuck because it was Trump, and we’re looking for someone to blame,” said Bruce Schneier, a cryptographer who runs the Schneier on Security blog and wrote “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.” “If Hellmann’s mayonnaise did this, we’d be impressed.”

Privacy experts said this shift in public opinion was what they had been waiting for, because it is the only way to bring about change. Facebook will not willingly change its policies without pressure from shareholders or regulators, they added.

Historically, public opinion is “the crucible” for era-defining industry change, said Shoshana Zuboff, a professor at Harvard Business School and the author of a forthcoming book about tech platforms and power.

“If you go back to the rapaciousness and lawlessness of Gilded Age capitalism, it was the slow burn of public opinion that gradually gathered force and ultimately became the driving force that provided cover for dramatic new legislative and regulatory efforts,” she said. “Public opinion gave the Gilded Age a beginning, a middle and an end.”

For Rohit Ghai, president of the cybersecurity firm RSA, whose SecurID technology has become an industry standard for companies protecting access to their internal systems, the change is evident even inside his home in San Jose, Calif.

He previously tried to talk to his 13-year-old daughter about data privacy and social media — even providing examples of how much the tech companies know about people and what they can do with that information. She shrugged him off.

Then the Cambridge Analytica revelations happened. For once, Mr. Ghai said, his teenager came to talk to him.

“She just asked me about Mark Zuckerberg,” he said. “That’s a sign.”
https://www.nytimes.com/2018/04/12/t...-facebook.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

April 7th, March 31st, March 24th, March 17th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 04:37 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)