P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 01-10-14, 08:08 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - October 4th, '14

Since 2002


































"I remember thinking that they were a hero. That was my first bootleg moment." – Hana Beshara


"Chill dude, I bought these in Vancouver. You can too." – Michael Hallatt






































October 4th, 2014




UK Legalises Music, Film and E-Book Back-Ups
Leo Kelion

A law has come into effect that permits UK citizens to make copies of CDs, MP3s, DVDs, Blu-rays and e-books.

Consumers are allowed to keep the duplicates on local storage or in the cloud.

While it is legal to make back-ups for personal use, it remains an offence to share the data with friends or family.

Making such copies - including ripping CDs to iTunes - had previously qualified as copyright infringement, although cases were rarely prosecuted.

The changes were detailed in June, when the Intellectual Property Office (IPO) issued guidance, but had not come into effect until now.

"These changes are going to bring our IP [intellectual property] laws into the 21st century," said the minister for Intellectual Property, Baroness Neville-Rolfe.

"They will mean that the UK IP regime will now be responsive to the modern business environment and more flexible for consumers."

The change to the law also allows the parody of copyright works. Previously, there has been a risk of being sued for breach of copyright if clips of films, TV shows or songs were used without consent.

DRM remains

There are limits to the change of rules.

For instance, while consumers can copy any CD they own and use one version in the car and another at home, they cannot later sell on the original disk if they retain the duplicates of it or MP3 conversions of its songs.

Users are not allowed to make recordings of streamed music or video from Spotify and Netflix, even if they subscribe to the services. Likewise, they cannot rip a rented Blu-ray, video game, e-book or other file.

And while it is legal to change a purchased TV download, movie file or e-book from one format to another, retailers including Amazon, Apple and Google are still allowed to include digital rights management software that makes this hard to achieve.

"The law does not say that things have to be un-DRM-ed," said Alice Enders, from the media consultancy Enders Analysis.

"If anything the pressure will increase - content owners will become more concerned about selling products to consumers that isn't 'wrapped.'

"They don't want their works to be copied without compensation. They want to either sell it, or rent it to you or get you on a subscription. No money comes from a copy."

She noted that unlike in most European countries, content creators were not being compensated by the UK for the extra rights.

Many EU nations place a levy on sales of recordable media - such as blank DVDs, memory cards and hard disks - and some also add a charge to MP3 players and video recorders, with the proceeds passed on to the media industry.
http://www.bbc.com/news/technology-29448058





Apple Will Face $350M Trial Over iPod DRM

Apple's DRM schemes have been long disliked by activists. But are they illegal?
Joe Mullin

Apple will soon have to face a trial over accusations it used digital rights management, or DRM, to unlawfully maintain a lead in the iPod market, a federal judge has ruled. The plaintiffs' lawyers, representing a class of consumers who bought iPods between 2006 and 2009, are asking for $350 million.

Last week, US District Judge Yvonne Gonzales Rogers gave the green light to sending a long-running antitrust lawsuit against Apple to trial. Plaintiffs in the case say that Apple used its FairPlay DRM system to "lock in" its customers and make it costly to switch to technology built by competitors, like Real Networks. They describe how Apple kept updating iTunes to make sure songs bought from Real's competing digital music store couldn't be used on iPods. As a result of this lock-in, Apple was able to overcharge its customers to the tune of tens of millions of dollars.

At an earlier hearing, Apple's lawyer claimed the plaintiffs don't have "any evidence at all" showing harm to customers from the FairPlay DRM. The Robins Geller lawyers representing the class said they had thousands of complaints from consumers who were upset because they couldn't play non-iTunes songs on their iPods.

Now, the pressure will be on Apple to either strike a deal or face a team of lawyers looking to put a nine-figure damage demand in front of a jury. Trial is set for November 17 in Oakland, California.

Remember iPods?

The claims in the case harken back to a time when iPods and the iTunes music store were fast becoming the center of Apple's business. In 2004, Real Networks launched a new version of RealPlayer that competed with iTunes. Real made songs from its own digital music store mimic Apple's FairPlay system so that music bought from Real could play on iPods. They called the compatibility feature "Harmony."

Apple responded with an update in 2004 that, among other things, stopped Harmony dead in its tracks. Software brinksmanship took hold, as Real updated its compatibility software, and in 2006 Apple introduced iTunes 7.0, another update that blocked Real.

In this lawsuit, plaintiffs are claiming the anti-Harmony measures in iTunes 7.0 broke antitrust laws, because it had the effect of illegally raising the price of iPods. Users were continually forced to either stop playing any songs they had bought from the Real store, or convert them to a non-DRM format, for example by burning the music to CD and then ripping the CD to their computer.

That produced "lock-in" to the iTunes environment and increased consumers' "switching costs," the plaintiffs argue.

Apple countered that there was no evidence its "pricing committee" even took Real or its Harmony system into account when it set iPod prices. It also noted that Real had less than 3 percent of the online music market in 2006, when Apple released iTunes 7.0

But that didn't persuade Gonzales Rogers to exclude a key expert's testimony, which is what Apple would have had to do to avoid this trial.

Dueling economic theories

Apple's lawyers tried to nix the trial by challenging the evidence brought forth by the plaintiffs' expert, a Stanford University economics professor named Roger Noll. But in her most recent order, Gonzales Rogers saw no reason to throw out Noll's opinions, which "derive from transactions supplied by Apple itself," she noted.

The iPod maker said that Noll's theories about overcharges weren't applicable to its policy of uniform pricing. "However, the record contains non-trivial evidence that the actual prices charged were not in fact uniform and that pricing decisions may have incorporated factors above and beyond Apple's preference for so-called "aesthetic" prices," wrote Gonzales Rogers.

The issue isn't whether Noll's opinions are correct, but whether they meet a legal threshold as admissible evidence, the judge stated. She found they did, as Noll's work is "the product of a generally accepted method for demonstrating both the fact and the amount of antitrust damages."

"We're delighted that we're finally able to present the case to a jury," class lawyer Bonny Sweeny told The Recorder, which reported on the ruling earlier this week. Apple didn't respond to a request for comment.

The litigation is nearing trial after nearly a decade of back-and-forth. US District Judge James Ware ruled for Apple in an initial version of the case, finding there was nothing illegal about installing software that made their product incompatible with competitors. The plaintiffs returned in 2010 with a new complaint, focused on RealNetworks' specific work-around for the Apple DRM and Apple's counter-attack, adding new DRM to thwart the RealNetworks solution. Ware retired in 2012, and the case moved to Gonzales Rogers.
http://arstechnica.com/tech-policy/2...over-ipod-drm/





Judge Rules Against Grooveshark in Copyright Infringement Case
Ben Sisario

In the music industry’s second big legal victory in a week, a federal judge in New York ruled on Monday that Grooveshark, an online music service long vilified by the major record companies, infringed on thousands of their copyrights.

Like Napster, LimeWire, Grokster and other online outlets before it, Grooveshark came under fierce attack from the recording industry for hosting music files without permission. Grooveshark — based in Gainesville, Fla., and identified in court papers by its parent company, Escape Media Group — makes millions of songs available for streaming.

Yet despite numerous legal challenges, the service continued operating and building a huge audience in the years before the arrival of Spotify and other streaming outlets, which operate with the permission of record companies and music publishers. By 2011, Grooveshark — which has licenses for some of its music, but not all — claimed to have 35 million users and was attracting advertising from major brands like Mercedes-Benz and Groupon.

Grooveshark’s defense has long been that it is legal under the Digital Millennium Copyright Act, the federal law that protects websites that host third-party material if they comply with takedown notices from copyright holders.

But on Monday, granting summary judgment in a case filed in 2011 by the three major record companies, Judge Thomas P. Griesa of United States District Court in Manhattan ruled that Grooveshark was liable for copyright infringement because its own employees and officers — including Samuel Tarantino, the chief executive, and Joshua Greenberg, the chief technology officer — uploaded a total of 5,977 of the labels’ songs without permission. Those uploads are not subject to the “safe harbor” provisions of the Digital Millennium Copyright Act.

“Each time Escape streamed one of plaintiffs’ songs recordings, it directly infringed upon plaintiffs’ exclusive performance rights,” the judge wrote in his opinion.

The judge also found that the company destroyed important evidence in the case, including lists of files that Mr. Greenberg and others uploaded to the service.

The next step of the case will be to set damages, and the possibility of a multimillion-dollar ruling against Grooveshark puts the service’s future in doubt. When asked for a comment about the summary judgment decision, John J. Rosenberg, a lawyer for Grooveshark, said, “The company respectfully disagrees with the court’s decision and is currently assessing its next steps, including the possibility of an appeal.”

Grooveshark is also still facing two other copyright suits filed by the music industry, one in New York federal court and one in state court, also in New York.

Last week, in a closely watched case having to do with pre-1972 recordings, a federal judge in California ruled that the satellite broadcaster Sirius XM was liable of copyright infringement for playing songs by the 1960s band the Turtles (“Happy Together”) without permission, under California state law.

The damages in that case have not been set, but it has been seen as pivotal in a wide-ranging effort by record companies and artists to collect royalties on older recordings.
http://www.nytimes.com/2014/09/30/bu...ment-case.html





Streaming Music Swiping Sales from Music Downloads

Revenue for digital music held steady in the first half of the year, but streaming services appeared to get richer at the expense of downloads, according to data from the RIAA.
Joan E. Solsman

When US consumers opened their wallets for digital music this year, they swapped out downloads for streaming, according to data on music sales from the Recording Industry Association of America.

US revenue for streaming-music services rose 28 percent to $859 million in the first half of the year, compared with $673 million in the year-earlier period. The category included subscription services like Spotify and Apple's Beats Music, streaming radio like Pandora and Sirius XM and on-demand services like Vevo or YouTube. Meanwhile, digital downloads -- like the singles and albums sold on Apple's iTunes -- dropped 12 percent to $1.3 billion in the first six months of the year.

Overall, the total value of digitally distributed formats was $2.2 billion, essentially the same as a year earlier.

The data underscores an ongoing tectonic shift in the music industry, in which decades of doing business based on per-song/per-album transactions (for either digital music or CDs, vinyl or tape) are giving way to a world where music is increasingly sold like a utility: Pay a subscription fee or sit through ads, and you get digital access to a seemingly limitless stream of songs.

RIAA data showed streaming services making up a bigger slice of the pie of the industry's sales total. Streaming contributed 27 percent of total industry revenues in the first half, compared with 20 percent a year earlier. In 2007, these services were 3 percent of the total.

One of the most popular segments of digital music in the first half was on-demand, ad-supported streaming -- think Spotify's free version. The category grew 57 percent, though it remained still relatively small at $165 million in revenue.

Paid subscription services, like Spotify Premium, Rhapsody or Beats Music, were up 23 percent to $371 million. RIAA said the number of subscriptions jumped to 7.8 million from 5.5 million at the same time last year.

Physical sales, for CDs and the like, continued to slide, down 14 percent in the first half to $898 billion. The ongoing decline of physically sold music is nearing a key inflection point where streaming eclipses it in revenue -- in the latest period, physical revenues were 28 percent of the total, compared with streaming's 27 percent.
http://www.cnet.com/news/streaming-m...sic-downloads/





Why the Adam Sandler Deal with Netflix Could Doom Theaters
Cecilia Kang

Not coming first to a theater near you: four new movies starring comedian Adam Sandler and a sequel to the action blockbuster “Crouching Tiger, Hidden Dragon.”

Instead, Netflix said this week it will make the Sandler movies and release them to its online subscribers, with no plans to show them widely in theaters.

The move has the potential to disrupt the business food chain that has fed Hollywood for decades. First dibs on a big, splashy movie always went to theaters. After that, a film traveled through a rigid schedule of staggered releases on DVD, cable television and then online services such as Netflix and Amazon Instant Video.

Netflix is seeking to flip that formula by controlling the process, from the writing of the script to the consumer experience of the premier. That not only takes aim at the underpinnings of the movie business, but also could help Netflix’s quest to be counted among established movie studios. To date, no technology company has had the cachet to draw elite movie stars in Hollywood and the means to distribute their films directly to consumers.

Although the announcement involved just a few movies, the news immediately turned heads in the entertainment industry.

Theater companies sharply criticized Netflix this week, as well as the Weinstein Co., which swung the deal for the “Crouching Tiger” sequel. Several of them threatened to boycott any film that appears on Netflix first.

Regal Cinemas said it will “not participate in an experiment where you can see the same product on screens varying from three stories tall to three inches wide on a smartphone.”

“We believe the choice for truly enjoying a magnificent movie is clear,” said Russ Nunley, spokesman for Regal Cinemas, which operates 7,341 screens in 573 theaters in the United States.

Theater companies have long worried that improving options in the living room would keep consumers at home. But those technologies — television, VHS recorders, DVD players and big- screen TVs — haven’t significantly eroded ticket sales.

But Netflix and other video streamers have developed technology to reach consumers in new ways while evolving into studios in their own right.

Some moviemakers are embracing the rise of such video streamers, which gives them more distributors to bid for their content. As long as their films get out to the biggest audiences, the content producers say it doesn’t matter whether their work is viewed on a smartphone or a high-definition, 3-D screen with Dolby surround sound.

“The moviegoing experience is evolving quickly and profoundly, and Netflix is unquestionably at the forefront of that movement,” said Harvey Weinstein, co-chairman of the Weinstein Co. His company is producing “Crouching Tiger, Hidden Dragon: The Green Legend,” to be released on Netflix and a select number of Imax theaters. The original made $213.5 million at the global box office.

Wade Holden, an analyst at media research firm SNL Kagan, said independent filmmakers and smaller studios will be open to direct distribution deals with Netflix, Amazon and other online services. They are struggling to get their films released in theaters that are dominated by massive franchise movies from Disney and Warner Bros., such as “Guardians of the Galaxy” and “The Lego Movie.”

“For content producers, these opportunities by Netflix and others are good for them. They want to see what happens on these platforms, and this is definitely a new way to get revenues,” Holden said.

The bigger studios, however, have benefited from their relationships with theater owners, he said.

“What’s interesting about ‘Crouching Tiger,’ though, is that it is a sequel to a huge title, which is something we haven’t seen done before by a company like Netflix,” Holden said.

Netflix executives said they pushed to produce films because they often had to wait up to 18 months after a movie’s release before they could buy the rights to put it in their library. Costs were rising for those rights, too.

“The existing business models for movies are hugely frustrating for today’s on-demand consumer,” Ted Sarandos, Netflix’s chief of content, said in a phone interview. “Everyone has a big stake in the status quo, and incumbents don’t like change.”

Netflix didn’t release the financial terms of its deal with Sandler, a comedian whose movies have been among the most watched — and repeatedly watched — in Netflix’s library, the company said. The company also didn’t provide details about the movies or their release schedule.

But Sarandos, who met Sandler through mutual friends, said the deal came together easier and faster than he expected.

“He connected with it right away; he was engaged and we moved quickly,” Sarandos said. “He knows home-watching of his movies has created a relationship with audiences. They go to the movies. They are watching at home and watching again.”

Netflix has been at the forefront of several shifts in entertainment — first taking down Blockbuster and other video stores and then roiling the television industry by giving consumers a good-enough alternative to expensive cable packages. With 50 million subscribers paying about $9 a month, Netflix has far more customers than the nation’s largest cable company, Comcast.

“Netflix has a lot of money to play around with, so it is no surprise that they are trying to generate more original content, including movies, because that puts them in the driver’s seat,” said Phil Contrino, vice president and chief analyst for Box#office.com, a movie research firm.

Sandler, 48, who will produce and star in the Netflix films, is the company’s latest celebrity-driven deal. Last year, it signed a deal to launch a talk show for Chelsea Handler this month.

Sandler’s reaction to the deal gave viewers a taste of what’s to come.

“When these fine people came to me with an offer to make four movies for them, I immediately said yes for one reason and one reason only. . . . Netflix rhymes with Wet Chicks,” he said in the Netflix news release. “Let the streaming begin!!!!”
http://www.washingtonpost.com/busine...6a0_story.html





The Man Who Smuggles Traders Joe’s Into Canada
Rosie Cima

There is no Trader Joe's in Canada.

Imagine -- maybe you don’t have to -- you’re Canadian. You’re at a dinner party, and the host has put out a bowl of the best snack you’ve ever had. Love at first bite, and it’s going fast. Soon enough, your fingers graze the bottom of the bowl and you realize that the end is nigh. You master your panic.

"Host,” you chime. “Who makes these chocolate caramel peanut butter mango pretzel chip things?” You wait with bated breath and weird, crumb-covered lips.

“Trader Joes,” he replies, and your heart shatters. This dinner party is in Vancouver. A trip to the nearest Trader Joe’s in Bellingham, Washington costs hours in travel, and in line waits both at the border and in the crowded store. Just thinking about it causes the snack, once so sweet and savory, to turn acrid on your tongue.

Your host notices your grimace and chuckles. “Chill dude,” he says, with smiling eyes. “I bought these in Vancouver. You can too.”

Your mind wrestles with the information, “There’s a Trader Joe’s in Vancouver, now?”

“No, there’s a Pirate Joe’s in Vancouver.”

What unfolds then is a tale of entrepreneurship, adventure, legal turmoil, and something called “the grey market.”

A Pirate’s Life

Meet Michael Hallatt, itinerant adventurer and a man of many trades. Lithe and grey-eyed, kind and intense, he speaks quickly -- leaping from story to joke to political opinion and onto the next revolution, woebetide those who can’t keep up. He’s been a designer, a baker, a programmer, a carpenter, a filmmaker and – for the past two and a half years -- a “pirate” importing Trader Joe’s foods across the US/Canadian border.

Hallatt first developed his taste for Trader Joe's back in 2000. He had been working for AskJeeves and living in Mill Valley – a “food snob” town in the San Francisco suburbs, and not quite Trader Joe’s territory. But when the Internet Bubble burst, he got out of software and bought a fixer-upper house in blue-collar Emeryville.

“I was living on the construction site and pinching pennies,” he tells us. “I’d go to the nearby Trader Joe’s and fill up a shopping cart with frozen tamales and enchiladas. I lived off of that.”

“I ended up falling in love with someone, and our daughter was basically conceived on tamales.” His partner was from Vancouver, so they eventually ended up leaving the house Hallat built – now called “the Buddhahouse” -- and moving back to his native Canada.

“All of a sudden my life was in a place where I needed a day job,” Hallatt said. “I knew that probably meant being a middle manager at a software place, and I’d done that already.

“Or,” he suggested, “I had to start something!” He found himself reminiscing for his career pre-software, and the bagelery he dropped out of design school to open in the 1980’s. He also found himself “jonesing for some TJ’s,” so he made the trek to Bellingham.

“The place was full of Canadians,” Hallatt said, “and I’m a bit of a stranger talker.” A big topic of conversation in the checkout line was why the Canadians had to come all this way to get their Trader Joe’s fix. Somebody mentioned a lady in Point Roberts (a US city that is contiguous with mainland Canada), had set up a home delivery service that stocked a few private label items, which got Hallatt thinking.

By the time he got to the register, Hallatt had conceived Pirate Joe’s. He would start buying large quantities of Trader Joe’s products in the US and importing them to Canada. Large quantities -- enough to stock a physical store. He’d make regular border runs to keep the inventory fresh, and mark up the products to cover rent and operations. Voila! Canadians would get their Trader Joe’s products without the trek, Trader Joe’s would get a “presence” in Canada without the legal hassle, and Hallatt would get a pretty funky “day job” where he was the boss.

That trip was also when he met “Chris”, who said he was the manager of the Bellingham store. Chris would help him out, because supplying Hallatt would be a huge boon for the Bellingham store’s sales.

“It took us six months to figure the whole thing out,” Hallatt said.

For one thing, he decided he needed a storefront. He bought a Romanian Bakery, and fixed up the roof and left up the sign. “It was clunky, he said, but a great find on the outside. It looked like the funkiest coolest weirdo from another age,” he said. “Who was I to tear it down? It was a tribute to the soul of the place.” ‘Transylvania Peasant Bread’ became ‘Transylvania Trading Company’ – which was to be his store’s first front.

It was important to Hallatt to import his stock legally. Because of NAFTA, Hallatt was able to get most of his goods North duty-free, but he had so much to declare that he wrote a program to generate a barcode to summarize his haul. “Of course, the system broke right away,” Hallatt said. The barcode wouldn’t scan. “I was stuck at the border, with a trailer, in the winter, on a shoestring.”

In order to sell the items in Canada, he also had to print out new nutrition labels for each of them that met Canadian regulations. He devised a system, then drove to Bellingham and bought one of everything to test it. “The cashiers co-operated. They knew what I was doing so it was an easy checkout -- instead of going through the cart they just charged me for one of everything.”

Hallatt took a lot more trips to Bellingham in those six months. Every time, Chris would be at the store, waiting for him and egging him on.

“At some point I asked, ‘Well what if corporate finds out?’” Hallatt said. “And Chris said, ‘They’re too stoned to find out.’”

Chris, it turned out, was the junior manager of the store, not the head honcho running the location. Hallatt discovered this the hard way.

The first full haul was seamless, and the Transylvania Trading Company successfully opened its doors on January 1, 2012. They got a slow trickle of confused customers -- some of whom were very quickly enthused once they discovered what the store had to offer. But the second haul, Chris’ boss – the Bellingham senior manager – came out to ask a few questions. The senior manager called corporate for guidance, which is how, his second week in business, Hallatt was banned from his first Trader Joe’s.

“So I just started buying stuff out of Seattle,” he said, nonchalantly. “There's more stores and more selection there, anyways.”

Trader Joe’s sent Hallatt a cease and desist letter; he put it up in the window and went on with business. From then on, things proceded pretty quietly for a while. Pricing took some time to figure out (today, it’s still not an exact science: Hallatt marks up the “luxury” items more to subsidize the basics). The store relocated to another address also in Vancouver. New clientele heard about the store by word-of-mouth, and staff instructed customers to keep the operation on the down-low.

Every once in a while a journalist would get his or her hands on the story and cause a minor uproar. One of these journalists nicknamed the store “Pirate Joe’s”, and it stuck – “it ended up being convenient shorthand for our tagline: ‘unauthorized, unaffiliated, and unafraid.’” Hallatt hired shoppers across the border to help him with runs, (“I can’t hire Canadian because it requires a work Visa, turns out.”). Sometimes specific shoppers got banned from specific stores, which just meant they had to rotate to a new beat.

This went on for about a year and a half. Then, in May of 2013, Trader Joe’s sued Michael Hallatt.

The Grey Area of the Grey Market

Back when Hallatt was just forming the idea for Pirate Joe’s, there was one thing he heard a lot of: “You’re gonna get sued.” This came from everybody he talked to -- from friends telling him, “this is absolutely insane” and hysterically trying to shout him down, to friends level-headedly and gently suggesting, “ah, dude, why don’t you just find something else to do?”

But Hallatt was determined, so he did a little research. One term that kept turning up was grey market.

Pirate Joe’s isn’t technically engaging in piracy. The stock isn’t stolen (Hallatt pays retail to Trader Joe’s for all his stock), counterfeit (Hallatt’s products are advertised as Trader Joe’s products, and are in fact Trader Joe’s products), nor technically smuggled (Hallatt declares his haul at customs, and he doesn’t stock alcohol -- which is especially regulated). But Pirate Joe’s is dealing in a grey market, or the trade of a product outside of its official, authorized distribution channel. Authorized goods are white market, illegal goods are black market; grey market goods are somewhere in between.

A classic example of a grey market is the online retail of electronics equipment. Suppliers will set different prices for the same product in different regions, but an online customer can opt to import a product from a cheaper region if he or she choses. For example, this Nikon lens costs $839 as a grey market import, and $899 from the official US distributor – from the same online retailer, which also provides free expedited shipping for both items.

Selling products acquired through “unofficial” channels is something that many respectable retailers do in the open, without necessarily incurring the legal wrath of their suppliers. Hallatt even discovered that Joe Coulombe himself – the original owner and CEO of Trader Joe’s, which is now controlled by the German owners of a discount supermarket chain – defended his decision to sell grey market stock in the 1980’s. According to a 1988 article in the LA Times, in 1985 Trader Joe’s sold bottles of Dom Perignon for $33 a pop -- about half its price at many other stores:

“’It was stupid to buy from official sources,’ said Joe Coulombe, chairman of Trader Joe’s, which used to buy all its French champagne from gray market sources. ‘We sold millions of dollars of stuff.’”

Hallatt says he still has a lot of respect for Trader Joe’s, and “what they’re trying to do with food.” He still says he’s running the store out of love for the label, and, he says, finding Coulombe’s quote is one of the things that made him persevere through the lawsuit.

Hallatt also learned that a lot of grey market entrepreneurs had battled regulation and won. One college student in particular had his friends in Asia send him many copies of textbooks, which he then resold to an American clientele on eBay, netting an estimated $100,000 in profit. The textbook publisher took him to court, and the student fought back, claiming he was protected by the first sale doctrine, which NPR summarized as, “once you buy a product, it is yours to do with as you please.”

The case made it to the Supreme Court, which ruled in the student’s favor. From Justice Breyer’s reading of the court opinion:

“We ask whether the ‘first sale’ doctrine applies to protect a buyer or other lawful owner of a copy […] lawfully manufactured abroad. Can that buyer bring that copy into the United States (and sell or give it away) without obtaining permission to do so from the copyright owner? Can […] someone who purchases […] a book printed abroad subsequently resell it without the copyright owner’s permission?

In our view, the answers to these questions are, yes.”

The decision came just months before Trader Joe’s sued Hallatt.

Pirate versus Goliath

Once he knew where to look, Hallatt called some lawyers who specialized in grey market law for a free consult. One of the things the lawyers turned up was that Trader Joes had a history of suing people for infringing on their trademark.

But the thing is, even knowing of Trader Joe’s legal history, the lawyers didn’t all shut him down. “One guy said,”Hallatt reported, dropping his voice to a whisper to quote the attorney, “‘You can totally do this. I normally crush guys like you but you can totally do this.”

Another pair of lawyers argued about it until they came to an impasse. “There were a few beats of silence,” Hallatt said, “and then one of them said, ‘You should take fact that we can’t say ‘no’ as a really good sign.’”

“But then they wanted a retainer to stay on and keep me from getting sued, and I didn’t have the money for that!” Hallatt said, laughing.

When he did get slapped with a lawsuit, he “thanked God” he had valid business insurance – which is how he’s afforded his legal fees.

Last December, the case was dismissed with prejudice – Hallatt won. Trader Joe’s is appealing, of course.

The biggest issue with the lawsuit was that Pirate Joe’s is in Canada, and Trader Joe’s, and their lawsuit, were not. The exact language in the case:

“Plaintiff does not state a claim upon which relief can be granted because the [Washington laws] do not apply where no Party is a Washington resident, all allegedly wrongful conduct occurs out of state, and any harm to Washington residents is extremely tangiential if existent.”

This leaves Pirate Joe’s in a reverse catch-22 -- the court says Trader Joe’s doesn’t have a claim if they don’t have a presence in Canada. If Trader Joe’s ever opens a Canadian store, they might have a claim. But Hallatt’s ultimate goal with Pirate Joe’s is to “bring” Trader Joe’s to Canada -- before he had the store he would call them and just petition them, and he has always promised to close up shop if they ever expand north. In many ways, Hallatt would count this as the ultimate victory. “I’d take a little backhanded credit for it,” he jokes, “and then move onto the next thing.”

The case attracted a lot of media attention, and speculation by legal experts in a few popular outlets. Some of them, along with Hallatt’s lawyers, pointed out that the case would be shaky even if it weren’t straddling a national border. Law Professors Kal Raustiala and Chris Sprigman wrote about it in the Freakonomics blog:

“Trademark law doesn’t confer on trademark owners the right to control subsequent unauthorized resales of genuine products, at least if the reseller doesn’t alter the product in a way that confuses consumers. [Pirate Joe’s] doesn’t do anything to the [Trader Joe’s] products other than truck them across the border in a white panel van.

“If [Trader Joe’s] has the right to stop [Pirate Joe’s] from reselling their products, then any trademark owner might assert a similar right. Ford could sue Carmax for reselling Fords. […] And if this were true, a trademark law that is aimed at preventing consumer confusion will be preventing something else entirely – competition.”

Business as Usual

When Trader Joe’s sued, Hallatt took down the “P” in the window display’s “PIRATE”, so it would read “IRATE JOE’S” -- Hallatt’s version of a flag at half-mast

If you call Pirate Joe’s during the off-hours, or while the staff are too busy to answer the phone, you’ll hear Hallatt’s scratchy voice on the recording:

“Hi you've reached Pirate Joe's we're located at 2348 West 4th Street […]

We do not sell Trader Joe's products. You might have heard we do, we don't. That would be unfair to Trader Joe’s, to go down there and buy groceries from them. Say you bought like maybe a million dollars worth of groceries from them over three years, that would be grossly unfair, paid cash. Terrible terrible. So, you know, we don't. We didnt do that.”

“HA!”

“Come on down, check out what we got. Or call us back, bug us, we’ll pick up we’ll tell you what we’ve have. Mostly costumes [unintelligible].”

This is Hallatt kidding around. But he’s also courting his store’s naturally surreal aesthetic. Hallatt says he loves new customers who show up visibly uneasy.

“There’s a hesitation like, ‘Am I going to get arrested?’” Hallatt said. It helps if there are a lot of holes in the shelves at the time. “Maybe somebody came and took all the damn mangoes or something. And we say, ‘We’ve got someone shopping right now, it’ll be back in a few days.’”

Hallatt seems to relish how the sloppiness of his store disrupts the normally transactional culture of buying groceries. “You usually walk into a grocery store thinking ‘OK I gotta get my stuff and get going, I’ve got two quarters in the meter.’"

"But Pirate Joe’s is a dangerous place to come into.”

“We try to give them a basket and they know what that means. If they grab a basket, they’re in trouble. So then we offer them chocolate.” Hallatt laughs, “The chocolate is usually a pretty effective icebreaker.” Eating chocolate, they’re comfortable enough to ask questions, and he tells them his story.

Earlier this year, “docu-reality comedy” Nathan for You, made a splash by opening a “parody” Starbucks. They claimed they could use Starbucks’ trademarks partly because their store wasn’t really a store, it was a piece of ‘performance art’. If the appeal goes south for Hallatt, his lawyers might want to try this tactic. He’s in it for the adventure, the romance, the ideals, and the drama – which isn’t something every small business owner can say.

Even a pirate’s life has it’s lulls. “It’s so boring right now. I’m craving something,” Hallatt told us, when we asked how business is going. He’s eyeing a second location, farther from the border. The shipments come in steadily enough. He’s got 8 or so shoppers working right now, spending a couple thousand a week. He still does the border crossings himself, sits in line for hours in an unmarked white van. The workload is still enormous. Hallatt jokes that whenever a cab goes by, he envies the driver’s salary.

But he’s still at it. A few years back, his old software friends invited him to work with them as a developer for Wells Fargo. He probably could still get back into development if he wanted to, but his heart belongs to the store.

Part of his fidelity to the place is political – he says that even with the “pirate” mark-up, his products are often a better deal than those found at the Safeway across the street, and for that to be the case there must be something wrong with Canada.

Another part of it is that the store has become a minor tourist site. The whole lawsuit was a bath in the limelight for Hallatt. He was interviewed for newspapers, radio, and he made a few television appearances, (“I made Fox News send a limo because I hate Murdoch.”). Kids from the Sauder School of Business come by every once in a while to check the place out and do a case study, (“I tell them it isn’t a business model it’s a stunt!”). People come from all over just to see his store. One guy, from the “outer reaches”, came to shake his hand and tell him he was proud.

“How do you quit when you have that kind of encouragement?” Hallatt pleads. “I end up having to suspend my own rational thinking. I’ve never worked harder for less money in my life.”
http://priceonomics.com/the-man-who-...s-into-canada/





The Unrepentant Bootlegger
Jenna Wortham

Early in the morning of June 30, 2010, Hana Beshara woke to a sharp rapping on the door of her condo in East Brunswick, N.J.

“I heard a bang-bang-bang,” she said. “I’m thinking it’s, like, Amazon.”

It wasn’t a delivery. It was a team of federal agents from the Department of Homeland Security, wearing bulletproof jackets and carrying guns.

She sank into her couch and watched as they went through her belongings, confiscating files, her flat-screen TV, several computers and cellphones, her PlayStation 3 — anything with a hard drive.

Ms. Beshara was one of the founders of a site called NinjaVideo, which at the time was one of the most popular places online to illegally stream and download TV shows and movies.

At its peak, the site attracted 2.6 million visitors a day and had around 60,000 registered members, many of whom visited the website’s community section to discuss topics as diverse as philosophy, parenting and politics. Under the nickname Queen Phara, Ms. Beshara held court in these forums, where she was known for her hot-tempered and playful online personality.

NinjaVideo had a short life: It went live in February 2008 and was yanked offline after the raid in June 2010. But its audacity was dazzling — impressive, even. The layout was simple: a single, scrolling web page with the names of popular television shows that were shown on cable and network television channels that week. Clicking on show titles — like “The Colbert Report” or “Lost” — caused a video player to open, and the show would begin. Watching illegal downloads was almost as simple as flipping on the TV. Few who used it were surprised when it was shuttered.

To the government, Ms. Beshara was a thief, plain and simple. The Motion Picture Association of America alerted the federal government to NinjaVideo and nine other movie-streaming sites, and they all went dark at the same time. The raids were carried out by several federal agencies working to combat counterfeiting and piracy, and the scale of the operation was meant to send a warning that the government wasn’t ignoring the freewheeling world of illegal online streaming and downloading.

Ms. Beshara, however, still can’t accept that what she was doing deserved the heavy hammer of the law. She served 16 months in prison for conspiracy and criminal copyright infringement, but she still talks about NinjaVideo as something grand. It was a portal that spirited her away from the doldrums of her regular life as a receptionist living with her parents to an online community that regarded her as its queen. Sure, she showed movies that were still playing in theaters, but it seemed like harmless, small-stakes fun.

“In hindsight — I know it’s naďve — but I never imagined it going criminal,” she said. “It didn’t seem like it was something to be bothered with. Even if it is wrong.”

She is not the only one who feels that way. It has proved very difficult to reverse a pervasive cultural nonchalance about what constitutes intellectual property theft on the web. Despite the government crackdown in 2010 and subsequent efforts to unplug websites that host or link to illegal content, new sites have emerged that filled the void that NinjaVideo left behind.

Online piracy is thriving. File-sharing, most of it illegal, still amounts to nearly a quarter of all consumer Internet traffic, according to Cisco Systems’ Visual Networking Index. And a recent report from Tru Optik, a media analytics firm, said that nearly 10 billion movies, television shows and other files, including games and pornography, were downloaded globally in the second quarter of 2014. Tru Optik estimates that about 6 percent of those downloads were legal. In July, a high-quality version of “The Expendables 3,” the Sylvester Stallone action comedy film, surfaced online and was downloaded millions of times, well before its release in theaters.

Congressional efforts, like a proposed Stop Online Piracy Act (or SOPA) introduced in 2011, met with such strident objections from the technology industry that lawmakers backed down. The Copyright Alert System, a voluntary effort by Internet service providers, sends warnings when downloading of copyrighted content is detected, but it is widely considered to be ineffective. Last year, 1.3 million warnings were sent, a fraction of what Tru Optik estimates to be 400 million illegal downloads in the United States each month.

The situation has reached an uneasy stasis that pleases no one. Internet advocates say that policing individuals or small-time pirates with outdated laws ignores how ordinary people view entertainment in the real world. And despite its best efforts, the M.P.A.A. has yet to completely extinguish the unauthorized distribution of movies and television shows.

A Bootleg Epiphany

After she got out of prison in April 2013, Ms. Beshara, now 32, lived with her parents. But she recently moved into an apartment in Newark with a woman she met on Craigslist. Ms. Beshara’s room is spacious but bare, containing just a mattress on the floor and a few decorative items, including a blanket she knitted in prison and artwork created by members of the NinjaVideo community. In person, Ms. Beshara is prone to tears when talking about her past but she makes jokes about it as well: An email exchange between Ms. Beshara and her lawyers, forwarded to me, had the line, “It’s me, your favorite convict!”

Ms. Beshara spent her early years in Brooklyn, the child of Egyptian immigrants. When she wasn’t studying, she helped out at her parents’ car service company, dispatching rides. “I didn’t have much of a childhood,” she said, sitting on the edge of her mattress and dressed in a burnt-orange wrap, smoking a clove cigarette. She remembers clearly the day she came across a man selling copies of “The Lion King” on the street for $10. Watching it, she realized that it had been made by someone covertly filming it in theaters.

“I remember thinking that they were a hero,” she said. “That was my first bootleg moment.”

A few years later, her parents moved the family to Parlin, N.J., and Ms. Beshara graduated from Sayreville War Memorial High School as valedictorian. She enrolled in New York University and, in 2003, graduated with a degree in political science. Her future looked bright: She dreamed about a career as a diplomat, or as an important political figure, perhaps.

But after college, she returned home and drifted. She worked as a bartender and then as a receptionist in a dentist’s office, a job that one of her mother’s friends arranged as a favor. “I was figuring out what I wanted to do with myself,” she said.

One night, while driving, she was pulled over. The police officer found marijuana in her car, and she was charged with possession and later put on probation for a year. The ordeal sent her into depression. “I felt like I was a step behind everyone,” Ms. Beshara said.

The Internet became her escape.

Ms. Beshara spent hours bingeing on shows like the science-fiction drama “Battlestar Galactica” and eventually frequented chat rooms where people uploaded shows and movies. Eventually, she started doing the same.

During this period, she met Matthew Smith, then 21 and living in North Carolina. The two decided to build a different kind of streaming site, one with high-quality files and with chat forums interlaced with the content. Ms. Beshara would manage and moderate the forums; Mr. Smith would handle the technical back end. NinjaVideo went up on February 2008. Within the first couple of weeks, there were a few thousand videos on the site, largely from volunteers. “It started to blow up very, very quickly,” Ms. Beshara said.

Josh Evans, one of NinjaVideo’s administrators, hired in December 2009, said that working on the site was one of the “funnest times of my life.” He lived outside Seattle and remembers traveling to New York and Greece to meet Ms. Beshara and the other NinjaVideo administrators; the gang even exchanged gifts around Christmas.

“We were all a bit intoxicated with each other,” Ms. Beshara said.

By day, Ms. Beshara went through the motions of her job. After work, she made a beeline for her computer, where she sometimes stayed until dawn. She logged into NinjaVideo and Skype, where she and the other moderators coordinated the shows going online that evening. They waited for their network of uploaders, who used special software to tape shows directly from television and upload them to a cyberlocker, or hosting site. From there, shows and movies would be posted on NinjaVideo.

“It was an internal race to get the shows up,” Ms. Beshara said. Each night, on average, 10 to 15 shows went online. The forums were particularly active at night, and that’s when Ms. Beshara came alive as Queen Phara.

“She was a bit intimidating,” said Candee Edwards, a former comment moderator for NinjaVideo, a “ ‘you either love her or you hate her’ kind of deal. If you said something stupid, you would get called out. But she was always on point, always on top of things.”

‘A Culture of Free’

Unknown to Ms. Beshara and her collaborators, NinjaVideo had been targeted by the Motion Picture Association of America, which says the site aided in the infringement of millions of dollars’ worth of copyrighted movies, television programs and software products. NinjaVideo went live the same year as Hulu and Netflix Instant, Netflix’s video streaming service, and the M.P.A.A. was trying to reroute Internet users to legitimate online streaming outlets like them. The M.P.A.A. identified what it saw as other offending sites, too, like NinjaThis.com and TVShack.net, and funneled the names to the government. Eventually, those sites went offline as well.

In a nationwide campaign called Operation In Our Sites, undercover federal agents investigated and found dozens of movies on NinjaVideo, including some still in theaters. The agents didn’t need to dig deep to prove that Ms. Beshara and her collaborators were aware that their activity was illegal. Dozens of threads on the site gleefully acknowledged — even gloated over — the illicit nature of the content.

Like Ms. Beshara, Mr. Evans had his home raided in 2010. He pleaded guilty to charges of conspiracy and copyright infringement and was sentenced to six months in federal prison in Connecticut. Now 37, Mr. Evans has returned to his home near Seattle, where he works as a computer and electronics repairman. Mr. Smith, who could not be reached to be interviewed, was sentenced to 14 months in prison for conspiracy and criminal copyright infringement.

Administrators of NinjaVideo were the first to be charged criminally as a result of Operation In Our Sites; numerous other domain names would be seized and a handful of arrests made. In 2012, the Justice Department and the Federal Bureau of Investigation had their splashiest success: They seized and shut down Megaupload, the popular digital locker site that allowed people to share files like movies and music anonymously, and arrested its owner, Kim Dotcom, along with several other high-level executives. They have been indicted by the United States on charges related to copyright infringement, although many legal experts are not sure if a case will ever come to court.

After the seizure of NinjaVideo and the other sites, the M.P.A.A. pushed federal legislation to continue to crack down on illegal downloading. But the bill, SOPA, was so loosely worded that it could have required all websites to be responsible for monitoring their services for potential violations — an expensive and nearly impossible challenge — prompting sites like Wikipedia, Tumblr and Craigslist to rally online sentiment against the legislation. Outrage about the bill came to a head in 2012, and lawmakers backed off.

Operation In Our Sites still exists, primarily focused on trying to prosecute the Megaupload case. But the campaign didn’t stop unauthorized viewing. Instead, the next generation of rogue services — including Popcorn Time, which TechCrunch, a technology blog, described as “Netflix for pirates” — learned from the mistakes of sites like NinjaVideo. Operating primarily on American soil, NinjaVideo was especially vulnerable to prosecution. Newer sites established themselves overseas, out of the American government’s reach. They also tended to avoid forums and incriminating public statements that prosecutors could use against them.

The M.P.A.A., meanwhile, says it is not pursuing any new legislation to crack down on copyright infringement online, focusing instead on educating consumers about legal streaming options.

“The goal is not so much to use mitigation factors to stop them from pirating, but showing them the alternatives that are out there,” said Michael D. Robinson, the chief of operations and content protection for the M.P.A.A. “We are working on getting young people to understand the importance and value of copyright protection.”

But that task, he said, is “unfortunately, at this point, never-ending.”

“It is difficult to compete with free,” he added.

That said, the M.P.A.A. says that the number of legitimate streaming outlets has doubled, to 100, since 2009, and that Americans legally consumed 5.7 billion movies and 56 billion TV shows in 2013 alone.

People watch more paid, legal content than ever, but they also continue to download huge amounts of illegal content. “Piracy is putting pressure on antiquated business models, which isn’t necessarily a bad thing,” said Brett Danaher, an economics professor at Wellesley College who studies Internet piracy. “But the prevalence of piracy shows that people are growing up in a culture of free, and that is not good for the future of entertainment, either.”

Even if it were possible to shut down every illegal site tomorrow, new ones would surely pop up. The demand is there. One study, by the American Assembly at Columbia University, found that 70 percent of young adults between 18 and 29 had copied or downloaded music or video free and almost 30 percent got most of their collections that way. The pervasive cultural norm, especially among younger people, is that illegal downloading, at least when it involves material from big corporations, is no big deal. Andrés Monroy-Hernández, a social computing researcher at Microsoft Research, studied attitudes around ownership on collaborative, user-generated websites. He found that young Internet users became angry when peers used their works without permission, but didn’t see a problem in lifting images from shows or movies for use in their own work.

“The farther removed you feel from the source,” he said, “the more likely you are to disregard the copyright and the intellectual property.”

There is another obstacle to stopping illegal downloads, said Andre Swanston, the chief executive of Tru Optik, the media analytics firm. People want access to everything, anytime, and there is little to stop them from having it. “Even if you added Netflix, Hulu Plus, Amazon Prime, Sony Crackle and everything else combined, that is still less content available legally than illegally,” he said. “The popularity of piracy has nothing to do with cost — it is all about access.”

Complex exclusivity agreements between networks and streaming sites govern when popular television shows are available. But people are not always willing to hop among a streaming service, a site or an app to watch different shows. Mr. Swanston gave the example of how ABC in January started requiring people to verify that they had a cable subscription to watch its shows on Hulu. Users either didn’t have the necessary information or declined to go the extra step, it seems, because the rate of piracy for “Marvel’s Agents of S.H.I.E.L.D.,” a network drama, shot up 300 percent.

Content providers, Mr. Swanston says, will eventually have to consider new delivery models that are more closely aligned with how people behave. He imagines collaborations with streaming services to release content or simultaneously scheduling theater and digital streaming releases — ideas he hopes his company can help bring about. Some companies, like BitTorrent, which makes file-sharing technology, are already experimenting in this arena.

The law, too, needs to adapt to the reality of how people behave, said Peter Eckersley, technology projects director at the Electronic Frontier Foundation, a nonprofit advocacy group that pushes for digital rights, among other things.

Mr. Eckersley said the law should shift its focus to making sure that copyright holders are paid for their work, rather than trying to stymie how people gain access to it. Subscription-based music services like Rdio and Spotify seem to be helping prevent music piracy — although the argument about whether artists are fairly compensated rages on.

He suggested a legal framework to retire the “exclusive rights” aspect of copyright law that requires permission to publish — and that allows copyright holders to seek exorbitant damages from infringers — and move toward a system that requires sites and people who make money from another’s work to share any profits. Solutions like these, Mr. Eckersley says, would create different priorities that go beyond chasing small-time pirates like Ms. Beshara and her colleagues.

NinjaVideo made about $500,000 over three years, according to the government. Most of that came from advertising, but also from donations and a $25 fee for access to private chat boards.

Ms. Beshara kept the bulk of the pot, around $210,000, which she is required to pay back to the M.P.A.A. (She says she netted only about half of that but she is gradually repaying the amount.) The rest was divided among four other co-founders and administrators who helped run the site and manage the community.

She acknowledges that some of her colleagues were upset when they learned she received much of the profit from NinjaVideo, but says it wasn’t out of line with her role as the voice of the site. “People took issue with the fact that I got paid,” she said. At any rate, in her opinion, the money was insignificant. To this day, she argues that the movie business is so big that skimming a little off the top doesn’t hurt anybody. She likes to say that NinjaVideo was operating in a “gray area.”

Ms. Beshara refused to muster any remorse during her sentencing and often took to social media between court appearances to boast about her lack of repentance. This enraged the judge presiding over her case.

David Smith, one of the lawyers appointed to represent Ms. Beshara, compared her behavior to that of another class of clients he often works with: drug traffickers. The thrill is similar, he said, and many find themselves addicted to the lifestyle, even more than the profits.

“A lot of them are in it for the sheer joy of doing it,” Mr. Smith said. “There’s a lot of excitement and ego gratification in being a successful trafficker.”

The Thrill Is Gone

Prison wasn’t easy for Ms. Beshara. She got into scuffles with other inmates, including one that landed her in solitary confinement for a month.

She learned to crochet and taught a jewelry-making class. She worked in the prison kitchen, preparing food for a few cents an hour. Her family didn’t visit. NinjaVideo community members, including Ms. Edwards, the moderator, supplied Ms. Beshara with phone cards and put money in her commissary account so she could buy basic items like shampoo and snacks.

After 16 months in prison, Ms. Beshara spent an additional five at a halfway house in New Jersey. Her parole prohibits her from corresponding with her former NinjaVideo colleagues or from starting a business online until August 2015.

“All said and done, it’s about five years before I’m allowed to really be back online,” she said. “They hurt me with that.”

She works full time as human resources manager at an Internet sales company that she likes fine enough, and on the weekends she shuttles across town to a food co-op where she makes coffees and vegetable wraps as part of her mandatory community service. Her new life lacks the excitement and thrill of NinjaVideo, but when she lapses into thinking about the “old days,” she lights up with excitement and longing. “I would never take it back,” she said.
http://www.nytimes.com/2014/09/28/te...ootlegger.html





An Australian Researcher has Worked Out How to Store 1000TB on a CD
ScienceAlert Staff

A young Victorian researcher has made a breakthrough in optical formatting that could significantly increase our data storage capacity.

Every day, humans are producing more data than ever before - around 90% of the world’s data was generated in the past two years alone - and there will come a point when our data storage centres and the cloud can no longer keep up.

But Dr Zongsong Gan, a researcher at Swinburne University of Technology in Melbourne, Australia, has found a revolutionary way we can fit a whole lot more data onto traditional optical storage devices, such as CDs, and is now using that technology to help data storage keep up with demand.

In 2013, Gan and his colleagues found out how to fit 1,000 terabytes (TB), or 50,000 high-definition movies, onto a DVD - an increase from the 4.07 gigabytes they’re currently capable of storing. And he’s now been awarded one of 12 Victoria Fellowships in 2014, which will help incorporate his research into practical, mass storage devices.

Gan and his colleagues managed to increase DVD storage so significantly by using light to create extra small dots or ‘bits’ - the unit used to store information. This means they could write far more information than ever before onto discs the same size.

This advance required them breaking a physical barrier known as the diffraction limit of light. Light cannot be split any smaller than around 500 nanometres, and before their work it was thought that, because of this, light wasn't capable of writing bits of information smaller than 500 nanometres across.

But by using two-light-beams with different abilities, the scientists managed to whittle down the point of light writing the data to just nine nanometres across, or one ten thousandth the diameter of a human hair.

Both the beams used were 500-nanometres-wide, but one was for writing information (red), and the other beam (purple) blocked the first from writing information. By making the second one doughnut-shaped, they created only a small space that the first beam could write information through, as shown in the image above.

With the $18,000 fellowship, Gan will collaborate with industry and researchers around the world to work on new breakthroughs for data storage devices, and also see how his existing research can be used on a larger scale to rapidly improve the capacity of optics-based information technologies.

“The successful development of our technology will result in possible Victorian owned long-term patents and create a global role for Victoria, reinforcing the state’s profile of fostering high-tech industry and an innovative research environment, in particular in optics-based information technologies,” Gan explained in a press release.
http://www.sciencealert.com.au/news/20140309-26116.html





Ubuntu Touch Finalized, First Phones Coming This Year
Chris Hoffman

The Ubuntu Edge smartphone campaign never reached its lofty $32m goal , but the more than $12m in pledges it received was record-breaking—and Canonical hasn’t given up. Ubuntu Touch for phones just hit “release to manufacturing” status. The first official version is done, bugfix’d, and ready to go. It’s coming on real phones, too, with the first phone with Ubuntu Touch shipping this December.

As the Oppo N1 was to CyanogenMod, the Meizu MX4 will be to Ubuntu. You’ll soon be able to get phones that ship with officially supported Ubuntu software—no more hacking around on Nexus devices.

Ubuntu Touch is ready to go

On September 16, the first “RTM” version of Ubuntu Touch was officially released. If you’re one of those geeks who flashed Ubuntu Touch onto a Nexus 4, Nexus 7 (2013), or Nexus 10, you can now upgrade to the latest release to have a more stable experience.

This stable release isn’t all about fancy features. If you’ve checked out Ubuntu Touch before, you probably know just what to expect. (The Inquirer went hands on with a very early version of the OS in March if you want more detailed feature impressions.) As the release announcement email puts it: “...all the landings are mostly bug fixes, as the time for features has passed.” Ubuntu will likely fix additional small bugs before the system appears on phones for end users, but it’s basically done.

Bug fixes and a stable platform may not help build hype, but making Ubuntu Touch run stable on real hardware without any crashes, freezes, or other big bugs is an important milestone. If you tried Ubuntu Touch and experienced issues, they should now be fixed.

Of course, operating systems are never really finished. Version 1 is about getting Ubuntu Touch done—now it’s time to work on new features and bugfixes for future versions.

The Meizu MX4 (Ubuntu Edition) is coming soon

In February, Canonical announced that China’s Meizu and Spain’s BQ would be the first smartphone partners making Ubuntu phones. They promised these phones would be available globally thanks to online sales.

The Meizu MX4 (Ubuntu Edition) will ship in December, and it will likely be the first Ubuntu phone. It will use the MediaTek MT6595 system-on-a-chip, Meizu’s Italian blog— here’s a translation.

The standard version of the Meizu MX4 will run Android, while it seems the Ubuntu edition will also ship on a more powerful “Pro” version of the phone. Details are scarce on its hardware, but a leak from iGeek suggests the Pro variant may have a Samsung Exynos 5430 processor, 4GB of RAM, and a 2560x1536 resolution screen. Not too shabby!

Meizu and BQ Ubuntu phones.

This more powerful hardware is good news if true, and it bodes well for Ubuntu’s vision of computing convergence. The eventual goal is to have your phone act as the brains for your PC, so you connect it to a monitor, keyboard, and mouse and have it drive your entire desktop computer experience, switching between Ubuntu Touch and the desktop version of Ubuntu to fit the interface you're working with.

A BQ phone could ship soon, too, and maybe even before Meizu’s. We haven’t seen any leaks about it yet, though. BQ just showed off a BQ Aquaris running Ubuntu back in March. Plans can change; at the time, Meizu was going to release Ubuntu on the Meizu MX3, while it now looks like the Ubuntu edition will be of the newer Meizu MX4. BQ could put Ubuntu on a newer phone, too.

Ubuntu phones will cost $200-$400, probably

We don’t know exactly how much these phones will cost. However, they will be sold off-contract, and you can expect the pricing to be more mainstream than the $749 iPhone 6 Plus.

In March, Mark Shuttleworth shared Canonical’s pricing vision for phones running Ubuntu at CeBIT. He said they would “come out in the mid-higher edge, so $200 to $400.” Canonical is shooting higher to provide a good, high-quality experience, while Mozilla is chasing the extreme low-end by trying to make $25 Firefox OS phones.

Pricing is still up-in-the-air, however. Canonical quickly clarified to Ars Technica that "the final pricing structures and go to market plans will be set by our partners, Meizu and BQ."
http://www.pcworld.com/article/26878...this-year.html





Phoning 'Home': What Your Mobile May be Giving Away
Jeremy Wagstaff

When popular Chinese handset maker Xiaomi Inc admitted that its devices were sending users' personal information back to a server in China, it prompted howls of protest and an investigation by Taiwan's government.

The affair has also drawn attention to just how little we know about what happens between our smartphone and the outside world. In short: it might be in your pocket, but you don't call the shots.

As long as a device is switched on, it could be communicating with at least three different masters: the company that built it, the telephone company it connects to, and the developers of any third party applications you installed on the device - or were pre-installed before you bought it.

All these companies could have programed the device to send data 'back home' to them over a wireless or cellular network - with or without the user's knowledge or consent. In Xiaomi's case, as soon as a user booted up their device it started sending personal data 'back home'.

This, Xiaomi said, was to allow users to send SMS messages without having to pay operator charges by routing the messages through Xiaomi's servers. To do that, the company said, it needed to know the contents of users' address books.

"What Xiaomi did originally was clearly wrong: they were collecting your address book and sending it to themselves without you ever agreeing to it," said Mikko Hypponen, whose computer security company F-Secure helped uncover the problem. "What's more, it was sent unencrypted."

Xiaomi has said it since fixed the problem by seeking users' permission first, and only sending data over encrypted connections, he noted.

INDUSTRY ISSUE

Xiaomi is by no means alone in grabbing data from your phone as soon as you switch it on.

A cellular operator may collect data from you, ostensibly to improve how you set up your phone for the first time, says Bryce Boland, Asia Pacific chief technology officer at FireEye, an internet security firm. Handset makers, he said, may also be collecting information, from your location to how long it takes you to set up the phone.

"It's not that it's specific to any handset maker or telco," said Boland. "It's more of an industry problem, where organizations are taking steps to collect data they can use for a variety of purposes, which may be legitimate but potentially also have some privacy concerns."

Many carriers, for example, include in their terms of service the right to collect personal data about the device, computer and online activities - including what web sites users visit. One case study by Hewlett-Packard (HPQ.N) and Qosmos, a French internet security company, was able to track individual devices to, for example, identify how many Facebook (FB.O) messages a user sent. The goal: using all this data to pitch users highly personalized advertising.

But some users fear it's not just the carriers collecting such detailed data.

Three years ago, users were alarmed to hear that U.S. carriers pre-installed an app from a company called Carrier IQ that appeared to transmit personal data to the carrier.

Users filed a class-action lawsuit, not against the carriers but against handset makers including HTC Corp (2498.TW), Samsung Electronics (005930.KS) and LG Electronics (066570.KS) which, they say, used the software to go beyond collecting diagnostic data the carriers needed.

The suit alleges the handset firms used the Carrier IQ software to intercept private information for themselves, including recording users' email and text messages without their permission - data the users claim may also have been shared with third parties. The companies are contesting the case.

And then there are the apps that users install. Each requires your permission to be able to access data or functions on your device - the microphone, say, if you want that device to record audio, or locational data if you want it to provide suggestions about nearby restaurants.

SHEDDING SOME LIGHT

But it isn't always easy for a user to figure out just what information or functions are being accessed, what data is then being sent back to the developers' servers - and what happens to that data once it gets there. Bitdefender, a Romania-based antivirus manufacturer, found last year that one in three of Android smartphone apps upload personal information to "third party companies, without specifically letting you know."

Not only is this hidden from the user, it's often unrelated to the app's purpose.

Take for example, an Android app that turns your device into a torch by turning on all its lights - from the camera flash to the keyboard backlight. When users complained about it also sending location-based data, the U.S. Federal Trade Commission forced the app's Idaho-based developer to make clear the free app was also collecting data so it could target users with location-specific ads. Even so, the app has been installed more than 50 million times and has overwhelmingly positive user reviews.

While most concerns are about phones running Android, Apple Inc's (AAPL.O) devices aren't free from privacy concerns.

Carriers control the code on the SIM, for example, and this is one possible way to access data on the phone. And, despite stricter controls over apps in Apple's app store, FireEye's Boland says his company continues to find malicious apps for the iOS platform, and apps that send sensitive data without the user knowing. "The iPhone platform is more secure than the Android platform, but it's certainly not perfect," he said.

Apple says its iOS protects users' data by ensuring apps are digitally signed and verified by Apple's own security system.

BACK IN THE DRIVING SEAT

The problem, then, often isn't about whether handset makers, app developers and phone companies are grabbing data from your phone, but what kind of data, when, and for what.

"If we look at the content sent by many apps it's mindboggling how much is actually sent," said Boland. "It's impossible for someone to really know whether something is good or bad unless they know the context."

Handset makers need to be clear with users about what they're doing and why, said Carl Pei, director at OnePlus, a Shenzhen, China-based upstart rival to Xiaomi. OnePlus collects "anonymous statistical information" such as where a phone is activated, the model and the version of software that runs on it, Pei said, which helps them make better decisions about servicing customers and where to focus production.

Unlike Xiaomi, Pei said, OnePlus' servers are based in the United States, which in the light of recent privacy concerns, he said, "gives people greater peace of mind than having them based out of China."

That peace of mind may be elusive as long as there's money to be made, says David Rogers, who teaches mobile systems security at the University of Oxford and chairs the Device Security Group at the GSMA, a global mobile industry trade association.

"Users are often sacrificed to very poor security design and a lack of consideration for privacy," he said. "At the same time, taking user data is part of a profit model for many corporations so they don't make it easy for users to prevent what is essentially data theft."

(Editing by Ian Geoghegan)
http://uk.reuters.com/article/2014/0...0HN04E20140928





Protesters in Hong Kong Are Targets of Scrutiny Through Their Phones
Paul Mozur

As tens of thousands of protesters in Hong Kong continued to shut down the city’s main arteries on Wednesday in a call for democracy, a quieter struggle was playing out to monitor the demonstrations online.

The most recent salvo came to light Tuesday, when Lacoon Mobile Security said that it had tracked the spread of a fake mobile application designed to eavesdrop on protesters’ communications. In what is known as a phishing attack, smartphone users in Hong Kong have been receiving a link on WhatsApp to download the software, along with a note: “Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!”

Code4HK, a community of programmers who have been working to support the democracy movement, had nothing to do with the application, according to Lacoon.

Though Michael Shaulov, Lacoon’s chief executive, said it was impossible to be certain about the origin of the fake app, he said signs pointed to the Chinese government. Given the “targets of the operation, where the servers are based and the sophistication of the attack, it doesn’t leave much room to the imagination.”

After users download the application, it has the ability to gain access to personal data like passwords and bank information, spy on phone calls and messages and track the physical location of the infected smartphone. It is unclear how many smartphones in Hong Kong have been hit, but in similar attacks in the past, one in 10 phones that received such a message became infected, according to Mr. Shaulov.

“These really cheap social-engineering tricks, they have a high rate of success,” he said.

What makes the malicious app stand out is a version that can infect Apple’s iOS mobile operating system, which is usually more secure than Google’s Android, Mr. Shaulov said. Android is the dominant system on non-Apple phones.

“This is the first time that we have seen such operationally sophisticated iOS malware operational, which is actually developed by a Chinese-speaking entity,” he said.

Mr. Shaulov’s company traced the fake app to a computer that closely resembled those scrutinized by Mandiant, an American security firm that published a 60-page study last year that linked hacking attacks on American companies to the Chinese military.

It’s not the first time the democracy movement in Hong Kong has drawn sophisticated web attacks. In June, an unofficial referendum on Hong Kong’s political future that allowed people in Hong Kong to vote online drew one of the largest denial-of-service attacks in history, according to Matthew Prince, the chief executive of CloudFlare, which helped defend the referendum site from the attack. Such attacks are designed to overwhelm a site with online traffic, causing it to shut down.

Protesters in the current demonstrations in Hong Kong are making use of a new app that allows them to send messages without a cellular or Internet connection. Introduced in March, FireChat makes use of a cellphone’s radio and Bluetooth communications to create a network of phones close to one another — up to about 80 yards. Though downloaded widely by the Hong Kong protesters after rumors spread that the Internet would be cut, many have been making use of the app in areas where crowds have overwhelmed the cellphone system.

Other technological help has come from Code4HK, the programmers’ group. Its website provides links to live video feeds of the demonstrations, offers updated Google maps showing where supply and medical stations are in protest areas, and maintains an open spreadsheet that shows what supplies are needed.

Within China, the cat-and-mouse game that often goes on between politically minded Internet users and the government’s censors continued. Since Saturday, the Facebook-owned Instagram service has been widely inaccessible, according to users and several Internet monitors, leading commentators to speculate that the government had closed access to the app to stanch the flow of images of the protests. The rate of deletions of posts on China’s version of Twitter, Weibo, has also soared in recent days, an indication of how concerned the government is that news of the protests might spread unrest to China, according to Fu King-wa, a professor of media studies at Hong Kong University.

Despite the spike in deletions, David Bandurski, a researcher at the University of Hong Kong, said that the huge flow of posts and the reliance on humans to individually censor content meant that some posts were getting through. Possibly more so than on newer products like Tencent’s mobile messaging app WeChat, which he said showed more efficiency in blocking posts from its social network.

Beneath one post from a Chinese journalist on Weibo, Mr. Bandurski said he saw “page after page of comments.”

“It had become a public online square for people talking about what’s happening in Hong Kong,” he said.

__________

Alan Wong contributed reporting from Hong Kong and Andrew Jacobs from Beijing.
http://www.nytimes.com/2014/10/02/bu...ir-phones.html





Spy Agencies Urge Caution on Phone Deal
Eric Lichtblau

An obscure federal contract for a company charged with routing millions of phone calls and text messages in the United States has prompted an unusual lobbying battle in which intelligence officials are arguing that the nation’s surveillance secrets could be at risk.

The contractor that wins the bid would essentially act as the air traffic controller for the nation’s phone system, which is run by private companies but is essentially overseen by the government.

And with a European-based company now favored for the job, some current and former intelligence officials — who normally stay out of the business of awarding federal contracts — say they are concerned that the government’s ability to trace reams of phone data used in terrorism and law enforcement investigations could be hindered.

A small Virginia company, Neustar, has held the job since the late 1990s, but a private phone-industry panel has recommended to the Federal Communications Commission that an American division of Ericsson, the Swedish-based technology company, get the work instead. No final decision has been made.

In its bid to hold on to the $446 million job, Neustar has hired Michael Chertoff, a well-connected former secretary of homeland security, to examine the implications of the proposed switch.

In a 45-page report that Neustar plans to send to the F.C.C. this week, Mr. Chertoff, now a private consultant, argues that national security concerns have been slighted in the contracting process. An advance copy of his report was provided to The New York Times.

Without a fuller assessment of the risks posed in switching the contract to a European-based outfit, “security would become obsolete in the face of constantly morphing threats,” Mr. Chertoff says in the report.

If a foreign intelligence service were to gain access to the phone-routing system and identify the targets of United States surveillance efforts, Mr. Chertoff said, “that would be a counterintelligence bonanza for adversaries of the nation and a security disaster for the United States.”

Neustar declined to say how much it paid Mr. Chertoff for the report, indicating only that it was a “modest sum.”

Officials from the F.B.I., the Drug Enforcement Administration, the Secret Service and the Immigration and Customs Enforcement agency have weighed in on the debate, as have senators and House members who supervise American intelligence operations.

The F.B.I. and other law enforcement agencies said that while they had “no position” on who should get the contract, they did want to make sure that their professional needs were adequately addressed and that there would be no disruption in access to call-routing data “in real time or near real time.”

“Law enforcement cannot afford to have a lapse in this vital service,” the agencies told the F.C.C. in a letter.

The agencies expressed particular concern that a contractor with access to the phone system from outside the United States could mean “unwarranted, and potentially harmful” access to American surveillance methods and targets.

The debate echoes the 2006 controversy over a $6.8 billion deal that would have allowed a Dubai company to manage six American ports. The proposal was met with outrage in Congress over the idea that such vital pieces of American infrastructure would be placed in foreign hands, and the contract was ultimately killed.

Ericsson is a Swedish technology firm, but its supporters in the contract debate point out that the network’s operation would be handled by an American-based division, Telcordia Technologies, and that it would be run more cheaply than Neustar without any harm to the system’s operations.

Mark Wigfield, a spokesman for the F.C.C., said there was no timetable for deciding whether Telcordia would get the phone-routing contract, as recommended by the industry panel. He said the agency would examine all aspects of the job — including the national security implications — before any decisions were made.

The battle over the little-known routing network reflects the central role that the phone companies play in the government’s surveillance and phone-tracing capabilities.

The surveillance system has been intensely criticized in the 14 months since Edward J. Snowden, the former National Security Agency analyst, released classified information detailing the wide scope of the government’s capabilities. As a result, Apple and Google took steps this month to encrypt smartphone data in ways that would make it much more difficult for government investigators to crack.

The phone-routing system grew out of a 1997 law that allowed cellphone and landline users to keep the same number even when they switched carriers. These so-called portability standards made things easier for consumers but created potential complications for intelligence and law enforcement officials in tracing phone calls and determining which numbers were tied to which carriers.

The routing network that was put in place, with Neustar as its administrator, was designed partly to allow the government nearly instant access to the data on where calls were being routed.

In an interview, Lisa Hook, the chief executive of Neustar, insisted that “irregularities” in the F.C.C. bidding process had weighed against her company in trying to hold onto the lucrative contract, which provides nearly half its revenues. She said that the major phone carriers, who pay for the contract, would clearly rather see an international industry leader like Ericsson end up with the work.

“We’re a small company,” she said. “We’re just looking for a level playing field.”

Ms. Hook predicted that if the Ericsson division did win the contract, the changeover to a new administrator to run the system could take years and would leave the nation’s phone grid vulnerable in the meantime. “Any claim that this is simple and can be done easily is just wrong,” she said.
http://www.nytimes.com/2014/09/29/us...hone-deal.html





The Government Says iPhone Encryption Helps Criminals. They're Wrong.
Timothy B. Lee

Last week, FBI director James Comey had sharp words for Apple and its decision to enable encryption by default on iPhones. Comey argued that Apple was allowing its customers to "place themselves beyond the law," and he worried that unbreakable encryption feature will cost lives when law enforcement isn't able to get the information they need to thwart a kidnapping or terrorist attack.

But there are some good reasons for Apple to offer their customers the most robust privacy protections technology allows — even if that means the job of law enforcement becomes a bit more difficult.

The law is on Apple's side

While Comey accused Apple of helping users put themselves beyond the law, it's notable that he didn't say that the products themselves are illegal. That's because they're not: strong encryption products have been legal and widely available for years.

Indeed, the legal status of encryption products was one of the biggest tech policy fights of the 1990s. In the early 1990s, as computers were becoming fast enough to make routine encryption feasible, intelligence and law enforcement agencies were making arguments that sounded a lot like the ones Comey is making now. They wanted backdoors in encryption products to preserve their ability to eavesdrop on people.

But the feds lost that fight, and strong cryptography without backdoors became a foundation of the internet economy. Today, every major web browser comes with strong cryptography built-in. Disk encryption products are available for every major operating system. And email encryption tools are available for free download.

Law enforcement "backdoors" could make iPhones vulnerable to hackers

Comey wants to ensure law enforcement agencies armed with warrants can get access to private samrtphone data. But any system that facilitates access by law enforcement will also make smartphones more vulnerable to hackers too.

As computer scientist Matt Blaze points out, building secure software is a hard enough challenge in its own. Creating a backdoor for the feds adds further complexity, increasing the danger of bugs that will let the bad guys in.

Blaze would know. Two decades ago, the government was pushing the Clipper chip, an encryption device with a built-in backdoor for law enforcement. Then Blaze's research showed that the Clipper chip's backdoor mechanism made the entire encryption scheme insecure. The Clipper chip — and proposals for mandatory backdoors more generally — were scuttled.

Another example of the danger of backdoors came a decade later. The Greek telephone network was built using American hardware that complied with a 1994 law requiring telephone equipment to come with a backdoor mechanism to facilitate spying by law enforcement. In 2004, someone — some have blamed American intelligence agencies — used this system to gain unauthorized access to the Greek telephone network and spy on more than 100 phone lines belonging to senior Greek government officials, including the prime minister.

Some countries are more hostile to privacy rights than the United States

Whatever concerns you might have about privacy abuses by the NSA, one thing we can all agree about is that some countries have much worse privacy records. And if Apple retains the ability to unlock peoples' phones in the United States, it's going to face strong pressure to offer the same service to repressive regimes overseas.

That's not just a hypothetical concern. For example, BlackBerry has long touted its strong encryption features when selling its smartphones to corporate clients. But it came under pressure from countries such as the United Arab Emirates and Saudi Arabia to provide access to their customers' secure email.

BlackBerry's negotiating position was strengthened by the fact that, for some corporate and government clients, BlackBerry was unable to break their customers' encryption even if they wanted to. The encryption keys were managed by the customer, not BlackBerry.

If Apple retains the ability to decrypt iPhone data at the behest of US law enforcement, it's going to be hard to say no when Saudi Arabia, Russia, or Egypt comes knocking. And even if you trust the US government not to abuse its decryption authority, you probably don't trust Saudi Arabia's government to respect human rights.

And even if Apple refuses to help repressive governments, the governments might gain access anyway. Last year, the Washington Post reported that Chinese hackers had broken into Google's servers and accessed information about US surveillance targets. If Apple maintains a database of its customers' encryption keys to facilitate law enforcement access, that database would become a juicy target for foreign intelligence services.

The police will still have plenty of ways to solve crimes

Comey suggested that law enforcement access to the contents of smartphones would be essential to savings lives in terrorism and kidnapping cases. But his speech was short on specific examples where encryption actually thwarted — or would have thwarted — a major police investigation.

Last week, former FBI official Ronald Hosko wrote an op-ed in the Washington Post offering a concrete example of a case where smartphone encryption would have thwarted a law enforcement investigation and cost lives. "Had this technology been in place," Hosko wrote, "we wouldn’t have been able to quickly identify which phone lines to tap. That delay would have cost us our victim his life."

There's just one problem: Hosko was wrong. In the case he cited, the police had not used information gleaned from a seized smartphone. Instead, they used wiretaps and telephone calling records — methods that would have been unaffected by Apple's new encryption feature. The Washington Post was forced to issue a correction.

Indeed, while law enforcement groups love to complain about ways that encryption and other technologies have made their jobs harder, technology has also provided the police with vast new troves of information to draw upon in their investigations. With the assistance of cell phone providers, law enforcement can obtain detailed records of a suspect's every move. And consumers increasingly use cloud-computing services that store emails, photographs, and other private information on servers where they can be sought by investigators.

So while smartphone encryption could make police investigations a bit more difficult, the broader trend has been in the other direction: there are more and more ways for law enforcement to gain information about suspects. There's no reason to think smartphone encryption will be a serious impediment to solving crimes.
http://www.vox.com/2014/9/29/6854679...nment-backdoor





Librarians Won’t Stay Quiet About Government Surveillance
Andrea Peterson

In September 2003, Attorney General John Ashcroft called out the librarians. The American Library Association and civil liberties groups, he said, were pushing "baseless hysteria" about the controversial Patriot Act. He suggested that they were worried that spy agencies wanted to know "how far you have gotten on the latest Tom Clancy novel."

Ashcroft was 17 speeches into a national speaking tour defending the Patriot Act, a law expanding government surveillance powers that passed nearly unanimously in the wake of the Sept. 11, 2001, terrorist attacks. And all along the way, the librarians showed up to protest.

In the case of government surveillance, they are not shushing. They've been among the loudest voices urging freedom of information and privacy protections.

Edward Snowden's campaign against the National Security Agency's data collection program has energized this group once again. And a new call to action from the ALA's president means their voices could be louder and more coordinated than ever.

Guarding patrons' library activities is considered a core value of the profession, written into the ALA's code of ethics: "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted."

Over the years, the U.S. government has tested the limits of how far librarians will go to defend that code. Near the end of the Cold War, FBI agents asked New York City librarians to watch for patrons who might be diplomats from foreign hostile powers trying to recruit intelligence agents or gathering intelligence. Library officials were alarmed.

"These things are so far removed from the professional duties of a librarian that I find it almost inconceivable that this whole thing is happening,'' Nancy Lian, head of the New York Library Association, said in a New York Times article at the time. A judicial order, she noted, would be required for such action.

Early resistance

Library groups were wary of the Patriot Act from the start, according to Emily Sheketoff, head the ALA's Washington office.

"We were engaged because we feared that the government would overstep," Sheketoff said, a fear she believes has been validated.

Given the political climate after Sept. 11, even individual legislators who said they agreed in principle didn't pull their support of the bill. "It was a steamroll that we couldn't even slow down," she said. After the bill passed, the group trained library employees around the country on how to respond if the government requested information.

Section 215 of the act - later used to justify the bulk collection of domestic phone metadata as revealed by Snowden - was called the "library provision." The implication was that the government could use it to get library records. By 2003, some libraries placed signs in their lobbies, warning patrons that the government could obtain their records under the bill. Hundreds of meetings were organized to discuss the privacy implications of the law at libraries around the country.

Stewart Baker, the assistant secretary for policy at the Department of Homeland Security under President George W. Bush, said it was a "disservice to public debate" that Section 215 was ever known as the library provision, arguing that there was no evidence it was used in the context suggested by library groups.

When Ashcroft's promotion tour rolled around, many of his talks took place behind closed doors while librarians and civil liberties advocates protested nearby.

The backlash to his comments was fierce. "It turns out people like and trust their local librarians," Sheketoff said. As a result, Ashcroft telephoned Carla Hayden, then-president of the association.

"I must say, it was quite something," Hayden said. "When you have the opportunity to express something to a person in that position, you want to do it well."

Hayden said she reminded Ashcroft that libraries were open to working with law enforcement through judicial channels. But, she said, she believed the Patriot Act went beyond that relationship.

Hayden said Ashcroft "expressed that he was sorry that he might have said something that could have been offensive - and that he didn't intend that." In fact, Hayden said, he told her that he had "good library experiences in his life."

Ashcroft did not respond to a request for comment for this story. Baker believes the apology came as a result of the librarians' media campaign.

But in his view, Ashcroft was justified. As he put it: "The implication of their campaign was that library records across the country were being rifled through by people in the name of national security trying to figure out who was reading books they disapproved of - that was pretty clearly what the parade of horribles suggested and that Section 215 was somehow implicated in that. And none of that is true."

The Connecticut Four

Within two years of Ashcroft's apology, four library officials in Connecticut found themselves in a legal battle over handing over patron information - and unable to talk about it.

In July 2005, two FBI agents presented George Christian with a national security letter - an information request that doesn't require judicial approval - seeking data about patrons' library use. He was the executive director of a consortium called Library Connection. Such letters existed before the Patriot Act and did not derive from Section 215. But their use was expanded by the law.

The government wanted to know who had used a device at an IP address in February, Christian said. The address was assigned to a router that served many devices, and to hand over that data could have violated the privacy of many patrons beyond the subjects of the FBI's investigation, said Christian, an accidental librarian who is trained as a software developer.

Christian questioned the constitutionality of the search. The most astounding part, he said, was the gag order attached to the letter. "It was perpetual, with no expiration date," he said. Such conditions are a standard feature of national security letters, requiring recipients to keep secret even the fact that they received a letter.

"Gag orders were made controversial," Baker said. "They're a routine feature of a lot of criminal and other investigations whenever you don't want the defendant or the suspect to know you're investigating them."

Instead of keeping quiet, Christian called an emergency board meeting. His colleagues unanimously decided to challenge the request. The American Civil Liberties Union agreed to take up the case. The group was already representing an Internet service provider fighting a similar request and was looking for a library to join the challenge.

Because of the gag order, none of the four library officials - Christian, Barbara Bailey, Peter Chase and Jan Nocek - could add their names to the suit. The four were known as John Doe throughout the case. During the first hearing, none could be in the courtroom, lest their identities be revealed. "We watched it from a closed-circuit television in Hartford," Bailey said.

Their identities eventually slipped to the media through faulty redaction in court documents related to the case. Even then, the four were unable to speak out - or testify about it during a debate over the Patriot Act's renewal.

"It was incredibly stressful," Christian said. The group was bound to silence until May 2006, when the government withdrew the request - and with it the gag order. That made the "Connecticut Four," as they have come to be known in library circles, among the only recipients of such an order who can publicly discuss the experience.

Library advocacy in a post-Snowden world

Snowden's leaks have only deepened the concern about the degradation of privacy rights. "Now we know that it really didn't matter what they passed," Sheketoff said. "What they were sweeping up was everything, way beyond what anybody had ever envisioned."

Librarians have deployed new methods to protect patron privacy.

"As technology has changed and we've moved from the card catalogue and paper records to electronic records, we are always looking to destroy the record as soon we can," Sheketoff said. "When you return a book, the record is destroyed so that when the government comes we can say that we legitimately only know what you have out at the time."

In Massachusetts, the local branch of the American Civil Liberties Union has partnered with some librarians to deploy services like anonymous browsing tool Tor that can shield patrons' activity from electronic snooping.

The ALA backs reform of surveillance laws - specifically the bipartisan Senate version of the USA Freedom Act, which would limit data collection under Section 215.

Allies in the civil liberties community praise the group's track record. As Kevin Bankston, policy director at New America's Open Technology Institute, put it: "Librarians are on the front lines of the information society, charged with providing easy access to information for all, and are often some of the first to raise their voices over emerging Internet policy issues, whether around online censorship, digital copyright, or most often post-9/11, overreaching surveillance."

ALA President Courtney Young has called for the group's 57,000 members to pledge an hour a week to advocacy - including reaching out to members of Congress.

For his part, Christian has grown less optimistic as the push to reform the law has dragged on.

"We are obviously all in trouble," he said. "What happened to us seems like kindergarten compared to the revelations from Snowden."
http://www.washingtonpost.com/blogs/...-surveillance/





ComputerCOP: The Dubious 'Internet Safety Software' That Hundreds of Police Agencies Have Distributed to Families
Dave Maass

For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the “first step” in protecting their children online.

Police chiefs, sheriffs, and district attorneys have handed out hundreds of thousands of copies of the disc to families for free at schools, libraries, and community events, usually as a part of an “Internet Safety” outreach initiative. The packaging typically features the agency’s official seal and the chief’s portrait, with a signed message warning of the “dark and dangerous off-ramps” of the Internet.

As official as it looks, ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies.

The way ComputerCOP works is neither safe nor secure. It isn’t particularly effective either, except for generating positive PR for the law enforcement agencies distributing it. As security software goes, we observed a product with a keystroke-capturing function, also called a “keylogger,” that could place a family’s personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. That means many versions of ComputerCOP leave children (and their parents, guests, friends, and anyone using the affected computer) exposed to the same predators, identity thieves, and bullies that police claim the software protects against.

Furthermore, by providing a free keylogging program—especially one that operates without even the most basic security safeguards—law enforcement agencies are passing around what amounts to a spying tool that could easily be abused by people who want to snoop on spouses, roommates, or co-workers.

EFF conducted a security review of ComputerCOP while also following the paper trail of public records to see how widely the software has spread. Based on ComputerCOP’s own marketing information, we identified approximately 245 agencies in more than 35 states, plus the U.S. Marshals, that have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP. One sheriff’s department even bought a copy for every family in its county.

In investigating ComputerCOP, we also discovered misleading marketing material, including a letter of endorsement purportedly from the U.S. Department of Treasury, which has now issued a fraud alert over the document. ComputerCOP further claims an apparently nonexistent endorsement by the American Civil Liberties Union and an expired endorsement from the National Center for Missing and Exploited Children.

Law enforcement agencies have purchased a poor product, slapped their trusted emblems on it, and passed it on to everyday people. It’s time for those law enforcement agencies to take away ComputerCOP’s badge.

What is ComputerCOP?

In an era when hackers use botnets, zero day exploits, and sophisticated phishing to compromise billions of online accounts, ComputerCOP is a software relic that not only offers little protection, but may actually expose your child’s (and potentially your) most sensitive information to danger.

ComputerCOP’s interface is a throwback to an earlier, clunkier age of computing. Indeed, its origins trace back 15 years, when software companies began to target a new demographic: parents worried about their children’s exposure to all manner of danger and inappropriate material on the Internet.

When ComputerCOP debuted in the late 1990s, its original title was “Bo Dietl’s One Tough ComputerCOP,” which capitalized on the fame of celebrity New York detective, Bo Dietl, who had just had his career adapted into a major motion picture, “One Tough Cop,” starring Stephen Baldwin. At the time, the program could only perform basic forensic searches of hard drives, but in the early 2000s, Bo Dietl’s toughness was dropped from the title and a keylogger was added to the “deluxe” version of the package.

EFF obtained copies of ComputerCOP and related materials from law enforcement agencies on the East Coast, West Coast, and in Texas. Each one was branded to the specific department, but the software package was otherwise the same, containing two main elements:
ComputerCOP's image search (OS version) turned up a haystack of 19,000 files

"Basic" Search Functions: ComputerCOP’s search utility does not require installation and can run right off the CD-ROM. The tool allows the user to review recent images and videos downloaded to the computer, but it will also scan the hard drive looking for documents containing phrases in ComputerCOP’s dictionary of thousand of keywords related to drugs, sex, gangs, and hate groups. While that feature may sound impressive, in practice the software is unreliable. On some computer systems, it produces a giant haystack of false positives, including flagging items as innocuous as raw computer code. On other systems, it will only produce a handful of results while typing keywords such as "drugs" into Finder or File Explorer will turn up a far larger number of hits. While the marketing materials claim that this software will allow you to view what web pages your child visits, that's only true if the child is using Internet Explorer or Safari. The image search will potentially turn up tens of thousands of hits because it can't distinguish between images children have downloaded and the huge collection of icons and images that are typically part of the software on your computer.

KeyAlert: ComputerCOP’s KeyAlert keylogging program does require installation and, if the user isn’t careful, it will collect keystrokes from all users of the computer, not just children. When running on a Windows machine, the software stores full key logs unencrypted on the user’s hard drive. When running on a Mac, the software encrypts these key logs on the user's hard drive, but these can be decrypted with the underlying software's default password. On both Windows and Mac computers, parents can also set ComputerCOP up to email them whenever chosen keywords are typed. When that happens, the software transmits the key logs, unencrypted, to a third-party server, which then sends the email. KeyAlert is in included in the "deluxe," "premium," and "presentation" versions of the software.

The keylogger is problematic on multiple levels. In general, keyloggers are commonly a tool of spies, malicious hackers, and (occasionally) nosy employers. ComputerCOP does not have the ability to distinguish between children and adults, so law enforcement agencies that distribute the software are also giving recipients the tools to spy on other adults who use a shared computer, such as spouses, roommates, and coworkers. ComputerCOP addresses this issue with a pop-up warning that using it on non-consenting adults could run afoul of criminal laws, but that’s about it.

The lack of encryption is even more troubling. Security experts universally agree that a user should never store passwords and banking details or other sensitive details unprotected on one’s hard drive, but that’s exactly what ComputerCOP does by placing everything someone types in a folder. The email alert system further weakens protections by logging into a third-party commercial server. When a child with ComputerCOP installed on their laptop connects to public Wi-Fi, any sexual predator, identity thief, or bully with freely available packet-sniffing software can grab those key logs right out of the air.

The software does not appear in any of the major malware/spyware databases we tested, so it can’t be detected with a normal virus scan.

Eight months ago, we contacted Stephen DelGiorno, the head of ComputerCOP operations, and informed him of these problems. He denied there was an issue.

“ComputerCOP software doesn’t give sexual predator [sic] or identity thieves more access to children’s computers, as our .key logger [sic] works with the existing email and Internet access services that computer user has already engaged,” he wrote via email.

He further said that ComputerCOP would update the software's licensing agreement to say "that no personal information is obtained nor stored by ComputerCOP."

These are unacceptable, and fairly nonsensical, answers from a company that claims to be a leader in child safety software. Even if the company isn't storing data, as it claims, information captured by the keylogger still passes through a commercial server when the target types a keyword. Further, the keylogger actually may undermine other services' security measures.

Some of the most common online services, such as Facebook, Twitter, and Gmail (as well as most financial sites), use HTTPS by default, automatically encrypting communications between users and those websites. In fact, one of the truly effective tools parents can use to protect their children is HTTPS Everywhere, an EFF plug-in that makes an Internet browser connect by default to secure versions of websites.

But HTTPS is rendered ineffective with ComputerCOP, because ComputerCOP captures text as it is being typed, before it has been encrypted. While HTTPS is protecting the users' connection to a website, ComputerCOP separately transmits that same communication unprotected whenever a keyword is triggered.

In EFF’s testing, we were able to snatch passwords (faked ones, of course) with shocking ease.

Law Enforcement and ComputerCOP

“The ComputerCOP outreach program is the best way for Parents/Guardians to monitor their children’s activity online and bring positive media attention to your Office,” DelGiorno writes in the first line of the form letter his company sends to law enforcement agencies.

ComputerCOP’s business model works like this: the company contracts with police and district attorneys around the country, particularly ones that have federal grants or special funds to spend, such as asset forfeiture windfalls (police often describe this as money seized from drug dealers). Agencies then buy the software in bulk, usually between 1,000 and 5,000 at a time, and give it out for free in their communities. Agencies often tell the press that the software has a value of $40, even though they pay only a few bucks per copy and the software is not available through any major online store other than eBay (where surplus new copies are going for as little as $.99). Even ComputerCOP’s online store is currently broken.

There is no official central repository for data about which agencies have purchased the software, how many copies they’ve distributed, or how much they have spent. Based on ComputerCOP’s own online map of agencies, as well as online searches and public records requests, we have identified approximately 245 agencies in more than 35 states that purchased ComputerCOP. (After we began our investigation, ComputerCOP took the map offline, promising an updated one soon.)

In February, DelGiorno told EFF the keystroke-logging feature was a recent addition to the software and that most of the units he’s sold did not include the feature. That doesn’t seem to jibe with ComputerCOP’s online footprint. Archive.org’s WayBack Machine shows that keystroke capture was advertised on ComputerCOP.com as far back as 2001. Although some versions of ComputerCOP do not have the keylogger function, scores of press releases and regional news articles from across the country discuss the software’s ability to capture a child’s conversations.

Among the most notable in the last two years: the Maricopa County Attorney's Office in Arizona, the San Diego District Attorney's Office in California, the Jackson County Sheriff's Office in Missouri and the Bexar County District Attorney’s Office in Texas each purchased 5,000 copies at a cost of $25,000 per agency. Bexar County even has an interactive map on its website showing the dozens of locations where ComputerCOP can be picked up for free.

Other agencies have purchased the software in even larger quantities. In 2008, the Highlands County Sheriff in Florida spent $42,000 to purchase 10,000 copies, or, as one newspaper put it, “enough computer disks for every parent of every school child in Highlands County.” The Alaska Department of Public Safety bought enough copies for it to be available at every "school, public library and police agency" in the state.

Since 2007, Suffolk County Sheriff Vincent DeMarco’s office in New York, where ComputerCOP is based, has bought 43,000 copies of the software—a fact trumpeted in DeMarco’s reelection campaign materials. ComputerCOP’s parent company directly donated to DeMarco’s campaign at least nine times over the same period.

Indeed, ComputerCOP markets itself as the “perfect election and fundraising tool.” As part of the package, when a law enforcement agency buys a certain amount of copies, ComputerCOP will send out a camera crew to record an introduction video with the head of the department. The discs are also customized to prominently feature the head of the agency, who can count on a solid round of local press coverage about the giveaway.

Delgiorno also said he would contact his accountant to get a list of which agencies purchased which version of ComputerCOP (i.e. the versions with the keylogger versus those without). Eight months later, we're still waiting.

Dubious Claims

Through a public records act request, EFF obtained a copy of the marketing materials submitted by ComputerCOP to the Harris County District Attorney’s office in Texas, which purchased 5,000 copies in 2011. The documents reveal several dubious and outdated claims.

For one, ComputerCOP claims that it is endorsed by the American Civil Liberties Union (ACLU) and that it is the only software product supported by the National Center for Missing and Exploited Children (NCMEC).

When asked about the origin of the ACLU endorsement, DelGiorno told EFF that someone from the ACLU recommended the software in a Newsday article as the “most non-intrusive of the products as it did not filter web pages nor block user access to them.” EFF contacted Newsday, which was unable to locate any such article, as well several branches of the ACLU, all of which denied any such endorsement.

On the eve of publication of this report, DelGiorno told reporter Alice Brennan at Fusion that the endorsement came from Kary Moss, executive director of the ACLU of Michigan, citing a 2005 story in the Detroit Free Press. However, in the article, Moss is endorsing the idea that parents should take responsibility for monitoring their children as opposed to relying on the government to act as a babysitter.

“I can say unequivocally that it was not an endorsement of the product," ACLU of Michigan Deputy Director Rana Elmir told EFF. "Our position as an organization is not to endorse technology like this.”

NCMEC told EFF that in 1998 it did allow ComputerCOP to use its name for a one-year period, but has not had any contact with the company over the last 15 years. A NCMEC attorney said the organization was unaware that ComputerCOP was still advertising its imprimatur and that it would tell ComputerCOP to stop using it immediately.

In its promotional packet, ComputerCOP includes a letter from the Treasury Executive Office for Asset Forfeiture, in which the head of the division calls the software an “effective law enforcement aid” and a “valid crime prevention tool” that will “identify and locate perpetrators and possibly missing children.” The uncharacteristically positive nature of the letter caused EFF to examine it closer and, as it turns out, the document had been significantly altered.

In an email exchange, DelGiorno acknowledged that ComputerCOP had taken a prior letter from the Treasury Department, highlighted text and “recreated the letterhead to make more it presentable for other agencies to view.” In doing so, ComputerCOP removed the 2001 date stamp from the letter. As a result, law enforcement agencies were unaware that the letter was outdated by more than a decade and that the agency head who signed it had long left office.1

Through the Freedom of Information Act, EFF is seeking the unaltered letter, as well as any material ComputerCOP submitted to the Treasury Department. So far the agency has been unable to locate those file and ComputerCOP would not provide a copy of the original letter to EFF.

However, after we submitted the suspicious letter to the Treasury Department, the Treasury Department’s Inspector General issued a fraud alert over ComputerCOP, including a copy of the letter with the words “Fraudulent Document” stamped on it in red.

ComputerCOP Conclusions

We estimate somewhere between a few hundred thousand and more than a million copies of ComputerCOP have been purchased by law enforcement agencies across the United States, but it’s difficult to say how many individual people have been exposed by the software’s vulnerabilities.

In our tests, ComputerCOP was so unwieldy to use that it’s possible that very few people actually use it. But even if it’s a pointless giveaway from the police, it’s still being purchased with our tax dollars. As law enforcement agencies around the country face budgetary shortfalls, spending $25,000 on an ineffective product is not only unwise, but fiscally irresponsible.

Law enforcement agencies should cease distributing copies immediately and tell parents not to use it. Any local media outlet that reported on ComputerCOP should consider alerting parents to its dangers. The Treasury Department should reexamine its approval of ComputerCOP as a permissible use of funds from the federal equitable sharing program.

There are certainly risks for kids on the Internet, and indeed for adults too. Let’s not make it easier for villains with bogus safeguards.
https://www.eff.org/deeplinks/2014/0...olice-agencies





Hackers’ Attack Cracked 10 Financial Firms in Major Assault
Matthew Goldstein, Nicole Perlroth and David E. Sanger

The huge cyberattack on JPMorgan Chase that touched more than 83 million households and businesses was one of the most serious computer intrusions into an American corporation. But it could have been much worse.

Questions over who the hackers are and the approach of their attack concern government and industry officials. Also troubling is that about nine other financial institutions — a number that has not been previously reported — were also infiltrated by the same group of overseas hackers, according to people briefed on the matter. The hackers are thought to be operating from Russia and appear to have at least loose connections with officials of the Russian government, the people briefed on the matter said.

It is unclear whether the other intrusions, at banks and brokerage firms, were as deep as the one that JPMorgan disclosed on Thursday. The identities of the other institutions could not be immediately learned.

The breadth of the attacks — and the lack of clarity about whether it was an effort to steal from accounts or to demonstrate that the hackers could penetrate even the best-protected American financial institutions — has left Washington intelligence officials and policy makers far more concerned than they have let on publicly. Some American officials speculate that the breach was intended to send a message to Wall Street and the United States about the vulnerability of the digital network of one of the world’s most important banking institutions.

“It could be in retaliation for the sanctions” placed on Russia, one senior official briefed on the intelligence said. “But it could be mixed motives — to steal if they can, or to sell whatever information they could glean.”

The JPMorgan hackers burrowed into the digital network of the bank and went down a path that gave them access to information about the names, addresses, phone numbers and email addresses of account holders. They never made it into where the more critical financial information and personal information are stored.

The bank’s security team, which first discovered the attack in late July, managed to block the hackers before they could compromise the most sensitive information about tens of millions of JPMorgan customers, said several security experts and others briefed on the matter. The attack was not completely halted until the middle of August and it was only in recent days that the bank began to tally its full extent.

American officials say they have been working with JPMorgan since the intrusion was detected, chiefly through the Treasury, the Secret Service and intelligence agencies that seek to find the source of the attacks. But that is slow work and one official cautioned against leaping to conclusions about the identities or the motives of the attackers.

“We’ve been wrong before,” he said.

JPMorgan, the nation’s largest bank, has begun contacting customers and making clear that no money was taken from any accounts. There has been no evidence of any fraudulent use of customer information. Most of the household accounts belong to United States residents. The hackers ended up with the addresses, email addresses and phone numbers of everyone who logged into JPMorgan’s websites and mobile applications in the recent past.

Still, the recent attacks on the financial firms raise the possibility that the banks may not be up to the job of defending themselves. The attacks will also stoke questions about regulations governing when companies must inform regulators and their customers about a breach.

“It was a huge surprise that they were able to compromise a huge bank like JPMorgan,” said Al Pascual, a security analyst with Javelin Strategy and Research. “It scared the pants off many people.”

Several financial regulators have warned that a coordinated attack on the banking system could set off another financial crisis.

On Friday, George Jepsen, the Connecticut attorney general, opened an investigation into the breach at JPMorgan, while Benjamin M. Lawsky, New York’s top financial regulator, began calling bank officials to warn them to take the threat more seriously.

“There needs to be far more urgency,” Mr. Lawsky said in an interview.

JPMorgan has also been working with law enforcement, including the F.B.I., since shortly after detecting the intrusion, which affected about 90 of the bank’s computer servers. The bank said it believed that its systems were now secure and that the threat of the hackers’ returning was over.

“To date, we have not seen any unusual fraud activity related to this incident,” said Kristin Lemkau, a bank spokeswoman. “We have identified and closed the known access paths. We have no evidence that the attackers are still in our system. We have apologized to our customers.”

But much remains unanswered about the intrusion, including just who the hackers are, which other financial institutions were hit and why the hackers went down a path inside JPMorgan’s computer system that contained troves of customer information, but not financial data.

The intrusion also highlights a possible gap in United States regulations. Banks are not required to report data breaches and online intrusions unless the incident is deemed to have resulted in a financial loss to customers. Breach notification laws differ by state, but most laws require only that companies disclose a breach if customer names were stolen in conjunction with other information like a credit card, Social Security number or driver’s license number.

In some states, companies can wait up to a month to inform customers of a breach. Other state laws are more vague.

In California, for example, banks, companies and large organizations must inform the state attorney general’s office and consumers about a breach without unreasonable delay — a rule that some companies interpret liberally, officials say. This year, Kamala Harris, the California attorney general, sued the Kaiser Foundation Health Plan, saying that it took more than a year for the foundation to disclose to some employees that their personal information may have been compromised.

For years, there have been attempts in Congress to force companies to inform customers more quickly when their information has been compromised, but recent bills have failed to muster enough support. One bill, sponsored by Senator Edward J. Markey, Democrat of Massachusetts, would create a clearinghouse where companies could exchange information about attacks.

United States bank executives say privately that they already share intelligence informally about attacks, which are occurring frequently on their systems.

This summer, Treasury Secretary Jacob J. Lew called on Congress to pass legislation that he said would bolster the information sharing process.

“As it stands, our laws do not do enough to foster information sharing and defend the public from digital threats,” Mr. Lew said.

That the hackers were apparently able to move around JPMorgan’s computer system undetected for several weeks is perhaps the most troubling aspect of the recent breach, officials at other large banks say.

The hackers were able to attain high administrative privileges within JPMorgan’s network, rooting more than 90 servers and rummaging through customer databases with detailed information for 76 million households and seven million small-business online accounts.

As they looked around, according to one person with knowledge of the breach, the hackers gleaned some critical details of customers’ accounts. With these, the hackers were able to determine whether the accounts fell within the private bank or in other business categories like mortgages.

Some people briefed on the results of the attack contend that it was only a matter of time before attackers could have gained access to customer funds and critical personal data.

Weeks into the attack, in mid-July, unusual behavior on the bank’s network was spotted, and the attackers were stopped before they had a chance to pull any customer data back to their servers abroad.

But they did make off with one file which has unnerved executives. That file contained a list of every application and program deployed on standard JPMorgan computers that hackers can crosscheck with known, or new, vulnerabilities in each system in a search for a backdoor entry.

Swapping out those programs is costly and time-consuming, people say, because the bank would have to renegotiate licensing deals with technology suppliers and swap out programs and applications for hundreds of thousands of bank employees.

As one former employee explained: “It’s as if they stole the schematics to the Capitol — they can’t just switch out every single door and window pane overnight.”

The attack came after a recent turnover within JPMorgan’s information security group.

A number of staff members followed Frank Bisignano, JPMorgan’s former co-chief operating officer, to First Data last year. This year, First Data agreed to pay JPMorgan over accusations that by wooing other executives to the payment processor, Mr. Bisignano had violated the terms of his former employment contract.

By then, First Data had already hired JPMorgan’s chief information officer, Guy Chiarello; its cybersecurity czar, Anthony Belfiore; its head of compliance, Cindy Armine; and Tom Higgins, JPMorgan’s head of operation control.

Anish Bhimani, the bank’s chief information risk officer, remained. Mr. Bhimani, who is well respected in the cybersecurity industry, is a co-author of a 1996 book on cybersecurity, “Internet Security for Business.”

Ms. Lemkau said the bank was pleased with its current cybersecurity personnel. “This is the highest-quality team we have ever had,” she said.

Last December, JPMorgan hired Dana Deasy as chief information officer from BP. Greg Rattray, a former Air Force lieutenant colonel who specialized in cyberdefense was named the head of information security in June.

Challenges quickly followed. That same month, hackers found a way into the bank’s systems.

Reporting was contributed by Michael Corkery, Nathaniel Popper, Peter Eavis and Jessica Silver-Greenberg.
http://dealbook.nytimes.com/2014/10/...major-assault/





An FBI Informant Led Hacks Against 30 Countries—Now We Know Which Ones
Dell Cameron

A Federal Bureau of Investigation (FBI) informant targeted more than two dozen countries in a series of high-profile cyberattacks in 2012. The names of many of those countries have remained secret, under seal by a court order—until now.

A cache of leaked IRC chat logs and other documents obtained by the Daily Dot reveals the 30 countries—including U.S. partners, such as the United Kingdom and Australia—tied to cyberattacks carried out under the direction of Hector Xavier Monsegur, better known as Sabu, who served as an FBI informant at the time of the attacks.

The actual attacks were carried out by highly skilled hacktivist Jeremy Hammond, who broke into countless international websites identified by his partner, Monsegur. At the time, Hammond was unaware that Monsegur was working as an FBI informant. Hammond was arrested in March 2012 on charges based largely on information provided by Monsegur.

Amassed by federal agents with direct access to communications between Anonymous hacktivists, the private correspondence of Hammond and Monsegur, cofounder of hacktivist crew LulzSec, reveals the facilities of the AntiSec hacking group, who, under the FBI’s constant surveillance, launched successive cyberattacks against foreign government networks.

Databases containing the login credentials, financial details, and private emails of foreign citizens, and in some cases government agents, were exfiltrated by hackers tasked by Monsegur to do as much damage as possible. After they stole the data, it was routinely uploaded, at Monsegur’s instruction, to a server under the FBI’s control, according to court statements.

The names of the countries involved in these attacks remain redacted by order of Judge Loretta A. Preska of the U.S. District Court in Manhattan. However, a sentencing memorandum filed last year reveals that Hammond’s attorneys, Susan G. Kellman and Sarah Kunstler, believed the criminal nature of Monsegur’s undercover activities warranted closer scrutiny by the court.

“Why was our government, which presumably controlled Mr. Monsegur during this period, using Jeremy Hammond to collect information regarding the vulnerabilities of foreign government websites and in some cases, disabling them,” Hammond’s attorneys wrote in December 2013.

“This question is especially relevant today, amidst near daily public revelations about government’s efforts, worldwide, to monitor the communications of, and gather intelligence on, world leaders.”

Two weeks after the memorandum was filed, Preska sentenced Hammond to 10 years behind bars, the maximum allowed under the Computer Fraud and Abuse Act. Monsegur, however, walked free in May with a year of probation. Preska, who also ruled over Monsegur’s case, and the U.S. Attorney’s office praised Monsegur for his role in Hammond’s conviction.

The 94-page memorandum from Hammond’s legal team was eventually published in April 2014 by the document-leaks website Cryptome. It contains a summary of discovery materials—evidence collected by the FBI against Hammond—that details Monsegur’s integral role in a slew of computer crimes. Due to the protective court order, however, the names of all foreign countries involved in the 2012 cyberattacks were all carefully blacked out.

The names of several countries allegedly targeted by Monsegur have been published by major news sources in the past, including the New York Times, which listed the names of six countries in an article published last April.

A joint investigation this summer by the Daily Dot and Motherboard further revealed that Monsegur ordered fellow hackers to deface government websites and steal confidential information from servers in Turkey and Brazil, according to sealed court documents leaked to the reporters. Additionally, Monsegur played a crucial role in staging high-profile cyberattacks against FBI security contractor ManTech, and the Texas intelligence firm Stratfor, the latter of which suffered an estimated $3.78 million in damages as a result of the breach.

Below is an unredacted version of Hammond’s sentencing memorandum drafted by the Daily Dot. Although the original document was unavailable, leaked chat logs, which correspond to the bates numbers cited next to each bullet point, identify the names of the countries censored by the court.

This is the first time this information has been made public.

Note: Text in yellow indicates the names previously redacted from the court document. Click on the linked "BS" numbers to view the corresponding chat logs between Monsegur (“leondavidson“) and Hammond (“yohoho”), which were used by the Daily Dot to un-redact the names.

Discovery timeline pertaining to hacks of foreign websites

Jan. 23, 2012:

• Mr. Monsegur gives Mr. Hammond a list of Brazil targets with Plesk vulnerabilities and asks him to “hit these… for our brazilian squad.” (BS 104988 - 104989)

• Hammond hacks one of these targets and shows Monsegur the site contains 287 domains and 1330 different email accounts. Monsegur says he will give these targets to Brazillian hacker “Hivitja” (actually Havittaja) to hack the sites. Monsegur tells Hammond to create a root backdoor (“just backdoor urls”) so the sites can be accessed again. Hammond also gives Monsegur passwords for some of the sites. (BS 104989 - 104990)

• Monsegur identifies additional targets for Hammond. Hammond confirms that he successfully gained access to two of them. One of the servers contains 3520 domains, many of them in Netherlands and Belgium. Another contains 392 Brazil domains. (BS 104991 - 105013)

• Hammond explains to Monsegur how to use root backdoors and where to find the emails and databases. (BS 105013 - 105014)

• Monsegur says he is finding more targets (“finding new juicy targets”) and asks for root backdoor instructions again, which Hammond provides. (BS 105014)

• Monsegur provides Hammond with targets in Slovenia. Hammond gains access to one that contains 62 domains and 96 email accounts. (BS 105028 - 105029)

• Monsegur provides more international targets and says he is “looking for embassies [sic] and consulates” [sic]. Hammond provides access to two of them. (BS 105029 - 105030)

• Monsegur asks Hammond to access a Brazil site, but he is unable to gain access. (BS 105041)

• Monsegur gives Hammond more Brazil targets, including Globo, which he describes as a “big target.” Hammond provides passwords. (BS 105041 - 105042)

• Monsegur provides more Brazil targets. Hammond gains access to one of them and provides the password, as requested. (BS 105044-105046)

• Monsegur provides a long list of targets from many different international countries including United Kingdom, Australia, Papua New Guinea, Republic of Maldives, Philippines, Laos, Libya, Turkey, Sudan, India, Malaysia, South Africa, Yemen, Iraq, Saudi Arabia, Trinidad and Tobago, Lebanon, Kuwait, Albania, Bosnia and Herzegovina, and Argentina (BS 105061-105063)

• Monsegur tells Hammond that he will give the Turkey government sites to a Turkish hacking group known as RedHack (“the .gov.tr’s will be handled Redhack famous Turkish hackers”) and tells Hammond that the sites he has given him are “high priority”—as if he were placing an order. (BS 105063)

• Monsegur invites Hammond to the RedHack channel so Hammond can provide the Turkey sites (“accept invite”). Monsegur also provides more Turkish domains (BS 105065 - 105066)

• Hammond tells Monsegur that one of the servers has mail for 22 Turkey government domains and another has mail for about 600 domains. (BS 105067)

• Monsegur creates a chat room and invites Hammond and an alleged member of RedHack. They exchange information regarding thousands of Turkey sites. (BS 62889)

• Hammond explains to the alleged Redhack member how to access the root backdoors of the Turkey sites. (BS 62889-62897)

Jan 26, 2012:

• Monsegur follows up on foreign government targets he provided Hammond “last night.” Hammond sends back a list of the sites he did not gain access to, including government sites in Libya, Yemen, Sudan, Philippines, Iran, and United Kingdom. (BS 105077-105078)

• Monsegur asks for the list again. Monsegur again asks for instructions on how to access root backdoors. Hammond gives Monsegur the information. (BS 105080-105081)

• Monsegur provides more Iran targets to which he wants access. (Monsegur: “lend me an hour of your time to bang out these Iranian targets.”) Hammond gains access to one that hosts seven domains and 56 email accounts. (BS 105091)

• Monsegur provides two targets in India. Hammond cannot gain access to either. (BS 105091 - 105092)

Feb 2, 2012:

• Monsegur provides more targets, including a government site in United States and government sites in Nigeria, Republic of Maldives, Paraguay, Saint Lucia, and Puerto Rico. Mr Monsegur asks again for instructions on how to access root backdoors. (BS 67554)

• Monsegur provides targets in Greece, United Kingdom, and Turkey. Hammond accesses one of the Greece sites that contains 135 domains and 287 email accounts. (BS 67559 - 67561)

Feb 15, 2012:

• Monsegur provides targets in Slovenia. He tells Hammond that these sites are for “tony, the guy who hacked kingcope.” (BS 105191)

• Monsegur tells Hammond he is “setting up a new box to serve as another for onion for us as a third backup” and says, “I want us to have redundant backups for all our shit.” (BS 105192-105193)

• Hammond provides access to some of the Slovenian sites. He creates three backdoors and tells Monsegur that they contain hundreds of domains and emails. Hammond comments “hopefully were getting something out of all this.” Monsegur responds, “trust me…everything i do serves a purpose ;P” (BS 105195)
http://www.dailydot.com/politics/fbi...-country-list/





A Virginia Hacker Catches the Attention of Federal Law Enforcement
Justin Jouvenal

The agents from the Department of Homeland Security and the Secret Service showed up on Muneeb Akhter’s Springfield doorstep in mid-July, he said, soon after they learned that he claimed to have created a hack so powerful it was like printing virtual money.

The cybersecurity expert and self-described hacker, who started college at 16, had casually told co-workers soon after starting work as a DHS contractor that he could add money to major retailers’ gift cards without spending a dime.

Now, as the 22-year-old and the agents sat around his family’s dining room table, the officials wanted to know how. Akhter thought they might arrest him as he explained the hack, but instead, he said, they extended an extraordinary offer: Work secretly as a hacker for the government.

“There is no university we can go to and just recruit people,” a man, who Akhter said is a DHS agent, is heard saying on an audio recording of the meeting that Akhter’s family made. “The people we’re looking for might be the people they have concerns about because you have special skills that we need.”

The would-be offer intrigued Akhter, who had first heard about the potential job the day he revealed his hack to DHS colleagues. But it also roused his suspicions: Were the agents recruiting him or simply creating a ruse to get him to turn over evidence that authorities could use to prosecute him?

The account of the case is drawn from interviews with Akhter and his family, an audio recording of that July meeting with agents and a search warrant filed in Fairfax County Circuit Court. Such warrants often are precursors to criminal charges.

A DHS spokesman said he would not comment on the investigation, so the meeting at Akhter’s home and the recording could not be independently verified. Two of Akhter’s relatives who were present confirmed his account.

For now, the case is one of classic D.C. intrigue: What were Akhter’s intentions in supposedly creating the code? Does it exist? And even more fundamental in a region full of federal workers: Would an agency really recruit this way?

Akhter admits to stepping over the line. He said in a signed, sworn statement given to authorities that he used one of his hacked gift cards to make purchases at a Dunkin’ Donuts and helped friends load gift cards that they used to purchase airline frequent-flier miles. He now denies the latter admission.

He also has dabbled with other “black hat” hacks, such as code that allowed him to win Web auctions with low-ball bids.

Still, he said his intentions in this case were motivated by curiosity, not criminality. He said he was exploring a major security vulnerability that could cost some of the nation’s largest retailers, from Kmart to Starbucks.

Some experts say it is not so far-fetched to think Akhter was being considered for a job. They say that the growing threat of complex cyberattacks has given people with his skills new cachet and that federal agencies have had difficulty hiring and retaining such talent, in part because of the cultural conflict between stodgy federal bureaucracy and the freewheeling hacker underground.

Last year, Janet Napolitano — then the DHS director — said she was seeking to hire 600 “hackers for good” to fend off those with malicious intent.

Gabriella Coleman, a professor at McGill University in Montreal and the author of a forthcoming book about the hacking group Anonymous, put it simply: “American and British governments are hungry to hire hackers.”

***

Akhter said his trouble began in late June, after he obtained a security clearance and a job as a cybersecurity contractor with DHS. Over lunch, he said, he told colleagues about the gift card hack. He also showed them some of the cards.

Akhter said those workers alerted his company, General Dynamics, which told DHS. When Akhter showed up for work the next day, he said his security badge was confiscated and he was ushered into a small room.

He said a DHS agent asked him to explain the hack and, afterward, a second DHS agent told him he was going to verify its feasibility with his cybersecurity team.

When the agent returned, Akhter said, they dangled the offer for the first time. They were considering him for a position with a classified hacking unit. He was told he would make $155,700 a year and be stationed in Seattle.

There was one catch: Akhter said he was required to sign a statement saying he had created the hack and to show agents that he could actually do it.

Akhter was interested. They set up the meeting at his house. And he swore out the statement, which is included in the search warrant.

In the statement, Akhter said he loaded at least $495 onto a Kmart gift card, $480 onto a Whole Foods card, $700 onto a Shell gas card, $180 onto a Dunkin’ Donuts card and $100 onto a Starbucks card.

Akhter used the Dunkin’ Donuts card himself and helped acquaintances load gift cards that they used to purchase frequent-flier miles with US Airways and American Airlines, according to the statement. The statement does not say whether the other cards were used.

In an interview, Akhter said he used the one card to confirm that his hack worked. He now says he has never loaded cards for others and that law enforcement officials miswrote what he told them. He said he simply showed the code to friends.

“I just did it to see if it would work or not,” Akhter said. “I’m a researcher. I’m not using [the code] maliciously.” He said he planned to take his concerns to the retailers and see if they would hire him to fix the problem, but that he hadn’t yet taken that step.

If the hack is legitimate, it would be in keeping with early talent Akhter showed in computing. He was born in Maryland but in the mid-1990s moved to Saudi Arabia, where his father is an engineer. He attended a private high school there before returning to the United States for college.

Akhter and his twin brother, Sohaib, enrolled at George Mason University before they had their driver’s licenses. During their time there, they built a robot with a teleconferencing system that allowed them to communicate with friends. They outfitted it with speakers that blasted music and dubbed it the “partybot.”

The brothers were George Mason’s youngest graduates in 2011, and Muneeb completed his master’s in computer engineering at the school by the time he turned 20. While Muneeb was getting the advanced degree, the brothers received a $200,000 grant from the Defense Advanced Research Project Agency, or DARPA, in 2012. The program gave hackers seed money to try to solve cyberdefense problems.

The Akhters’ project involved creating a device that would assess a computer’s vulnerability to “side channel attacks.”

Skilled users can observe a device’s power, electromagnetic radiation, timing and even sounds to determine what encryption software it is running and then crack it, not unlike a safecracker listening to lock clicks with a stethoscope in a caper movie.

“These two guys were super smart,” said Dan Farmer, who also received a DARPA grant and is a pioneering cybersecurity expert.

Akhter said he discovered the gift card hack while researching a topic equally as esoteric as side channel attacks. It employs a technique called “bit squatting.”

Computers encode Internet addresses as 0s and 1s, but very rarely heat, hardware issues or even cosmic rays will randomly cause a digit to flip and a Web user will be sent to the wrong site — for instance, Micro2oft.com instead of Microsoft.com.

A hacker could register the faulty Web address and use it to exploit an unlucky Web user through malware or other attacks.

Cybersecurity researcher Artem Dinaburg first warned of hackers doing this in 2011, but he said that until now it had remained a hypothesis. “This would be the first documented attack that I’m aware of using bit squatting,” Dinaburg said.

Dinaburg is skeptical about Akhter’s claims, but Farmer thought such a hack was theoretically possible. For now, the truth lies on Akhter’s hard drive, which was seized by the DHS agents. Presumably, authorities are looking for the code to create the gift card hack.

***

Some experts said it was unlikely that DHS would hire anyone in this manner, but the need for hacking skills might make Akhter an appealing target.

Coleman, the McGill professor, noted that the former head of the National Security Agency has spoken at hacker conventions, and recently the FBI director floated the idea of relaxing the agency’s strict drug policy in order to hire more hackers. Coleman said British intelligence has created online puzzles to draw in more renegade technologists.

Coleman said there is another possibility: DHS is trying to turn Akhter into an informant.

Federal law enforcement officials have used some high-profile hackers who have run afoul of the law to infiltrate hacker networks. One of the key members of a hacking group called Lulzsec helped lead investigators to other members of his group. The hacker behind one of the largest cases of identity theft in U.S. history helped authorities orchestrate a sophisticated sting on credit card thieves called “Operation Firewall.”

Akhter said that because of the hack he was fired by General Dynamics for unacceptable workplace conduct. When the federal agents visited his home, he said, the job they offered had changed somewhat from the original description. He said the agents wanted him to hack and work as an informant. That made him more skeptical about the supposed job.

On the audiotape, one of the men he identified as an agent tells him: “We have good toys the private sector doesn’t have.” And then later: “I want you to work with us.”

Akhter now believes the job offer probably was a trick.

“I’m surprised at how the intelligence community actually works,” Akhter said. “I expected them to see my skill set and think, ‘This guy could be used for a lot of things.’ Instead, I’m going to being charged with something.”
http://www.washingtonpost.com/local/...c97_story.html





Silk Road Lawyers Poke Holes in FBI’s Story
Brian Krebs

New court documents released this week by the U.S. government in its case against the alleged ringleader of the Silk Road online black market and drug bazaar suggest that the feds may have some ‘splaining to do.

Prior to its disconnection last year, the Silk Road was reachable only via Tor, software that protects users’ anonymity by bouncing their traffic between different servers and encrypting the traffic at every step of the way. Tor also lets anyone run a Web server without revealing the server’s true Internet address to the site’s users, and this was the very technology that the Silk road used to obscure its location.

Last month, the U.S. government released court records claiming that FBI investigators were able to divine the location of the hidden Silk Road servers because the community’s login page employed an anti-abuse CAPTCHA service that pulled content from the open Internet — thus leaking the site’s true Internet address.

But lawyers for alleged Silk Road captain Ross W. Ulbricht (a.k.a. the “Dread Pirate Roberts”) asked the court to compel prosecutors to prove their version of events. And indeed, discovery documents reluctantly released by the government this week appear to poke serious holes in the FBI’s story.

For starters, the defense asked the government for the name of the software that FBI agents used to record evidence of the CAPTCHA traffic that allegedly leaked from the Silk Road servers. The government essentially responded that it could not comply with that request because the FBI maintained no records of its own access, meaning that the only record of their activity is in the logs of the seized Silk Road servers.

The response that holds perhaps the most potential to damage the government’s claim comes in the form of a configuration file taken from the seized servers. Nicholas Weaver,a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley, explains the potential significance:

“The IP address listed in that file — 62.75.246.20 — was the front-end server for the Silk Road,” Weaver said. “Apparently, Ulbricht had this split architecture, where the initial communication through Tor went to the front-end server, which in turn just did a normal fetch to the back-end server. It’s not clear why he set it up this way, but the document the government released in 70-6.pdf shows the rules for serving the Silk Road Web pages, and those rules are that all content – including the login CAPTCHA – gets served to the front end server but to nobody else. This suggests that the Web service specifically refuses all connections except from the local host and the front-end Web server.”

Translation: Those rules mean that the Silk Road server would deny any request from the Internet that wasn’t coming from the front-end server, and that includes the CAPTCHA.

“This configuration file was last modified on June 6, so on June 11 — when the FBI said they [saw this leaky CAPTCHA] activity — the FBI could not have seen the CAPTCHA by connecting to the server while not using Tor,” Weaver said. “You simply would not have been able to get the CAPTCHA that way, because the server would refuse all requests.”

The FBI claims that it found the Silk Road server by examining plain text Internet traffic to and from the Silk Road CAPTCHA, and that it visited the address using a regular browser and received the CAPTCHA page. But Weaver says the traffic logs from the Silk Road server that also were released by the government this week tell a different story.

“The server logs which the FBI provides as evidence show that, no, what happened is the FBI didn’t see a leakage coming from that IP,” he said. “What happened is they contacted that IP directly and got a PHPMyAdmin configuration page.”

But this is hardly a satisfying answer to how the FBI investigators located the Silk Road servers. After all, if the FBI investigators contacted the PHPMyAdmin page directly, how did they know to do that in the first place?

“That’s still the $64,000 question,” Weaver said. “So both the CAPTCHA couldn’t leak in that configuration, and the IP the government visited wasn’t providing the CAPTCHA, but instead a PHPMyAdmin interface. Thus, the leaky CAPTCHA story is full of holes.”

Many in the Internet community have officially called baloney [that's a technical term] on the government’s claims, and these latest apparently contradictory revelations from the government are likely to fuel speculation that the government is trying to explain away some not-so-by-the-book investigative methods.

“I find it surprising that when given the chance to provide a cogent, on-the record explanation for how they discovered the server, they instead produced a statement that has been shown inconsistent with reality, and that they knew would be inconsistent with reality,” Weaver said. “”Let me tell you, those tin foil hats are looking more and more fashionable each day.”
http://krebsonsecurity.com/2014/10/s...in-fbis-story/





The Real Chink in Tor's Armor
Patrick Howell O'Neill

Silk Road wasn’t built in a day, but it dropped off the Internet in an instant.

On the morning of Oct. 2, 2013, the Federal Bureau of Investigation seized the infamous black market and arrested its alleged mastermind, Ross Ulbricht.

The fall of Silk Road shook the entire Deep Web—the unindexed, anonymous part of the Internet on which it was hosted—setting off a chain reaction of high-profile arrests and scams. Multiple new black markets opened and closed, stealing millions of dollars from customers and sellers alike.

Even before Silk Road’s closure, there was cause for serious concern. Freedom Hosting, the biggest host on the Deep Web and owned by a man the FBI called the “largest facilitator of child porn on the planet,” was taken down almost exactly two months prior. Days later, it was revealed that the National Security Agency was directly targeting Tor and its users.

From any number of angles, it appeared that a chink in the armor of Tor—the powerful anonymizing service that allowed these services to flourish—had been discovered and exploited. It seemed, for a time, like open season for federal authorities. The Deep Web was proclaimed dead.

“No one is beyond the reach of the FBI,” an agency spokesman triumphantly told Forbes. “We will find you.”

However, a comprehensive analysis of hundreds of police raids and arrests made involving Tor users in the last eight years reveals that the software’s biggest weakness is and always has been the same single thing: It’s you.

The plight of the exit node operator

At a basic level, Tor can be explained pretty simply. A user’s Internet traffic is passed through the Tor network where it is encrypted and bounced to three nodes—entry, middle, and exit—around the world. By design, only the exit node operator’s IP address ever shows up in public.

The exit node operators—there are about 1,000 around the globe today—bear much of the risk if illegal activity like child pornography passes through their particular node.

Why do exit node operators take it on? Tor has about 2 million connected users at any given moment, and while the drug busts make the headlines, the majority of Tor users actually utilize it to circumvent increasingly prevalent digital censorship and online surveillance.

When new exit nodes are set up, philanthropy and anti-censorship activism tend to be key motivators, especially around sweeping events like the Arab Spring.

“I became interested in Tor in the spring of 2007, after reading about the situation in Burma and felt that I would like to do something, anything, to help,” one Englishman, who later had his house raided due to his Tor exit node, explained.

After being developed as a U.S. Navy research project, Tor first launched publicly in 2002. By the middle of the decade, funding increased dramatically. So did police attention.

The first big raid came in 2006. Seven computing centers across Germany were raided on charges of proliferation of child pornography as part of a wider national investigation. The centers ran over half a dozen Tor exit nodes. Their hardware, the machines they use to do business, were confiscated by police.

The raid spurred frantic rumors that the country was cracking down on Tor. That wasn’t the case. The servers were returned after a few pounds of paperwork was finished.

“Child porn, not Tor, was the target,” Tor’s Shava Nerad explained at the time.

When most exit node operators get arrested, it’s because police have followed the trail to the IP address. Before he became Tor’s executive director, Andrew Lewman was once visited at home by Navy investigators for volunteering his hardware in the Tor network.

While most operators are eventually cleared of wrongdoing, the process still takes a toll. When another German exit node operators home was raided late at night the next year, the result was chilling.

"I can't do this any more, my wife and I were scared to death," one operator wrote after his home was raided in 2007. “I’m at the end of my civil courage.”

The year after that, U.K. cops swarmed the home of a Tor exit node operator and allegedly threatened him with child porn charges and to put his own children in protective services in the process. Months later, having cleared the man of wrongdoing, the police unceremoniously removed the man from the investigation.

In America, the story is different.

“Exit relay operators don’t see SWAT teams in America because detectives already know Tor,” Lewman said. “[Instead], they see two guys show up,” knock, and have a relatively informed discussion.

Lewman and Tor’s project leader Roger Dingledine have taken a proactive approach to educating law enforcement agencies, especially in the U.S., regularly speaking at places like the FBI Academy in Quantico, Va. Tor also developed a tool, ExoneraTor, that immediately tells a cop (or anyone else) whether an IP address of interest is actually a Tor exit node. It’s designed specifically to prevent needless raids against Tor exit node operators.

“It's very hard to change a mindset if the first time you're introduced to Tor is while tracking down a criminal. You may assume only criminals use Tor (you would be wrong),” Lewman explained in 2010. If we can talk to law enforcement first, they may look at Tor in a different light.”

That’s not to say problems haven’t occurred. A 2009 kidnapping case—where the suspect allegedly used Tor to brag and post pictures and video of what he said was a small boy being locked up—led to a full-on police raid on an exit node operator’s residence. The home of Nolan King, another exit node operator, was similarly raided in 2011 by Immigration and Customs Enforcement (ICE) agents.

Both Tor exit node operators were cleared of any wrongdoing—although ICE ominously warned Nolan that they might return in force anyway—but the raids were predicated by law enforcement’s profound misunderstanding or disregard of the way the Internet and Tor work.

An IP address—what’s potentially exposed by the exit node operator—is the number assigned to each Internet-connected device. However, an IP address is nothing like a fingerprint. It can be co-opted by hackers running bot nets or shared by many users if, for instance, a network is open at a cafe or library, or if a user is running something like a Tor exit node.

“This means an IP address is nothing more than a piece of information, a clue,” Marcia Hoffmann, who was a senior staff attorney at the Electronic Frontier Foundation, wrote after the raid on King’s home in 2011. “An IP address alone is not probable cause that a person has committed a crime.”

Following a digital trail

One of the most impactful arrests of a Tor user occurred in November 2012.

William Weber, an Austrian exit node operator who worked as an IT administrator at a small Internet service provider, was grabbed early in the morning at his office and subject to a home raid. He ran a seven exit nodes for Tor at the time and said he handled up to 30 terabytes of data, which included the illegal child abuse media that set authorities in motion.

"I mainly run the exit nodes to make it possible for the not-so-privileged folks to have uncensored access to the internet, without fear of government prosecution," Weber told the BBC following the raid. Police confiscated not only his computer but also his guns which he said he owned legally), consoles, electronics, and some drugs.

The Tor Project, which has historically offered some form of help to any exit node operator in legal trouble, connected Weber with Julius Mittenzwei, a lawyer and member of the Chaos Computer Club, a Germany-based hacker group dedicated to the freedom of information.

Things soon became much more complicated.

“Through a face-to-face conversation with someone familiar with the case, I was told that the case was very messy,” Andrew Lewman, Tor’s executive director, told the Daily Dot. “Forensics turned up possible child abuse images on the hard drives in the computers. Add to that the possibly legal weapons in the flat, and possibly legal amount of marijuana, and it wasn't going to be a clean case of ‘just an exit node.’”

Austrian prosecutors possessed chat logs in which Weber recommended using Tor to host anything anonymously, including child pornography, a statement that Weber said did exist but was taken out of context. Weber was accused of aiding a crime in progress.

Tor’s official support faded—“We heard nothing for months,” Lewman said— but Weber’s call for online donations yielded enough to fund lawyer fees that helped him knock the sentence down considerably.

Two years later, on July 1, 2014, Weber was found guilty and sentenced to three years of probation for abetting the spread of child pornography—a relatively small sentence considering he faced 10 years in prison.

Weber continued to contribute to Tor at least a year and a half after being arrested. He took down his exit nodes but ran major middle, bridge, and entry nodes—all of which are much less susceptible to legal action.

Introducing human error

In 2011, the Deep Web’s first drug markets opened up for business.

Silk Road, Black Market Reloaded, and the Farmer’s Market transformed the illicit goods industry within months of migrating to the anonymous Tor network. While the markets flourished quickly, the arrests actually began quietly the same year that Silk Road started.

An as-yet-unnamed confidential source gave federal investigators a crash course in how Silk Road worked in November 2011. He also gave them access to a vendor’s account, as well as the names and addresses of Silk Road customers around the world.

In 2012, the arrests became more prominent.

Jacob Theodore George IV, a major early heroin vendor known as “digitalink” on Silk Road, was arrested in January 2012, after his packages had been repeatedly intercepted for at least the previous six months. George knew about the interceptions, but he bragged online about how he had sweet talked his way out of any problems. Some buyers were unconvinced—more than one called him an idiot and predicted his imminent arrest—but digitalink kept shipping heroin and a handful of other drugs out to customers until the cops knocked down his door.

Over the next two years, dozens of dealers and customers were arrested for drug operations on the Deep Web. The cause wasn’t Tor itself—the most obvious common denominator—it was human error.

George’s shipments, and those by others like him, were caught and flagged while they were being mailed. Many had poor “stealth” for their packages, making them easily detected by postal worker sand drug dogs.

Even some of Silk Road’s biggest operations have been brought down via the postal service. Deep Web heroin kingpin Steven Lloyd Sadler and his partner-in-crime girlfriend, Jenna White, sold heroin, cocaine, and meth by the bundle on the Deep Web, shipping high-quality product at premium prices to earn over $105,000 per month.

But White was flagged by postal workers after she parked in front of security cameras at post offices, bought masses of stamps at once, and visited often enough to be identified as the woman with handwriting identical to those found on intercepted packages containing heroin.

Deep Web drug dealers don’t just make mistakes in the regular mail. They also make them in email.

In April 2012, the Farmer’s Market (TFM) was shuttered and its administrators arrested after a two-year investigation by the Drug Enforcement Agency.

TFM, which had been operating for at least six years online, had only recently made the move to Tor in order to improve security. TFM’s owners also used Hushmail, a Canadian operation that advertises itself as powerfully encrypted private email. The problem was that Hushmail themselves could decrypt the emails, so when police subpoenaed the company, every single email was an open book for law enforcement.

When Silk Road fell in 2013, the arrests of dozens of Tor users for drug offences were made public all at once. Many wondered, in the wake of Snowden’s National Security Agency leaks, if the program itself was broken.

Even today, roughly one year after Ross Ulbricht was apprehended, there are still many unanswered questions about his arrest. The FBI claims that the black market accidently gave up its location due to trivial but profound mistakes made by Ulbricht when he configured Tor for the hidden service he operated. Critics among the information security community, however, believe the FBI hacked in by attacking Silk Road with unexpected commands and forcing the server to mistakenly give up its location.

The speculation surrounding the specifics of Silk Road’s fall will likely remain unanswered until the trial begins in November, if not longer.

In almost all the cases we know about, it’s trivial mistakes that tend to unintentionally expose Tor users.

Several top Silk Road administrators were arrested because they gave proof of identity to Dread Pirate Roberts, data that was owned by the police when Ulbricht was arrested. Giving your identity away, even to a trusted confidant, is always huge mistake.

A major meth dealer’s operation was discovered after the IRS started investigating him for unpaid taxes, and an OBGYN who allegedly sold prescription pills used the same username on Silk Road that she did on eBay.

Likewise, the recent arrest of a pedophile could be traced to his use of “gateway sites” (such as Tor2Web), which allow users to access the Deep Web but, contrary to popular belief, do not offer the anonymizing power of Tor.

"There's not a magic way to trace people [through Tor], so we typically capitalize on human error, looking for whatever clues people leave in their wake," James Kilpatrick, a Homeland Security Investigations agent, told the Wall Street Journal.

Tor isn’t perfect. It’s an ambitious piece of open-source software run off of grants and donations that is constantly under scrutiny from all corners. The regular security updates and constant work that goes into the product prove that there is still work to be done.

Tor’s greatest Achilles’ heel, however, remains its users.

When Tor users are arrested, “it usually does not involve the core technology being cracked or being hacked in any way,” Nik Cubrilovic, an Australian cybersecurity consultant, recently told Politico. “It’s usually something else.”

Hackers with a badge

On the morning of Aug. 3, 2013, every site hosted by Freedom Hosting crashed.

Freedom Hosting was the most popular hosting service on the Deep Web, described by the FBI as the “largest facilitator of child porn on the planet.” It was even the target of attacks from groups like the hacker collective Anonymous.

The fall of Freedom Hosting—a case that is still in its early stages—is one of the big question marks in Tor history. The case has moved slowly due to its international nature, and police have revealed precious little about how they found Freedom Hosting and arrested its alleged owner, Irishman Eric Eoin Marques.

What we do know, however, is what happened next. Once authorities had control of Freedom Hosting and the over 100 popular websites it hosted, the FBI launched a custom malware attack against Tor users designed to identify anyone who visited child porn sites. The malware, included in a hidden iframe tag, loaded a strange bit of Javascript that exploited a critical memory management vulnerability in Firefox. The bug had been fixed and patched almost two months prior, but whoever didn’t upgrade their browsers would be susceptible.

Such efforts by the FBI are standard procedure. Documents from the Edward Snowden leaks revealed the NSA targeted Tor users who didn’t keep their software up to date—using custom-built tools with the codename “EgotisticalGiraffe.” Instead of attacking the Tor network directly, the NSA targeted older versions of the Firefox browser utilized by careless Tor users.

"We will never be able to de-anonymize all Tor users all the time,” the leaked NSA documents state. With malware and manual analysis, “a very small fraction” can be unmasked, the documents allege. However, the agency has never deanonymized a specifically targeted user.

The problem , as far as can be gleaned from the information we have, hasn’t been the Tor software. It’s been those who haven’t kept everything up to date.

Now, the Justice Department is looking to take a more proactive approach. A new proposal from the Justice Department to amend Rule 41 of the Federal Rules of Criminal Procedure aims to make it much easier for police to legally hack into computers that use anonymity networks both domestically and abroad, granting American police unilateral power to hack foreigners regardless of any potential violation of another nation’s sovereignty.

“We think legitimizing a process that attacks anonymity and has the potential to allow the government to engage in extraterritorial searches is very problematic,” Electronic Frontier Foundation staff attorney Hanni Fakhoury told the Daily Dot. “While we know the government has engaged in these sorts of searches in the past, codifying its ability to do so invites the government to use these techniques more frequently.”

The actual language of the proposal would make hacking anyone using anonymizing technology acceptable “because the target of the search has deliberately disguised the location of the media or information to be searched.” Critics like Fakhoury are concerned that such techniques would become standard practice instead of a last resort, and suggests that “requiring ‘exhaustion of other techniques’ or ‘necessity’ may ... narrow the scope of this search power.”

The future of police work on the Deep Web will inevitably involve a rising tide of hacking from both sides of the fence. If this proposal gains traction, Tor users around the globe may face newly empowered American police waging a borderless cyberwar against them.
http://www.dailydot.com/crime/silk-road-tor-arrests/





Ex-Murdoch British Editor Admits Phone-Hacking Offence
Michael Holden

* News of the World editor admits phone hacking

* Eighth person to be convicted in scandal at Murdoch paper

* Scandal revealed widespread illegal snooping

A former newspaper editor, whose emails led to the exposure of widespread phone-hacking at Rupert Murdoch's now defunct British tabloid, the News of the World, pleaded guilty on Friday to illegally listening to people's voicemails.

Ian Edmondson is the eighth person from what was once Britain's biggest-selling paper to have been convicted of being involved in hacking celebrities' phones to find exclusive stories.

Edmondson, who had previously denied any wrongdoing, admitted conspiring with colleagues to illegally access voicemails. Victims he was linked to included actors Jude Law and Sienna Miller and musician Paul McCartney.

He will be sentenced at a later date.

Phone-hacking was first uncovered at the paper in 2006, but Murdoch's British newspaper arm News International said the practice was limited to its ex-royal editor Clive Goodman and private detective Glenn Mulcaire, who were both later jailed after admitting offences.

However the discovery of three emails sent from Mulcaire to Edmondson, then the paper's associate editor, at the end of 2010 sparked a massive new police investigation into criminal activity at the News of the World.

The emails, dating from 2006, provided instructions on how to hack the phones of the then deputy prime minister, a government minister and Frederick Windsor, the son of Queen Elizabeth's cousin.

Edmondson was sacked in early 2011 and the emails handed over to police who slowly uncovered a huge scandal that shook the British establishment and ultimately led Murdoch to closing the newspaper.

He was one of the original defendants in one of Britain's most expensive criminal trials which began last year and led to the conviction and jailing in June of the paper's ex-editor Andy Coulson, who had later become Prime Minister David Cameron's media chief.

However he dropped out in the early stages due to ill health. The trial was told Coulson had once instructed Edmondson when he was working on a story about a celebrity to "do his phone".

In addition to Edmondson, Coulson, and Goodman, three other senior editors and another reporter have pleaded guilty to hacking crimes. However, Rebekah Brooks, the former chief executive of News International, was acquitted of involvement.

News UK, the new incarnation of News Corp.s' British newspaper arm, on Wednesday dropped its claim to be reimbursed for the multi-million dollar legal bills it amassed in defending Brooks and other members of staff.

On Friday, prosecutors announced they would take no further action against News International's former legal chief Tom Crone, who was arrested two years ago over phone-hacking and conspiracy to pervert the course of justice, saying there was insufficient evidence to secure a conviction. (Editing by Robin Pomeroy)
http://www.reuters.com/article/2014/...0RY2AD20141003





In 2014, Who Decides to Ban a Gay Website from In-Flight Wi-Fi?

Even the Wi-Fi providers aren't sure why, but it's not to be "family-friendly."
Casey Johnston

If you were gay and a recent passenger on American Airlines, you might have used in-flight Wi-Fi provided by Gogo just like any other customer. In the course of finding somewhere to stay before you land, you might have navigated to misterbnb.com, a version of Airbnb where customers looking for a place to stay can be guaranteed the hosts are gay-friendly. Rather than getting the site's homepage, however, your browser would have kicked you to an interstitial page telling you the site had been censored by Gogo. The given reason would have been the site had been categorized as "adult-and-pornography."

Looking at Misterbnb, there is nothing to trigger a pornography-centric filter on the homepage. The word "gay" appears a handful of times, but there is no salacious language, no risque photos, no video, not even any wild-card advertising space that could turn up a rogue Flash ad, photo, or video that runs counter to the tone of the site. "Travel gay friendly," "build the gay travel community," or "attend the next gay events" is about as hot as the site's narrative gets. In total, the word "gay" appears 11 times in text on the site's homepage.

Gogo and American Airlines are not the first Wi-Fi providers to be touchy about LGBT content; over the last year, a handful of businesses, including Au Bon Pain, Tim Horton's, and McDonald's, made minor news for not allowing their customers to view innocuous LGBT-centric websites, like GLAAD's homepage.

Occasionally these incidents happen for regressive "family-friendly" reasons, where businesses cave to people who would be agitated by a reminder that gay people exist. But many businesses, including American Airlines, appear unsure why the Wi-Fi service they provide their customers prevents those customers from accessing otherwise innocuous LGBT-oriented sites.

Bob Witeck, a consultant for American Airlines on diversity matters, couldn't speak to how the filters worked. "Does the word gay default to bad? Do they question it just because of that word? The answer is I don't know," Witeck said.

Even if the sites are otherwise widely available, Seth Adam, director of communications for GLAAD, points out that timing matters in terms of access to resources for help and reassurance, and conflating resources on gender identification and sexuality with "adult" content is worse than just being discriminatory. "Some of these resources are not only critical but potentially life-saving," Adam said. "It poses a problem, a potentially life-threatening problem."

Which party holds the attitude that "gay" content should be treated with caution is not clear from the outset. American Airlines is Gogo's client, and Gogo is just a vector for providing a service to American's customers. If a porn site pops up uninvited during a flight on some customer's computer, the consumer relationship that would be at risk of damage would be between American and the flier. Hence, the expectation would be that American exerts control over what sites can and cannot be accessed.

But American's representatives couldn't give a clear answer on how a site gets blocked or why, per Witeck. After claiming that American exerts no control over its Wi-Fi filters, Martha Thomas, a spokesperson for American, said according to her sources it was definitely not because of the word "gay." "The term gay is not either the category or the search term, it's not something they filter," Thomas said. She specified that the airline and Gogo are more than happy to whitelist sites like Misterbnb when they are uncovered, but Thomas couldn't say more about why it had been blocked in the first place.

Without disclosing the stated reason for Misterbnb's blockage, we reached out to Steve Nolan, a PR representative with Gogo, to ask what triggered it. At first, Nolan said that the site had been listed as "uncategorized" and blocked as a result. The same thing had happened to sites like kalsey.tv and ospreydata.com. "There are numerous examples of things that get caught for whatever reason," Nolan said. He also noted that there was no "gay and lesbian" category that Gogo blocks.

When we brought up the "adult and pornography" classification, Nolan had no further explanation. "When we looked it up on our end, it shows that the site is uncategorized," he said. "There are many sites that get wrongfully caught in the filter and when it's brought to our attention, we work through Brightcloud to fix it." Brightcloud is the content filtering service of Webroot, a business that provides security services to around a hundred large businesses, among them Microsoft's Internet Explorer.

Hal Lonas, the chief technical officer at Webroot, said that according to Webroot's records, Misterbnb has been blocked since March 2013, supposedly for multiple uses of the word "lesbian." "The count was pretty high," Lonas said. Webroot uses a count of words like these to identify sites as containing "adult" content, and that one criteria alone is enough to get a site filtered. Since that time, according to Lonas, Misterbnb has been lingering in American Airline's Gogo Wi-Fi content filter, waiting for someone to navigate to the site and then find the right person to speak to about the error.

Lonas told Ars that Webroot relies on keywords, apparently sometimes on keywords alone, to filter content. He said medical websites sometimes get caught in the filters the same way Misterbnb did, noting that Webroot does take complaints from partners or customers about what to whitelist or change in its approach. "We're not anti-gay or anti-LGBT, we don't have an agenda," he said. "Of several hundred suggestions for changes (to filtering choices), four or five percent might be false positives." Terms that surround gay culture just conveniently happen to be a statistically effective way of blocking pornography, according to Webroot.

Lonas regretted the false positives but said the situation had some commonalities with the one surrounding marijuana. "There are new norms around marijuana all the time," he said. However, the fading taboo around marijuana is led by its increased use as medication; gender identity or sexuality will never get a similar savior.

Even the classification according to the word "lesbian" seems suspect: Misterbnb's CEO and co-founder, Matthieu Jost, claims that "the website is the same" now as it was when the block was enacted, so he couldn't speak to how instances of "lesbian" would have triggered Webroot's filters. "The answers you have received are weird, as the website is dedicated mostly to 'gay' and not 'lesbian,'" Jost told Ars. The oldest-available design of the homepage from July 2013 via archive.org shows a site with the same mission, no instances of the word "lesbian," and nine instances of the word "gay."

Misterbnb is unblocked now on American's Gogo in-flight Wi-Fi. "It's vexing for the customer experience," said Witeck, to try to navigate to an innocuous site only to find their interests have been wrongfully shafted as distasteful. "We'll use it as training material," Lonas said of Misterbnb, in hopes that next time Webroot's crawler will be ever so slightly less eager to banish an LGBT site to a porn category.
http://arstechnica.com/business/2014...-flight-wi-fi/





Putin Says Will Not Curb Internet Access Despite Cyber Attacks

President Vladimir Putin said on Wednesday he would not consider restricting Internet access for Russian users but warned of a sharp rise in cyber attacks on state domains since the Ukraine crisis began.

His remarks were intended to douse speculation that he plans a crackdown on use of the Internet - which he has called a "CIA project" and is used by opponents to organize protests against him - as tensions mount with the West over the Ukraine crisis.

"We do not intend to limit access to the Internet, to put it under total control, to nationalize the Internet," Putin told a meeting of his advisory Security Council which groups top state, defense and security officials.

He said such restrictions would contradict the basic principles of a democratic state and he was "not even considering" such measures.

Putin said Russia security services had detected a constant growth in cyber attacks, particularly in the last six months, the period in which the crisis in Ukraine has worsened.

He added the intensity of the cyber attacks "depends on the current international situation".

"We need to improve greatly the security of domestic communication networks and information resources, primarily those used by state structures," he said, without saying how Russia planned to do this.

(Reporting by Alexei Anishchuk, Writing by Timothy Heritage, editing by Elizabeth Piper)
http://uk.reuters.com/article/2014/1...0HQ3SF20141001





Not Even China's Great Firewall Can Shut Out News About Hong Kong's Democracy Protests
Christina Larson

The massive democracy protests in Hong Kong—and violent police crackdown early on Monday morning, including use of tear-gas canisters and batons—are testing not only the resolve of tens of thousands of student demonstrators, but also the effectiveness of Beijing’s sprawling censorship apparatus. As China’s Communist Party is discovering, in the wake of a major event or protest, not even the Great Firewall can fully stop information from flowing.

Sometime late on Sunday night, Instagram was blocked in mainland China, presumably to stop images from the tear gas-filled streets of downtown Hong Kong from being shared on the popular social network. Facebook (FB) and Twitter (TWTR) remain blocked in the mainland, as are the websites of the New York Times, Wall Street Journal, Bloomberg, Bloomberg Businessweek, and several other foreign media companies. Sina Weibo (WB), the Twitter-like social network, is increasingly censored. Tencent’s Weixin (“WeChat”) social network is also now monitored; on Monday, friends sharing information through private small groups on Weixin noticed comments about the Hong Kong protests were mysteriously deleted.

Meanwhile, China’s state-controlled media were ordered not to file stories on the Hong Kong protests, other than limited and carefully worded wire reports from the Xinhua News Agency. A directive issued on Sunday by China’s Propaganda Ministry (and obtained by the Hong Kong-U.S. watchdog website China Digital Times) read: “All websites must immediately clear away information about Hong Kong students violently assaulting the government and about ‘Occupy Central.’ … Strictly manage interactive channels, and resolutely delete harmful information.”

And yet, in spite of the best efforts of the Chinese government to block information about unrest in Hong Kong from reaching the mainland, many people interviewed on Monday morning in Beijing and other Chinese cities knew about the demonstrations. But the level of detail to which they had access varied widely, as did opinions about the virtue of the protests and what might happen next. Most said they initially heard the news through social media, reading posts before censors deleted them.

Within mainland China, some said they were cheering on Hong Kong’s democracy activists and wished their Chinese peers had the same courage to fight for “freedom.” Others wondered whether public demonstrations were futile and darkly recalled the brutal 1989 Tiananmen Square crackdown. Still others said the yawning antagonism between mainlanders and Hong Kongers, fueled by quarrels over the influx of mainland tourists and capital into the islands in recent years, meant they felt limited sympathy for Hong Kong’s struggles.

While admiring the Hong Kong protesters—“I think they want freedom very strongly”—Sun Yu, a personal trainer at a Beijing gym, said he couldn’t imagine a similar wave of protests for free elections happening anytime soon in Beijing. “Maybe 50 years later, or maybe 100 years later.”

One journalist at a state-run newspaper in a southern Chinese city said she was not allowed to report on the Hong Kong protests, yet was avidly discussing events with her peers. “We are talking about what is real freedom,” and whether they would join in similar demonstrations, even in the face of baton-wielding cops. “A friend of mine said he is so proud of them [the protesters]. … Another friend says the chaos in Hong Kong makes him treasure what we have today,” meaning apparent safety and stability. She said they were all reminded, darkly, of the 1989 crackdown, which, despite being erased from Chinese history books, most knew a bit about: “My father and uncles told me [about it].”

A marketing assistant in Beijing said she was aware of the protests, but not the exact reasons behind them. “I am just wondering why the students and teachers would do that. Is there any good reason behind it?” She had mixed reactions to the news. “Normally, as a Chinese, I could not go for that [public protest]. But on the other hand, it could be seen as a sign that some people … want to make some change, and it is indeed a challenge for the government. However, I still believe in my country.”

A software engineer in Shanghai said he thought the campaign for free elections in Hong Kong likely sprang from economic grievances. “The frustration is never political. It always has economic [roots]. … Things are not looking up in Hong Kong. Unemployment is getting higher; the perspective of the youth is [desperate]; the [sense of] superiority over mainlanders is disappearing. I think the bottled-up resentment against the rich Chinese manifests itself in protest.” While he said he could understand the frustration of the student protesters, not all his peers felt the same: “The friction between Hong Kong and mainlanders in the past few years has reduced the support and sympathy toward Hong Kong.”

An employee at a state-owned enterprise in Beijing also pointed to increasing antagonism. “No matter what political system the Hong Kong people choose, they can’t stop those rich mainland families from buying their milk powder.” He added that censoring news in China almost certainly assures greater coverage in overseas media. “You know, in China it’s always censored, so in British newspapers it’s always [a main focus].” Using software to jump the Great Firewall, he checked the BBC News website to scan the top story on the Hong Kong protests.
http://www.businessweek.com/articles...-does-not-hold





Marriott Fined $600,000 for Jamming Guest Hotspots
Chris Davies

Marriott will cough up $600,000 in penalties after being caught blocking mobile hotspots so that guests would have to pay for its own WiFi services, the FCC has confirmed today. The fine comes after staff at the Gaylord Opryland Hotel and Convention Center in Nashville, Tennessee were found to be jamming individual hotspots and then charging people up to $1,000 per device to get online.

Marriott has been operating the center since 2012, and is believed to have been running its interruption scheme since then. The first complaint to the FCC, however, wasn't until March 2013, when one guest warned the Commission that they suspected their hardware had been jammed.

An investigation by the FCC's Enforcement Bureau revealed that was, in fact, the case. A WiFi monitoring system installed at the Gaylord Opryland would target access points with de-authentication packets, disconnecting users so that their browsing was interrupted.

In the meantime, Marriott would offer its own wireless internet service to attendees and exhibitors, charging between $250 and $1,000 per device that was to be connected.

The FCC deemed Marriott's behaviors as contravening Section 333 of the Communications Act, which states that "no person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government."

In addition to the $600,000 civil penalty, Marriott will have to cease blocking guests, hand over details of any access point containment features to the FCC across its entire portfolio of owned or managed properties, and finally file compliance and usage reports each quarter for the next three years.
http://www.slashgear.com/marriott-fi...pots-03349010/





How Hong Kong Protesters Are Connecting, Without Cell Or Wi-Fi Networks
Elise Hu

As throngs of pro-democracy protesters continue to organize in Hong Kong's central business district, many of them are messaging one another through a network that doesn't require cell towers or Wi-Fi nodes. They're using an app called FireChat that launched in March and is underpinned by mesh networking, which lets phones unite to form a temporary Internet.

So far, mesh networks have proven themselves quite effective and quickly adopted during times of disaster or political unrest, as they don't rely on existing cable and wireless networks. In Iraq, tens of thousands of people have downloaded FireChat as the government limits connectivity in an effort to curb ISIS communications. Protesters in Taiwan this spring turned to FireChat when cell signals were too weak and at times nonexistent.

And FireChat's popularity is surging in Hong Kong. About 100,000 users downloaded the free FireChat app between Sunday morning and Monday morning, according to The Wall Street Journal. While there are no reports of cell-network outages so far, student leaders are recommending FireChat for fear authorities may shut off communications.

Gizmodo explains why mesh networks can be critical during tense showdowns with governments:

"Mesh networks are an especially resilient tool because there's no easy way for a government to shut them down. They can't just block cell reception or a site address. Mesh networks are like Voldemort after he split his soul into horcruxes (only not evil). Destroying one part won't kill it unless you destroy each point of access; someone would have to turn off Bluetooth on every phone using FireChat to completely break the connection. This hard-to-break connection isn't super important for casual chats, but during tense political showdowns, it could be a lifeline."

And as we have previously reported, Open Garden, the company that made FireChat and an Android mesh networking app also called Open Garden, has bigger ambitions for mesh networking:

"Once you build a mesh network ... now you have a network that is resilient, self-healing, cannot be controlled by any central organization, cannot be shut down and is always working," Christophe Daligault, Open Garden's vice president for sales and marketing says. "I think that solves many other drawbacks or challenges of the mobile broadband Internet today."

He says none of this would be possible without the rapid spread of smartphones, because that means no extra hardware is needed.

"Each [phone] becomes a router and in a sense you're growing the Internet — everyone who joins the mesh network creates an extension of the Internet," Daligault says. "In a year or two from now, I think people won't even remember that you had to be on Wi-Fi or get a cell signal to be able to communicate."
http://www.npr.org/blogs/alltechcons...wi-fi-networks





Future Smartphones Won’t Need Cell Towers to Connect

Qualcomm, Facebook, and other tech companies are experimenting with technology that lets smartphones use their LTE radio to connect directly to other devices up to 500 meters away.
Tom Simonite

A new feature being added to the LTE protocol that smartphones use to communicate with cellular towers will make it possible to bypass those towers altogether. Phones will be able to “talk” directly to other mobile devices and to beacons located in shops and other businesses.

Known as LTE Direct, the wireless technology has a range of up to 500 meters, far more than either Wi-Fi or Bluetooth. It is included in update to the LTE standard slated for approval this year, and devices capable of LTE Direct could appear as soon as late 2015.

LTE Direct has been pioneered by Qualcomm, which has been working on the technology for around seven years. At the mobile chip manufacturer’s Uplinq conference in San Francisco this month, it announced that it’s helping partners including Facebook and Yahoo experiment with the technology.

Researchers are, for example, testing LTE Direct as a way to allow smartphones to automatically discover nearby people, businesses, and other information. Some see the technology as a potential new channel for targeted promotions or advertising.

Despite its long range, LTE Direct uses relatively little power, so a phone could be constantly looking for nearby devices without significantly draining its battery life. A device with LTE Direct active might discover other phones using the technology or communicate with beacons—fixed devices installed in businesses or integrated into the infrastructure of an airport or train station.

“You can think of LTE Direct as a sixth sense that is always aware of the environment around you,” said Mahesh Makhijani, technical marketing director at Qualcomm, at a session on the technology. “The world around you is full of information, and the phone can use that to predict and to help you in your everyday life.”

Beacons using LTE Direct could broadcast useful information as well as special offers. A beacon installed in an airline check-in desk, for instance, might offer information on delays to people nearby who are booked on an affected flight.

Facebook is exploring how the technology could be used with its mobile app. “LTE Direct would allow us to create user experiences around serendipitous interactions with a local business or a friend nearby,” said Jay Parikh, Facebook’s vice president of infrastructure engineering. “You could find out about events or do impromptu meet-ups.”

LTE Direct can be used much like the iBeacons announced by Apple last year, which retailers including Macy’s are testing as a way to track and connect with shoppers’ mobile devices. However, iBeacon devices use the Bluetooth protocol, which has a much shorter range, and which not everyone leaves switched on.

Yahoo has also begun developing apps that use LTE Direct, says Beverly Harrison, a principal scientist at Yahoo Labs. One is a kind of digital tour guide. If you tell the app how long you have to spare, from 10 minutes to two hours, it will suggest a route past nearby points of interest, drawing on online information about places detected using LTE Direct. Harrison says Yahoo plans to start testing the app in January.

LTE Direct could also help smooth out the network glitches that occur when large numbers of users are trying to connect to the same cell tower. R/GA, an ad agency in New York whose clients include Nike and Beats, is designing a system that would use LTE Direct to serve up to a million people in or around Times Square on New Year’s Eve. Roman Kalantari, a creative director at RG/A, says LTE Direct is the only wireless technology that could keep devices online under such conditions.

RG/A and another ad agency, Control Group, are also interested in using LTE Direct to serve targeted promotions. A smartphone could use LTE Direct to signal to nearby businesses what types of foods or products a customer is interested in so that it can offer customized deals, says Kalantari. “The idea that every retailer could be observing purchase intent is extraordinary valuable,” he says.

In theory, LTE Direct could be used to create communication apps that route all data from device to device. Some chat apps can already use Wi-Fi and Bluetooth to link up nearby phones (see “The Latest Chat App for iPhone Needs No Internet Connection”), but LTE Direct could offer extended range and better performance. However, carriers will control which devices on their networks can use LTE Direct because it uses the same radio spectrum as conventional cellular links. Wireless carriers might even gain a new stream of revenue by charging companies that want to offer services or apps using the technology, Qualcomm says.
http://www.technologyreview.com/news...rs-to-connect/





AT&T’s Congestion Magically Disappears When it’s Signing Up New Customers

Unlimited plans throttled after 5GB, but AT&T gives new lines 100GB unthrottled.
Jon Brodkin

AT&T yesterday began offering “double the data for the same price” to new customers and existing customers who sign new contracts, apparently forgetting that its network is so congested that speeds must be throttled when people use too much data.

Like other carriers, AT&T slows the speeds of certain users when the network is congested. Such network management is a necessary evil that can benefit the majority of customers when used to ensure that everyone can connect to the network. But as Federal Communications Commission Chairman Tom Wheeler has argued, the carriers’ selective enforcement of throttling shows that it can also be used to boost revenue by pushing subscribers onto pricier plans.

AT&T’s throttling only applies to users with “legacy unlimited data plans,” the kinds of customers that AT&T wants to push onto limited plans with overage charges. Initially, the throttling was enforced once users passed 3GB or 5GB in a month regardless of whether the network was congested. In July, AT&T changed its policy so that throttling only hits those users at times and in places when the network is actually congested, according to an AT&T spokesperson. The 3GB and 5GB thresholds, with the higher one applied to LTE devices, were unchanged.

You can use the Internet Archive’s WayBack Machine to see that, through June, AT&T throttled unlimited subscribers whether its network was congested or not. The site, both then and now, encourages heavy data users to switch to a tiered or shared data plan. AT&T says that more than 80 percent of its postpaid smartphone subscribers are on limited plans.

AT&T's throttling hits “unlimited” customers even when they use less data than subscribers on limited plans. New AT&T customers who buy ”Mobile Share Value” plans can normally get 15GB to 50GB of data per month for two to 10 lines. But under the new promotion, similar to one launched by Sprint, AT&T is doubling that to 30GB to 100GB at the same price for new customers who sign up by the end of October. The doubled data remains on subscribers’ accounts until they sign a new contract.

At the lowest price, this can work out to as little as 3GB per user when customers share 30GB across 10 lines, or 15GB per user for customers who share the same 30GB across two lines. At 100GB shared, each user gets anywhere from 10GB to 50GB depending on how many lines the data is spread across.

This isn’t to say that the deal isn’t a good one, relatively speaking. If you were planning to sign up with AT&T anyway, you might as well do it during a promotion that offers more data at the same price.

But AT&T’s ability to give far more unthrottled data to new subscribers than it provides to its longest-standing customers, the ones who specifically pay for unlimited data, illustrates how arbitrary the limits are. (AT&T may throttle limited users on congested cell sites for all we know, but the company’s official line is that only unlimited users are throttled.)

One commenter on a DSLReports story today did a good job summing up AT&T’s congestion management policies:

You see, when you use data on a Grandfathered Unlimited Data Plan, that's called "congestion," so you're throttled at 5GB to EDGE-like speeds to "prevent" it.

Note this "congestion" doesn't occur when you double a shared 15GB data plan to 30GB, or a 20GB plan to 40GB, or a 30GB plan to 60GB, or a 40GB plan to 80GB, or a 50GB plan to 100GB. It doesn't occur if you let both new and current customers keep this "doubled data" in perpetuity, or at least until they change their plan.

No, "congestion" only happens with Unlimited Data Plans throttled at 5 GB.

What a farce.


FCC scrutinizes all major carriers

Verizon Wireless announced in July that it would begin throttling unlimited data users with LTE devices, just as it already did with 3G users. In response, Wheeler demanded that Verizon provide a “rationale for treating customers differently based on the type of data plan to which they subscribe, rather than network architecture or technological factors.”

Verizon responded that the policy is necessary to give users on unlimited plans an “incentive to limit usage.” Customers who have limited plans and face overage charges if they go over the limits already have such incentives, carriers say.

Verizon also pointed out that its policy is similar to those implemented by other carriers, but Wheeler didn’t buy that argument.

"'All the kids do it' was never something that worked for me when I was growing up," Wheeler said after an FCC meeting in August, Reuters reported.

Wheeler said he was looking into all the carriers’ throttling practices but hasn’t yet said if he will propose new rules on data throttling.
http://arstechnica.com/information-t...new-customers/





Verizon Wireless Caves to FCC Pressure, Says it Won’t Throttle 4G Users

Verizon kills "network optimization" policy that was set to take effect today.
Jon Brodkin

Verizon Wireless was scheduled to begin throttling certain LTE users today as part of an expanded "network optimization" program, but it has decided not to follow through with the controversial plan after criticism from Federal Communications Commission Chairman Tom Wheeler.

Since 2011, Verizon has throttled 3G users who have unlimited data plans when they connect to congested cell sites if they fall within the top five percent of data users. That's 4.7GB or more per month. In July, Verizon announced plans to extend this policy to 4G users with grandfathered unlimited data plans starting in October. But Verizon pulled the plug today, announcing its decision in a statement to Ars and other media outlets.

"Verizon is committed to providing its customers with an unparalleled mobile network experience," the company said. "At a time of ever-increasing mobile broadband data usage, we not only take pride in the way we manage our network resources, but also take seriously our responsibility to deliver exceptional mobile service to every customer. We’ve greatly valued the ongoing dialogue over the past several months concerning network optimization and have decided not to move forward with the planned implementation of network optimization for 4G LTE customers on unlimited plans. Exceptional network service will always be our priority, and we remain committed to working closely with industry stakeholders to manage broadband issues so that American consumers get the world-class mobile service they expect and value."

Verizon will presumably continue throttling 3G users. There is "no change" in the 3G policy, a Verizon spokesperson told Ars.

All major carriers throttle certain users when cell sites get too congested, but Wheeler and consumer advocates objected to how carriers choose which customers to throttle. The fact that Verizon was throttling only unlimited data users showed that it was trying to boost its profits rather than implementing a reasonable network management strategy, Wheeler said. Verizon no longer offers unlimited data and wants subscribers to switch to more expensive plans with financial penalties for using too much data.

As we noted earlier this week, carriers are willing to let customers use far more than 4.7GB of data per month without being throttled, as long as they're on limited plans that require them to pay overage charges.

Wheeler praised Verizon's announcement. "I salute Verizon Wireless’s decision. This is a responsible action and I commend Verizon’s leadership on this issue," he said in a statement sent to media.
http://arstechnica.com/business/2014...ttle-4g-users/





Why the Broadband Industry Is Secretly Furious With Verizon Over Net Neutrality

The company's lawsuit against the FCC stirred a hornet's nest that may ultimately result in tougher regulations for everyone.
Brendan Sasso

Verizon took the the federal government to court over net neutrality and won, but the company's industry peers are privately peeved that it chose to pick the fight at all.

That's because now that the old net-neutrality regime is gone, the Federal Communications Commission is considering a new set of Internet regulations—and the new rules could well be stronger than the ones that came before.

The FCC is considering new proposals that would more tightly restrict how Verizon and other providers can handle cell-phone traffic (the old net-neutrality rules left mobile traffic mostly untouched), and the agency may even decide to treat Internet service like a heavily regulated utility.

Other Internet service providers won't publicly criticize Verizon. But privately, lobbyists grumble that they wouldn't be in this mess if Verizon had just accepted the old rules.

Four broadband-industry officials said there's widespread frustration with Verizon for making what they view as a bad strategic error. Some companies had even tried to talk Verizon out of filing its lawsuit, officials said.

"They were like a dog chasing a bus," one broadband source said. "What are you going to do when you catch the bus?"

A spokesman for Verizon declined to comment for this story.

The FCC first enacted net-neutrality regulations in 2010 that barred home broadband providers from blocking or "unreasonably" discriminating against any Internet traffic. Cell-phone providers couldn't outright block websites, but they were free to speed up or slow down certain services or exempt others from monthly data caps.

The goal of net neutrality is to prevent giant corporations from distorting the Internet to favor themselves at the expense of users.

Many Internet activists were disappointed with the 2010 rules, complaining that they imposed only vague standards and were too lenient on wireless service. Most Internet providers felt the rules were a fair compromise that they could live with.

But Verizon sued anyway, claiming that the FCC had overstepped its legal authority. In January, the D.C. Circuit Court of Appeals agreed and struck down the regulations.

It was always unlikely that the FCC would just give up and let the rules die. Protecting net neutrality was a plank on President Obama's 2008 campaign platform, and is a top priority for Democrats.

At first though, it looked like Verizon's gamble could actually pay off. In May, FCC Chairman Tom Wheeler unveiled a new net-neutrality proposal that was weaker than the old rules. His proposal would have allowed Internet providers to charge websites for faster service as long as the agreements were "commercially reasonable."

But the plan sparked a massive backlash, with Web companies and advocacy groups warning it could create a two-tiered Internet. More than 3.7 million people filed comments with the FCC (the most ever for an issue), and Wheeler is now under intense pressure to toughen up the rules.

He has already indicated that he is likely to impose stronger restrictions on wireless service. In a speech in Las Vegas last month, Wheeler said the wireless industry has changed dramatically since 2010 and that "consumers increasingly rely on mobile broadband as an important pathway to access the Internet."

Wireless-industry lobbyists are scrambling to beat back the possible regulations—but it increasingly looks like they're fighting a losing battle.

Tougher wireless net-neutrality rules would be an especially painful blow to Verizon, the nation's largest mobile carrier. The company has its home broadband and TV service FiOS, but its wireless network remains the core of its business.

The FCC is even eyeing a more dramatic move to reclassify broadband Internet as a "telecommunications service" under Title II of the Communications Act. Consumer advocates argue that the regulatory maneuver is the only way to put net-neutrality rules on firm legal ground. But broadband providers fear Title II would turn them into public utilities and would strangle their industry's growth.

The provision, which the FCC already uses to regulate landline phone companies, includes the ability to control prices and determine which customers a company has to serve. The commission could also decide to waive particular requirements under the provision.

Internet providers aren't enthusiastic about net-neutrality rules that limit how they can manage traffic, but they view Title II regulation as an apocalyptic outcome.

In a sense, Verizon is lucky that it didn't get a more decisive victory at the D.C. Circuit. Although the judges threw out the rules, they hinted that the commission could come up with new regulations using the existing legal authority. If the court had sided entirely with Verizon, the FCC may have had no choice but to invoke Title II to protect net neutrality.

At this point, Verizon and the other broadband providers will be thankful if they get rules that closely resemble the 2010 regulations.

Internet activists won't say they're happy Verizon won in court, but they feel the wind is at their backs to get stronger rules this time.

"If nothing else, this proceeding has allowed the FCC to reexamine some of the conclusions baked into the 2010 rules," said Michael Weinberg, a vice president at the consumer-advocacy group Public Knowledge. "Any opportunity to have the FCC potentially strengthen open Internet protections is an opportunity we welcome."
http://www.nationaljournal.com/tech/...ality-20141003





Groups Accuse FCC of Helping Net Neutrality Advocates File Comments

The agency says it communicated with groups submitting large numbers of comments in an effort to keep its system from crashing
Grant Gross

The U.S. Federal Communications Commission engaged in the worst kind of "partisan politics" by working closely with net neutrality advocates to ensure their comments were filed with the agency, but not extending the same courtesy to the other side, a coalition of groups opposed to the regulations said in a sharply worded letter to the agency.

"Increasingly ... FCC staff appear to be disregarding arguments that do not fit a preconceived agenda; and worse, they may be actively manipulating media coverage around controversial issues," said the letter, sent Thursday by a dozen conservative groups, including TechFreedom, the Competitive Enterprise Institute and FreedomWorks. Instead of working as a bipartisan and collegial body, "the FCC appears to be engaging in the worst aspects of partisan politics," the letter added.

An FCC official disputed the allegations, saying the agency's conversations with net neutrality advocates during a crush of comments filed in the days leading up to the agency's Sept. 15 comment deadline were intended to keep the FCC's dated online comments system from crashing. The FCC's discussions with groups filing large numbers of comments related to an online pro-net neutrality protest Sept. 10 were part of an effort to keep the agency's Electronic Comment Filing System up for everyone to use, said Kim Hart, an FCC spokeswoman.

"The FCC IT team worked with multiple parties to ensure everyone was able to successfully submit comments to the agency on the open Internet proceeding," Hart said. "After receiving a surge of comments leading up to the reply comment deadline, the IT team created a third option for filing bulk comments."

The FCC announced Sept. 11, through a public blog post, a new way to file comments, Hart noted. It's unclear if net neutrality advocates first contacted the FCC about concerns about the health of the ECFS or if FCC staffers contacted advocates submitting large numbers of comments.

The objections from the conservative groups stem from a Sept. 24 Washington Post story, which says FCC staff worked closely with pro-net neutrality groups to keep the comments system up. Emails sent between FCC staffers and net neutrality activists keeping an eye on the comments system's health "revealed an unusual collaboration," the story said.

Net neutrality advocates and FCC staffers "worked together to correct the record" related to how many comments were being filed in the final days, the story said.

By working with net neutrality advocates to make sure their comments were filed and the numbers were reported, the FCC showed "severe bias and a lack of impartiality" on net neutrality, said Mike Wendy, director of MediaFreedom, a free-market advocacy group that signed the conservative groups' letter. While FCC staff was exchanging emails with net neutrality advocates, "they made no similar outreach to us," he said.

The FCC received more than 3.7 million public comments on its net neutrality proposal, by far a record number of comments in an FCC proceeding, with a large number of the comments favoring new rules. American Commitment, one of the groups signing Thursday's letter, submitted more than 800,000 comments opposed to a government "takeover" of the Internet before the FCC's deadline.

Many of the comments generated during the Sept. 10 Internet slowdown protest called on the FCC to reclassify broadband as a regulated public utility, a position that conflicts with FCC Chairman Tom Wheeler's proposal to pass a narrower set of net neutrality rules that could allow broadband providers to engage in "commercially reasonable" traffic management.

The FCC's work to make sure comments were filed resulted in a "completely lopsided media narrative describing a groundswell of public support" for the FCC reclassifying broadband as a regulated, common carrier service, the conservative groups said.

The conservative groups' objections amount to "a conspiracy theory trying to undermine the millions of regular people who are speaking out to support open Internet and an FCC trying to deal with an antiquated computer system," said Marvin Ammori, a lawyer who serves on the boards of net neutrality advocates Fight for the Future and Demand Progress.

"The FCC would've worked with anyone," Ammori said by email. "Essentially they wanted us not to crash their system and we worked with them to figure out how not to crash their system but to still get the comments in. Their technology isn't designed to take so many comments."
http://www.itworld.com/it-management...-file-comments





“Not” Neutrality?
Mark Taylor

In early May, my Internet Middleman post described how a tiny number of very large broadband network operators, mostly in the United States, are using their market power to try to extract arbitrary access charges, and in so doing, are degrading the service they sold to their paying broadband customers. They achieve this degradation by refusing to add bandwidth at the interconnect points between their networks and other very large global networks, like Level 3’s. Despite this, some of them claim that they are unconditionally committed to Net Neutrality. They can do this because, as Mike Mooney pointed out, the old Net Neutrality rules had a gaping hole in them: since these rules did not explicitly include Internet interconnection in their scope, they allowed broadband providers to discriminate against third-party Internet traffic by causing bottlenecks at Internet interconnection points – and hurting consumers in the process.

But it is now late September. So what has changed? Well, let us look at three large Local Exchange Carriers (LECs) in the United States. These LECs are telephone companies that built broadband networks on the back of monopoly-funded telephone infrastructure. Over the past six months, the utilization of each interconnection location between their networks and Level 3’s has changed as shown in the following diagram.

Each number shows utilization at one of the interconnection locations in various cities throughout the United States between Level 3 and the LECs. Utilization above 85% indicates the LEC is causing congestion in that city by refusing to add interconnection capacity

This shows a dramatic improvement for LEC1 and LEC3, but a continued degradation for LEC2. You might say that it’s good news overall. But if you value an open Internet underpinned by a dynamic competitive environment, you may have a different opinion.

And that’s because the reason the interconnect utilization between Level 3 and LEC1 and LEC3 improved is that these LECs forced Netflix to pay them to interconnect directly with them. And as Netflix CEO Reed Hastings has pointed out several times, Netflix didn’t do that because they were taking advantage of a highly competitive Internet marketplace. They did it because they had no choice: all third-party content that LEC broadband users want to see eventually has to go through LEC interconnection points. When the LEC tries to turn these interconnection points into Internet tollbooths there is no alternate path for the content to take to reach the consumers.

How long will it be before LEC2 degrades the quality of service to their end customers to the point that Netflix is forced to pay them too? And how can LEC2 promise a new 1Gbps broadband service even though it is refusing to allow content that its consumers have requested into its network? In fact, some of their launch cities are also where the interconnect locations are severely congested with 97% utilization. Locations where LEC2 seems happy to simply discard Internet content that their customers have requested, for hours and hours every day. Locations where download speeds for such third-party content cannot possibly get close to 1Gbps – or other “high-speed” services they have sold to their customers.

Level 3 and other Internet content providers are not afraid of competition. The Internet needs Net Neutrality and fair and equitable interconnection to continue to grow and thrive. But what broadband providers are offering instead is “Not” Neutrality: a competitive distortion made possible by the monopoly control they have over access to their customers. These broadband providers are willing to degrade the performance of the service they sell to their customers to extract arbitrary access charges, discriminate against third-party Internet content and harm competition.

We have made concrete proposals (see our previous blog post) to ensure LECs and other broadband providers actually make available the Internet access bandwidth they have already sold to their consumers at interconnection points without congestion and without arbitrary access charges. Consumers should expect no less from their broadband providers.
http://blog.level3.com/open-internet/not-neutrality/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

September 27th, September 20th, September 13th, September 6th


Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 12:17 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)