P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 25-12-13, 08:46 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - December 28th, '13

Since 2002































"Between Intelius, Google search, and our three initial sources, we associated a name with 91 of the 100 numbers." – Jonathan Mayer and Patrick Mutchler


"We can’t do anything with your data. We can’t see it; we can’t describe it; we can’t touch it." – Erik Caso, Younity






































December 28th, 2013




How Iron Maiden Found its Worst Music Pirates -- Then Went and Played for Them
Andy Patrizio

For more than a decade, musicians have battled rampant music piracy that has put labels and record stores out of business at a rapid pace. Unlike the shift to Amazon that did in the book store chains, record stores are suffering from outright theft, and the migration to iTunes or Spotify streaming isn't making up the difference.

Between 2003 and 2009, about one-third of all independent record shops in the U.S. closed their doors, according to the Almighty Institute of Music Retail, a California-based marketing firm. That translates to 3,700 stores. The one bright spot is that the trend has slowed since 2008.

In England, it's worse, with 70 percent of independent record stores disappearing in the last decade.

But some bands are dealing with the issue in a unique way. A U.K. company called Growth Intelligence [1] aggregates data on U.K. companies to offer them a real time snapshot of how their company is performing. They capture everything from real-world data, like hiring of employees, to online indicators like email to online discussion.

Its stats were compiled for the London Stock Exchange "1000 Companies That Inspire Britain [2]" list. On that list were six music firms that outperformed the music sector, one of them being Iron Maiden LLP, the holding company for the venerable heavy metal band. (Another company on the list was Shazam, which we recently profiled [3].)

Enter another U.K. company called Musicmetric [4], which specializes in analytics for the music industry by capturing everything from social media discussion to traffic on the BitTorrent network. It then offers this aggregated information to artists to decide how they want to react. Musicmetric noticed Iron Maiden's placement and ran its own analytics for the band.

"Having an accurate real time snapshop of key data streams is all about helping inform people's decision making. If you know what drives engagement you can maximize the value of your fan base. Artists could say ‘we're getting pirated here, let's do something about it’, or ‘we're popular here, let's play a show’," said Gregory Mead, CEO and co-founder of the London-based firm.

In the case of Iron Maiden, still a top-drawing band in the U.S. and Europe after thirty years, it noted a surge in traffic in South America. Also, it saw that Brazil, Venezuela, Mexico, Columbia, and Chile were among the top 10 countries with the most Iron Maiden Twitter followers. There was also a huge amount of BitTorrent traffic in South America, particularly in Brazil.

Rather than send in the lawyers, Maiden sent itself in. The band has focused extensively on South American tours in recent years, one of which was filmed for the documentary "Flight 666." After all, fans can't download a concert or t-shirts. The result was massive sellouts. The São Paolo show alone grossed £1.58 million (US$2.58 million) alone.

And in a positive cycle, Maiden's online fanbase grew. According to Musicmetric, in the 12 months ending May 31, 2012, the band attracted more than 3.1 million social media fans. After its Maiden England world tour, which ran from June 2012 to October 2013, Maiden's fan base grew by five million online fans, with a significant increase in popularity in South America.

Mead said that thanks to analytics, "Maiden have been rather successful in turning free file-sharing into fee-paying fans."

So bands now have a new tool to try and make up for the loss of music sales. Emphasis is now on touring and t-shirts as CD sales dwindle. "If you engage with fans, there is a chance to turn a percentage into paying customers. You can see that through various bands using the BitTorrent network in a legal way to share content," said Mead.
http://www.citeworld.com/consumeriza...en-musicmetric





Sherlock Holmes Free to be Re-Imagined in US After Judge Removes Licensing Fee

Filmmakers and authors in the United States have been given the legal go-ahead to write stories about British detective Sherlock Holmes without paying a licence fee.

First introduced by author Arthur Conan Doyle in 1887, Holmes entered the public domain in Britain years ago.

The literary icon has been kept alive in the public imagination with the help of scores of films, including director Guy Ritchie's 2009 film which starred Robert Downey Jr, and popular television shows such as the BBC's Sherlock and CBS's Elementary.

But a quirk in US copyright law, which protected 10 short stories in the vast Holmes canon, had allowed Doyle's descendants to retain intellectual property rights in the US.

A Holmes scholar challenged those fees after the Conan Doyle Estate threatened to block the distribution of a book of original short stories if the editors did not obtain a license to use the Holmes characters.

Judge Ruben Castillo rejected the estate's claim that since Holmes and his partner Watson were "continually developed" the copyright protecting the final 10 stories should extend to the characters themselves.

"The effect of adopting Conan Doyle's position would be to extend impermissibly the copyright of certain character elements of Holmes and Watson beyond their statutory period," Judge Castillo, chief justice of the northern district of Illinois, wrote in a 22-page opinion.

Judge Castillo ruled that only the "story elements" detailed in the 10 short stories published after 1923 were protected and that everything else in the Holmes canon was "free for public use".

Holmes scholar Leslie Klinger, who challenged the estate, celebrated the ruling.

"Sherlock Holmes belongs to the world," Mr Klinger said in a statement posted on his Free Sherlock website.

"People want to celebrate Holmes and Watson. Now they can do so without fear of suppression by Conan Doyle's heirs."
http://www.abc.net.au/news/2013-12-2...ruling/5176916





Snapchat for Everything: Younity Rolls Out Ephemeral File-Sharing
Eric Blattberg

With Snapchat, you can send self-deleting photos and videos to your friends.

Younity can send anything.

Using Younity’s share feature, which Younity app maker Entangled Media introduced today, you share music, videos, photos, and other kinds of files with other Younity users. But they can’t ever download those items — and you can decide to “unshare” the content at any time. Otherwise, files you share will automatically expire after seven days, avoiding some of the legal issues around sharing copyrighted content.

“It’s the equivalent of me playing a CD in your car,” explained Erik Caso, Entangled Media CEO and cofounder, in an interview with VentureBeat. “You can listen to a song, but you can’t download it. You can only go buy it, and I can unshare it at any time.”

Between the popularity of Snapchat and other messaging apps like WhatsApp, private media sharing is a hot sector these days — especially this week. This morning, Instagram debuted Instagram Direct for private photo, video, and text messaging. And on Wednesday, Twitter revamped its “direct messaging” feature, adding photo capabilities and increasing its visibility.

But Younity is no Snapchat clone. Its sharing feature is only a small part of the overall service, which Entangled Media bills as a “personal cloud.”

The company doesn’t store any of your data; instead, its software for Windows, Mac, and iOS indexes all of your files so you can access them on any of your devices.

In that way, it resembles BitTorrent Sync, which syncs files between your computers and mobile devices. But it also integrates with cloud storage services like Dropbox, Google Drive, and Microsoft SkyDrive, serving as a sort of meta-cloud without actually storing a byte of data itself.

“Go use Windows, go use Mac, go use Dropbox or Google Drive — we don’t care,” said Caso. ”We want to tie it all together.”

Younity is available now as an early beta, but the long-term vision is to link up all of your cloud services and devices — from your Android phone to your Xbox — so you never have to worry about where your files reside.

“This means you can stop thinking about which device to use, and only think about the screen that is most convenient,” he said.

Younity not only recognizes basic files attributes including file name, type, size, and date, but also metadata like ID3 tags in audio and video and EXIF data from photos. It also grabs attributes and metadata from applications like iTunes to include playlists or other application-based organization. That means Younity can not only search across all your content as once, but also search by different types of metadata – for example, photos shot in Hawaii on a Canon S120 camera, or music released in 2013.

And none of this is accessible by Entangled, so if the National Security Agency busts down the company’s door and demands its data, the most it’ll get is some email addresses, said Caso.

“We can’t do anything with your data. We can’t see it; we can’t describe it; we can’t touch it.”

For now, Younity is completely free, but the company will adopt a freemium model early next year. As Entangled expands its list of Younity-compatible devices and services, it’ll start to charge for additional implementations. It’ll let you hook up two or three for free, but beyond that, you’ll have to pay.

Not that it’ll cost that much; Caso is thinking $20 or $30 annually, which is far cheaper than cloud storage services like Dropbox. After all, Entangled doesn’t have to store anything itself, so its operational overhead is really low.

“Really, what we’re showing now is a proof of concept,” said Caso. “We want to show what the personal cloud is as an alternative to the public cloud.

“A lot of people describe this as what everyone wanted iCloud to be.” (Younity isn’t compatible with iCloud, by the way.)

Founded in late 2011, Entangled Media is split between Boulder, Colo., and Santa Monica, Calif. It currently has nine full-time employees, most of whom are engineers. The company raised a $2.25 millon funding round this August from Crosslink Capital, Draper Associates, PROfounders Capital, and others, putting its total funding around $3.5 million.
http://venturebeat.com/2013/12/12/sn...-file-sharing/





Patient Data On Filesharing Service Provokes Legal Trouble

Medical file reportedly found on a peer-to-peer filesharing network leads to an FTC complaint, a federal lawsuit, and a book claiming regulatory overreach.
William Jackson

In 2008, cyber-intelligence company Tiversa notified LabMD, a small Atlanta medical testing lab, that it had found a 1,700-page file from the lab containing sensitive patient information on a peer-to-peer network and offered its services to remediate the problem.

But Tiversa wouldn't reveal where the file was found or how it was discovered unless LabMD hired the company.

"This smelled of extortion," said LabMD president and CEO Michael J. Daugherty, and he refused to do business with Tiversa. So began a twisted and cautionary tale for small businesses about government requirements for protecting sensitive data.

The Federal Trade Commission obtained a copy of the stolen document from Tiversa and in August of this year filed an administrative complaint alleging the lab failed to secure patient data reasonably and lacked a comprehensive data security program. Daugherty calls this action regulatory overreach and chose to fight back, writing about his experience in a recently published book, "The Devil Inside the Beltway." In it, he accuses Tiversa and the FTC of conspiring in a shakedown.

Perhaps not surprisingly, these accusations resulted in federal lawsuit filed in September by Tiversa CEO Robert Boback alleging defamation. But the story is also about the challenges of using filesharing technology.

The underlying problem is a vulnerability -- or a feature, depending on your point of view -- that can inadvertently expose private files to a filesharing network.

Peer-to-peer networks remove the distinction between client and server, giving other users direct access to files that have been downloaded and stored in a shared folder. The networks often are used to share music and other entertainment files, but the apps also can expose other data on your computer. According to a 2006 study by the US Patent and Trademark Office, if a downloaded file is moved out of the shared folder to a new one, that file can give most filesharing applications access to all the data in the new folder as well.

This risk was not widely understood in 2008, but that reportedly is what happened at LabMD, where a copy of the peer-to-peer app LimeWire was found on a company computer. Tiversa searches and copies files from peer-to-peer networks, selling its services to victims of this type of data leakage when it finds suspect material. It also works with law enforcement.

Daugherty says he is not convinced that his stolen file came from LimeWire, but when Tiversa's Boback testified before Congress about the problem in 2009, the FTC began investigating the issue with material obtained from Tiversa. LabMD fell under the FTC's microscope and Daugherty says he was bullied to accept an agreement that would have placed his company under FTC supervision for 20 years. When he refused, the FTC filed its complaint.

For its part, Tiversa denies that it collaborated with the FTC in any schemes and says it provided information about leaked files to the agency only under threat of subpoena and without compensation.

Daugherty is not convinced. "What is a private company doing downloading other peoples' files and holding them?" he said. "This is insanity."

Insane or not, the resolution of the issue remains years away. The FTC action now is in an administrative court, where Daugherty says he plans to continue contesting it despite what he said are poor chances of his prevailing. Only then can it proceed to a civil court. "We've got a good two more years here," he said.

The FTC declined to comment on Daugherty's allegations or the complaint against him beyond what has already been released. Although the complaint itself has not been made public because it contains confidential business information, the agency announced the complaint in an August 29 press release that quotes Jessica Rich, director of the FTC's Bureau of Consumer Protection. "The FTC is committed to ensuring that firms who collect that data use reasonable and appropriate security measures to prevent it from falling into the hands of identity thieves and other unauthorized users."
http://www.informationweek.com/gover...d/d-id/1113235





The Case Against Kim Dotcom, Finally Revealed

Feds lay it all out: Megaupload made $150+ million, and Dotcom must stand trial.
Joe Mullin

Nearly two years after Kim Dotcom's New Zealand mansion was raided by police, US authorities have made their case as to why the man behind Megaupload shouldn't simply go bankrupt like previous copyright violators before have—he should go to jail, they argue.

In a 191-page "Summary of Evidence," government lawyers marshal Skype chats, financial data, and dozens of e-mails to make their case that Megaupload was a criminal network designed from the start to distribute copyrighted material. It discusses the payments made to heavy uploaders to encourage them to drive traffic to the files of movies and TV shows they hid online.

Megaupload built a wall of plausible deniability, prosecutors claim, by disabling any internal search of files stored on Megaupload, meant as a "cyberlocker" site. But its administrators, who include the men behind Dotcom's new site Mega, traded e-mails that show the real strategy. They monitored and drove traffic to third-party linking sites through which Megaupload beamed its advertisements. They guided users about how to use the site in e-mails that clearly reference movies. Finally, and critically, they provided cash rewards to their best uploaders; in their e-mails they negotiated how to control such awards and get the most bang for their buck.

At one point, Megaupload officials discussed moving some pornographic content from Megaupload to Megarotic, which was Megaupload's racier sister site. They needed to explain the move to users, but it was complicated.

“[W]e could, however, also be shooting ourselves in the foot with this, as it proves that we looked at the file... and therefore are not the dumb pipe we claim to be," wrote Megaupload CTO Mathias Ortmann. "[C]opyright owners may use this against us."

Much of the information is likely what was gleaned from the servers that were copied, searched, and ultimately seized by US law enforcement. But prosecutors have also convinced several heavy users of Megaupload, identified so far only by initials, to testify against Dotcom and his comrades about how they used the system.

The purpose of the massive evidence dump is to get Dotcom extradited from New Zealand, where he has been wrapped up in legal proceedings for the 23 months since his mansion was raided. The US hardly got the quick handover they wanted—not only is Dotcom out of jail, he's free to do business. This year, he launched a new site simply called "Mega."

The next extradition hearing is scheduled for July 2014, and the evidence published Friday will be front-and-center in the government's case.

The government's 191-page "Summary of Evidence" also details the stunning sums that Dotcom and his colleagues made running their site. Dotcom, who owned 68 percent of Megaupload and all of sister site Megavideo, made more than $42 million in calendar year 2010. CTO Mathias Ortmann, who owned 25 percent share of Megaupload, made more than $9 million that same year; designer Julius Bencko (2.5 percent) made more than $1 million, and programmer Bram Van Der Kolk (also 2.5 percent) made more than $2 million. Chief Marketing Officer Finn Batato, who was not a shareholder, made $400,000. And no perk was too excessive: the company spent $616,000 renting Mediterranean yachts.

Megaupload lawyer Ira Rothken has said the document is being used to mislead the public.

"We think it’s 191 pages of meritless criminal allegations," Rothken told Variety. "The allegations seem to revolve around Megaupload’s discussed policies related to user infringements, takedowns, and things like reward programs. All those things are civil in nature and can never be considered criminal in the United States." At most, it's "secondary copyright infringement," he said—not a criminal matter.

Love means never having to say “delete”

Megaupload was the storage side, while Megavideo was a site that allowed users to watch stored videos without downloading through an embedded Flash video player. The public fronts of both sites were scrubbed to look clean, but prosecutors allege that was all to hide the real strategy revealed in internal e-mails: getting users to find the content they want through third-party search sites then encouraging them to buy premium subscriptions by cutting off their viewing after 72 minutes of video: just enough time to not finish watching a feature film.

Megavideo also carried ads, but premium subscriptions were the main revenue source. The Mega sites together generated $25 million in ad revenue, but they're estimated to have received more than $150 million from premium subscriptions.

Like many sites, Megaupload was deluged with thousands of takedown requests from copyright holders. It complied with the requests by disabling the specific URLs that pointed to accused files—all while keeping the actual infringing files undeleted and accessible. Megaupload users could create many URLs pointing to their files, making it trivial to keep the files available. At the same time, Megaupload principals would send e-mails to copyright owners implying they had actually removed the files.

They also didn't terminate the accounts of "repeat infringers," some of whom had their content subject to tens of thousands of takedown requests.

Having set up a system that proliferated millions of links to forbidden content, Megaupload then complied with takedown requests—on a sharply limited basis. Dotcom set strict limits on how many files should be removed and scolded his subordinates if they removed too much.

In 2009, Ortmann e-mailed Dotcom about Warner Brothers' request for an increase in their "removal limit," which was set by Megaupload. "They are currently removing 2,500 files per day," wrote Ortmann. "A cursory check indicates that it's legit takedowns of content that they own appearing in public forums," meaning third-party link sites. "We should comply with their request—we can afford to be cooperative at current growth levels.

Dotcom OK'd the increase; Warner could take down 5,000 links per day but "not unlimited," he stressed.

But often, they wouldn't comply. Megaupload never deleted files, and sometimes Dotcom balked at even removing URLs. After getting an e-mail listing 6,000 links from a representative of "various copyright owners," including the big four movie studios and Sony BMG's Mexico division, Dotcom actually scolded his underlings for complying.

"I told you many times not to delete links that are reported in batches of thousands from insignificant sources," wrote Dotcom. "I would say that those infringement reports from MEXICO of '14,000' links would fall into that category. And the fact that we lost significant revenue because of it justifies my reaction."

“They have no idea that we're making millions”

Megaupload staff kept a clean facade, creating a "Top 100" list that consisted of movie trailers, game demos, and other legal content, but prosecutors maintain this was a sham to hide the truly popular content. Now, they've showcased some of the e-mails they captured to show there was a "wink wink, nudge nudge" attitude toward copyright violations on the site.

And some of the e-mails do look damning.

In March 2009, Dotcom asked Ortmann over Skype (in German): “Have you got a minute? Let’s talk about how we should prepare for lawsuits, should they ever happen.”

"We need to take a look at how YouTube has dealt with that so far," said Ortmann. "Promise some kind of technical filtering crap and then never implement it."

"We should already be hiring an attorney now, perhaps an in-house one, to get us prepared for anything," responded Dotcom.

Van Der Kolk was more explicit in his discussions with Ortmann. "yep :) the MU business model works very well for online video (private links)," he wrote. "Now we’re doing exactly what I foresaw in the beginning – innocent front end, private backend :)."

Two days later, he Skyped again to Ortmann: "If copyright holders would really know how big our business is they would surely try to do something against it... they have no idea that we’re making millions in profit every month." Ortmann responded, "Indeed."

The men who ran the Mega sites passed around customers' e-mails with reactions, complaints, and compliments, many of them mentioning obviously copyrighted content. For instance, in May 2009, Batato sent an e-mail to Ortmann with a customer note reading: "We watched Taken successfuly [sic] and then tried to watch the Alphabet Killer a day later and got the message to upgrade if we wanted to continue watching."

Another user in 2010 e-mailed Batato asking, "where can we see full movies?" Batato answered, “You need to go to our referrer sites. Such as www.thepiratecity.org or www.ovguide.com[.] There are the movie and series links. You cannot find them by searching on MV directly. That would cause us a lot of trouble ;-).”

In 2008, a user wrote directly to Dotcom complaining about video problems. "I’ve been trying to watch Dexter episodes, but... the sound doesn’t match up with the visual," he wrote. "I didn’t choose to use your site, you seem to dominate episodes 6 and 7 of Dexter on alluc[.org, a linking site]."

Dotcom forwarded the e-mail to Ortmann, writing: "on many forums people complain that our video / sound are not in sync... We need to solve this asap!”

In 2008, Van Der Kolk sent an e-mail to Ortmann entitled "funny chat log," showing an earlier chat in which Van Der Kolk had said: "we have a funny business... modern days pirates :)." Ortmann's response was a smiley-faced embrace of the gray area of the law he and his colleagues sought to occupy. "we’re not pirates, we’re just providing shipping services to pirates :)," he wrote.

In a 2007 Skype chat, Van Der Kolk had used the "modern pirates" in a different chat. "We're pretty evil, unfortunately," responded Ortmann. "but Google is also evil, and their claim is 'don't be evil.'"

"yes!" wrote Van Der Kolk. “the world is changing, this is the Internet, people will always share files and download their stuff for free... with or without Megaupload.”

So what's a copyright owner to do? Just join Megaupload, apparently. "the content providers should just get a producer account and sign up for rewards," quipped Ortmann.

The men behind the so-called "Mega Conspiracy" also shared copyrighted content among themselves, according to prosecutors. A centerpiece of those accusations is Van Der Kolk's alleged uploading of the movie Taken in October 2008—more than three months before its theater release. He e-mailed out the URL to an unnamed individual. By 2011, with the site under investigation, Van Der Kolk's upload was being reviewed by an FBI agent.

Agents captured a Skype chat in 2006: "I am downloading the latest LOST episodes in HDTV format for Kim :-)" in which Van Der Kolk told Ortmann, "fantastic :)."

In 2007, Bencko e-mailed Van Der Kolk: “the sopranos is in French :((( [expletive redacted].. can u pls find me some again ?” Later that year, another message read: "can u pls get me some links to the series called ‘Seinfeld’ from MU?" (Bracketed content in these quotes is from the charging documents.)

That same year, Ortmann told colleague Andrus Nomm over Skype: "I have a feeling that Kim [Dotcom] tolerates a certain amount of copyright violation.” Nomm responded, "yep but not too obvious ones." Ortmann: "it helps initial growth... but we must not overdo it."

Other e-mails suggest that early on, Van Der Kolk and Ortmann considered, but apparently rejected, the idea of cracking down on pirated videos. “Maybe we should automatically delete videos on Megavideo that are longer than 30 minutes and have more than XXX views or something because I still see so much piracy that is being embedded," said Van Der Kolk in an October 2007 Skype chat. "What kind of videos are legit and longer than 30 minutes and views more than XXX times... "

"what we can indeed do is put them into ‘temporarily not available’ state and priority-audit them," wrote Ortmann. "anything that’s legit will then be unblocked permanently, the rest will go to deleted.”

"yeah, but 99.999 percent will be deleted then," said Van Der Kolk.

Big uploaders, big rewards

Megaupload appealed to uploaders to stock the site with popular content by offering a rewards system. The "uploader rewards," on offer since 2005, grant uploaders $1 in cash for every 1,000 times their content is downloaded, plus additional bonuses for top Megauploaders. The total amount of awards granted rose from $25,000 in 2006 to over $1.1 million in 2009 and 2010.

The program appears to have wound down in 2011; perhaps not coincidentally, that was the year Hotfile was sued and ultimately got nailed in a civil copyright case, largely owing to the incentives they offered users.

The feds have captured a wide array of e-mail correspondence between Van Der Kolk, Ortmann, and Dotcom discussing how to administer the rewards system and keep the enthusiasm of top users without overpaying.

It was a delicate balance. Megaupload had 66.6 million users in January 2012, but only 5.86 million—less than nine percent—had ever uploaded a single file. Only about 1.2 percent were premium subscribers able to store private content for the long-term.

Most users earned the odd $100 check here and there. But some made much more. In November 2009, Van Der Kolk discussed an incredibly high reward payment—$175,600—via Skype. “it’s still very fine in relation to our costs / income / profit if you think about it,” he wrote. “these users are making it happen.” Is he really a "big contributor," Ortmann wanted to know? At 70 million video views, he was indeed. "but we can skip him if you want :)" wrote Van Der Kolk. "nono :)" responded Ortmann—the user had earned it.

More typically, the feds' document identifies "CB in Alexandria, VA" who made $500 from 2008 to 2010. Another uploader in Falls Church, Virginia, made $2,900 from August 2009 to June 2010.

Discussions of whose contributions had what value often led to explicit discussions acknowledging it was copyrighted content that was driving views. "10+ full popular DVD rips (split files), a few small porn movies, some software with key generators (warez)," summed up Van Der Kolk in discussing one user who was set to get a $100 reward.

Other e-mails related to trying to find "fraudster" users of the rewards program, who tried to automate downloads to increase their rewards. They tried to keep costs low. In 2007, Van Der Kolk wrote to Ortmann:

Hereby the rewards batch payment file. Total costs: $12,800 USD. Lot’s of 1500 dollar redemptions from Vietnamese uploaders again...I checked every file / video portfolio; however let me know if it’s too much, then I’ll check who else we can disqualify for whatever reason :)

The user being discussed there is "TH," one of several heavy Megaupload users identified in the complaint only by their initials. TH—who, like many of Megaupload's most reliable users, was Vietnamese—was paid more than $50,000 between 2006 and 2011. And the document published Friday shows that TH, who received checks from Megaupload for years, is ready to testify against the company.

Now testifying against Megaupload: Their best users

The relationship between TH and Megaupload wasn't always a happy one.

Once when a payment was delayed, TH wrote an e-mail that if he wasn't paid within 24 hours he would write about the lack of payment on "over 100 Vietnamese websites in the world… I really do not care about your payment or not. I do not give you a chance to cheat millions of user and uploaders anymore."

Dotcom was upset. "This is the fifth e-mail from this guy WHY THE [expletive redacted] DOES NOONE CARE?" Ortmann reassured him, "We do care," and he was sending payment now that Bram had identified TH as "legit."

It was a love/hate relationship between Megaupload and TH. In 2008, he complained about a change to the uploader reward policy that was causing him to lose points. TH again threatened to become a Megaupload dissident, saying that if the policy wasn't adjusted, he would "post on over 120 websites and notify users to stop buying premium account[s] with Megaupload.”

In March 2008, Kim Dotcom himself got firm with TH. "You and your friends are at most 1 percent of our traffic," wrote Dotcom. "So please don’t overestimate your importance to us. We are thankful for your support of Megaupload in the past and I think we have always been fair to you... In the future you will also earn rewards for every premium customer that you bring to us."

Secretly, they were happy with TH despite his complaining. When TH returned from a break in May 2008, Dotcom wrote to Ortmann celebrating his return, writing "Juhu.. [TH] is back :-)."

Now, TH will be testifying against Megaupload, explaining how he used the site. He would advertise his own links on third-party link sites, together with posters for the movies and TV programs, mostly Vietnamese, that he was showing.

In 2006, TH will testify, he got an e-mail from Megaupload saying he wouldn't be paid because he uploaded an infringing song from Vietnamese artists. TH responded, saying that Vietnamese artists "do not have copyrights," according to prosecutors. "He did so because he thought it would help him to get paid." And he did get paid, right up until 2011.

Most users were more small-time than TH, who impressed the staff with his prolific uploading. ("Basically, all the Vietnamese guys are gems," wrote Ortmann at one point.) Another user who will testify against Megaupload got just $600, uploading TV shows like The Simpsons and Family Guy, and video games like Call of Duty, Halo 3, and Tiger Woods PGA Tour 10.

The content from the heavy uploaders was subject to staggering numbers of takedown requests. User RK, who was paid $5,500 in rewards from 2009 to 2011, had uploaded popular TV programs like 30 Rock, Friday Night Lights, and True Blood. His material had been subject to more than 300,000 takedown requests.

Another user, MB, uploaded videos that produced 14 million "site visits and infringements," including whole seasons of dozens of TV shows, from Arrested Development to Xena: Warrior Princess.

His content was subject to 46,000 takedown requests by copyright owners. But his files weren't deleted, and his account wasn't terminated. His checks—$5,500 paid from 2009 to 2011—were sent off with enthusiasm.

"Money sent," wrote Ortmann in 2007. "With a total of over 11 million pageviews of the files in his account, he surely deserves it!"
http://arstechnica.com/tech-policy/2...inancial-data/





U.S. Mobile Internet Traffic Nearly Doubled This Year
Brian X. Chen

In the United States, consumers used an average of 1.2 gigabytes a month this year, which is roughly the equivalent of uploading 1,200 images from mobile devices over a cellular network.

Two big shifts happened in the American cellphone industry over the past year: Cellular networks got faster, and smartphone screens got bigger. As a result, people’s consumption of mobile data nearly doubled.

In the United States, consumers used an average of 1.2 gigabytes a month over cellular networks this year, up from 690 megabytes a month in 2012, according to Chetan Sharma, a consultant for wireless carriers, who published a new report on industry trends on Monday. Worldwide, the average consumption was 240 megabytes a month this year, up from 140 megabytes last year, he said.

But what’s in a megabyte or gigabyte anyway? A megabyte is about the amount of data required to download a photo taken with a decent digital camera, or one minute of a song, or a decent stack of e-mail.

So using that analogy — 1.2 gigabytes of mobile data a month looks something like 1,200 photos that a person downloaded to the Internet from a mobile device each month, compared with 690 photos he downloaded a month last year.

That is a significant jump. Mr. Sharma said the uptick in data use could be attributed, at least partly, to the widespread coverage of fourth-generation network technology, called LTE, which carriers say is 10 times faster than its predecessor, 3G. He said the rise was also connected to the popularity of phones with bigger screens, like the newer iPhones or Samsung’s Galaxy smartphones, which download bigger images.

About 1.4 billion smartphones will be in use by the end of this year, according to ABI Research. Cisco, the networking company, predicts that Internet traffic from mobile devices will exceed that of wired devices, like desktop computers, by 2016.
http://bits.blogs.nytimes.com/2013/1...led-this-year/





How US Internet Service Might Get Better—and Worse—in 2014

Fiber buildouts and threats to net neutrality make next year worth watching.
Jon Brodkin

2013, like just about every year before it, was the year nearly all of us complained about our Internet service.

"It's too slow!" we said. "Too expensive!" And we were generally right, as a study by the New America Foundation's Open Technology Institute found that US consumers pay more for slower service than counterparts in other countries.

But 2013 wasn't just more of the same—there were big developments that make 2014 worth watching, for good and bad reasons. Inspired by Google Fiber, cities are increasingly looking for ways to get their own fiber networks and give the US broadband market much-needed competition. On the potentially bad side of the equation, a legal challenge to network neutrality laws by Verizon could further degrade competition, particularly in streaming video.

As we look back at 2013 and ahead to next year, let's start with the good news. Google Fiber came to Kansas City in late 2012 and is headed to Provo, Utah, and Austin, Texas, in 2014. Google isn't about to wire up the whole country, and it's far from the first to install fiber-to-the-home networks. But the Web company's entry into the ISP market showed that competition does benefit consumers. In Austin, Google's planned network spurred AT&T to bring fiber to homes with download speeds of 300Mbps today and a gigabit next year. (One caveat: AT&T's standard service comes with ads targeted to you based on your Web history.) Even communities that didn't win the Google Fiber lottery are taking it upon themselves to lure fiber providers as an alternative to cable or DSL.

In November we described how officials in Louisville, Kentucky, and the Bryan/College Station area in Texas are laying the groundwork for fiber networks to benefit residents and make the cities more attractive to businesses. Los Angeles has a similar plan (although it may not be an entirely realistic one).

These cities are still planning to rely on ISPs, hoping that incentives can lure a new provider or convince existing ones to build out fiber networks to rival Google's.

Some communities are taking more direct control over their fates. In Leverett, Mass., planning that began in 2011 is expected to result in the deployment next year of a fiber-to-the-home network "that will be operated by a publicly controlled Municipal Light Plant entity," a case study by Harvard researchers said. "The MLP will operate independently of Leverett’s political infrastructure, but will be required by state law to charge subscribers no more than the cost of providing service."

This month, the city of Ellensburg, Washington, approved a contract to begin construction of a publicly owned fiber network. Officials in Chattanooga, Tennessee, previously showed how a government-run fiber network can rival or surpass a private one. Residents there can purchase 100Mbps connections for $57.99 a month and gigabit connections for $69.99 a month from the community-owned electric utility. It even helped residents who subscribe to traditional ISPs—after the network launched in 2011, incumbents Comcast and AT&T finally started upgrading their services, utility officials told Ars.

Another approach is for cities to create an open network that can be used by any provider to sell Internet. The Utopia network in Utah is perhaps the best example, but its mixed track record may be holding back the open access model.

"The network is deep in debt while serving a fraction of those they intended to," Christopher Mitchell, director of the Telecommunications as Commons Initiative at the Institute for Local Self-Reliance, told Ars. "On the other hand, Utopia has some of the fastest Internet access in the nation and affordable rates, and people who have access have a real choice in providers. Plus it encouraged Comcast and US West [now CenturyLink] to expedite their local investments."

Lessons were learned in Utah that can help other cities looking to bypass the private market, Mitchell believes. Still, he notes that "the open access model has been set back by Utopia's experience, and Utopia is regularly cited by those who try to convince cities to just let the 'private sector' solve this—as though it were a functioning market."

In 2014, we'll find out just how the plans of Los Angeles, Louisville, Bryan/College Station, Leverett, Ellensburg, and other cities pan out. Although competition is still distressingly absent in much of America, one thing that's clear is numerous cities are no longer content to simply accept what few options ISPs give them.

Now for the bad news...

While US residents rarely have many good choices of home Internet providers, at least we have the guarantee that ISPs can't place any giant restrictions on what content we can access over the Internet.

That's because of the Federal Communication Commission's 2010 Open Internet Order, a set of network neutrality rules that forbid ISPs from blocking services or charging content providers for access to their networks.

If the law were overturned, ISPs could more easily steer customers to their own services and away from those of their rivals. They could charge companies like Netflix for the right to have their videos prioritized over other types of Internet traffic, perhaps indirectly raising the price consumers pay for streaming video and making it more difficult for startups to compete against established players who can afford the "Internet fast lane" fees.

That's what Verizon wants, as its lawsuit to overturn the network neutrality law went to court in September. A ruling is likely to come in early 2014 from the US Court of Appeals for the District of Columbia Circuit.

The appeals court judges were skeptical of the FCC's arguments in favor of network neutrality, giving cheer to opponents of the law and reason to worry for consumer advocates.

"We believe a DC Circuit panel majority signaled today at oral arguments that it’s inclined to pare back FCC Open Internet rules in a way that would allow cable and telco broadband providers to charge Internet edge providers for improved connections to broadband customers," the telecom analyst firm Stifel wrote after a September court proceeding. "At the same time, the panel seemed inclined to uphold the FCC’s authority to regulate broadband to some extent… Such an outcome could give telcos and cable new flexibility to strike paid-prioritization deals for offering better service to Internet edge providers (e.g., Google, Amazon, Netflix), which could also include media companies (e.g., Disney, Fox, CBS, Viacom, Time Warner Cable). Whether it would be good or bad for edge/media providers would depend on their business plans and financial wherewithal, but it could create faster 'toll' lanes that give big edge players advantages over upstarts."

ISPs can already degrade the quality of rival video services indirectly by refusing to upgrade the peering infrastructure that lets traffic pass from one network to another, or by refusing to use caching systems that improve the quality of services like Netflix and YouTube. Gutting the Open Internet Order would let ISPs take more direct aim at their rivals.

Some members of Congress are concerned about ISPs limiting consumers' choice in video services. US Sen. Jay Rockefeller (D-WV) has proposed comprehensive legislation to restrict the ways ISPs can overcharge customers and degrade the quality of rival online video services, while boosting the FCC's ability to regulate.

Rockefeller wants to prevent ISPs from using data caps to discriminate against third-party services, an important goal as Comcast and other cable providers are likely to increase the use of caps in 2014, making you pay more if you use a lot of bandwidth-heavy services.

There is also reason to worry about newly sworn-in FCC Chairman Tom Wheeler's approach to network neutrality. In recent comments, he seemed to accept as inevitable a future in which Netflix will have to pay ISPs to get high-quality access to consumers.

"I am a firm believer in the market," he said in response to a question after a policy speech. “I think we’re also going to see a two-sided market where Netflix might say, ‘well, I’ll pay in order to make sure that you might receive, my subscriber receives, the best possible transmission of this movie.’ I think we want to let those kinds of things evolve. We want to observe what happens from that, and we want to make decisions accordingly, but I go back to the fact that the marketplace is where these decisions ought to be made, and the functionality of a competitive marketplace dictates the degree of regulation."

Wheeler was asked by US Rep. Henry Waxman (D-Calif.) to clarify what he meant in a subsequent congressional hearing. Wheeler responded:

I am strong supporter of the Open Internet rules, full stop. The rules were written in such a way as to envision opportunities for innovation and experimentation, and to impose on them a balance between protecting the open Internet, protection consumers, and stimulating innovation. New ideas under the Open Internet order, new ideas such as those you have referenced, in a wireless environment particularly, are not prohibited. But there is a clear responsibility for the Commission to make sure that what takes place does not interfere with Internet access, is not anticompetitive, and does not provide preferential treatment. And we will enforce that. We will maintain the balance between innovation and ensuring there is an open Internet.

Wheeler's reference to "a wireless environment" is potentially important, because the Open Internet Order's rules generally apply to wired Internet rather than cellular service. Still, he hasn't quite answered the question of whether Netflix could be forced to pay ISPs for better access to consumers of fixed Internet service, even though such a scenario would likely violate the FCC's rules. We've asked an FCC spokesman for a more specific answer or an interview with Wheeler, but no further clarification seems to be coming.

All of this is to say that there are many reasons to watch what happens in the US Internet market in 2014 and beyond. We don't know just how far fiber deployments will advance next year or how the regulatory questions will be resolved, but the issues we've described are sure to have a big impact on broadband prices, competition, and quality of service.
http://arstechnica.com/information-t...worse-in-2014/





Ethnographic Research: Facebook is Basically Dead and Buried with UK Teenagers

As part of a European Union-funded study on social media (make sure to check also the UCL site and blog on the same project), the Department of Anthropology at University College London is running nine simultaneous 15-month ethnographic studies in seven countries (small towns in Brazil, China (2), India, Italy, Trinidad, Turkey and the UK). Interesting insights from the UK:

“What we’ve learned from working with 16-18 year olds in the UK is that Facebook is not just on the slide, it is basically dead and buried. Mostly they feel embarrassed even to be associated with it. Where once parents worried about their children joining Facebook, the children now say it is their family that insists they stay there to post about their lives. Parents have worked out how to use the site and see it as a way for the family to remain connected. In response, the young are moving on to cooler things.

Instead, four new contenders for the crown have emerged: Twitter, Instagram, Snapchat and WhatsApp. This teaches us a number of important lessons about winning the app war.”
http://www.experientia.com/blog/ethn...-uk-teenagers/





Bye Bye, Bile? Websites Try to Nix Nasty Comments
Barbara Ortutay

Mix blatant bigotry with poor spelling. Add a dash of ALL CAPS. Top it off with a violent threat. And there you have it: A recipe for the worst of online comments, scourge of the Internet.

Blame anonymity, blame politicians, blame human nature. But a growing number of websites are reining in the Wild West of online commentary. Companies including Google and the Huffington Post are trying everything from deploying moderators to forcing people to use their real names in order to restore civil discourse. Some sites, such as Popular Science, are banning comments altogether.

The efforts put sites in a delicate position. User comments add a lively, fresh feel to videos, stories and music. And, of course, the longer visitors stay to read the posts, and the more they come back, the more a site can charge for advertising.

What websites don't want is the kind of off-putting nastiness that spewed forth under a recent CNN.com article about the Affordable Care Act.

"If it were up to me, you progressive libs destroying this country would be hanging from the gallows for treason. People are awakening though. If I were you, I'd be very afraid," wrote someone using the name "JBlaze."

YouTube, which is owned by Google, has long been home to some of the Internet's most juvenile and grammatically incorrect comments. The site caused a stir last month when it began requiring people to log into Google Plus to write a comment. Besides herding users to Google's unified network, the company says the move is designed to raise the level of discourse in the conversations that play out under YouTube videos.

One such video, a Cheerios commercial featuring an interracial family, met with such a barrage of racist responses on YouTube in May that General Mills shut down comments on it altogether.

"Starting this week, when you're watching a video on YouTube, you'll see comments sorted by people you care about first," wrote YouTube product manager Nundu Janakiram and principal engineer Yonatan Zunger in a blog post announcing the changes. "If you post videos on your channel, you also have more tools to moderate welcome and unwelcome conversations. This way, YouTube comments will become conversations that matter to you."

Anonymity has always been a major appeal of online life. Two decades ago, The New Yorker magazine ran a cartoon with a dog sitting in front of a computer, one paw on the keyboard. The caption read: "On the Internet, nobody knows you're a dog." At its best, anonymity allows people to speak freely without repercussions. It allows whistle blowers and protesters to espouse unpopular opinions. At its worst, it allows people to spout off without repercussions. It gives trolls and bullies license to pick arguments, threaten and abuse.

But anonymity has been eroding in recent years. On the Internet, many people may know not only your name, but also your latest musings, the songs you've listened to, your job history, who your friends are and even the brand of soap you prefer.

"It's not so much that our offline lives are going online, it's that our offline and online lives are more integrated," says Mark Lashley, a professor of communications at La Salle University in Philadelphia. Facebook, which requires people to use their real names, played a big part in the seismic shift.

"The way the Web was developed, it was unique in that the avatar and the handle were always these things people used to go by. It did develop into a Wild West situation," he says, adding that it's no surprise that Google and other companies are going this route. "As more people go online and we put more of our lives online, we should be held accountable for things we say."

Nearly three-quarters of teens and young adults think people are more likely to use discriminatory language online or in text messages than in face to face conversations, according to a recent poll from The Associated Press-NORC Center for Public Affairs Research and MTV. The poll didn't distinguish between anonymous comments and those with real identities attached.

The Huffington Post is also clamping down on vicious comments. In addition to employing 40 human moderators who sift through readers' posts for racism, homophobia, hate speech and the like, the AOL-owned news site is also chipping away at anonymous commenting. Previously, anyone could respond to an article posted on the site by creating an account, without tying it to an email address. This fall, HuffPo began requiring people to verify their identity by connecting their accounts to an email address, but that didn't appear to be enough and the site now also asks commenters to log in using a verified Facebook account.

"We are reaching a place where the Internet is growing up," says Jimmy Soni, managing editor of HuffPo. "These changes represent a maturing (online) environment."

Soni says the changes have already made a difference in the quality of the comments. The lack of total anonymity, while not a failsafe method, offers people a "gut check moment," he says. There have been "significantly fewer things that we would not be able to share with our mothers," in the HuffPo comments section since the change, Soni says.

Newspapers are also turning toward regulated comments. Of the largest 137 U.S. newspapers - those with daily circulation above 50,000 - nearly 49 percent ban anonymous commenting, according to Arthur Santana, assistant communications professor at the University of Houston. Nearly 42 percent allow anonymity, while 9 percent do not have comments at all.

Curbing anonymity doesn't always help. Plenty of people are fine attaching their names and Facebook profiles to poorly spelled outbursts that live on long after their fury has passed.

In some cases, sites have gone further. Popular Science, the 141-year-old science and technology magazine, stopped allowing comments of any kind on its news articles in September.

While highlighting responses to articles about climate change and abortion, Popular Science online editor Suzanne LaBarre announced the change and explained in a blog post that comments can be "bad for science."

Because "comments sections tend to be a grotesque reflection of the media culture surrounding them, the cynical work of undermining bedrock scientific doctrine is now being done beneath our own stories," wrote LaBarre.

We can't wait to see the response to this story.
http://abcnews.go.com/Technology/wir...ments-21339121





Windows XP: Microsoft’s Ticking Time Bomb

Shona Ghosh examines the security threat posed by Microsoft’s decision to end support for its 12-year-old OS in April

The final deadline for Windows XP support will act as a starting pistol for hackers, as they target hundreds of millions of users on unpatched systems.

Microsoft has already granted the 12-year-old OS several stays of execution, but the firm has said it will finally end extended support on 8 April 2014 – despite the fact that XP remains the second-most popular OS, with almost a third of PCs running it.

These hundreds of millions of desktops and laptops will be vulnerable to hackers once XP stops receiving security updates, with Microsoft warning earlier this year that hackers could use patches issued for Windows 7 or Windows 8 to scout for XP exploits.

"The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares [them]," wrote Tim Rains, the director of Microsoft’s Trustworthy Computing group.

The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates

"If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP," Rains added. "Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a zero-day vulnerability forever."

Microsoft noted that XP shared 30 security holes with Windows 7 and Windows 8 between July 2012 and July 2013, giving hackers ample opportunity to reverse-engineer vulnerabilities.

Ed Shepley, solutions architect at migration specialist Camwood, said users don’t seem convinced by the threat. He added that he’s surprised Microsoft’s warning didn’t lead to "hundreds of people phoning us that day". According to Shepley, the end of XP support poses a "significant risk".

Other risks

Failure to migrate could leave businesses open to infections, denial-of-service attacks and data theft, according to Camwood. Aside from the inconvenience and costs to address the attack, companies can also face fines.

For example, American regulators have warned that banks that fail to upgrade their software from XP will be liable if, for example, customer credit-card data is stolen. In the UK, the Information Commissioner’s Office hasn’t issued such clear-cut guidance, but it has the power to fine institutions that don’t hold credit-card information securely in their systems under data-protection laws.

There are also "soft problems" for companies that don’t migrate to the most up-to-date software, added Shepley. "Companies run the risk of being left behind the rest of the industry," he said. "If you’re using a 32-bit version of XP, all the new tools and software that allow your competitors to be competitive won’t be available to you."

Poor preparation

Despite the real security risks, analysts have suggested that corporations are reluctant to budget for the time and money required for a full migration. Many won’t even be able to upgrade before the cut-off date.

According to IHS iSuppli analyst Craig Stice, most businesses have tried to avoid a full IT refresh amid the economic uncertainty, with managers "hanging on" to the hardware they already have.

"They’re extending the life of [hardware] as best they can, through internal upgrades or additional memory – doing anything to increase performance without having to upgrade," he said. "Traditionally, PCs are refreshed every four years. We’re seeing that extended pretty dramatically to five or six years."

According to Shepley, it’s been so long since most businesses have conducted a wholesale migration that many have simply forgotten how long it will take. Microsoft states that corporations should leave up to 30 months to complete their migration.

"Some of our clients think it can be done over a few weekends. They don’t understand how many applications they have," said Shepley. "One client we’re working with believes they have 1,000 applications; we’re doing an inventory for them, and our number is somewhere north of 4,000. People don’t realise how much app proliferation has gone on since they put XP in."

Mischievous rivals

It hasn’t helped that Microsoft has, in some instances, been undermined by its rivals continuing to support products on XP.

Many organisations still run dozens, or even hundreds, of applications on XP and may have trouble migrating

One such company, Google, recently announced that it will continue to support Chrome on XP until April 2015 – a year after the deadline for extended support expires. "We recognise that hundreds of millions of users, including a good chunk of current Chrome users, still rely on XP," said Google.

"Many organisations still run dozens, or even hundreds, of applications on XP and may have trouble migrating."

Security experts condemned Google for "facilitating" unsafe internet use. "Yes, maybe Google can keep a handle on bugs and security holes in Chrome running on Windows XP," said security analyst Graham Cluley, "but it’s powerless to fix vulnerabilities in Windows XP itself."

One solution

Given the hundreds of millions of users potentially at risk, many are expecting Microsoft to relent and release patches. "People are hoping they can get away with it, and that Microsoft will issue a patch of some kind," said Shepley. "It will be interesting to see if something comes onto the internet that affects XP in a bad way quickly. Where Microsoft can deliver a fix, will it? Otherwise, it’s forcing an awful lot of people to be significantly impacted."

However, Shepley isn’t optimistic that Microsoft will perform a U-turn. "Personally, I don’t think it will push back," he said. "XP arrived in 2001, so we’re talking about producing a fix for something that [will be] around 13 years old."

There is some comfort for businesses that are likely to miss the April deadline: they have the option of switching to Windows Server 2003, which is based on the same kernel as Windows XP, but won’t be terminated until 14 July 2015. "All the people we know who will miss the April 2014 deadline will easily hit April 2015," said Shepley.

One mitigation strategy being employed by those who are set to miss the deadline is disconnecting vulnerable PCs running XP from the internet – but this isn’t without risks, either. "Even if a device is only a on private network another device – even one running a supported product – can be infected with malware outside and can bring it onto the private network, infecting other devices," Gartner said earlier this year.

Nonetheless, both Cluley and Shepley agreed that Microsoft should send out a "strong message" to warn more users off XP before the April deadline.

"Microsoft has done well communicating through partners, even if it isn’t quite so doom and gloom itself," said Shepley. "Part of me wishes it would say, ‘Right, we’re going to remotely turn off every XP box on 9 April’, because everyone would then pay attention."
http://www.pcpro.co.uk/features/3860...#ixzz2oD8BVDwp





You'll Never Guess Where This FBI Agent Left a Secret Interrogation Manual

"Security screwups are not very uncommon. But this is a first."
Nick Baumann

In a lapse that national security experts call baffling, a high-ranking FBI agent filed a sensitive internal manual detailing the bureau's secret interrogation procedures with the Library of Congress, where anyone with a library card can read it.

For years, the American Civil Liberties Union fought a legal battle to force the FBI to release a range of documents concerning FBI guidelines, including this one, which covers the practices agents are supposed to employ when questioning suspects. Through all this, unbeknownst to the ACLU and the FBI, the manual sat in a government archive open to the public. When the FBI finally relented and provided the ACLU a version of the interrogation guidebook last year, it was heavily redacted; entire pages were blacked out. But the version available at the Library of Congress, which a Mother Jones reporter reviewed last week, contains no redactions.

The 70-plus-page manual ended up in the Library of Congress, thanks to its author, an FBI official who made an unexplainable mistake. This FBI supervisory special agent, who once worked as a unit chief in the FBI's counterterrorism division, registered a copyright for the manual in 2010 and deposited a copy with the US Copyright Office, where members of the public can inspect it upon request. What's particularly strange about this episode is that government documents cannot be copyrighted.

"A document that has not been released does not even need a copyright," says Steven Aftergood, a government secrecy expert at the Federation of American Scientists. "Who is going to plagiarize from it? Even if you wanted to, you couldn't violate the copyright because you don't have the document. It isn't available."

"The whole thing is a comedy of errors," he adds. "It sounds like gross incompetence and ignorance."

Julian Sanchez, a fellow with the libertarian Cato Institute who has studied copyright policy, was harsher: "Do they not cover this in orientation? [Sensitive] documents should not be placed in public repositories—and, by the way, aren't copyrightable. How do you even get a clearance without knowing this stuff?"

The FBI agent who registered for the copyright did so under his own name—effectively claiming the rights for himself, not the FBI. An FBI spokesman told Mother Jones the bureau has been made aware of the matter but "cannot provide any further information at this time regarding this subject."

The version of the interrogation manual the agent deposited with the copyright office is dated August 18, 2008, but it wasn't filed until January 2010. The redacted version released to the ACLU is dated February 23, 2011.

Because the two versions are similar, a side-by-side comparison allows a reader to deduce what was redacted in the later version. The copyright office does not allow readers to take pictures or notes, but during a brief inspection, a few redactions stood out.

The ACLU has previously criticized the interrogation manual for endorsing the isolation of detainees and including favorable references to the KUBARK manual, a 1963 CIA interrogation guidebook that encouraged torture methods, including electric shocks. The group has also expressed concern that the manual adopts aspects of the Reid Technique, a common law enforcement interview method that has been known to produce false confessions. A redacted sentence in the manual says the document is intended for use by the FBI's "clean" teams—investigators who collect information intended for use in federal prosecutions. That raises the question of whether teams collecting information that's not for use in federal courts would have to follow the manual's (already permissive) guidelines at all.

Another section, blacked out in the version provided to the ACLU, encourages FBI agents to stage a "date-stamped full-body picture" of a detainee, complete with a bottle of water, for use in refuting abuse allegations at trial.

Yet the most eyebrow-raising thing about the unredacted version may be that it was available for public consumption for years. The inadvertent release of sensitive information "is not supposed to happen but it does," Aftergood says. "Security screwups are not very uncommon. But this is a first."
http://www.motherjones.com/politics/...dacted-secrets





RSA Comes Out Swinging, Denies Taking NSA's $10m to Backdoor its Crypto

In summary: Yes, the biz worked with spies. But it knew about a gaping hole? No, siree!
Simon Sharwood

RSA has hit back at allegations stemming from Edward Snowden's latest whistleblowing – specifically, the claim that it secretly took US$10m from the NSA in exchange for using the deliberately knackered Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) in its encryption products.

The EMC-owned security outfit said it started using Dual EC DRBG by default in 2004, sometime before the generator was standardised. By 2007 the algorithm was found to effectively have a backdoor in it that weakened the strength of any encryption that relied on it, making life easier for snoops. In September 2013, RSA told its customers to stop using the algorithm.

The NSA, which championed Dual EC DRBG, is separately accused of weakening the random number generator during its development.

In a strongly worded blog post today, RSA said “we categorically deny [the] allegation” that it secretly knew Dual EC DRBG was "flawed", and goes on to offer four reasons for its choice of random number generator, namely:

• We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.
• This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.
• We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.
• When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media.

The carefully worded post, which avoids discussing whether or not the company actually took the NSA's $10m, concluded with the following statement:

RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.

Meanwhile, Joseph Menn, the Reuters writer who broke the original news on Friday, stands by his story.
http://www.theregister.co.uk/2013/12..._nsa_response/





White House Tries to Prevent Judge From Ruling on Surveillance Efforts
Charlie Savage and David E. Sanger

The Obama administration moved late Friday to prevent a federal judge in California from ruling on the constitutionality of warrantless surveillance programs authorized during the Bush administration, telling a court that recent disclosures about National Security Agency spying were not enough to undermine its claim that litigating the case would jeopardize state secrets.

In a set of filings in the two long-running cases in the Northern District of California, the government acknowledged for the first time that the N.S.A. started systematically collecting data about Americans’ emails and phone calls in 2001, alongside its program of wiretapping certain calls without warrants. The government had long argued that disclosure of these and other secrets would put the country at risk if they came out in court.

But the government said that despite recent leaks by Edward J. Snowden, the former N.S.A. contractor, that made public a fuller scope of the surveillance and data collection programs put in place after the Sept. 11 attacks, sensitive secrets remained at risk in any courtroom discussion of their details — like whether the plaintiffs were targets of intelligence collection or whether particular telecommunications providers like AT&T and Verizon had helped the agency.

“Disclosure of this still-classified information regarding the scope and operational details of N.S.A. intelligence activities implicated by plaintiffs’ allegations could be expected to cause extremely grave damage to the national security of the United States,” wrote the director of national intelligence, James R. Clapper Jr.

So, he said, he was continuing to assert the state secrets privilege, which allows the government to seek to block information from being used in court even if that means the case must be dismissed. The Justice Department wants the judge to dismiss the matter without ruling on whether the programs violated the First or Fourth Amendment.

The filings also included similar declarations from earlier stages of the California litigation, which were classified at the time and shown only to the court but were declassified on Friday. The judge, Jeffrey S. White of the Northern District of California, had ordered the government to evaluate how the disclosures since Mr. Snowden’s leaks had affected its earlier invocations of the state secrets privilege.

The plaintiffs have until late January to file a response. Cindy Cohn, the legal director for the Electronic Frontier Foundation, which is leading one of the cases, called the government’s assertion “very troubling.” She said that despite the Snowden revelations, it was still essentially saying, “We can’t say whether the American people have been spied on by their government.”

Mr. Clapper’s unclassified affidavit to the court — he also filed a classified version, the documents state — contrasts sharply with the findings of President Obama’s advisory committee on signals intelligence, which said in a report made public on Wednesday that the collection of bulk telephone data was of little proven value.

The panel’s experts concluded that “there has been no instance in which N.S.A. could say with confidence that the outcome would have been different” in a terror investigation without the collection of the telephone data. “Moreover, now that the existence of the program has been disclosed publicly, we suspect that it is likely to be less useful still.”

Mr. Clapper, however, suggested that the program was one of many that needed to continue, and he discussed a litany of threats, mostly emanating from Al Qaeda and its affiliates, that he said made the program vital. He argued that revealing additional details, including whom it targets or how companies like AT&T and Verizon have given the N.S.A. access to its equipment and data, would be harmful.

“Disclosing or confirming further details about these activities could seriously undermine an important tool — metadata collection and analysis — for tracking possible terrorist plots,” he wrote, and could reveal methodology, thus “helping foreign adversaries evade detection.”

Still, Mr. Clapper’s description of the program as “an important tool” for tracking possible plots was a downgrade in rhetorical urgency. In earlier, now-declassified court filings, he and other officials had portrayed it as “an essential tool.”

Mr. Obama, in a news conference on Friday, strongly suggested that he was looking for a way to split the difference between these two views. He stopped short of endorsing the advisory group’s recommendation that the data should be held by telecommunications companies or a private consortium that has yet to be created.

“Just because we can do something doesn’t mean we necessarily should,” he said, repeating a line he has used often.

The newly declassified affidavits discuss a now-familiar list of threats to the United States coming from Al Qaeda and groups that share some of its ideology, including a plot in 2006 to blow up airliners over the Atlantic Ocean and the attempted car bombing in Times Square in 2010. But one of the documents makes reference to a renewed effort by Al Qaeda to obtain a nuclear weapon after 2005. It did not cite evidence.

The California litigation over warrantless surveillance represents the remnants of a wave of lawsuits filed in 2006 after The New York Times revealed that the Bush administration had authorized a program of wiretapping without warrants. Most of the initial suits were filed against telecommunications companies and were dismissed after Congress passed a law retroactively immunizing them for participating in the programs.

One of the lawsuits had also named the N.S.A. as a defendant, and in 2008 the Electronic Frontier Foundation refiled a case against the N.S.A. and a series of government officials, challenging the range of domestic surveillance and data collection activities. Several of the claims in those cases have been dismissed, but the First and Fourth Amendment ones remain.

The new filings came five days after another judge, Richard J. Leon of Federal District Court in the District of Columbia, ruled — in a case filed shortly after Mr. Snowden’s first reported disclosures — that the call-logging program in its current form probably violated the Fourth Amendment and called it “almost Orwellian.” The government is expected to appeal that decision.
http://www.nytimes.com/2013/12/22/us...e-efforts.html





U.S. Judge Says NSA Phone Surveillance is Lawful
Jonathan Stempel

A federal judge ruled that a National Security Agency program that collects records of millions of Americans' phone calls is lawful, calling it a "counter-punch" to terrorism that does not violate Americans' privacy rights.

Friday's decision by U.S. District Judge William Pauley in Manhattan diverged from a ruling by another judge this month that questioned the program's constitutionality, raising the prospect that the Supreme Court will need to resolve the issue.

In a 54-page decision, Pauley dismissed an American Civil Liberties Union lawsuit contending that the NSA collection of "bulk telephony metadata" violated the bar against warrantless searches under the Fourth Amendment of the U.S. Constitution.

The judge also referred often to the September 11, 2001 attacks, in which nearly 3,000 people died, and said broad counter-terrorism programs such as the NSA's could help avoid a "horrific" repeat of those events.

"This blunt tool only works because it collects everything," Pauley wrote. "Technology allowed al Qaeda to operate decentralized and plot international terrorist attacks remotely. The bulk telephony metadata collection program represents the government's counter-punch."

The program's existence was first disclosed by former NSA contractor Edward Snowden, who is now in Russia under temporary asylum. His leaks have sparked a debate over how much leeway to give the government in protecting Americans from terrorism.

ACLU PLANS APPEAL

Pauley ruled 11 days after U.S. District Judge Richard Leon in Washington, D.C. said the "almost Orwellian" NSA program amounted to an "indiscriminate and arbitrary invasion" that was likely unconstitutional.

Leon also ordered the government to stop collecting call data on the two plaintiffs in that case, but suspended that portion of his decision so the government could appeal.

The ACLU has argued before Pauley that the NSA program was an unwarranted "dramatic expansion" of the government's investigative powers over Americans' day-to-day lives.

Jameel Jaffer, deputy legal director of the ACLU, on Friday said the group was "extremely disappointed" with Pauley's decision, saying it does away with "core constitutional protections. He said the ACLU will appeal to the 2nd U.S. Circuit Court of Appeals in New York.

White House spokesman Josh Earnest declined to comment. U.S. Department of Justice spokesman Peter Carr said the department is pleased with the decision.

Stephen Vladeck, an American University law professor who specializes in national security, said if federal appeals courts in New York or Washington, D.C. ultimately accept Leon's analysis, "then it seems likely, if not certain, that this case will get to the (Supreme Court) by the end of next year."

President Barack Obama has defended the surveillance program but has indicated a willingness to consider constraints, including whether to give control of metadata to phone companies or other third parties. Intelligence officials have said this could prove costly and slow investigations.

On December 18, a White House-appointed panel proposed curbs on some NSA surveillance operations.

It said that because intelligence agencies could not point to specific cases where telephony metadata collection led to a major counter-terrorism success, the intrusiveness of such intelligence gathering might outweigh the public benefit.

Obama is expected next month to set forth his own proposals for possible surveillance reforms.

RUBBER STAMP, OR VITAL WEAPON?

In rejecting the ACLU motion for a preliminary injunction to block the NSA program, Pauley said the public interest tilted "firmly" toward the government, for which combating terrorism "is an urgent objective of the highest order."

While acknowledging that the program "vacuums up information about virtually every telephone call to, from, or within the United States," he said its constitutionality "is ultimately a question of reasonableness."

Pauley added that he found no evidence that the government had used bulk telephony metadata for any reason other than to investigate and disrupt terrorist attacks.

The program also faces a legal challenge by the Electronic Frontier Foundation, a data privacy group. In a statement, the group said it was "obviously disappointed" with Pauley's decision, but that it would continue pursuing its own cases.

Larry Klayman, a conservative legal activist who brought the case before Judge Leon, called Pauley's ruling "an outrageous decision that ignores the legitimate fears of the American people and in effect rubber stamps a police state."

Pauley was appointed to the bench by President Bill Clinton. Leon was appointed by President George W. Bush.

Both cases interpreted a 1979 Supreme Court decision, Smith v. Maryland, that said people have no "legitimate expectation of privacy" regarding phone numbers they dial because they knowingly give that information to phone companies.

While Leon said Smith's relevance had been "eclipsed" by technological advances and the advent of cell phones, Pauley said this did not undermine the finding that people have "no subjective expectation of privacy in telephony metadata."

Rep. Peter King, a New York Republican and chairman of the House Homeland Security Subcommittee on Counterintelligence & Terrorism, in a statement said Pauley's decision "preserves a vital weapon for the United States in our war against international terrorism."

The case is American Civil Liberties Union et al v. Clapper et al, U.S. District Court, Southern District of New York, No. 13-03994.

(Reporting by Jonathan Stempel in New York; Additional reporting by Mark Hosenball, Ros Krasny and Nate Raymond; Editing by Leslie Gevirtz and Dan Grebler)
http://www.reuters.com/article/2013/...9BQ0DA20131227





Stanford Researchers Find Connecting Metadata With User Names is Simple
Dennis Fisher

One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency’s collection of phone metadata is that the information it’s collecting, such as phone numbers and length of call, can’t be tied to the callers’ names. However, some quick investigation by some researchers at Stanford University who have been collecting information voluntarily from Android users found that they could correlate numbers to names with very little effort.

The Stanford researchers recently started a program called Metaphone that gathers data from volunteers with Android phones. They collect data such as recent phone calls and text messages and social network information. The goal of the project, which is the work of the Stanford Security Lab, is to draw some lines connecting metadata and surveillance. As part of the project, the researchers decided to select a random set of 5,000 numbers from their data and see whether they could connect any of them to subscriber names using just freely available Web tools.

The result: They found names for 27 percent of the numbers using just Google, Yelp, Facebook and Google Places.

That result came with next to no effort. So the researchers decided to go up a notch and spend a little time and see how many more they could find.

“What about if an organization were willing to put in some manpower? To conservatively approximate human analysis, we randomly sampled 100 numbers from our dataset, then ran Google searches on each. In under an hour, we were able to associate an individual or a business with 60 of the 100 numbers. When we added in our three initial sources, we were up to 73,” said Jonathan Mayer and Patrick Mutchler in a blog post explaining the results.

Things get even more interesting when they invested a little money in their search.

“How about if money were no object? We don’t have the budget or credentials to access a premium data aggregator, so we ran our 100 numbers with Intelius, a cheap consumer-oriented service. 74 matched. Between Intelius, Google search, and our three initial sources, we associated a name with 91 of the 100 numbers,” they wrote.

The researchers also released an update to the Metaphone app that now enables instant feedback for users, giving them a quick view of how closely they’re connected to other Metaphone users and how many businesses they’ve been in contact with.
https://threatpost.com/stanford-rese...-simple/103272





What Surveillance Valley Knows About You
Yasha Levine

“In 2012, the data broker industry generated 150 billion in revenue that’s twice the size of the entire intelligence budget of the United States government—all generated by the effort to detail and sell information about our private lives.”

— Senator Jay Rockefeller IV

“Quite simply, in the digital age, data-driven marketing has become the fuel on which America’s free market engine runs.”

— Direct Marketing Association

* *

Google is very secretive about the exact nature of its for-profit intel operation and how it uses the petabytes of data it collects on us every single day for financial gain. Fortunately, though, we can get a sense of the kind of info that Google and other Surveillance Valley megacorps compile on us, and the ways in which that intel might be used and abused, by looking at the business practices of the “data broker” industry.

Thanks to a series of Senate hearings, the business of data brokerage is finally being understood by consumers, but the industry got its start back in the 1970s as a direct outgrowth of the failure of telemarketing. In its early days, telemarketing had an abysmal success rate: only 2 percent of people contacted would become customers. In his book, “The Digital Perso,” Daniel J. Solove explains what happened next:

To increase the low response rate, marketers sought to sharpen their targeting techniques, which required more consumer research and an effective way to collect, store, and analyze information about consumers. The advent of the computer database gave marketers this long sought-after ability — and it launched a revolution in targeting technology.

Data brokers rushed in to fill the void. These operations pulled in information from any source they could get their hands on — voter registration, credit card transactions, product warranty information, donations to political campaigns and non-profits, court records — storing it in master databases and then analyzing it in all sorts of ways that could be useful to direct-mailing and telemarketing outfits. It wasn’t long before data brokers realized that this information could be used beyond telemarketing, and quickly evolved into a global for-profit intelligence business that serves every conceivable data and intelligence need.

Today, the industry churns somewhere around $200 billion in revenue annually. There are up to 4,000 data broker companies — some of the biggest are publicly traded — and together, they have detailed information on just about every adult in the western world.

No source of information is sacred: transaction records are bought in bulk from stores, retailers and merchants; magazine subscriptions are recorded; food and restaurant preferences are noted; public records and social networks are scoured and scraped. What kind of prescription drugs did you buy? What kind of books are you interested in? Are you a registered voter? To what non-profits do you donate? What movies do you watch? Political documentaries? Hunting reality TV shows?

That info is combined and kept up to date with address, payroll information, phone numbers, email accounts, social security numbers, vehicle registration and financial history. And all that is sliced, isolated, analyzed and mined for data about you and your habits in a million different ways.

The dossiers are not restricted to generic market segmenting categories like “Young Literati” or “Shotguns and Pickups” or “Kids & Cul-de-Sacs,” but often contain the most private and intimate details about a person’s life, all of it packaged and sold over and over again to anyone willing to pay.

Take MEDbase200, a boutique for-profit intel outfit that specializes in selling health-related consumer data. Well, until last week, the company offered its clients a list of rape victims (or “rape sufferers,” as the company calls them) at the low price of $79.00 per thousand. The company claims to have segmented this data set into hundreds of different categories, including stuff like the ailments they suffer, prescription drugs they take and their ethnicity:

These rape sufferers are family members who have reported, or have been identified as individuals affected by specific illnesses, conditions or ailments relating to rape. Medbase200 is the owner of this list. Select from families affected by over 500 different ailments, and/or who are consumers of over 200 different Rx medications. Lists can be further selected on the basis of lifestyle, ethnicity, geo, gender, and much more. Inquire today for more information.

MEDbase promptly took its “rape sufferers” list off line last week after its existence was revealed in a Senate investigation into the activities of the data-broker industry. The company pretended like the list was a huge mistake. A MEDbase rep tried convincing a Wall Street Journal reporter that its rape dossiers were just a “hypothetical list of health conditions/ailments.” The rep promised it was never sold to anyone. Yep, it was a big mistake. We can all rest easy now. Thankfully, MEDbase has hundreds of other similar dossier collections, hawking the most private and sensitive medical information.

For instance, if lists of rape victims aren’t your thing, MEDbase can sell dossiers on people suffering from anorexia, substance abuse, AIDS and HIV, Alzheimer’s Disease, Asperger Disorder, Attention Deficit Hyperactivity Disorder, Bedwetting (Enuresis), Binge Eating Disorder, Depression, Fetal Alcohol Syndrome, Genital Herpes, Genital Warts, Gonorrhea, Homelessness, Infertility, Syphilis… the list goes on and on and on and on.

Normally, such detailed health information would fall under federal law and could not be disclosed or sold without consent. But because these data harvesters rely on indirect sources of information instead of medical records, they’re able to sidestep regulations put in place to protect the privacy of people’s health data.

MEBbase isn’t the only company exploiting these loopholes. By the industry’s own estimates, there are something like 4,000 for-profit intel companies operating in the United States. Many of them sell information that would normally be restricted under federal law. They offer all sorts of targeted dossier collections on every population segments of our society, from the affluent to the extremely vulnerable:

• people with drug addictions
• detailed personal info on police officers and other government employees
• people with bad credit/bankruptcies
• minorities who’ve used payday loan services
• domestic violence shelter locations (normally these addresses would be shielded by law)
• elderly gamblers

If you want to see how this kind of profile data can be used to scam unsuspecting individuals, look no further than a Richard Guthrie, an Iowa retiree who had his life savings siphoned out of his bank account. Their weapon of choice: databases bought from large for-profit data brokers listing retirees who entered sweepstakes and bought lottery tickets.

Here’s a 2007 New York Times story describing the racket:

Mr. Guthrie, who lives in Iowa, had entered a few sweepstakes that caused his name to appear in a database advertised by infoUSA, one of the largest compilers of consumer information. InfoUSA sold his name, and data on scores of other elderly Americans, to known lawbreakers, regulators say.

InfoUSA advertised lists of “Elderly Opportunity Seekers,” 3.3 million older people “looking for ways to make money,” and “Suffering Seniors,” 4.7 million people with cancer or Alzheimer’s disease. “Oldies but Goodies” contained 500,000 gamblers over 55 years old, for 8.5 cents apiece. One list said: “These people are gullible. They want to believe that their luck can change.”


Data brokers argue that cases like Guthrie are an anomaly — a once-in-a-blue-moon tragedy in an industry that takes privacy and legal conduct seriously. But cases of identity thieves and sophistical con-rings obtaining data from for-profit intel businesses abound. Scammers are a lucrative source of revenue. Their money is just as good as anyone else’s. And some of the profile “products” offered by the industry seem tailored specifically to fraud use.

As Royal Canadian Mounted Police Sergeant Yves Leblanc told the New York Times: “Only one kind of customer wants to buy lists of seniors interested in lotteries and sweepstakes: criminals. If someone advertises a list by saying it contains gullible or elderly people, it’s like putting out a sign saying ‘Thieves welcome here.’”

So what is InfoUSA, exactly? What kind of company would create and sell lists customized for use by scammers and cons?

As it turns out, InfoUSA is not some fringe or shady outfit, but a hugely profitable politically connected company. InfoUSA was started by Vin Gupta in the 1970s as a basement operation hawking detailed lists of RV and mobile home dealers. The company quickly expanded into other areas and began providing business intel services to thousands of businesses. By 2000, the company raised more than $30 million in venture capital funding from major Silicon Valley venture capital firms.

By then, InfoUSA boasted of having information on 230 million consumers. A few years later, InfoUSA counted the biggest Valley companies as its clients, including Google, Yahoo, Microsoft and AOL. It got involved not only in raw data and dossiers, but moved into payroll and financial, conducted polling and opinion research, partnered with CNN, vetted employees and provided customized services for law enforcement and all sorts of federal and government agencies: processing government payments, helping states locate tax cheats and even administrating President Bill Clinton “Welfare to Work” program. Which is not surprising, as Vin Gupta is a major and close political supporter of Bill and Hillary Clinton.

In 2008, Gupta was sued by InfoUSA shareholders for inappropriately using corporate funds. Shareholders accused of Gupta of illegally funneling corporate money to fund an extravagant lifestyle and curry political favor. According to the Associated Press, the lawsuit questioned why Gupta used private corporate jets to fly the Clintons on personal and campaign trips, and why Gupta awarded Bill Clinton a $3.3 million consulting gig.

As a result of the scandal, InfoUSA was threatened with delisting from Nasdaq, Gupta was forced out and the company was snapped up for half a billion dollars by CCMP Capital Advisors, a major private equity firm spun off from JP Morgan in 2006. Today, InfoUSA continues to do business under the name Infogroup, and has nearly 4,000 employees working in nine countries.

As big as Infogroup is, there are dozens of other for-profit intelligence businesses that are even bigger: massive multi-national intel conglomerates with revenues in the billions of dollars. Some of them, like Lexis-Nexis and Experian, are well known, but mostly these are outfits that few Americans have heard of, with names like Epsilon, Altegrity and Acxiom.

These for-profit intel behemoths are involved in everything from debt collection to credit reports to consumer tracking to healthcare analysis, and provide all manner of tailored services to government and law enforcement around the world. For instance, Acxiom has done business with most major corporations, and boasts of intel on “500 million active consumers worldwide, with about 1,500 data points per person. That includes a majority of adults in the United States,” according to the New York Times.

This data is analyzed and sliced in increasingly sophisticated and intrusive ways to profile and predict behavior. Merchants are using it customize shopping experience— Target launched a program to figure out if a woman shopper was pregnant and when the baby would be born, “even if she didn’t want us to know.” Life insurance companies are experimenting with predictive consumer intel to estimate life expectancy and determine eligibility for life insurance policies. Meanwhile, health insurance companies are raking over this data in order to deny and challenge the medical claims of their policyholders.

Even more alarming, large employers are turning to for-profit intelligence to mine and monitor the lifestyles and habits of their workers outside the workplace. Earlier this year, the Wall Street Journal described how employers have partnered with health insurance companies to monitor workers for “health-adverse” behavior that could lead to higher medical expenses down the line:

Your company already knows whether you have been taking your meds, getting your teeth cleaned and going for regular medical checkups. Now some employers or their insurance companies are tracking what staffers eat, where they shop and how much weight they are putting on — and taking action to keep them in line.

But companies also have started scrutinizing employees’ other behavior more discreetly. Blue Cross and Blue Shield of North Carolina recently began buying spending data on more than 3 million people in its employer group plans. If someone, say, purchases plus-size clothing, the health plan could flag him for potential obesity — and then call or send mailings offering weight-loss solutions.

…”Everybody is using these databases to sell you stuff,” says Daryl Wansink, director of health economics for the Blue Cross unit. “We happen to be trying to sell you something that can get you healthier.”


“As an employer, I want you on that medication that you need to be on,” says Julie Stone, a HR expert at Towers Watson told the Wall Street Journal.

Companies might try to frame it as a health issue. I mean, what kind of asshole could be against employers caring about the wellbeing of their workers? But their ultimate concern has nothing to do with the employee health. It’s all about the brutal bottom line: keeping costs down.

An employer monitoring and controlling your activity outside of work? You don’t have to be union agitator to see the problems with this kind of mindset and where it could lead. Because there are lots of things that some employers might want to know about your personal life, and not only to “keep costs down.” It could be anything: to weed out people based on undesirable habits or discriminate against workers based on sexual orientation, regulation and political beliefs.

It’s not difficult to imagine that a large corporation facing a labor unrest or a unionization drive would be interested in proactively flagging potential troublemakers by pinpointing employees that might be sympathetic to the cause. But the technology and data is already here for wide and easy application: did a worker watch certain political documentaries, donate to environmental non-profits, join an animal rights Facebook group, tweet out support for Occupy Wall Street, subscribe to the Nation or Jacobin, buy Naomi Klein’s “Shock Doctrine”? Or maybe the worker simply rented one of Michael Moore’s films? Run your payroll through one of the massive consumer intel databases and look if there is any matchup. Bound to be plenty of unpleasant surprises for HR!

This has happened in the past, although in a cruder and more limited way. In the 1950s, for instance, some lefty intellectuals had their lefty newspapers and mags delivered to P.O. boxes instead of their home address, worrying that otherwise they’d get tagged as Commie symps. That might have worked in the past. But with the power of private intel companies, today there’s nowhere to hide.

FTC Commissioner Julie Brill has repeatedly voiced concern that unregulated data being amassed by for-profit intel companies would be used to discriminate and deny employment, and to determine consumer access to everything from credit to insurance to housing. “As Big Data algorithms become more accurate and powerful, consumers need to know a lot more about the ways in which their data is used,” she told the Wall Street Journal.

Pam Dixon, executive director of the Privacy World Forum, agrees. Dixon frequently testifies on Capitol Hill to warn about the growing danger to privacy and civil liberties posed by big data and for-profit intelligence. In Congressional testimony back in 2009, Dixon called this growing mountain of data the “modern permanent record” and explained that users of these new intel capabilities will inevitably expand to include not just marketers and law enforcement, but insurance companies, employers, landlords, schools, parents, scammers and stalkers. “The information – like credit reports – will be used to make basic decisions about the ability of individual to travel, participate in the economy, find opportunities, find places to live, purchase goods and services, and make judgments about the importance, worthiness, and interests of individuals.”

* *

For the past year, Chairman John D. (Jay) Rockefeller IV has been conducting a Senate Commerce Committee investigation of the data broker industry and how it affects consumers. The committee finished its investigation last week without reaching any real conclusions, but issued a report warning about the dangers posed by the for-profit intel industry and the need for further action by lawmakers. The report noted with concern that many of these firms failed to cooperate with the investigation into their business practices:

Data brokers operate behind a veil of secrecy. Three of the largest companies – Acxiom, Experian, and Epsilon – to date have been similarly secretive with the Committee with respect to their practices, refusing to identify the specific sources of their data or the customers who purchase it. … The refusal by several major data broker companies to provide the Committee complete responses regarding data sources and customers only reinforces the aura of secrecy surrounding the industry.

Rockefeller’s investigation was an important first step breaking open this secretive industry, but it was missing one notable element. Despite its focus on companies that feed on people’s personal data, the investigation did not include Google or the other big Surveillance Valley data munchers. And that’s too bad. Because if anything, the investigation into data brokers only highlighted the danger posed by the consumer-facing data companies like Google, Facebook, Yahoo and Apple.

As intrusive as data brokers are, the level of detail in the information they compile on Americans pales to what can be vacuumed up by a company like Google. To compile their dossiers, traditional data brokers rely on mostly indirect intel: what people buy, where they vacation, what websites they visit. Google, on the other hand, has access to the raw uncensored contents of your inner life: personal emails, chats, the diary entries and medical records that we store in the cloud, our personal communication with doctors, lawyers, psychologists, friends. Data brokers know us through our spending habits. Google accesses the unfiltered details of our personal lives.

A recent study showed that Americans are overwhelmingly opposed to having their online activity tracked and analyzed. Seventy-three percent of people polled for the Pew Internet & American Life Project viewed the tracking of their search history as an invasion of privacy, while 68 percent were against targeted advertising, replying: “I don’t like having my online behavior tracked and analyzed.”

This isn’t news to companies like Google, which last year warned shareholders: “Privacy concerns relating to our technology could damage our reputation and deter current and potential users from using our products and services.”

Little wonder then that Google, and the rest of Surveillance Valley, is terrified that the conversation about surveillance could soon broaden to include not only government espionage, but for-profit spying as well.
http://pando.com/2013/12/22/a-peek-i...llance-valley/





As New Services Track Habits, the E-Books Are Reading You
David Streitfeld

Before the Internet, books were written — and published — blindly, hopefully. Sometimes they sold, usually they did not, but no one had a clue what readers did when they opened them up. Did they skip or skim? Slow down or speed up when the end was in sight? Linger over the sex scenes?

A wave of start-ups is using technology to answer these questions — and help writers give readers more of what they want. The companies get reading data from subscribers who, for a flat monthly fee, buy access to an array of titles, which they can read on a variety of devices. The idea is to do for books what Netflix did for movies and Spotify for music.

“Self-published writers are going to eat this up,” said Mark Coker, the chief executive of Smashwords, a large independent publisher. “Many seem to value their books more than their kids. They want anything that might help them reach more readers.”

Last week, Smashwords made a deal to put 225,000 books on Scribd, a digital library here that unveiled a reading subscription service in October. Many of Smashwords’ books are already on Oyster, a New York-based subscription start-up that also began in the fall.

The move to exploit reading data is one aspect of how consumer analytics is making its way into every corner of the culture. Amazon and Barnes & Noble already collect vast amounts of information from their e-readers but keep it proprietary. Now the start-ups — which also include Entitle, a North Carolina-based company — are hoping to profit by telling all.

“We’re going to be pretty open about sharing this data so people can use it to publish better books,” said Trip Adler, Scribd’s chief executive.

Quinn Loftis, a writer of young adult paranormal romances who lives in western Arkansas, interacts extensively with her fans on Facebook, Pinterest, Twitter, Goodreads, YouTube, Flickr and her own website. These efforts at community, most of which did not exist a decade ago, have already given the 33-year-old a six-figure annual income. But having actual data about how her books are being read would take her market research to the ultimate level.

“What writer would pass up the opportunity to peer into the reader’s mind?” she asked.

Scribd is just beginning to analyze the data from its subscribers. Some general insights: The longer a mystery novel is, the more likely readers are to jump to the end to see who done it. People are more likely to finish biographies than business titles, but a chapter of a yoga book is all they need. They speed through romances faster than religious titles, and erotica fastest of all.

At Oyster, a top book is “What Women Want,” promoted as a work that “brings you inside a woman’s head so you can learn how to blow her mind.” Everyone who starts it finishes it. On the other hand, Arthur M. Schlesinger Jr.’s “The Cycles of American History” blows no minds: fewer than 1 percent of the readers who start it get to the end.

Oyster data shows that readers are 25 percent more likely to finish books that are broken up into shorter chapters. That is an inevitable consequence of people reading in short sessions during the day on an iPhone.

A few writers might be repelled by too much knowledge. But others would be fascinated, as long as they retained control.

“Would we provide this data to an author? Absolutely,” said Chantal Restivo-Alessi, chief digital officer for HarperCollins Publishers. “But it is up to him how to write the book. The creative process is a mysterious process.”

The services say they will make the data anonymous so readers will not be identified. The privacy policies however are broad. “You are consenting to the collection, transfer, manipulation, storage, disclosure and other uses of your information,” Oyster tells new customers.

Before writers will broadly be able to use any data, the services must become viable by making deals with publishers to supply the books. Publishers, however, are suspicious of yet another disruption to their business. HarperCollins has signed up with Oyster and Scribd, but Penguin Random House and Simon & Schuster have thus far stayed away.

Some agents, too, are wary.

“It’s hard to tell authors that it’s worth starting a new relationship with any of these new services,” said Ted Weinstein, an agent in San Francisco. “It is literally an unsustainable business model.”

Here is how Scribd and Oyster work: Readers pay about $10 a month for a library of about 100,000 books from traditional presses. They can read as many books as they want.

“We love big readers,” said Eric Stromberg, Oyster’s chief executive. But Oyster, whose management includes two ex-Google engineers, cannot afford too many of them.

This could be called the Sizzler problem. In the 1990s, the steak restaurant chain tried to beef up sales with an all-you-can-eat salad bar, which got bigger as it got more popular. But as more hungry customers came, the chain was forced to lower quality, which caused customers to flee, which resulted in bankruptcy.

“Sure, if you had a buffet and everyone ate everything, it wouldn’t be a profitable business,” said Mr. Adler of Scribd. “But generally people only eat so much.” Only 2 percent of Scribd’s subscribers read more than 10 books a month, he said.

These start-ups are being forced to define something that only academic theoreticians and high school English teachers used to wonder about: How much reading does it take to read a book? Because that is when the publisher, and the writer, get paid.

The companies declined to outline their business model, but publishers said Scribd and Oyster offered slightly different deals. On Oyster, once a person reads more than 10 percent of the book, it is officially considered “read.” Oyster then has to pay the publisher a standard wholesale fee. With Scribd, it is more complicated. If the reader reads more than 10 percent but less than 50 percent, it counts for a tenth of a sale. Above 50 percent, it is a full sale.

Both services say the response has been enthusiastic, but neither provided precise numbers.

Looming over these start-ups is Amazon, which has already dabbled in the subscription area. Kindle owners who are members of Amazon’s $79 annual Prime shipping service are eligible to borrow from a library of 350,000 titles. The program has had limited impact because users can borrow only one book at a time, and it offers few best-sellers.

Amazon may have bigger ambitions. Publishers say the retailer has been quietly asking them about how the new all-you-can-read services work, leading to industry speculation it will set up a rival plan. An Amazon spokesman declined to comment.

Scribd, which has received more than $25 million in venture funding, began as a site for posting documents, including pirated books. Offering a subscription service, said Jared Friedman, Scribd’s chief technology officer, “introduces a sort of interesting business opportunity to collaborate with publishers rather than be at odds with them.”

He contrasted two romance novels. One had few Amazon reviews and little promotion, but Scribd’s data showed 6 out of 10 readers were finishing it — above average for the genre. Another romance had hundreds of reviews on Amazon, but only about 4 out of 10 readers bothered to finish it. They began closing the book, the data showed, when the writer plunged deeper into fantasy. Maybe this was not a good idea.

Some writers, of course, might not be receptive to hearing this.

“If you aren’t careful, you could narrow your creativity. You won’t take risks,” said Ms. Loftis, the young adult novelist. “But the bigger risk is not giving the reader what she wants. I’ll take all the data I can get.”
http://www.nytimes.com/2013/12/25/te...ading-you.html





Mobile Carriers Failed to Use Tech Fixes to Thwart Spying: Expert
Jim Finkle

The world's mobile phone carriers have failed to implement technology fixes available since 2008 that would have thwarted the National Security Agency's ability to eavesdrop on many mobile phone calls, a cyber security expert says.

Karsten Nohl, chief scientist with Berlin's Security Research Labs, told Reuters ahead of a highly anticipated talk at a conference in Germany that his firm discovered the issue while reviewing security measures implemented by mobile operators around the world.

Nohl also told Reuters that the carriers had failed to fully address vulnerabilities that would allow hackers to clone and remotely gain control of certain SIM cards. Those vulnerabilities were pointed out in July.

While the German cryptologist criticized carriers for failing to implement technology to protect customers from surveillance as well as fraud, he said he does not think they did so under pressure from spy agencies.

"I couldn't imagine it is complicity. I think it is negligence," he said. "I don't want to believe in a worldwide conspiracy across all worldwide network operators. I think it is individual laziness and priority on network speed and network coverage and not security."

A spokeswoman for the GSM Association, which represents about 800 mobile operators worldwide, said she could not comment on Nohl's criticism before seeing his presentation on the topic at the Chaos Communications Congress in Hamburg, Europe's biggest annual conference on hacking, security and privacy issues.

Nohl uncovered the issue while working on a project known as the GSM Security Map, which evaluates security of mobile operators around the globe. The map, which can be found at www.gsmmap.org, is partially funded with a grant from the U.S. government's Open Technology Fund, according to Nohl.

None of the carriers surveyed had implemented measures for thwarting a method that allows the NSA to eavesdrop on most mobile calls by unscrambling a widely used encryption technology known as A5/1, Nohl said.

The Washington Post reported on December 13 that documents leaked by former NSA contractor Edward Snowden showed the agency can crack A5/1. (wapo.st/JolNxy ) Nohl said that method would have been blocked if carriers had applied two patches released in 2008.

Nohl is credited with leading research teams that have uncovered major flaws in mobile technology in recent years.

In July, he reported on security vulnerabilities that would allow hackers to gain remote control of and clone certain mobile SIM cards. The unprecedented work prompted a United Nations group known as the International Telecommunications Union, which advises nations on cyber security plans, to urge the industry to take quick action to tackle the vulnerabilities.

Once a hacker copies a SIM, it can be used to make calls and send text messages impersonating the owner of the phone, said Nohl, who has a doctorate in computer engineering from the University of Virginia.

A few weeks after Nohl disclosed his findings, he said it looked like most carriers had implemented fixes to prevent such attacks.

Yet he said on Friday that while conducting research for the GSM Security Map project, he learned on closer inspection that those fixes still left plenty of room for attacks, making customers on many networks vulnerable.

"I need to go back on what I said. The majority of the operators only addressed the symptoms, not the root cause," Nohl said.

He said that his firm launched the GSM Security Map project to pressure mobile operators around the world to boost security. The effort will also push researchers like himself not to be complacent.

"We as researchers must not give up so easily like we did in July, when we said 'The network operators addressed it. We are so proud. We changed the world,'" Nohl said.

The group will continue to update the map, which has detailed reports for each country surveyed that describe security of individual carriers.

In the map's initial release on Friday, the country whose networks were rated the most secure was France.

Not all countries are surveyed, however, because the group does not yet have enough data.

(Reporting by Jim Finkle; additional reporting by Sinead Carew in New York; Editing by Dan Grebler)
http://www.reuters.com/article/2013/...9BQ0IC20131227





Solving the Webcam Hacking Problem with a Smart Adhesive
Matt McFarland

Long before word broke that MacBook Webcams could be hacked without activating the accompanying light, Josh Luft was a concerned college senior taking a computer programming class. His professor had showed students at Keene State how common security features in Unix could be worked around. So Luft sought out ways to cover his laptop camera.

“Tape left a nasty residue over the camera, the Post-its fell off after a few days, and everything else I tried was just an eyesore,” Luft explained.

He then designed a plastic clasp — similar to the eyebloc– to cover a camera. But he was discouraged by its failure to fit all of the common gadgets that have cameras. And he wanted a solution for the devices which feature two cameras.

“I started thinking outside the box and realized you don’t need all that material. You just need a proper adhesive,” Luft said.

Luft knew one sticker could cover the camera on any device. He tracked down an adhesive designed for glass and plastic that wouldn’t leave any residue. With that, Luft had camJAMR, a simple solution for people concerned about their cameras being hacked.

Sales started slow, but have taken off recently. While camJAMR is more expensive than a piece of duct tape or Post-it note — a set of 12 stickers costs about $5 — its adhesive is a selling point. When I tested camJAMR it could be removed and firmly reattached to devices without leaving a trace of glue.

There are two advantages that camJAMR offers over eyebloc. It can block the dual cameras that are common on smartphones and tablets. Plus the stickers will fit under a case, and won’t stop a laptop lid from fully closing.
http://www.washingtonpost.com/blogs/...mart-adhesive/
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

December 21st, December 14th, December 7th, November 30th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 03:48 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)