P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 30-01-19, 07:56 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - February 2nd, ’19

Since 2002


































"I ask people all the time, ‘Do you know you’re supposed to get television for free?’" – David Goodfriend, CEO - Locast


"First you use this on the people marginalized in society, criminalizing the families of those incarcerated. But, especially in Trump’s America, the sky is the limit with this." – Martin Garcia, Prisoner - Sing Sing


"Why is the burden on them?" – Judge Patricia Millett, US Court of Appeals for the District of Columbia Circuit






































February 2nd, 2019




The Hidden Treasure of Digital Piracy? Can Boost Bottom Line for Manufacturers, Retailers
Antino Kim

HBO's popular television series "Game of Thrones" returns in April, but millions of fans continue to illegally download the program, giving it the dubious distinction of being the most pirated program.

Many may wonder why the TV network hasn't taken a more aggressive approach to combating illegal streaming services and downloaders. Perhaps it is because the benefits to the company outweigh the consequences. Research analysis by faculty in Indiana University's Kelley School of Business and two other schools found that a moderate level of piracy can have a positive impact on the bottom line for both the manufacturer and the retailer -- and not at the expense of consumers.

"When information goods are sold to consumers via a retailer, in certain situations, a moderate level of piracy seems to have a surprisingly positive impact on the profits of the manufacturer and the retailer while, at the same time, enhancing consumer welfare," wrote Antino Kim, assistant professor of operations and decision technologies at Kelley, and his co-authors.

"Such a win-win-win situation is not only good for the supply chain but is also beneficial for the overall economy."

While not condoning piracy, Kim and his colleagues were surprised to find that it can actually reduce, or completely eliminate at times, the adverse effect of double marginalization, an economic concept where both manufacturers and retailers in the same supply chain add to the price of a product, passing these markups along to consumers.

The professors found that, because piracy can affect the pricing power of both the manufacturer and the retailer, it injects "shadow" competition into an otherwise monopolistic market.

"From the manufacturer's point of view, the retailer getting squeezed is a good thing," Kim said. "It can't mark up the product as before, and the issue of double marginalization diminishes. Vice versa, if the manufacturer gets squeezed, the retailer is better off.

"What we found is, by both of them being squeezed together -- both at the upstream and the downstream levels -- they are able to get closer to the optimal retail price that a single, vertically integrated entity would charge."

In the example of "Game of Thrones," HBO is the upstream "manufacturer" in the supply chain, and cable and satellite TV operators are the downstream "retailers."

Kim and his co-authors -- Atanu Lahiri, associate professor of information systems at the University of Texas-Dallas, and Debabrata Dey, professor of information systems at the University of Washington -- presented their findings in the article, "The 'Invisible Hand' of Piracy: An Economic Analysis of the Information-Goods Supply Chain," published in the latest issue of MIS Quarterly.

They suggest that businesses, government and consumers rethink the value of anti-piracy enforcement, which can be quite costly, and consider taking a moderate approach. Australia, for instance, due to prohibitive costs, scrapped its three-strikes scheme to track down illegal downloaders and send them warning notices. Though the Australian Parliament passed a new anti-piracy law last year, its effectiveness remains unclear until after it is reviewed in two years.

As with other studies, Kim and his colleagues found that when enforcement is low and piracy is rampant, both manufacturers and retailers suffer. But they caution against becoming overzealous in prosecuting illegal downloaders or in lobbying for more enforcement.

"Our results do not imply that the legal channel should, all of a sudden, start actively encouraging piracy," they said. "The implication is simply that, situated in a real-world context, our manufacturer and retailer should recognize that a certain level of piracy or its threat might actually be beneficial and should, therefore, exercise some moderation in their anti-piracy efforts.

"This could manifest itself in them tolerating piracy to a certain level, perhaps by turning a blind eye to it," they add. "Such a strategy would indeed be consistent with how others have described HBO's attitude toward piracy of its products."
https://www.eurekalert.org/pub_relea...-tht012519.php





BitTorrent Tokens Sold Out in Under 15 Minutes, Netting Over $7 Mln
Miranda Karanfili

The BitTorrent token (BTT) sale on the Binance Launchpad platform concluded today Jan. 28, netting $7.1 million dollars with the sale of 50 billion tokens in under 15 minutes. Binance announced the conclusion of the sale in an official blog post.

BitTorrent is a protocol for peer-to-peer file sharing, allowing users to distribute files such as music or videos over the internet.

BTT is based on a Tron TRC-10 token, and will be used on the platform to “transact in computing resources shared between BitTorrent clients and any other participating service requesters and service providers.”

The BitTorrent tokens were sold in two simultaneous sessions on Binance Launchpad, one for buyers using Binance’s native token, Binance Coin (BNB), and the other for buyers using Tron (TRX). Each token was priced at $0.00012 according to the sales data posted on the Binance website.

According to a tweet from Tron CEO and founder Justin Sun, “It is official: In the BNB session, all 23.76 billion BTT were sold to token sale participants within 13 minutes and 25 seconds. Meanwhile, in the Tron session, all 35.64 billion BTT were sold within 14 minutes and 41 seconds.”

Binance CEO and founder Changpeng Zhao said that the sale would have ended much sooner, had technical issues not surfaced on the Launchpad website. At around 3:20 UTC Zhao tweeted that “Both sessions concluded. Took about 18 minutes, due to a system issue, would have taken 18 seconds otherwise. Demand was astronomical.”

BitTorrent Speed, the system which will integrate the Tron-based BTT token into the popular µTorrent Windows client, will purportedly launch by summer.
https://cointelegraph.com/news/japan...-joint-venture





Federal Judge Dismisses Major Labels' Lawsuit Against Russian Stream-Ripper
Marc Schneider

A federal judge in the Eastern District of Virginia has dismissed a copyright infringement case brought by Universal Music, Sony Music and 10 other record labels against the operator of FLVTO.biz, a notorious Russian stream-ripping website. In writing his opinion, U.S. District Court Judge Claude M. Hilton ruled that the court lacked jurisdiction, saying that the defendant, Tofig Kurbanov, did not set out to target U.S. citizens by operating the site.

"As the websites are semi-interactive, the interactions with the users are non-commercial, and there were no other acts by the Defendant that would demonstrate purposeful targeting, the Court finds that the Defendant did not purposefully avail himself of the benefits and protections of either Virginia or the United States," Judge Hilton said.

FLVTO.biz received over 263 million visits between Oct. 2017 and Sept. 2018, making it the 322nd most-visited website globally during that period, according to court documents. Nearly 10 percent -- 26.3 million visitors -- of the site's traffic came from the United States, including 500,000 from Virginia.

Stream-ripping websites allow users to rip audio from videos on YouTube and other sources. With some quick copy and pasting of URLs, a YouTube video is turned into a permanent MP3 format. In its most recent report measuring consumer habits, the IFPI pointed to stream-ripping as the most popular method for accessing copyright-infringing music.

Plaintiffs in this case included UMG, Capitol, Warner Bros., Atlantic, Elektra, Fueled by Ramen, Nonesuch, Sony Music, Sony Music Latin, Arista, LaFace and Zomba. The record labels believed the court had jurisdiction in the case because many of the site's U.S. visitors originated in the Commonwealth of Virginia, arguing that FLVTO's geo-targeted ads meant it was purposefully targeting Virginians and others in the U.S.

Kurbanov also operates 2conv.com, a smaller stream-ripping site similar to FLVTO. The two sites, with domains registered through Arizona-based GoDaddy, are free to use but earn revenue through advertising, much of it geo-targeted based on a user's location. The court found that the defendant does not have a commercial relationship with users because its revenue is derived from third party advertisers.

The labels also argued that the websites were "highly interactive" due to the sheer volume of users. Judge Hilton disagreed, writing in his opinion that there needed to be "numerous transactions" between the site and users for that to be the case. "Users do not need to create an account, sign in, or register in order to the sites," he said. "This want of an ongoing, developed relationship between users and the websites leads to a finding the they are semi-interactive."

Plaintiffs filed the lawsuit against Kurbanov on Aug. 3, 2018, arguing the sites are a vehicle for music piracy and copyright infringement -- an assertion the court does not deny. The defendant moved to dismiss for lack of personal jurisdiction, or have the case transferred to the Central District of California. In his order, Judge Hilton declined to address Kurbanov's request to move to California "as that venue would also be without jurisdiction."

A spokesperson for the Recording Industry Association of America (RIAA) said the organization would review its options on how to respond to the ruling.

The FLVTO suit followed a similar 2016 filing against the world’s largest stream-ripping site, YouTube-mp3.org for copyright violations. In that case, the site complied and agreed to shut down.
https://www.billboard.com/articles/b...-stream-ripper





Top 10 Anonymous File Sharing Websites
Munawar Gul

Looking for a secure way to share your files on the internet? File-sharing sites allow you to upload files in an anonymous, secure platform. Check out these 10 anonymous file upload websites that are the best of the best:

Firefox Send

An offshoot service from Firefox Mozilla. Users can send files to the Firefox servers with a maximum size of 1GB. The encrypted links don’t generate any cookies or presence. What’s more, you can delete the link if you don’t want to share the file anymore.
Anonymousfiles.io

As the name suggests, users get total privacy when they wish to upload files for sharing with friends. Anonymousfiles gets the top spot because it offers zero bandwidth restrictions, speed limits and there’s absolutely zero logs and intrusion. Drag and drop files up to 5GB in size.

SendSpace

SendSpace offers tracking and sharing capabilities aside from the usual send and receive function. You can upload a max file size of 300MB and even upload multiple files simultaneously and get a unique download link for each one.

File Dropper

File Dropper is a premium site that offers unlimited upload options for files that can reach up to a whopping 5GB. If you’re tired of bandwidth throttling then you’ll be pleased to know that File Dropper gives you maximum speeds depending on your bandwidth. The site also gives you the option to set a duration when the files will be available online.

Ge.tt

Offers unlimited storage space and file uploads of up to 250MB per instance. You get 2GB for free and auto-deletion of files after the 30-day limit.

Transfer.sh

An anonymous upload site for developers. Here, you can share via command lines and the shell cURL quickly and with ease.

Zippy Share

File sizes on up to 500MB are supported here. Zippy Share gives uploaders a 30-day storage limit and unlimited disk space for maximum convenience. As for security, the file uploader platform stores the file for 30 days before automatically deleting it.

Expirebox

Share files up to 150MB in size via email or social media. Any uploaded file will be auto-deleted after 48 hours has passed.

Tiny Upload

Small but speedy filesharing options is the name of Tiny Upload’s game. There’s no limit to the number of files you can upload on the site’s servers. What’s more, you can have the file stay up online for as long as you want.

File.io

File.io emulates what makes Snapchat so great, with anonymous file upload and auto-delete options thrown in the mix. You get max 100 files upload each day and up to a size of 5GB.
https://thehackpost.com/top-10-anony...-websites.html





Dragon Media to Shut Down and Pay $14M to Settle Copyright Lawsuit
City News Service

A Carlsbad company which sells Dragon Box, a streaming device allegedly used for pirating movies and TV shows, has lost its legal battles with Netflix, Amazon and the major Hollywood studios, it was reported Tuesday.

Dragon Media, which sells set-top boxes that allow people to stream video from the internet to their TVs, will shut down and pay $14.5 million to settle a lawsuit brought by a coalition of streaming services and studios, the Los Angeles Times reported.

Dragon Media will shut down operations within five days of the entry of the settlement, according to a proposed judgment and permanent injunction filed in U.S. District Court in Los Angeles.

The studios and streaming services sued Dragon Media last January, saying the company induced copyright theft of a multitude of titles including “Stranger Things” and “Deadpool.”

The case represents part of a broader crackdown on the use of a popular software called Kodi, an open-source program that developers can modify with apps and add-ons, allowing users to stream video from the web, the Times reported. Kodi itself is legal and has legitimate uses, but many add-ons stream unauthorized content.

The settlement is the latest legal victory for the Alliance for Creativity and Entertainment, a coalition of international studios, television networks and major online-video companies, which launched in 2017 in an effort to fight global piracy.

Netflix, Amazon, Columbia Pictures, Paramount Pictures, 20th Century Fox Film, Universal Pictures and Warner Bros. were plaintiffs in the Dragon Box case, according to the Times.

The alliance won a similar case last September against Georgia-based TickBox TV, which agreed to pay $25 million in damages to the studios and discontinue all piracy-related activities.
https://fox5sandiego.com/2019/01/29/...right-lawsuit/





UltraViolet Digital Movie Locker is Shutting Down

Users have until July 31st to preserve their libraries
Thomas Ricker

UltraViolet, one of the entertainment industry’s first attempts at creating a comprehensive digital locker service, is shutting down on July 31st, as first reported by Variety. Users should link their libraries to the service of at least one retailer which can then be used to access their films and TV shows after the shutdown.

UltraViolet’s days were numbered ever since Disney, the only major Hollywood studio not to join, launched its expanded Movies Anywhere locker service in 2017. Not only did it offer broad studio support, but it could also be connected to major digital retailers like iTunes, Amazon, and Google Play, unlike UltraViolet.

Walmart’s Vudu, the biggest retailer to support UltraViolet (and later Movies Anywhere), issued a statement to ease concerns from those worried about the closure of the cloud-based locker service.

"Users will be informed of the shutdown on Thursday"

“Customers who use Vudu to watch, rent, or buy movies and TV shows will not be impacted by the discontinuation of the Ultraviolet platform,” said Vudu VP Scott Blanksteen in a statement to Variety. “These customers will continue to be able to enjoy Vudu content as they have been and continue to access any and all movies and TV shows they have saved in their Vudu library, even after the shutdown of the Ultraviolet service.”

Things are a bit trickier for UltraViolet users outside of the US. For one thing, you’re not eligible to create a Movies Anywhere account. And this note in the shutdown section of the Frequently Asked Questions is a little ominous:

“In most cases, we anticipate very little impact, particularly in the United States. Most, and perhaps all, existing rights in UltraViolet Libraries currently available through your linked retailers that are still operating should continue to be available from those retailers. While there could be some disruption, we do not anticipate this on a broad scale and are working diligently to minimize and avoid such instances.”

UltraViolet claims more than 30 million users who store over 300 million films and TV shows in their lockers. Wendy Aylsworth, president of the Digital Entertainment Content Ecosystem (DECE) consortium tasked with running UltraViolet, told Variety that users will be informed of the shutdown on Thursday.
https://www.theverge.com/2019/1/31/1...-shutdown-date





Locast, a Free App Streaming Network TV, Would Love to Get Sued

Structured as a nonprofit, the start-up aims to succeed where Aereo was litigated into oblivion.
Edmund Lee

On the roof of a luxury building at the edge of Central Park, 585 feet above the concrete, a lawyer named David Goodfriend has attached a modest four-foot antenna that is a threat to the entire TV-industrial complex.

The device is there to soak up TV signals coursing through the air — content from NBC, ABC, Fox, PBS and CBS, including megahits like “This Is Us” and this Sunday’s broadcast of Super Bowl LIII. Once plucked from the ether, the content is piped through the internet and assembled into an app called Locast. It’s a streaming service, and it makes all of this network programming available to subscribers in ways that are more convenient than relying on a home antenna: It’s viewable on almost any device, at any time, in pristine quality that doesn’t cut in and out. It’s also completely free.

If this sounds familiar, you might be thinking of Aereo, the Barry Diller-backed start-up that in 2012 threatened to upend the media industry by capturing over-the-air TV signals and streaming the content to subscribers for a fee — while not paying broadcasters a dime. NBC, CBS, ABC and Fox banded together and sued, eventually convincing the Supreme Court that Aereo had violated copyright law. The clear implication for many: If you mess with the broadcasters, you’ll file for bankruptcy and cost your investors more than $100 million.

Mr. Goodfriend took a different lesson. A former media executive with stints at the Federal Communications Commission and in the Clinton administration, he wondered if an Aereo-like offering that was structured as a noncommercial entity would remain within the law. Last January, he started Locast in New York. The service now has about 60,000 users in Houston, Chicago, Boston, Philadelphia, Dallas and Denver as well as New York, and will soon add more in Washington, D.C.

Mr. Goodfriend, 50, said he hoped to cover the entire nation as quickly as possible. “I’m not stopping,” he said. “I can’t now.”

The comment is basically a dare to the networks to take legal action against him. By giving away TV, Mr. Goodfriend is undercutting the licensing fees that major broadcasters charge the cable and satellite companies — a sum that will exceed $10 billion this year, according to the research firm Kagan S&P Global Market Intelligence. For cable customers, the traditional network channels typically add about $12 to a monthly bill.

With consumers increasingly willing to piece together their own bespoke packages of content — paying a few bucks to Netflix here, a few to HBO there — anything that encourages people to cut their cable cords is a challenge to the cable TV empire. That calculus makes tiny Locast, whose modest website (“Help us free your TV!”) asks for donations starting at $5, perhaps the most audacious media experiment in years.

‘Do you know you’re supposed to get television for free?’

With a shaved head and a short mustache, Mr. Goodfriend looks much younger than his age, and he speaks with the enthusiasm and the cadence of an earnest law student.

“We really did our homework,” he said. “We are operating under parameters that are designed to be compliant within the law.”

The copyright code has an exemption for nonprofits. Mr. Goodfriend, who does not draw a salary, said he has collected $10,000 in donations so far, mostly in $5 increments. He took out a high-interest loan, at around 15 percent, to fund the operation, which to date has cost more than $700,000.

Mr. Goodfriend is not a rich tech entrepreneur or a wealthy heir — just a lawyer who has made a decent living. Locast could still meet the fate of Aereo and be sued into financial oblivion by the networks. So why is he doing this?

The answer is partly principle, and partly intellectual mischief: With his public-private background, he has spotted an imbalance in the media ecosystem, he said, and decided to give the whole thing a shake.

“I ask people all the time, ‘Do you know you’re supposed to get television for free?’” Mr. Goodfriend said during an interview in Central Park, gesturing to a gaggle of visitors. “Most people under 50 don’t get it.”

Although his practice is in Washington, where he also teaches law at Georgetown and lectures at George Washington University, Mr. Goodfriend had come to New York to inspect the installation of the antenna, on the Trump International Hotel and Tower.

(This is another area where Locast has to operate carefully: The organization must install signal equipment in every city where it operates, because all broadcast stations are regional and retransmissions can be made only to local residents. If you live in, say, Miami, you can’t get Locast until Mr. Goodfriend puts up an antenna there.)

More Americans are receiving over-the-air TV signals for free lately — about 16 million households, up from 11 million eight years ago, according to Nielsen. But that number still pales in comparison with the 90 million homes that pay for video content, whether cable or satellite or Netflix.

Mr. Goodfriend wonders how many young people are even aware that in the beginning, TV was free for everyone. “Our society got way over-commercialized in the ’40s and ’50s, when media policy was being hammered out,” he said. “As a result, we don’t have stuff for the public anymore.”

Mr. Goodfriend’s argument is infectious, especially when he frames the issue as David versus Goliath, in the form of the big networks.

“The American people have given you something really valuable, the airways, for free,” he said, talking about the broadcasters, his eyes popping at the word “free.” Slowing down for emphasis, he added: “So shouldn’t we get something back for free? Which is great television. That’s the social contract, right?”

In media, the enemy of my frenemy is my friend

Mr. Goodfriend is the epitome of a media insider and Beltway fixer. During the Clinton administration, he was a deputy staff secretary — the office is sometimes referred to as the nerve center of the White House — and from 1999 to 2001 he worked as legal counsel to the F.C.C. He spent time as Charlie Ergen’s vice president of law and public policy at the satellite-TV provider Dish, and with his wife, Sue Emmer, he owns an advisory firm that counts Google, PayPal and the Weather Channel as clients.

It’s the kind of history that one needs to take on the broadcasters. The contemporary history of TV and copyright law is something like a Dungeons and Dragons script — several competing story lines hastily merged together to bring about a conclusion to the game.

The short-short version goes something like this: By the 1990s, after decades of legislative tussles over how copyright owners should be compensated, the networks won a provision that required providers like Comcast or Dish to negotiate a fee, known as “retransmission consent,” to carry their signals. Aereo’s 2014 loss in the Supreme Court is rooted in that framework.

Locast started as a thought experiment in one of Mr. Goodfriend’s lectures at Georgetown. He was reviewing the Aereo case and wanted to show how its ruling might impact the public interest.

“I had to teach them that more often than not, it’s through huge stakeholders battling it out that change happens,” Mr. Goodfriend said. “There should be something that challenges the broadcasters.”

After Locast debuted, the cable and satellite providers quickly took notice. A free streaming service that captured broadcast signals could benefit their business if it meant they no longer had to bother carrying network stations and bargain for fees.

The cable and satellite companies typically negotiate agreements with broadcasters every three years. The former want to pay the least possible; the latter want as much as they can get. When the providers and broadcasters can’t come to agreements, customers suffer blackouts.

That happened on Jan. 2 during a standoff between Charter Communications, the nation’s second-largest cable operator, and Tribune, which owns local TV stations affiliated with the major broadcasters. Football fans in some areas missed a Jan. 5 playoff game between the Seattle Seahawks and the Dallas Cowboys, which aired on Fox.

When customers called Charter to complain, service representatives, depending on the region, would alert subscribers to Locast as a way to get programming despite the blackout. Nine days later, the two sides reached an agreement, with Charter agreeing to pay more to carry the channels.

Cable and satellite carriers have long railed against retransmission fees. Mr. Ergen, the billionaire who controls Dish, has been one of the most vocal opponents of the fees, and given Mr. Goodfriend’s ties to the company, many people in the industry believed Mr. Ergen was somehow backing Locast. (Mr. Ergen had tried to buy Aereo’s assets when it went into bankruptcy, but eventually backed off.)

“No, Charlie hasn’t given me any money,” Mr. Goodfriend said. But he has asked. “Charlie just said, ‘Good luck.’ He’s been very encouraging. I’m still working on him to get some funding.”

Mr. Ergen declined to comment. The networks were also mum on Locast: CBS and NBC declined to comment, and ABC and Fox did not respond to inquiries.

The networks’ dilemma: Sue or ignore?

Mr. Goodfriend said he would welcome a legal challenge from the networks. But the broadcasters’ deep pockets would make them a formidable opponent.

“I’d give them a 50 percent chance for prevailing, only because they’ll have the money for the lawyers,” said Jessica Litman, an expert on copyright law and a professor at the University of Michigan law school.

She considers Locast legal, but that may never be tested — that is, the broadcasters may be wary of giving Mr. Goodfriend’s start-up the spotlight of a big legal fight.

“A loss for the networks is a lot more risky than a win would be,” Ms. Litman said.

Initially, Aereo escaped legal scrutiny. “Nobody touched us, even when we were adding customers,” its founder, Chet Kanojia, said in an interview. That changed when Mr. Diller put his money in. “That lit the fuse,” Mr. Kanojia said.

Mr. Goodfriend is soliciting corporate sponsorships, and is in talks with Samsung to make Locast available on its smart TVs.

“I don’t pretend to know how all this ends,” he said. “And if you look at how much this is costing and where I am right now, you’d say, ‘Dude, you’re screwed!’ But I haven’t even really started to fight. I’m not giving up.”
https://www.nytimes.com/2019/01/31/b...etwork-tv.html





Cord Cutting? Amazon has More Movies, but Netflix has Higher-Rated Films, Tech Site Finds
Mike Snider

When you want to watch a movie, which streaming service truly delivers?

If you want quality, opt for Netflix. If you prefer quantity, peruse Amazon Prime Video.

That's the conclusion from Streaming Observer. The tech news website looked at all of the movies on Netflix, Amazon, Hulu and HBO Now as of January 20 and analyzed the films' ratings on movie and TV review site Rotten Tomatoes. Also factored in: data from the streaming providers, as well as third-party search sites Reelgood and JustWatch.

The site found Amazon had the most movies (17,461) – four times that of Netflix (3,839) and many more times the amount on Hulu (2,336) and HBO (815).

But Netflix had more movies – 596, more than 15 percent of its library – with a "Certified Fresh" rating from Rotten Tomatoes, a designation given to the best-reviewed films.

Amazon had 232 "Certified Fresh" films (1.3 percent of its library); Hulu had 223, or 9.6 percent; and HBO Now, 38, or 4.7 percent, Streaming Observer found.

Among Netflix's current cinematic stash: "Black Panther" with a Rotten Tomatoes rating of 97 out of 100; and "Raiders of the Lost Ark" rated 95.
'Incredibles 2,' nominated for best animated feature film, hits Netflix on January 30.

Among Amazon's library are "Leave No Trace" with a 100 rating and "Lady Bird" with a 99.

Examples on Hulu include "Arrival" (94) and "Little Miss Sunshine" (91), and on HBO: "The Shape of Water" (92) and "Maria Full of Grace" (97).

While there's some concern about Netflix focusing on original content and "losing too many movies, one thing is clear — when it comes to the quality of its movie library, it’s still comfortably in the lead," said Chris Brantner, founder and editor-in-chief of Streaming Observer, in his post about the findings.

"In fact, Netflix has more Certified Fresh movies than Prime, Hulu, and HBO combined," he said.

However, Amazon's "large, diverse library," Brantner said, gives subscribers "plenty of options to choose from."
https://www.usatoday.com/story/tech/...on/2699056002/





Terabyte-Using Cable Customers Double, Increasing Risk of Data Cap Fees

4.1 percent of users now hit 1TB per month, but capped customers use less data.
Jon Brodkin

US cable Internet customers are using an average of 268.7GB per month, and 4.1 percent of households use at least 1TB, according to new research by the vendor OpenVault.

Households that use at least 1TB a month are at risk of paying overage fees because of the 1TB data caps imposed by Comcast and other ISPs. Terabyte users nearly doubled year over year, as just 2.1 percent of households hit the 1TB mark last year, according to OpenVault.

Cable Internet providers use OpenVault products to track "broadband data usage consumption levels for millions of subscribers," the company says. This gives OpenVault visibility into how much data broadband customers use each month.

OpenVault found that households that face data caps use 8.5-percent less data than un-capped users, suggesting that cable customers limit their Internet usage when they face the prospect of overage fees. According to OpenVault, the caps can help cable companies avoid major network upgrades.

For cable Internet users, the need to limit usage to avoid overage fees isn't a selling point. But for OpenVault's cable industry customers, the ability to impose caps is a plus because it helps cable companies delay network upgrades.

"Our analysis makes it clear that usage-based billing is among the most effective tools the industry has in managing consumption and reducing the need for massive capital expenditures," OpenVault Executive VP Josh Barstow said in the OpenVault announcement.

Specifically, "OpenVault's 2018 data also shows that average usage for households with flat-rate pricing was 282.1GB/HH, more than 9 percent higher than the 258.2GB/HH average usage for households on usage-based billing (UBB) plans," OpenVault wrote. Stated another way, customers facing caps and overage fees use 8.5-percent less data than un-capped customers.

Un-capped customers are, naturally, more likely to exceed a terabyte. "The percentage of flat-rate (non-UBB) households exceeding 1TB of usage was 4.82 percent, a full percentage point higher than the 3.81 percent of UBB households who exceeded the 1TB threshold," OpenVault said.

Median usage rises 40%, year over year

OpenVault's new report is based on household usage in December 2018. The data comes entirely from cable networks, so it does not include any fiber, DSL, or wireless Internet services, an OpenVault spokesperson told Ars. OpenVault declined to say how many households were included in the data, and it's not clear which cable provider networks were studied.

The 268.7GB average household data used in December 2018 was "up from 226.4GB/HH [household] at the end of June 2018 and a 33.3 percent increase over the YE 2017 average of 201.6GB/HH," OpenVault said.

Median usage was 145.2GB in December 2018, "up from 116.4GB/HH in June 2018 and a 40 percent increase over the YE 2017 median of 103.6GB/HH," the company also said.

These numbers are in the general ballpark of what Comcast reports. Comcast says that "[a]s of June 2018, Xfinity Internet customers' median monthly data usage was 151GB per month during the past six months."

But while Comcast says that "more than 99 percent of our customers do not use 1 terabyte of data," OpenVault's research found a much higher percentage of customers exceeding 1TB. (Again, we don't know which cable networks were included in OpenVault's measurements.)

"The percentage of power users—defined as those households using 1TB or more—almost doubled in 2018, rising to 4.12 percent of all households from 2.11 percent in 2017, while the percentage of households exceeding 250GB rose to 36.4 percent from 28.4 percent during the same time span,"

Comcast imposed 300GB data caps in 2012, and raised the monthly cap to a terabyte in 2016. Customers who go over 1TB are charged $10 for each additional block of 50GB, up to a maximum of $200 a month. Comcast lets customers avoid overage fees by purchasing unlimited data for an extra $50 a month.

Charter, the second-largest home Internet provider in the US, is prohibited from selling plans with data caps and overage fees until 2023 thanks to merger conditions imposed on its 2016 purchase of Time Warner Cable.

But Comcast isn't the only major home Internet provider imposing caps and overage fees. AT&T, the third-largest home Internet provider, imposes caps ranging from 150GB to 1TB a month and charges overage fees of $10 for each additional 50GB. AT&T customers can get unlimited data by purchasing the gigabit speed tier, by bundling AT&T Internet with TV service, or by paying $30 extra per month.
https://arstechnica.com/information-...data-cap-fees/





Your Smartphone May Soon Pack 1TB in Storage Thanks to Samsung’s New Memory Chip
Jon Russell

Sick of filling the limited space on your phone with apps, photos and videos? Sometime in the near future, your smartphone could ship with more than one-terabyte (1TB) of internal storage and run 10 times faster than a standard memory card.

Samsung is best known for making smartphones but the company’s memory division — one of its most profitable units — just announced that it has begun mass-producing a 1TB flash storage chip for phones. There’s no word on when they’ll be inside smartphones but Samsung said it plans to increase production during the first half of this year.

“Smartphone enthusiasts will soon be able to enjoy storage capacity comparable to a premium notebook PC, without having to pair their phones with additional memory cards,” Samsung said.

That 1TB capacity is double the previous highest that the Korean firm has produced. Its newest chip gave the Galaxy Note 9 a 512GB model which passes the terabyte milestone when a 512GB SD card is added. This new breakthrough promises to offer that without the help of a card, but the company also boasted of improved performance.

Samsung said its new tech reaches speeds of up to 1,000 megabytes per second (MB/s) — that would transfer a 5GB-sized full HD video in just five seconds to transfer, as opposed to nearly one minute with conventional microSD cards. Increased memory will also enable better quality high-resolution video shooting thanks to faster random read speed, it said.

Sounds good, but might this ship before the end of the year? The Samsung rumor mill is already speculating that the upcoming Galaxy Note 10 could include a 1TB model, but at this stage there is no concrete evidence. Keep an eye out for future leaks for more hints.
https://techcrunch.com/2019/01/30/samsung-1tb-storage/





Prisons Across the U.S. Are Quietly Building Databases of Incarcerated People’s Voice Prints
George Joseph, Debbie Nathan

Roughly six months ago at New York’s Sing Sing prison, John Dukes says he was brought out with cellmates to meet a corrections counselor. He recalls her giving him a paper with some phrases and offering him a strange choice: He could go up to the phone and utter the phrases that an automated voice would ask him to read, or he could choose not to and lose his phone access altogether.

Dukes did not know why he was being asked to make this decision, but he felt troubled as he heard other men ahead of him speaking into the phone and repeating certain phrases from the sheets the counselors had given them.

“I was contemplating, ‘Should I do it? I don’t want my voice to be on this machine,’” he recalls. “But I still had to contact my family, even though I only had a few months left.”

So when it was his turn, he walked up to the phone, picked up the receiver, and followed a series of automated instructions. “It said, ‘Say this phrase, blah, blah, blah,’ and if you didn’t say it clearly, they would say, ‘Say this phrase again,’ like ‘cat’ or ‘I’m a citizen of the United States of America.’” Dukes said he repeated such phrases for a minute or two. The voice then told him the process was complete.

“Here’s another part of myself that I had to give away again in this prison system,” he remembers thinking as he walked back to the cell.

Dukes, who was released in October, says he was never told about what that procedure was meant to do. But contracting documents for New York’s new prison phone system, obtained by The Appeal in partnership with The Intercept, and follow-up interviews with prison authorities, indicate that Dukes was right to be suspicious: His audio sample was being “enrolled” into a new voice surveillance system.

In New York and other states across the country, authorities are acquiring technology to extract and digitize the voices of incarcerated people into unique biometric signatures, known as voice prints. Prison authorities have quietly enrolled hundreds of thousands of incarcerated people’s voice prints into large-scale biometric databases. Computer algorithms then draw on these databases to identify the voices taking part in a call and to search for other calls in which the voices of interest are detected. Some programs, like New York’s, even analyze the voices of call recipients outside prisons to track which outsiders speak to multiple prisoners regularly.

Corrections officials representing the states of Texas, Florida, and Arkansas, along with Arizona’s Yavapai and Pinal counties; Alachua County, Florida; and Travis County, Texas, also confirmed that they are actively using voice recognition technology today. And a review of contracting documents identified other jurisdictions that have acquired similar voice-print capture capabilities: Connecticut and Georgia state corrections officials have signed contracts for the technology (Connecticut did not respond to repeated interview requests; Georgia declined to answer questions on the matter).

Authorities and prison technology companies say this mass biometric surveillance supports prison security and fraud prevention efforts. But civil liberties advocates argue that the biometric buildup has been neither transparent nor consensual. Some jurisdictions, for example, limit incarcerated people’s phone access if they refuse to enroll in the voice recognition system, while others enroll incarcerated people without their knowledge. Once the data exists, they note, it could potentially be used by other agencies, without any say from the public.

It’s particularly alarming, they add, that the technology’s use in prisons can ensnare people beyond their walls. “Why am I giving up my rights because I’m receiving a call from somebody who has been convicted of a crime?” asks Jerome Greco, a digital forensics attorney at New York’s Legal Aid Society. Greco argues that the mining of outside parties’ voice prints should require a warrant. “If you have a family member convicted of a crime, yet you haven’t been, why are you now having your information being used for government investigations?”

The Spread of Voice Recognition Technology

Voice-print technology works by dissecting physical features that distinguish individuals’ voices, such as their pitch. With this data, the program’s algorithm generates a computer model of their vocal signatures, known as “voice prints,” which can be stored in a database for comparisons with utterances recorded in the future.

In recent years, voice recognition technology has come to be associated with consumer offerings, like Amazon’s Alexa and Apple’s Siri, but the technology was originally developed for military and intelligence applications. Over a decade ago, as The Intercept reported, U.S. intelligence agencies were using voice recognition programs to identify the voices of top Al Qaeda officials in their online audio postings.

Similarly, the algorithms and structure behind the prison telecommunications firm Securus Technologies’ particular voice software, known as Investigator Pro, were developed in part through a $50 million grant from the Department of Defense. The software was licensed to JLG Technologies, a company that Securus acquired in 2014. According to Securus’s 2017 proposal for New York, the technology was developed because “DOD needed to identify terrorist calls out of the millions of calls made to and from the United States every day.”

But it wasn’t long before major prison technology firms, such as Securus and Global Tel Link, began marketing the technology to U.S. jurisdictions that were seeking to extract and store voice prints associated with incarcerated people in their systems. “IPRO [Investigator Pro] has a 10-year track record of providing pinpoint voice accuracy capability country-wide in 243 states, county, and local correctional agencies,” notes Securus in the Pinal County contract.

The enrollment of incarcerated people’s voice prints allows corrections authorities to biometrically identify all prisoners’ voices on prison calls, and find past prison calls in which the same voice prints are detected. Such systems can also automatically flag “suspicious” calls, enabling investigators to review discrepancies between the incarcerated person’s ID for the call and the voice print detected. Securus did not respond to a request for comment on how it defined “suspicious.” The company’s Investigator Pro also provides a voice probability score, rating the likelihood that an incarcerated person’s voice was heard on a call.

Michael Lynch, an intelligence coordinator for the Alachua County Jail in northern Florida, confirmed that his county recently agreed to purchase Securus’s voice recognition program. Lynch said that the voice prints produced by the program will be permanently archived at Securus’s facility in Texas. He said the jail hopes the technology will address the problem of incarcerated people using each others’ personal identification numbers, or PINs. “The problem is inmates that are committing other criminal acts or contacting victims or witnesses and using other inmates’ PIN to do that,” he said in a phone call. “Voice [biometrics] will tell us who’s making the calls.”

Securus’s voice recognition program can also identify the voices of people outside prisons, both former prisoners and those who have never been incarcerated but communicate with people inside.

New York and Texas state corrections officials confirmed that their agencies retain the voice prints of formerly incarcerated people, like Dukes, allowing them to identify them by name if currently incarcerated people call them in the future.

And New York and Pinal County, Arizona, confirmed that their voice recognition programs can identify the voices of outside callers.

New York’s contract proposal with Securus states that outsiders’ voice samples can be used to “search for all other calls” in their recorded call database to find where those voices occur. In an email, New York prison officials confirmed that this program will give investigators the ability to extract a voice print from an outside caller and use it to “identify that a call recipient has participated in multiple phone calls.” They added that the program will not have names associated with outsiders’ voice prints.

In a statement, Pinal County Sheriff’s Office spokesperson Navideh Forghani also confirmed this outsider voice-tracking capability, noting that while their software does not identify non-incarcerated people by name, it can track “suspicious activities,” such as “multiple inmates speaking to one person on the outside on a reoccurring basis.”

With this technology, a press release for Investigator Pro notes, an investigator can now answer questions like, “What other inmates are talking to this particular called party?” and “Are any of my current inmates talking to this released inmate?”

Prisoners’ rights advocates worry that outsider voice surveillance technology could also be used to coordinate crackdowns against prison organizing campaigns.

“Using this technology to trace the voices of outside callers and flag those who speak with more than one person in a system, staff can use calls with outside organizers to quickly identify the incarcerated activist they support,” said Bianca Tylek, director of the Corrections Accountability Project, which works to curb the influence of commercial interests in the criminal justice system. Tylek noted that during the 2018 national prison strike, corrections staff routinely retaliated against incarcerated activists by using tactics like solitary confinement, job termination, and facility reassignment.

The Pressure to Participate

Advocates assert that corrections agencies have been building up large-scale voice-print databases with limited input from the public or from incarcerated people and their families. While some state corrections agencies have put out public notices to families about payment options for new phone systems, they seldom mention the voice-print databases, which are rarely discussed outside of industry conferences and internal talks with contractors.

“Every time there’s a new contract, there’s new surveillance, but they don’t say anything,” said Tylek. “I’ve never seen authorities post a public notice about new surveillance updates or tell families.”

Keeping their plans opaque has allowed authorities to quietly pressure incarcerated people into giving up their biometric data — or to enroll them without their knowledge. According to Securus’s 2019 Investigator Pro contract with Alachua County, Florida (which includes Gainesville), “Inmates will participate in a covert voice print enrollment process.”

In Texas, state prisoners must enroll in the voice recognition program if they want to make calls. According to Jeremy Desel, a spokesperson for the Texas Department of Criminal Justice, Investigator Pro’s voice enrollment process is “the lock and key” to the Texas state prison phone system. Likewise, in Pinal County, Arizona, phone access is severely limited for prisoners who decline to enroll in the voice recognition program. “If inmates choose not to participate, they can still utilize the phone system but only to make phone calls to their attorneys,” said Forghani, the county sheriff’s office spokesperson.

In some cases, prisoners participate without even knowing, said Martin Garcia, a 33-year-old who is incarcerated at Sing Sing in New York.

“A lot of guys don’t know technology,” he said. “They’ve been in there so long, they’ve never heard of Google.” The voice enrollment procedure, he continued, is seen as “just another thing they follow to talk to their family.”

Garcia was upset to hear that Securus’s voice-tracking capabilities, as described in its approved contract with the New York State Department of Corrections and Community Supervision, could mine prison call databases to identify which other prisoners outside callers had contacted. “Are they criminals just because they’re talking to someone incarcerated?” he said. “To me, you’re criminalizing relationships. Some people may be hesitant to interact with me if they could be put in a database.”

After being briefed by The Appeal and The Intercept about the program, New York State Assembly Member David Weprin publicly called on the state Department of Corrections to give incarcerated people more choice regarding the voice recognition program. At a Tuesday hearing, Weprin, chair of the Assembly’s Committee on Correction, asked the Department of Corrections’ acting commissioner, Anthony J. Annucci, to add a provision that allows incarcerated people with legitimate concerns about voice surveillance to “not be denied phone privileges.” Annucci did not immediately agree to the request, instead pointing out that people have the option to make unmonitored calls to their attorneys.

In a statement to The Appeal and The Intercept, Weprin said he is “concerned with the deployment and use of voice recognition software” in New York state prisons and will be working with his colleagues to further investigate the technology.
Building the Databases

The rapid, secretive growth of voice-print databases is “probably not a legal issue, not because it shouldn’t be, but because it’s something laws haven’t entertained yet,” noted Clare Garvie, a senior associate at Georgetown Law’s Center on Privacy and Technology. “It’s not surprising that we’re seeing this around prisons, just because it can be collected easily,” she continued, referring to biometric voice data. “We’re building these databases from the ground up.”

The scale of prisons’ emerging voice biometric databases has not been comprehensively documented nationwide, but, at minimum, they already hold more than 200,000 incarcerated people’s voice prints.

New York’s Department of Corrections, which incarcerates just under 50,000 people, confirmed that approximately 92 percent of its population had been enrolled in the voice recognition system. State corrections authorities for Florida, Texas, and Arkansas, which hold about 260,000 prisoners combined, also confirmed that they are using Investigator Pro’s voice recognition technology. Connecticut and Georgia’s state corrections systems, which incarcerate roughly 13,000 and roughly 52,000 people, respectively, have also purchased Securus’s voice-print technology.

The databases of recorded calls from which prison authorities could search for outsiders’ voice samples could also potentially include millions of recorded calls for state and countywide systems. According to the design requirements New York’s Department of Corrections gave to Securus, for example, the company must be able to record every call, archive all call recordings for a year, and maintain any calls flagged for investigative purposes “indefinitely” through the life of the contract, which ends in 2021. (In the documents, Securus estimated that 7 percent of prison calls made per year would total 1.5 million calls, suggesting that the call database could retain over 20 million calls.)

Greco of the Legal Aid Society says he understands the value of such monitoring capabilities, pointing out that incarcerated people do sometimes have to deal with other prisoners taking their PINs or threatening their families for money. But the extension of this technology into the monitoring of people outside prisons, and the lack of transparency and regulation of these new databases concerns him. If voice prints were shared with police, for example, they could try to compare them with voices caught on a wiretap, he notes, despite scientists’ skepticism about the reliability of voice print matches for criminal prosecutions. New York State’s Department of Corrections declined to answer questions regarding whether it would share the data with other agencies.

Either way, Greco said, there’s cause for concern. “Once the data exists, and it becomes an accepted part of what’s happening, it’s very hard to protect it or limit its use in the future,” he said.

That has implications far beyond prisons, argues Garcia, the man incarcerated at Sing Sing. “First you use this on the people marginalized in society, criminalizing the families of those incarcerated,” he said. “But, especially in Trump’s America, the sky is the limit with this.”
https://theintercept.com/2019/01/30/...bases-securus/





Google Confirms it Uses Dummy Phone Numbers to Record Calls with Local Services
Alex McKeen

A spokesperson for Google has confirmed the service they’ve launched in Vancouver and Toronto to connect potential customers to trusted service providers funnels customers through ostensibly local phone numbers that are actually owned by Google for the purpose of call monitoring.

Google Local Services is an addition to its search platform that connects potential customers to local service providers who pay for the advertising. It launched in Toronto and Vancouver last December for locksmiths and heating, cooling and ventilation professionals.

When someone in Toronto searches for a locksmith, for example, they’ll see some service providers with green check marks next to the company name, meaning they’ve been vetted by Google.

The number next to the listing has a local area code, but that’s not the business’ real contact info. Instead, it’s a dummy Google number that will route you to the business — after informing you that it will be recording anything you say.

Call monitoring is commonly used by businesses for quality control and is allowed according to B.C.’s privacy commission if the person being recorded is informed beforehand. But businesses are only allowed to collect a “reasonable” amount of personal information, and Google’s practices are complicated by the fact that the tech giant is recording two sides of the conversation — both the customer and the small business.

Google says the service helps customers feel more confident about the local professionals they use, especially because the tech giant offers a money-back guarantee for up to $2,000 per customer.

Vancouver small-business owner Kelly Doll noticed increased business after using the service for just a week.

However, when the service launched in Canada, Doll was surprised to learn that the tech company was recording the calls between himself and the customers who had found him through Google Local Services.

When a customer calls one of the checkmarked numbers, an automated voice informs them the call will be recorded by Google before they’re connected. But on the other end, the service provider hears an automated message simply stating that a call is coming from Google.

Google spokesperson Sarah Pattillo confirmed the phone numbers were provided by Google; they do not belong to the businesses associated with them on the platform. Pattillo said the call monitoring allows the company to guard against spam and verify money-back requests.

“Local Services aims to connect consumers directly with verified service professionals and help foster a positive business relationship,” wrote Pattillo in an email explaining why Google records the calls. “Call monitoring to ensure quality customer service is extremely common for businesses across Canada.”

Michelle Mitchell, senior communications manager at the Office of the Information and Privacy Commissioner for B.C., said in an email that the Personal Information Protection Act (PIPA) requires companies to inform parties before they collect personal information from them. That includes information customers give during a phone call but may not include business representatives like Doll, whose side of the conversation could be considered “work-product information.”

“Having said that, Section 11 of PIPA limits the information collected by an organization to purposes a reasonable person would consider appropriate in the circumstances,” Mitchell wrote. “Depending on the circumstances, it may not be reasonable … to record the entire call.”
https://www.thestar.com/vancouver/20...-services.html





20,000+ People Demand a Federal Investigation into the Sale of Users’ Real-Time Location Data by Cell Phone Providers
Evan Greer

Privacy advocates are calling on Congress to ensure the FCC leads a full investigation, and expect stiff penalties or new legislation to end this dangerous practice once and for all

Since the release of a bombshell Motherboard report detailing how cell phone companies sell access to users’ real time-location data, more than 20,000 people have called on Congress and the Federal Communications Commission to conduct a full investigation and take action to ensure that this never happens again. Digital rights groups Fight for the Future and OpenMedia have been leading the campaign. Since the report’s release earlier this month, both Democratic and Republican lawmakers expressed concern about the practice and are demanding answers from the FCC and carriers.

Three days after the report’s initial release, House Energy & Commerce Committee Chair Frank Pallone (D-NJ) requested an emergency briefing about the carriers’ unauthorized sale of location data from FCC Chairman Ajit Pai, who ultimately refused. Legal experts have noted that the FCC has the authority to investigate the abuse of location data and assess whether or not the telecoms broke the agency’s rules, but so far there has been no sign of action from the Commission. New documents published by Motherboard this week show how one of the third -parties at the heart of the initial report lobbied the FCC to loosen restrictions on how the data it sells can be used.

“Selling cell phone customers’ real-time location data isn’t just gross or unsettling, it’s extremely dangerous,” said Evan Greer, deputy director of Fight for the Future (pronouns: she/her), “It’s not hard to imagine what could happen if this information fell into the wrong hands: a thief, a stalker, an abusive ex, an authoritarian government. People’s basic safety and security should not be a partisan issue, so it’s great that members of Congress from both sides of the aisle are speaking out, but we need more than words. We particularly need GOP lawmakers to call on their party’s FCC chairman, Ajit Pai, to immediately investigate whether laws were broken. And we need all of Congress to act to ensure that this practice is permanently banned, and that this never happens again.”

Since the report’s initial release, AT&T, Sprint, Verizon, and T-Mobile have voluntarily agreed to end the sale of users’ location, but privacy advocates warn that this doesn’t go far enough. They are calling on the federal government to ensure there is a thorough investigation into whether existing laws were broken or whether new rules are required to ban this practice. If existing laws were broken, then activists expect the FCC to administer stiff penalties on the telecoms. If not, then Congress must act to ban the sale of location data without users’ consent.

So far over 22,000 privacy advocates take action through campaigns run by Fight for the Future and OpenMedia which can be found here and here, respectively.
https://www.fightforthefuture.org/ne...tigation-into/





Japanese Government Plans to Hack into Citizens' IoT Devices

Japanese government wants to secure IoT devices before Tokyo 2020 Olympics and avoid Olympic Destroyer and VPNFilter-like attacks.
Catalin Cimpanu

The Japanese government approved a law amendment on Friday that will allow government workers to hack into people's Internet of Things devices as part of an unprecedented survey of insecure IoT devices.

The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications.

NICT employees will be allowed to use default passwords and password dictionaries to attempt to log into Japanese consumers' IoT devices.

The plan is to compile a list of insecure devices that use default and easy-to-guess passwords and pass it on to authorities and the relevant internet service providers, so they can take measures to alert consumers and secure the devices.

The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, beginning with routers and web cameras. Devices in people's homes and on enterprise networks will be tested alike.

According to a Ministry of Internal Affairs and Communications report, attacks aimed at IoT devices accounted for two-thirds of all cyber-attacks in 2016.

The Japanese government has embarked on this plan in preparation for the Tokyo 2020 Summer Olympics. The government is afraid that hackers might abuse IoT devices to launch attacks against the Games' IT infrastructure.

Their fear is justified. Russian nation-state hackers deployed the Olympic Destroyer malware before the opening ceremony of the Pyeongchang Winter Olympics held in South Korea in early 2018 as payback after the International Olympic Committee banned hundreds of Russian athletes from competing.

Russian nation-state hackers also built a botnet of home routers and IoT devices --named VPNFilter-- that the Ukrainian intelligence service said they were planning to use to hinder the broadcast of the 2018 UEFA Champions League final that was to be held in Kiev, Ukraine that year.

The Japanese government's decision to log into users' IoT devices has sparked outrage in Japan. Many have argued that this is an unnecessary step, as the same results could be achieved by just sending a security alert to all users, as there's no guarantee that the users found to be using default or easy-to-guess passwords would change their passwords after being notified in private.

However, the government's plan has its technical merits. Many of today's IoT and router botnets are being built by hackers who take over devices with default or easy-to-guess passwords.

Hackers can also build botnets with the help of exploits and vulnerabilities in router firmware, but the easiest way to assemble a botnet is by collecting the ones that users have failed to secure with custom passwords.

Securing these devices is often a pain, as some expose Telnet or SSH ports online without the users' knowledge, and for which very few users know how to change passwords. Further, other devices also come with secret backdoor accounts that in some cases can't be removed without a firmware update.

We'll be monitoring this survey in the coming months and plan to report on its success or failure.

ZDNet would like to thank our reader Autumn Good for this tip.
https://www.zdnet.com/article/japane...s-iot-devices/





Facebook Pays Teens to Install VPN that Spies On Them
Josh Constine

Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms. Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits.

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe.

Facebook’s Research program will continue to run on Android. We’re still awaiting comment from Apple on whether Facebook officially violated its policy and if it asked Facebook to stop the program. As was the case with Facebook removing Onavo Protect from the App Store last year, Facebook may have been privately told by Apple to voluntarily remove it.

Facebook’s Research app requires users to ‘Trust’ it with extensive access to their data

We asked Guardian Mobile Firewall’s security expert Will Strafach to dig into the Facebook Research app, and he told us that “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” It’s unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user’s device once they install the app.

The strategy shows how far Facebook is willing to go and how much it’s willing to pay to protect its dominance — even at the risk of breaking the rules of Apple’s iOS platform on which it depends. Apple may have asked Facebook to discontinue distributing its Research app. A more stringent punishment would be to revoke Facebook’s permission to offer employee-only apps. The situation could further chill relations between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices. Facebook disobeying iOS policies to slurp up more information could become a new talking point. TechCrunch has spoken to Apple and it’s aware of the issue, but the company did not provide a statement before press time.

Facebook’s Research program is referred to as Project Atlas on sign-up sites that don’t mention Facebook’s involvement

“The fairly technical sounding ‘install our Root Certificate’ step is appalling,” Strafach tells us. “This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this.”

Facebook’s surveillance app

Facebook first got into the data-sniffing business when it acquired Onavo for around $120 million in 2014. The VPN app helped users track and minimize their mobile data plan usage, but also gave Facebook deep analytics about what other apps they were using. Internal documents acquired by Charlie Warzel and Ryan Mac of BuzzFeed News reveal that Facebook was able to leverage Onavo to learn that WhatsApp was sending more than twice as many messages per day as Facebook Messenger. Onavo allowed Facebook to spot WhatsApp’s meteoric rise and justify paying $19 billion to buy the chat startup in 2014. WhatsApp has since tripled its user base, demonstrating the power of Onavo’s foresight.

Over the years since, Onavo clued Facebook in to what apps to copy, features to build and flops to avoid. By 2018, Facebook was promoting the Onavo app in a Protect bookmark of the main Facebook app in hopes of scoring more users to snoop on. Facebook also launched the Onavo Bolt app that let you lock apps behind a passcode or fingerprint while it surveils you, but Facebook shut down the app the day it was discovered following privacy criticism. Onavo’s main app remains available on Google Play and has been installed more than 10 million times.

The backlash heated up after security expert Strafach detailed in March how Onavo Protect was reporting to Facebook when a user’s screen was on or off, and its Wi-Fi and cellular data usage in bytes even when the VPN was turned off. In June, Apple updated its developer policies to ban collecting data about usage of other apps or data that’s not necessary for an app to function. Apple proceeded to inform Facebook in August that Onavo Protect violated those data collection policies and that the social network needed to remove it from the App Store, which it did, Deepa Seetharaman of the WSJ reported.

But that didn’t stop Facebook’s data collection.

Project Atlas

TechCrunch recently received a tip that despite Onavo Protect being banished by Apple, Facebook was paying users to sideload a similar VPN app under the Facebook Research moniker from outside of the App Store. We investigated, and learned Facebook was working with three app beta testing services to distribute the Facebook Research app: BetaBound, uTest and Applause. Facebook began distributing the Research VPN app in 2016. It has been referred to as Project Atlas since at least mid-2018, around when backlash to Onavo Protect magnified and Apple instituted its new rules that prohibited Onavo. Previously, a similar program was called Project Kodiak. Facebook didn’t want to stop collecting data on people’s phone usage and so the Research program continued, in disregard for Apple banning Onavo Protect.

Facebook’s Research App on iOS

Ads (shown below) for the program run by uTest on Instagram and Snapchat sought teens 13-17 years old for a “paid social media research study.” The sign-up page for the Facebook Research program administered by Applause doesn’t mention Facebook, but seeks users “Age: 13-35 (parental consent required for ages 13-17).” If minors try to sign-up, they’re asked to get their parents’ permission with a form that reveal’s Facebook’s involvement and says “There are no known risks associated with the project, however you acknowledge that the inherent nature of the project involves the tracking of personal information via your child’s use of apps. You will be compensated by Applause for your child’s participation.” For kids short on cash, the payments could coerce them to sell their privacy to Facebook.

The Applause site explains what data could be collected by the Facebook Research app (emphasis mine):

“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.”

Meanwhile, the BetaBound sign-up page with a URL ending in “Atlas” explains that “For $20 per month (via e-gift cards), you will install an app on your phone and let it run in the background.” It also offers $20 per friend you refer. That site also doesn’t initially mention Facebook, but the instruction manual for installing Facebook Research reveals the company’s involvement.

Facebook’s intermediary uTest ran ads on Snapchat and Instagram, luring teens to the Research program with the promise of money

Facebook seems to have purposefully avoided TestFlight, Apple’s official beta testing system, which requires apps to be reviewed by Apple and is limited to 10,000 participants. Instead, the instruction manual reveals that users download the app from r.facebook-program.com and are told to install an Enterprise Developer Certificate and VPN and “Trust” Facebook with root access to the data their phone transmits. Apple requires that developers agree to only use this certificate system for distributing internal corporate apps to their own employees. Randomly recruiting testers and paying them a monthly fee appears to violate the spirit of that rule.

Security expert Will Strafach found Facebook’s Research app contains lots of code from Onavo Protect, the Facebook-owned app Apple banned last year

Once installed, users just had to keep the VPN running and sending data to Facebook to get paid. The Applause-administered program requested that users screenshot their Amazon orders page. This data could potentially help Facebook tie browsing habits and usage of other apps with purchase preferences and behavior. That information could be harnessed to pinpoint ad targeting and understand which types of users buy what.

TechCrunch commissioned Strafach to analyze the Facebook Research app and find out where it was sending data. He confirmed that data is routed to “vpn-sjc1.v.facebook-program.com” that is associated with Onavo’s IP address, and that the facebook-program.com domain is registered to Facebook, according to MarkMonitor. The app can update itself without interacting with the App Store, and is linked to the email address PeopleJourney@fb.com. He also discovered that the Enterprise Certificate first acquired in 2016 indicates Facebook renewed it on June 27th, 2018 — weeks after Apple announced its new rules that prohibited the similar Onavo Protect app.

“It is tricky to know what data Facebook is actually saving (without access to their servers). The only information that is knowable here is what access Facebook is capable of based on the code in the app. And it paints a very worrisome picture,” Strafach explains. “They might respond and claim to only actually retain/save very specific limited data, and that could be true, it really boils down to how much you trust Facebook’s word on it. The most charitable narrative of this situation would be that Facebook did not think too hard about the level of access they were granting to themselves . . . which is a startling level of carelessness in itself if that is the case.”
“Flagrant defiance of Apple’s rules”

In response to TechCrunch’s inquiry, a Facebook spokesperson confirmed it’s running the program to learn how people use their phones and other services. The spokesperson told us “Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate. We don’t share this information with others and people can stop participating at any time.”

Facebook’s Research app requires Root Certificate access, which Facebook gather almost any piece of data transmitted by your phone

Facebook’s spokesperson claimed that the Facebook Research app was in line with Apple’s Enterprise Certificate program, but didn’t explain how in the face of evidence to the contrary. They said Facebook first launched its Research app program in 2016. They tried to liken the program to a focus group and said Nielsen and comScore run similar programs, yet neither of those ask people to install a VPN or provide root access to the network. The spokesperson confirmed the Facebook Research program does recruit teens but also other age groups from around the world. They claimed that Onavo and Facebook Research are separate programs, but admitted the same team supports both as an explanation for why their code was so similar.

Facebook’s Research program requested users screenshot their Amazon order history to provide it with purchase data

However, Facebook’s claim that it doesn’t violate Apple’s Enterprise Certificate policy is directly contradicted by the terms of that policy. Those include that developers “Distribute Provisioning Profiles only to Your Employees and only in conjunction with Your Internal Use Applications for the purpose of developing and testing”. The policy also states that “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers” unless under direct supervision of employees or on company premises. Given Facebook’s customers are using the Enterprise Certificate-powered app without supervision, it appears Facebook is in violation.

Seven hours after this report was first published, Facebook updated its position and told TechCrunch that it would shut down the iOS Research app. Facebook noted that the Research app was started in 2016 and was therefore not a replacement for Onavo Protect. However, they do share similar code and could be seen as twins running in parallel. A Facebook spokesperson also provided this additional statement:

“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”

Facebook did not publicly promote the Research VPN itself and used intermediaries that often didn’t disclose Facebook’s involvement until users had begun the signup process. While users were given clear instructions and warnings, the program never stresses nor mentions the full extent of the data Facebook can collect through the VPN. A small fraction of the users paid may have been teens, but we stand by the newsworthiness of its choice not to exclude minors from this data collection initiative.

Facebook disobeying Apple so directly and then pulling the app could hurt their relationship. “The code in this iOS app strongly indicates that it is simply a poorly re-branded build of the banned Onavo app, now using an Enterprise Certificate owned by Facebook in direct violation of Apple’s rules, allowing Facebook to distribute this app without Apple review to as many users as they want,” Strafach tells us. ONV prefixes and mentions of graph.onavo.com, “onavoApp://” and “onavoProtect://” custom URL schemes litter the app. “This is an egregious violation on many fronts, and I hope that Apple will act expeditiously in revoking the signing certificate to render the app inoperable.”

Facebook is particularly interested in what teens do on their phones as the demographic has increasingly abandoned the social network in favor of Snapchat, YouTube and Facebook’s acquisition Instagram. Insights into how popular with teens is Chinese video music app TikTok and meme sharing led Facebook to launch a clone called Lasso and begin developing a meme-browsing feature called LOL, TechCrunch first reported. But Facebook’s desire for data about teens riles critics at a time when the company has been battered in the press. Analysts on tomorrow’s Facebook earnings call should inquire about what other ways the company has to collect competitive intelligence now that it’s ceased to run the Research program on iOS.

Last year when Tim Cook was asked what he’d do in Mark Zuckerberg’s position in the wake of the Cambridge Analytica scandal, he said “I wouldn’t be in this situation . . . The truth is we could make a ton of money if we monetized our customer, if our customer was our product. We’ve elected not to do that.” Zuckerberg told Ezra Klein that he felt Cook’s comment was “extremely glib.”

Now it’s clear that even after Apple’s warnings and the removal of Onavo Protect, Facebook was still aggressively collecting data on its competitors via Apple’s iOS platform. “I have never seen such open and flagrant defiance of Apple’s rules by an App Store developer,” Strafach concluded. Now that Facebook has ceased the program on iOS and its Android future is uncertain, it may either have to invent new ways to surveil our behavior amidst a climate of privacy scrutiny, or be left in the dark.

Additional reporting by Zack Whittaker.
https://techcrunch.com/2019/01/29/fa...project-atlas/





Google will Stop Peddling a Data Collector through Apple’s Back Door
Zack Whittaker, Josh Constine, Ingrid Lunden

It looks like Facebook was not the only one abusing Apple’s system for distributing employee-only apps to sidestep the App Store and collect extensive data on users.

Google has been running an app called Screenwise Meter, which bears a strong resemblance to the app distributed by Facebook Research that has now been barred by Apple, TechCrunch has learned.

In its app, Google invites users aged 18 and up (or 13 if part of a family group) to download the app by way of a special code and registration process using an Enterprise Certificate. That’s the same type of policy violation that led Apple to shut down Facebook’s similar Research VPN iOS app, which had the knock-on effect of also disabling usage of Facebook’s legitimate employee-only apps — which run on the same Facebook Enterprise Certificate — and making Facebook look very iffy in the process.

After we asked Google whether its app violated Apple policy, Google announced it will remove Screenwise Meter from Apple’s Enterprise Certificate program and disable it on iOS devices.

The company said in a statement to TechCrunch:

“The Screenwise Meter iOS app should not have operated under Apple’s developer enterprise program — this was a mistake, and we apologize. We have disabled this app on iOS devices. This app is completely voluntary and always has been. We’ve been upfront with users about the way we use their data in this app, we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time.”

Screen(un)wise

First launched in 2012, Screenwise lets users earn gift cards for sideloading an Enterprise Certificate-based VPN app that allows Google to monitor and analyze their traffic and data. Google has rebranded the program as part of the Cross Media Panel and Google Opinion Rewards programs that reward users for installing tracking systems on their mobile phone, PC web browser, router and TV. In fact, Google actually sends participants a special router that it can monitor.

Originally, Screenwise was open to users as young as 13, just like Facebook’s Research app that’s now been shut down on iOS but remains on Android. Now, according to the site’s Panelist Eligibility rules, Google requires the primary users of its Opinion Rewards to be 18 or older, but still allows secondary panelists as young as 13 in the same household to join the program and have their devices tracked, as demonstrated in this video below (which was created in August of last year, underscoring that the program is still active).

Unlike Facebook, Google is much more upfront about how its research data collection programs work, what’s collected and that it’s directly involved. It also gives users the option of “guest mode” for when they don’t want traffic monitored, or someone younger than 13 is using the device.

Putting the not-insignificant issues of privacy aside — in short, many people lured by financial rewards may not fully take in what it means to have a company fully monitoring all your screen-based activity — and the implications of what extent tech businesses are willing to go to to amass more data about users to get an edge on competitors, Google Screenwise Meter for iOS appears to violate Apple’s policy.

This states, in essence, that the Enterprise Certificate program for distributing apps without the App Store or Apple’s oversight is only for internal employee-only apps.

Google walks users through how to install the Enterprise Certificate and VPN on their phone. Developers seeking to do external testing on iOS are supposed to use the TestFlight system that sees apps reviewed and limits their distribution to 10,000 people.

We’ve yet to hear back from Apple, but Google moving quickly to cancel its iOS Screenwise Meter might save it from further punishment. We’ll see if Apple still invalidates the certifications for all of Google’s legitimate employee-only apps that run using the same certificate the way it did to Facebook. That would throw a wrench into Google’s product development and daily work flow that could be more damaging than just removing one way it gathers competitive intelligence.

But rather than taking seven hours to respond as backlash swelled like Facebook, Google managed to get things sorted in a little under three.
https://techcrunch.com/2019/01/30/go...les-back-door/





Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones
Nicole Perlroth

On Jan. 19, Grant Thompson, a 14-year-old in Arizona, made an unexpected discovery: Using FaceTime, Apple’s video chatting software, he could eavesdrop on his friend’s phone before his friend had even answered the call.

His mother, Michele Thompson, sent a video of the hack to Apple the next day, warning the company of a “major security flaw” that exposed millions of iPhone users to eavesdropping. When she didn’t hear from Apple Support, she exhausted every other avenue she could, including emailing and faxing Apple’s security team, and posting to Twitter and Facebook. On Friday, Apple’s product security team encouraged Ms. Thompson, a lawyer, to set up a developer account to send a formal bug report.

But it wasn’t until Monday, more than a week after Ms. Thompson first notified Apple of the problem, that Apple raced to disable Group FaceTime and said it was working on a fix. The company reacted after a separate developer reported the FaceTime flaw and it was written about on the Apple fan site 9to5mac.com, in an article that went viral.

The bug, and Apple’s slow response to patching it, have renewed concerns about the company’s commitment to security, even though it regularly advertises its bug reward program and boasts about the safety of its products. Hours before Apple’s statement addressing the bug Monday, Tim Cook, the company’s chief executive, tweeted that “we all must insist on action and reform for vital privacy protections.”

The FaceTime problem has already been branded “FacePalm” by security researchers, who say Apple’s security team should have known better. Rarely is there a software flaw that grants such high-level remote access and is so easy to manipulate: By adding a second person to a group FaceTime call, you can capture the audio and video of the first person called before that person answers the phone, or even if the person never answers.

“If these kinds of bugs are slipping through,” said Patrick Wardle, the co-founder of Digita Security, which focuses on Apple-related security, “you have to wonder if there are other problematic bugs that other hackers are exploiting that should have been caught.”

On Monday, Apple said it was aware of the issue and had “identified a fix that will be released in a software update later this week.”

But the company has not addressed how the flaw passed through quality assurance, why it was so slow to respond to Ms. Thompson’s urgent warnings, or whether it intends to reward the teenager whose mother raced to alert the company to the bug in the first place.

A bug this easy to exploit is every company’s worst security nightmare and every spy agency, cybercriminal and stalker’s dream. In emails to Apple’s product security team, Ms. Thompson noted that she and her son were just everyday citizens who believed they had uncovered a flaw that could undermine national security.

“My fear is that this flaw could be used for nefarious purposes,” she wrote in a letter provided to The New York Times. “Although this certainly raises privacy and security issues for private individuals, there is the potential that this could impact national security if, for example, government members were to fall victim to this eavesdropping flaw.”

Unknown to Ms. Thompson, there is a healthy market for bugs and the code to weaponize them, which allow governments, defense contractors and cybercriminals to invisibly spy on people’s devices without their knowledge, capturing everything from their locations to information caught on their microphones and cameras. The FaceTime flaw, and other Apple bugs, can fetch tens of thousands, if not hundreds of thousands or even millions of dollars, from dozens of brokers. Those brokers then sell those bugs for ever higher sums to governments and intelligence and law enforcement agencies around the world. On the seedier side of the spectrum are brokers who will sell these tools on the dark web to the highest bidder.

The only catch is that hackers must promise never to disclose the flaw to the vendor for patching, so that buyers can keep their access.

The market for Apple flaws has soared in the post-Edward Snowden era as technology makers include more security, like end-to-end encryption, to thwart would-be spies. This month, Zerodium, a well-known broker and security firm, raised its reward for an Apple iOS bug to $2 million.

In part to compete in that market, and reward those who do right by the company by notifying it of potentially lucrative bugs, Apple announced its own bounty program in 2016 — the last of the Silicon Valley companies to do so.

At a hacker conference that year in Las Vegas, Apple made a surprise announcement: It said it would start paying rewards as high as $200,000 to hackers who responsibly turned over crucial flaws in its products. But the bounty program has been slow going, in part, hackers say, because they can make multiples of that bounty on the black market, and because Apple has taken its time rewarding them for reporting problems.

The FacePalm bug is a particularly egregious case, researchers say, not just because it was discovered by a teenager simply trying to use his phone, but because it allowed full microphone and video access.

“This is a bug that Apple’s Q&A should have caught,” Mr. Wardle said. “And where there’s smoke, there’s almost always fire.”

Bug brokers say FacePalm, while impressive, would not have brought a top price because it leaves a record of the attack. The flaw works only if you FaceTime the person you want to capture audio and video for, notifying your target of the call.

Bugs that fetch $2 million or $3 million on the black market leave no trace, work more than 99.5 percent of the time and work instantaneously, said Adriel Desautels, the chief executive of Netragard, a company that helps firms protect their software.

In this case, Mr. Desautels said, FacePalm is not as dangerous as a flaw that can covertly track someone’s location, turn on that person’s camera and capture video without a trace.

But, he added, “it’s pretty good for a high schooler.”
https://www.nytimes.com/2019/01/29/t...tch-apple.html





Chaos has Reportedly Erupted Inside Facebook as Employees Find themselves Unable to Open the Company's Apps on their iPhones
AP

• Apple has blocked Facebook's internal apps from working on employees' phones, The Verge reports.
• The move is in response to recent revelations that Facebook was misusing Apple's enterprise app program, meant for internal use, to run a research app that gathered consumer's phone activity in exchange for payment.
• Facebook has since said it's shutting down the app, which paid people (including teens) up to $20 a month to install a VPN used to track data and activity.
• Facebook employees told Cheddar they think the company is being "unfairly targeted" by Apple.

Facebook's thousands of employees are reportedly unable to use the company's internal iOS apps after it was caught running a data-gathering research app that violated Apple's developer policies.

On Tuesday, Apple revoked Facebook's security certificate that gives it access to a special enterprise program, which companies can use to distribute internal apps and tools outside of the public App Store.

The move has caused internal Facebook apps to stop working, according to The Verge, a chaotic situation that the company has deemed a "critical problem." Company apps for transportation and the lunch menu, along with beta versions of Facebook apps like Messenger and Instagram, are reportedly unable to be opened by Facebook employees.

While that has made for a hectic day for Facebook employees, Apple's removal of Facebook's security certificate hasn't affected the public's ability to download and use the Facebook app on iOS devices.

How it all started

The two tech companies have clashed before, but this latest incident was sparked by TechCrunch's report on Tuesday that revealed Facebook has quietly been running an app called Facebook Research that tracks people's mobile phone activity and web traffic in exchange for compensation.

Through the program, dubbed "Project Atlas" internally, Facebook paid teens and adults up to $20 a month to install a smartphone VPN - a sort of middleman software for connecting to the internet - that gave the company access to each participant's trove of personal data. The program included teens age 13 to 17 who were were able to participate with parental consent that was as simple as ticking off a checkbox, according to TechCrunch.

Since Apple has a ban on such apps that collect this sort of data, Facebook circumvented these policies by misusing its enterprise program, which Apple clearly states is only supposed to be used by employees for internal use. Participants in Facebook's research program were instructed to "sideload" the Facebook Research app, a process for downloading apps outside of Apple's App Store.

Facebook initially defended the research program and maintained it would keep it running, but the company later said it had shut down the iOS app, a statement that Apple contradicted hours later when it announced it had removed Facebook's security certificate. In a statement to Business Insider, Facebook said"there was nothing secret" about its research program, a characterization of the app and program that Josh Constine, the reporter of the TechCrunch article, pushed back on. Facebook has yet to respond to questions about whether it would also shut down the research program on Android devices.

These reports have only served to escalate tensions between Apple and Facebook. Facebook employees told Cheddar they thought their company was being "unfairly targeted" by Apple's shutdown of internal Facebook apps.
https://www.businessinsider.in/chaos...w/67763519.cms





A Tiny Screw Shows Why iPhones Won’t Be ‘Assembled in U.S.A.’
Jack Nicas

Despite a trade war between the United States and China and past admonishments from President Trump “to start building their damn computers and things in this country,” Apple is unlikely to bring its manufacturing closer to home.

A tiny screw illustrates why.

In 2012, Apple’s chief executive, Timothy D. Cook, went on prime-time television to announce that Apple would make a Mac computer in the United States. It would be the first Apple product in years to be manufactured by American workers, and the top-of-the-line Mac Pro would come with an unusual inscription: “Assembled in USA.”

But when Apple began making the $3,000 computer in Austin, Tex., it struggled to find enough screws, according to three people who worked on the project and spoke on the condition of anonymity because of confidentiality agreements.

In China, Apple relied on factories that can produce vast quantities of custom screws on short notice. In Texas, where they say everything is bigger, it turned out the screw suppliers were not.

Tests of new versions of the computer were hamstrung because a 20-employee machine shop that Apple’s manufacturing contractor was relying on could produce at most 1,000 screws a day.

The screw shortage was one of several problems that postponed sales of the computer for months, the people who worked on the project said. By the time the computer was ready for mass production, Apple had ordered screws from China.

The challenges in Texas illustrate problems that Apple would face if it tried to move a significant amount of manufacturing out of China. Apple has found that no country — and certainly not the United States — can match China’s combination of scale, skills, infrastructure and cost.

In China, you will also find one of Apple’s most important markets, and over the last month the risks that come with that dependence have become apparent. On Jan. 2, Apple said it would miss earnings expectations for the first time in 16 years, mostly because of slowing iPhone sales in China. On Tuesday, the company is expected to reveal more details about its financial results for the most recent quarter and its forecast for the coming year.

The company could face more financial pressure if the Trump administration places tariffs on phones made in China — something the president has threatened to do.

Apple has intensified a search for ways to diversify its supply chain, but that hunt has homed in on India and Vietnam, according to an Apple executive who asked not to be named because the executive was not authorized to speak publicly. The company’s executives are increasingly worried that its heavy dependence on China for manufacturing is risky amid the country’s rising political tensions with the United States and unpredictability, this person said.

“The skill here is just incredible,” Mr. Cook said at a conference in China in late 2017. Making Apple products requires state-of-the-art machines and lots of people who know how to run them, he said.

“In the U.S., you could have a meeting of tooling engineers and I’m not sure we could fill the room,” he said. “In China, you could fill multiple football fields.”

Kristin Huguet, an Apple spokeswoman, said the company was “an engine of economic growth in the United States” that spent $60 billion last year with 9,000 American suppliers, helping to support 450,000 jobs. Apple’s Texas manufacturer, Flextronics, did not respond to requests for comment.

Mr. Cook helped lead Apple’s shift to foreign manufacturing in 2004, a move that cut costs and provided the enormous scale necessary to produce some of history’s best-selling tech products.

Apple contracted much of the work to enormous factories in China, some stretching miles and employing hundreds of thousands of people who assemble, test and package Apple products. That assembly includes parts made around the world — from Norway to the Philippines to Pocatello, Idaho — that are shipped to China.

The final assembly is the most labor-intensive part of building the iPhone, and its location often determines a product’s country of origin for tariffs.

Mr. Cook often bristles at the notion that iPhones are Chinese-made. Apple points out that Corning, at a factory in Kentucky, makes many iPhone screens and that a company in Allen, Tex., makes laser technology for the iPhones’ facial-recognition system.

Mr. Cook has also disputed that cheap labor is the reason Apple is still in China. But it doesn’t hurt. The minimum wage in Zhengzhou, China, home of the world’s biggest iPhone factory, is roughly $2.10 an hour, including benefits. Apple said the starting pay for workers assembling its products there is about $3.15 an hour. Compensation for similar jobs in the United States is significantly higher.

While it was one of Apple’s most powerful computers, the American-made Mac Pro also turned out to be one of its most expensive.

Chinese suppliers shipped their components to Texas. But in some cases, the Texas team needed new parts as designs changed, and engineers who were tasked with designing the computer found themselves calling machine shops in central Texas.

That is how they found Stephen Melo, the owner and president of Caldwell Manufacturing in Lockhart. Employees of Flextronics, the company hired by Apple to build the computers, in turn hired Caldwell to make 28,000 screws — though they would have liked more.

When Mr. Melo bought Caldwell in 2002, it was capable of the high-volume production Apple needed. But demand for that had dried up as manufacturing moved to China. He said he had replaced the old stamping presses that could mass-produce screws with machines designed for more precise, specialized jobs.

Mr. Melo thought it was ironic that Apple, a leader in offshore manufacturing, had come calling with a big order. “It’s hard to invest for that in the U.S. because that stuff is purchased very cheaply overseas,” he said.

He made do with his new machines, although he could not make the exact screws Apple wanted. His company delivered 28,000 screws over 22 trips. Mr. Melo often made the one-hour drive himself in his Lexus sedan.

A former Apple manager who spoke on the condition of anonymity said the Flextronics team had also been far smaller than what he typically found on similar Apple projects in China. It was unclear exactly why the project was understaffed, the manager said, speculating that it was because American workers were more expensive.

The manager said similar Apple jobs in China would include a roomful of people working to ensure that all materials were in place for production. In Texas, it was one worker, who often seemed overwhelmed, the manager said. As a result, materials were regularly out of place or late, contributing to delays.

Another frustration with manufacturing in Texas: American workers won’t work around the clock. Chinese factories have shifts working at all hours, if necessary, and workers are sometimes even roused from their sleep to meet production goals. That was not an option in Texas.

“China is not just cheap. It’s a place where, because it’s an authoritarian government, you can marshal 100,000 people to work all night for you,” said Susan Helper, an economics professor at Case Western Reserve University in Cleveland and the former chief economist at the Commerce Department. “That has become an essential part of the product-rollout strategy.”

Ms. Helper said Apple could make more products in the United States if it invested significant time and money and relied more on robotics and specialized engineers instead of large numbers of low-wage line workers. She said government and industry would also need to improve job training and promote the development of a supply-chain infrastructure.

But, she added, there is a low chance of all that happening.

Apple still assembles Mac Pros at the factory on the outskirts of Austin, in part because it has already invested in complicated and custom machines. But the Mac Pro has been a slow seller, and Apple has not updated it since its introduction in 2013.

In December, Apple announced that it would add up to 15,000 workers in Austin, just miles from the Mac Pro plant. None of the new jobs are expected to be in manufacturing.
https://www.nytimes.com/2019/01/28/t...hina-made.html





South Korea Rules Pre-Installed Phone Bloatware Must be Deletable

New guidelines will require the industry to allow smartphone users the option to delete unnecessary pre-loaded applications, to rectify unreasonable practices and reduce inconvenience.
Ryan Huang

Smartphone users in South Korea will soon be able to have the option of deleting unnecessary pre-installed bloatware, thanks to new industry guidelines commencing in April.

"The move aims to rectify an abnormal practice that causes inconvenience to smartphone users and causes unfair competition among industry players," said the Ministry of Science, ICT and Future Planning, in a press release.

The measure will also help give users more data storage and improve battery life, said the ministry.

Under the new guidelines, telcos are required to make most of their pre-installed apps deletable except for four necessary items related to Wi-Fi connectivity, near-field communication (NFC), the customer service center and the app store.

For example, Samsung's Galaxy S4 released by SK Telecom has a total of 80 apps pre-installed, including 25 apps loaded by the telco, 39 by Samsung and 16 by the OS provider Google, noted Yonhap News. When the new guidelines kick in, at least half of those apps can be deleted, it added.
https://www.zdnet.com/article/south-...-be-deletable/





What to Expect from Today’s Big Net Neutrality Court Hearing

The FCC will make its case against the rules
Colin Lecher

Oral arguments will begin today for one of the most important cases in internet law history. The case will be heard in a Washington, DC courtroom, as a group of net neutrality defenders squares off with the Federal Communications Commission in a legal battle to decide the rules of the web.

When the FCC, led by a Republican majority, moved in late 2017 to repeal Obama-era net neutrality rules, it kicked off a fight on several fronts. There’s been some pressure on congressional lawmakers to overrule the decision, and states have moved to implement their own versions of the rules.

But what may be the most likely shot at restoring net neutrality regulations will come from a petition against the FCC filed by several supporters of the dismantled rules. The case, Mozilla Corporation v. FCC, will be heard by the US Court of Appeals for the District of Columbia, and the court will decide whether the FCC, led by Chairman Ajit Pai, was within its rights to end the protections.
Information service versus telecommunications service

The case will hinge on deeply technical arguments. When the 2015 rules were passed, the FCC moved to regulate the internet as a telecommunications service, as opposed to the less stringent classification of an information service, a change that was then reversed in 2017. The agency has positioned that move as well within its purview, and as a return to the pre-2015 rules of the road. But in convincing the three-judge panel overseeing the case, the agency will also have to argue why it should be allowed to undo rules the same court previously upheld.

Gigi Sohn, an adviser to the petitioners in the case and former FCC senior adviser to Democratic Chairman Tom Wheeler, says in response that the FCC violated the letter of the law when it reclassified the service. By failing to adequately assess broadband service providers’ role as telecommunications providers under the FCC charter, the FCC overstepped.

“The main argument against, or number one, is the FCC violated the Communications Act when it ruled that broadband internet access service is an information service that has no telecommunications component at all,” Sohn says. In a legal brief, the petitioners have argued that the FCC’s decision would be like categorizing the road to a hotel as the hotel itself. (Citing precedent, the agency has dismissed the use of “warring analogies.”)

“Arbitrary and capricious”

The petitioners in the case have also argued that the FCC’s decision to overturn the rules has been “arbitrary and capricious” under the law. The agency can’t make a decision based only on its whims, so it has pointed to data that it says shows investment in broadband went down when the net neutrality rules were put in place. The petitioners have argued that the FCC used a flawed analysis when it made that claim.

Sohn argues that fully upending the rules at the level that the agency did was unprecedented. “No Republican or Democratic FCC has ever done that in the past,” she says. In a brief with the court, the petitioners have argued that the change “swept aside everything in its path, including the law, the facts, reasoned decisionmaking, and the decisions of this Court.”

Fundamentally, the court’s decision could also turn on deciding how much leeway the FCC has to make rules as it pleases: what kind of discretion should the agency be given under the law? The agency cites precedent that it says gives it substantial leeway to make its decisions, and the petitioners will argue over how far those boundaries go.

What else to expect

While not quite as key to the overall case, the parties in the case will likely also field several other arguments with the court. Santa Clara County, for example, has said the FCC failed to adequately consider public safety when it made its decision. (In the process, the county also produced documents about Verizon dropping its service during a wildfire crisis.)

“Mozilla filed this lawsuit because fighting for a free, open and competitive internet is part of our DNA,” Mozilla COO Denelle Dixon said in a statement this week. “Net neutrality is still an essential consumer protection that everyone online deserves, and this case is the fight to save it. We are confident that the FCC’s repeal lacks legal and factual support, and we look forward to having our case heard in court.”

Other efforts have been unfolding to reestablish net neutrality protections, and at least some will continue while the federal case is heard. Dozens of states have fielded their own net neutrality legislation, and California passed a tough version of the regulations. The latter triggered a lawsuit from the Justice Department arguing that the state was attempting to “frustrate federal policy.” Whatever decision the federal DC court comes to, though, the result will reverberate, shaking up more than one fight over the fate of the internet.
https://www.theverge.com/2019/1/31/1...t-case-hearing





FCC Struggles to Convince Judge that Broadband isn’t “Telecommunications”

Skeptical judges question FCC's justification of net neutrality repeal.
Jon Brodkin

A Federal Communications Commission lawyer faced a skeptical panel of judges today as the FCC defended its repeal of net neutrality rules and deregulation of the broadband industry.

FCC General Counsel Thomas Johnson struggled to explain why broadband shouldn't be considered a telecommunications service, and struggled to explain the FCC's failure to protect public safety agencies from Internet providers blocking or slowing down content.

Oral arguments were held today in the case, which is being decided by a three-judge panel of the US Court of Appeals for the District of Columbia Circuit. (Audio of the four-hour-plus oral arguments is available here.) Throttling of firefighters' data plans played a major role in today's oral arguments.

Of the three judges, Circuit Judge Patricia Millett expressed the most skepticism of Johnson's arguments, repeatedly challenging the FCC's definition of broadband and its disregard for arguments made by public safety agencies. She also questioned the FCC's claim that the net neutrality rules harmed broadband investment. Circuit Judge Robert Wilkins also expressed some skepticism of FCC arguments, while Senior Circuit Judge Stephen Williams seemed more amenable to FCC arguments. (Williams previously dissented in part from a 2016 ruling that upheld the Obama-era net neutrality rules. Now the same court is considering FCC Chairman Ajit Pai's repeal of those rules.)

The lawsuit seeking to overturn the net neutrality repeal was filed by more than three dozen entities, including state attorneys general, consumer advocacy groups, and tech companies such as Mozilla and Vimeo.

Is broadband telecommunications?

In order to deregulate broadband, the FCC argued that broadband itself isn't a telecommunications service and is instead an information service. Under US law, telecommunications is defined as "the transmission, between or among points specified by the user, of information of the user's choosing, without change in the form or content of the information as sent and received."

By contrast, US law says an information service is "the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications." It's up to the FCC to determine whether something is a telecommunications or information service, but FCC decisions can be overruled by a court if they aren't justified properly.

Millett pointed out the importance of the "via telecommunications" phrase in the information service definition, which makes it clear that an information service rides on top of a telecommunications network. For broadband itself to be an information service, ISPs have to offer something more than a pure transmission service.

Johnson said that broadband is an information service because Internet providers offer DNS (Domain Name System) services and caching as part of the broadband package. DNS and caching "are determinative here" because they allow broadband users to perform all the functions listed in the definition of an information service (e.g. acquiring, storing, and processing information), he argued.

"DNS, for example, it generates queries to other servers, it stores and retrieves domain name information, it translates domain name information that is provided by the user into an IP address and back," he said. "Caching stores popular content at local servers that users can access, so it satisfies the storage and retrieval functionalities as well."

But the DNS/caching argument didn't seem to satisfy Millett. She repeatedly asked Johnson why the FCC still considers telephone service to be telecommunications, despite ruling that broadband isn't. "I'm having a lot of trouble understanding" how the FCC's description of broadband wouldn't also apply to telephone service, she said.

Like broadband, "telephone service is constantly used to acquire information and share information," Millett said. She used the filling of medical prescriptions as an example. Someone can call a pharmacy over the phone and use their voice or push a series of buttons to get a prescription filled, just as they can get a prescription filled by going to a doctor's website, she said. "It seems to be the exact same functionality, but one is voice and one is typing," she said.

Millett also noted that people who are hard of hearing use telephone services with special technology that makes it possible for them to communicate. "That's a telecommunications aspect of phones," she said. But the existence of this technology that rides over the phone network hasn't caused the FCC to decide that telephone service isn't telecommunications.

Johnson argued that DNS and caching are "functionally integrated, vital information-processing components of broadband that distinguish it from traditional telephone service."

Throttling of firefighters

Verizon Wireless' throttling of an unlimited data plan used by Santa Clara County firefighters last year played a role in today's oral arguments. Santa Clara County Counsel Danielle Goldstein told judges that the FCC failed to address the potential impact that blocking and throttling could have on public safety.

Blocking, throttling, or any sort of paid prioritization that causes other traffic to be delivered slower than prioritized traffic could affect both public safety agencies and consumers who rely on broadband to get emergency messages, she noted. As an example, she said her county's public health website provides information about vaccine stock in case of influenza outbreaks.

US law requires the FCC to consider public safety impacts, Goldstein said. "The FCC can't fail to address public safety, especially in an order that purports to preempt state and local government's ability to fill that regulatory gap," she said, noting that the FCC is attempting to preempt state and local net neutrality laws.

After-the-fact remedies aren't sufficient for public safety, because such remedies would come after emergencies causing death, she said.

Millett grilled Johnson on the public safety topic. "Post-hoc remedies don't work in the public safety context, and unless I missed it, that was not addressed anywhere in the [repeal] order," Millett said.

Johnson responded that "the burden ought to be on them [the public safety agencies] to show concrete evidence of harm."

Millett cut in, saying, "why is the burden on them? The statute repeats again and again that public safety is an important goal, you had comments [from the public] expressing concerns, a lot of them. It seems like you have a statutory obligation, you had a lot of comments, a serious issue that should have been addressed by the commission in the order. That's not a burden on them."

Judge Wilkins addressed the public safety and preemption topics together, posing a hypothetical in which New York issues a state law that says ISPs can't throttle service to firefighters.

"Your order would seem to prohibit that [hypothetical law] because your order is written very broadly," Wilkins said. "Doesn't it say that basically all state and local regulations with respect to broadband are preempted?"

Johnson said the FCC is not trying to preempt traditional public safety functions carried out by states, and said whether a specific state law is preempted "would depend on the facts of that particular case." He didn't give a specific answer to whether a state could prohibit throttling of firefighters' Internet service.

The FCC still requires ISPs to disclose any blocking, throttling, and paid prioritization to consumers. Johnson argued that requiring public disclosures will prevent bad behavior, because the Federal Trade Commission can punish companies that deceive consumers.

But Millett asked how blocking or throttling could be considered deceptive if the ISP discloses it. Johnson conceded the point, saying, "if it's fully disclosed, there wouldn't be anything deceptive."

FCC’s investment case

Johnson also had trouble explaining why the FCC claimed that net neutrality rules were harming broadband investment, given that broadband providers themselves told investors that the rules did no such thing.

Johnson called those statements to investors "ambiguous." Millett was not convinced.

"What is ambiguous about, 'it's not going to affect us, we're going to keep going ahead [with investment],'" Millett asked. Statements to investors "have to be true," she continued. "It's almost like someone doing something under oath. That's pretty good evidence, if there's a penalty if they're lying or even engaging in misleading puffery."

As Millett pointed out, publicly traded companies are required to give investors accurate financial information, including a description of risk factors involved in investing in the company.

Johnson said the FCC relied on "comments by Charter and Cox that they were stopping work on projects on account of the Title II [net neutrality] order," and similar statements made by small ISPs.

Johnson did not mention that Charter increased broadband capital investment in 2017 while net neutrality rules were in place, and is decreasing capital spending now that the rules have been repealed.

Johnson argued that increasing broadband competition will prevent harms to consumers. Millett pointed out that the increase in competition cited by the FCC occurred while net neutrality rules were in effect.

Pro-net neutrality arguments

As we discussed in a preview yesterday, the FCC's opponents argued that modern broadband services must be considered telecommunications services under US law. They also argued that the FCC cannot preempt state and local net neutrality laws in this case, because the FCC ceded its own authority over broadband providers' net neutrality practices.

The pro-net neutrality groups also faced some skepticism from judges. Judges focused a bit on Brand X, a 2005 Supreme Court decision that allowed the FCC to classify cable modem service as an information service. Brand X dealt in part with the question of whether consumers perceive broadband provider services as telecommunications services.

"I'm having trouble understanding how this court could answer it differently than the Supreme Court already did," Millett told Pantelis Michalopoulos, a lawyer who is representing non-government petitioners in the case against the FCC.

Williams weighed in on the subject, saying, "whatever Brand X meant, it cannot have meant that a completely ill-informed consumer that has a perception controls, even if there are millions of them, controls this classification issue."

Michalopoulos argued that information services such as ISP-provided email addresses are no longer central to broadband services, because the nature of broadband usage has changed since the time of Brand X. DNS and caching cannot be viewed as separate from broadband providers' telecommunications services, he said. "This is like a surrealist painting that shows a pipe and captions it, 'this is not a pipe,'" he said.

Judges also heard from lawyer Jonathan Nuechterlein, who represented broadband industry lobby groups that support the FCC's repeal. Nuechterlein argued that there's no reason for net neutrality rules, saying, "there is really not a track record of ISP misconduct at all in the last 12 years." To Nuechterlein, Comcast throttling BitTorrent and AT&T blocking FaceTime apparently doesn't count as "ISP misconduct."
https://arstechnica.com/tech-policy/...rality-repeal/





A New Net Neutrality Bill is Headed to Congress

Sen. Ed Markey said it’s coming ‘soon’
Makena Kelly

Today, Sen. Ed Markey (D-MA) said he would “soon” introduce a bill to permanently reinstate the net neutrality rules that were repealed by the Federal Communications Commission, led by chairman Ajit Pai, in 2017.

Markey’s announcement comes as a federal court is set to hear oral arguments over the FCC’s repeal of net neutrality regulations in 2017. Markey, who is a member of the Senate Commerce Committee, has previously introduced a bill that would permanently reinstate net neutrality as a member of the House of Representatives, although the measure ultimately failed.

It’s unclear when the bill would be formally introduced, but Markey said it was imminent. “We will soon lay down a legislative marker in the Senate in support of net neutrality to show the American people that we are on their side in overwhelming supporting a free and open internet.”

A spokesperson for Markey confirmed to The Verge that the measure is a bill that would codify net neutrality rules into law.

There have been other congressional efforts to undo the FCC’s rollback, but all have failed to conjure up the necessary votes to codify net neutrality rules. Earlier this year, Senate Democrats pushed through a Congressional Review Act measure that was aimed at reversing the commission’s repeal, but the House of Representatives failed to collect enough signatures for the bill to be brought to the floor for a vote.

As a result of the 2018 midterm elections, Democrats now hold a majority in the House and would likely be able to easily approve a net neutrality measure this session. However, Senate Democrats could face tougher waters, as Majority Leader Mitch McConnell (R-KY) may refuse to take the bill to the floor. Then, another discharge petition would be required to bring it up for a vote to bypass McConnell.

“Whether in the halls of the courts or the halls of Congress, we will fight to defend net neutrality,” Markey said in a statement today. “Nothing less than the fate of the internet is being argued in this court case, and we must do everything we can in this historic fight.”

Industry groups like the Internet Association (IA) also back Congress’ efforts to permanently codify net neutrality. In a statement today, IA said, “The internet industry stands with consumers in this fight. . . Internet Association and our member companies are as committed as ever to ensuring all Americans enjoy strong, enforceable net neutrality protections, whether it be through the courts or bipartisan legislation.”

In August, Markey, along with Rep. Anna Eshoo (D-CA), led a bicameral effort along over 100 members in Congress in filing an amicus brief in the net neutrality case being heard today, condemning the FCC’s move to repeal net neutrality.

“Both the plain language and Congressional intent behind the Telecommunications Act of 1996 make clear that today, broadband access to the internet is a telecommunications service,” Markey said in a statement. “Yet Chairman Pai and President Trump ignored the statute and Congress’s intent when the FCC reclassified broadband back to an information service and eviscerated the net neutrality rules.”

“They are on the wrong side of history, and I believe the court will find in our favor.”
https://www.theverge.com/2019/2/1/18...new-fcc-markey





How America’s Internet Connectivity Issues are Holding the Country Back
Zachary Mack

Harvard Law School professor Susan Crawford explains how America’s internet connectivity issues and corrosive infrastructure are holding the country back and how we can rally to fix it. She and Verge editor-in-chief Nilay Patel also discuss the Huawei scandal, politicians’ roles in improving broadband internet, and her new book Fiber: The Coming Tech Revolution—and Why America Might Miss It.

You can listen to their discussion about the infrastructure of America’s internet in its entirety on The Vergecast right now. Below is a lightly edited excerpt from the interview.

Nilay Patel: The last time I talked to you, I think, was like 2007. It was the height of the net neutrality battle. You had just written a book about Comcast and NBC. I remember you very distinctly saying, “Comcast should be very happy that I’ve written this book because it makes a great case for their business.” Your entire approach was that they had become a monopoly, and they were vertically integrating content. And you’re saying it’s 10, 12 years later, that business is great, and they actually don’t need to invest anymore.

Susan Crawford: In fact, their capital expenditure is down from years in the past. They’ve spent their money. They’re just going to sort of soak their network and try to increase the number of premium services that they’re charging for. They have no incentive to expand their lines. And they have no incentive to do this upgrade to fiber. What’s happening is that they are able to pick off very rich areas and cities and then leave behind poor people in those cities and completely leave behind rural areas. So we’re suffering in this country from a number of intense digital divides.

One is between rural and urban. That’s pretty well-documented. The other, also well-known, is between poor people and richer people in America. The most scary of all, really, in this era of climate change and everything else going on around the world, is that our relevance as a nation is under threat because we’ve failed to take on this issue with leadership. We just haven’t done it.

NP: So just looking at the industry right now, every telecom company is trying in fits and starts to become a contact company.

SC: Yeah.

NP: AT&T buys Time Warner, and it’s Comcast, NBC massive. I have to mention, by the way, that Comcast is an investor in Vox Media, which funds what we do here. But they don’t love me, so it’s not a big problem. I assure you, they’re not the biggest fans of me.

SC: Oh, and by the way, I have no clients or consulting arrangements, just to make that clear as well.

NP: See, you’re cleaner than me. My point is, that deal, years ago, you wrote about it and said this is a harbinger of things to come. We now live in a world where those things have come to pass at a massive scale.

SC: That’s right.

NP: But there are some failures here, just to challenge you on that. So Verizon tried to become a content company and disastrously failed in a number of ways. T-Mobile bought a TV company called Layer Three. This is the TV they’ve rolled out, and they have some partnership to do some other silly streaming thing on top of it that doesn’t seem like it’s going to go anywhere. It’s not like Sprint is doing it. It’s not like Charter and Spectrum are doing it. Why is it that these big ones are succeeding in this way, and it’s not happening as pervasively? That’s usually the pushback I get. You’re talking about Comcast, AT&T which are their own companies, but these other companies aren’t doing that thing.

SC: Look, the most important part of this story is actually the access network part. So look hard at what Verizon is up to. They have stepped back from wireline investment because their plan is for 5G to be a completely integrated and utterly controlled provider of very high premium fixed wireless services. And they’ll be able to pick and choose which services survive on their platform. That’s the whole point of 5G. All of those internet protocols that we fell in love with, they don’t function in the world of 5G.

This is a completely ad hoc-controlled thing from Verizon. It will allow them to sell smart city services, which are high premium. They’ll get a lot of money from that in metro areas. And it will allow them to pick off some wealthy people who would like their high-speed internet access connection in cities. So, in fact, Verizon does have a plan, which is to stay with wireless to really become a powerhouse in 5G in metro areas, and to, in that way, make more money from their existing assets.

NP: The amount of 5G hype that exists in this world... I just read it yesterday, and a talk I gave is a fake idea that everyone gets to put their own emotions on, like, an ink blot test.

SC: Absolutely.

NP: This was a room full of marketers that I was talking to, and they all just sort of nodded approvingly. Like “Yes, we can.” But you’re saying that 6H protocol is going to be built atop the internet infrastructure we have now and allow for more service discrimination to occur.

SC: Oh, absolutely. That’s the point. In fact, I saw a presentation in South Korea where a Korean telecom actually had on their slide “market domination,” that they’re sick of being commoditized as a dump pipe. They have other people making money from their infrastructure and 5G allows for that control.
https://www.theverge.com/2019/1/31/1...awei-vergecast





The Digital Drug: Internet Addiction Spawns U.S. Treatment Programs
Gabriella Borter

When Danny Reagan was 13, he began exhibiting signs of what doctors usually associate with drug addiction. He became agitated, secretive and withdrew from friends. He had quit baseball and Boy Scouts, and he stopped doing homework and showering.

But he was not using drugs. He was hooked on YouTube and video games, to the point where he could do nothing else. As doctors would confirm, he was addicted to his electronics.

“After I got my console, I kind of fell in love with it,” Danny, now 16 and a junior in a Cincinnati high school, said. “I liked being able to kind of shut everything out and just relax.”

Danny was different from typical plugged-in American teenagers. Psychiatrists say internet addiction, characterized by a loss of control over internet use and disregard for the consequences of it, affects up to 8 percent of Americans and is becoming more common around the world.

“We’re all mildly addicted. I think that’s obvious to see in our behavior,” said psychiatrist Kimberly Young, who has led the field of research since founding the Center for Internet Addiction in 1995. “It becomes a public health concern obviously as health is influenced by the behavior.”

Psychiatrists such as Young who have studied compulsive internet behavior for decades are now seeing more cases, prompting a wave of new treatment programs to open across the United States. Mental health centers in Florida, New Hampshire, Pennsylvania and other states are adding inpatient internet addiction treatment to their line of services.

Some skeptics view internet addiction as a false condition, contrived by teenagers who refuse to put away their smartphones, and the Reagans say they have had trouble explaining it to extended family.

Anthony Bean, a psychologist and author of a clinician’s guide to video game therapy, said that excessive gaming and internet use might indicate other mental illnesses but should not be labeled independent disorders.

“It’s kind of like pathologizing a behavior without actually understanding what’s going on,” he said.

‘REBOOT’

At first, Danny’s parents took him to doctors and made him sign contracts pledging to limit his internet use. Nothing worked, until they discovered a pioneering residential therapy center in Mason, Ohio, about 22 miles (35 km) south of Cincinnati.

The “Reboot” program at the Lindner Center for Hope offers inpatient treatment for 11 to 17-year-olds who, like Danny, have addictions including online gaming, gambling, social media, pornography and sexting, often to escape from symptoms of mental illnesses such as depression and anxiety.

Danny was diagnosed with Attention Deficit Hyperactivity Disorder at age 5 and Anxiety Disorder at 6, and doctors said he developed an internet addiction to cope with those disorders.

“Reboot” patients spend 28 days at a suburban facility equipped with 16 bedrooms, classrooms, a gym and a dining hall. They undergo diagnostic tests, psychotherapy, and learn to moderate their internet use.

Chris Tuell, clinical director of addiction services, started the program in December after seeing several cases, including Danny’s, where young people were using the internet to “self-medicate” instead of drugs and alcohol.

The internet, while not officially recognized as an addictive substance, similarly hijacks the brain’s reward system by triggering the release of pleasure-inducing chemicals and is accessible from an early age, Tuell said.

“The brain really doesn’t care what it is, whether I pour it down my throat or put it in my nose or see it with my eyes or do it with my hands,” Tuell said. “A lot of the same neurochemicals in the brain are occurring.”

Even so, recovering from internet addiction is different from other addictions because it is not about “getting sober,” Tuell said. The internet has become inevitable and essential in schools, at home and in the workplace.

“It’s always there,” Danny said, pulling out his smartphone. “I feel it in my pocket. But I’m better at ignoring it.”

IS IT A REAL DISORDER?

Medical experts have begun taking internet addiction more seriously.

Neither the World Health Organization (WHO) nor the American Psychiatric Association recognize internet addiction as a disorder. Last year, however, the WHO recognized the more specific Gaming Disorder following years of research in China, South Korea and Taiwan, where doctors have called it a public health crisis.

Some online games and console manufacturers have advised gamers against playing to excess. YouTube has created a time monitoring tool to nudge viewers to take breaks from their screens as part of its parent company Google’s “digital wellbeing” initiative.
WHO spokesman Tarik Jasarevic said internet addiction is the subject of “intensive research” and consideration for future classification. The American Psychiatric Association has labeled gaming disorder a “condition for further study.”

“Whether it’s classified or not, people are presenting with these problems,” Tuell said.

Tuell recalled one person whose addiction was so severe that the patient would defecate on himself rather than leave his electronics to use the bathroom.

Research on internet addiction may soon produce empirical results to meet medical classification standards, Tuell said, as psychologists have found evidence of a brain adaptation in teens who compulsively play games and use the internet.

“It’s not a choice, it’s an actual disorder and a disease,” said Danny. “People who joke about it not being serious enough to be super official, it hurts me personally.”

Reporting by Gabriella Borter; editing by Grant McCool
https://www.reuters.com/article/us-u...-idUSKCN1PL0AG





Special Report - Inside the UAE’s Secret Hacking Team of U.S. Mercenaries
Christopher Bing, Joel Schectman

Two weeks after leaving her position as an intelligence analyst for the U.S. National Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker for an Arab monarchy.

She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy.

Stroud and her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learnt from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies.

Stroud had been recruited by a Maryland cybersecurity contractor to help the Emiratis launch hacking operations, and for three years, she thrived in the job. But in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance.

“I am working for a foreign intelligence agency who is targeting U.S. persons,” she told Reuters. “I am officially the bad kind of spy.”

The story of Project Raven reveals how former U.S. government hackers have employed state-of-the-art cyber-espionage tools on behalf of a foreign intelligence service that spies on human rights activists, journalists and political rivals.

Interviews with nine former Raven operatives, along with a review of thousands of pages of project documents and emails, show that surveillance techniques taught by the NSA were central to the UAE’s efforts to monitor opponents. The sources interviewed by Reuters were not Emirati citizens.

The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists. Details of the Karma hack were described in a separate Reuters article today.

An NSA spokesman declined to comment on Raven. An Apple spokeswoman declined to comment. A spokeswoman for UAE’s Ministry of Foreign Affairs declined to comment. The UAE’s Embassy in Washington and a spokesman for its National Media Council did not respond to requests for comment.

The UAE has said it faces a real threat from violent extremist groups and that it is cooperating with the United States on counterterrorism efforts. Former Raven operatives say the project helped NESA break up an ISIS network within the Emirates. When an ISIS-inspired militant stabbed to death a teacher in Abu Dhabi in 2014, the operatives say, Raven spearheaded the UAE effort to assess if other attacks were imminent.

Various reports have highlighted the ongoing cyber arms race in the Middle East, as the Emirates and other nations attempt to sweep up hacking weapons and personnel faster than their rivals. The Reuters investigation is the first to reveal the existence of Project Raven, providing a rare inside account of state hacking operations usually shrouded in secrecy and denials.

The Raven story also provides new insight into the role former American cyberspies play in foreign hacking operations. Within the U.S. intelligence community, leaving to work as an operative for another country is seen by some as a betrayal. “There’s a moral obligation if you’re a former intelligence officer from becoming effectively a mercenary for a foreign government,” said Bob Anderson, who served as executive assistant director of the Federal Bureau of Investigation until 2015.

While this activity raises ethical dilemmas, U.S. national security lawyers say the laws guiding what American intelligence contractors can do abroad are murky. Though it’s illegal to share classified information, there is no specific law that bars contractors from sharing more general spycraft knowhow, such as how to bait a target with a virus-laden email.

The rules, however, are clear on hacking U.S. networks or stealing the communications of Americans. “It would be very illegal,” said Rhea Siers, former NSA deputy assistant director for policy.

The hacking of Americans was a tightly held secret even within Raven, with those operations led by Emiratis instead. Stroud’s account of the targeting of Americans was confirmed by four other former operatives and in emails reviewed by Reuters.

The FBI is now investigating whether Raven’s American staff leaked classified U.S. surveillance techniques and if they illegally targeted American computer networks, according to former Raven employees interviewed by federal law enforcement agents. Stroud said she is cooperating with that investigation. No charges have been filed and it is possible none will emerge from the inquiry. An FBI spokeswoman declined to comment.

PURPLE BRIEFING, BLACK BRIEFING

Stroud is the only former Raven operative willing to be named in this story; eight others who described their experiences would do so only on condition of anonymity. She spent a decade at the NSA, first as a military service member from 2003 to 2009 and later as a contractor in the agency for the giant technology consultant Booz Allen Hamilton from 2009 to 2014. Her speciality was hunting for vulnerabilities in the computer systems of foreign governments, such as China, and analysing what data should be stolen.

In 2013, her world changed. While stationed at NSA Hawaii, Stroud says, she made the fateful recommendation to bring a Dell technician already working in the building onto her team. That contractor was Edward Snowden.

“He’s former CIA, he’s local, he’s already cleared,” Stroud, 37, recalled. “He’s perfect!” Booz and the NSA would later approve Snowden’s transfer, providing him with even greater access to classified material.

Two months after joining Stroud’s group, Snowden fled the United States and passed on thousands of pages of top secret program files to journalists, detailing the agency’s massive data collection programs. In the maelstrom that followed, Stroud said her Booz team was vilified for unwittingly enabling the largest security breach in agency history.

“Our brand was ruined,” she said of her team.

In the wake of the scandal, Marc Baier, a former colleague at NSA Hawaii, offered her the chance to work for a contractor in Abu Dhabi called CyberPoint. In May 2014, Stroud jumped at the opportunity and left Booz Allen.

CyberPoint, a small cybersecurity contractor headquartered in Baltimore, was founded by an entrepreneur named Karl Gumtow in 2009. Its clients have included the U.S. Department of Defense, and its UAE business has gained media attention.

In an interview, Gumtow said his company was not involved in any improper actions.

Stroud had already made the switch from government employee to Booz Allen contractor, essentially performing the same NSA job at higher pay. Taking a job with CyberPoint would fulfil a lifelong dream of deploying to the Middle East and doing so at a lucrative salary. Many analysts, like Stroud, were paid more than $200,000 a year, and some managers received salaries and compensation above $400,000.

She understood her new job would involve a counterterrorism mission in cooperation with the Emiratis, a close U.S. ally in the fight against ISIS, but little else. Baier and other Raven managers assured her the project was approved by the NSA, she said. With Baier’s impressive resume, including time in an elite NSA hacking unit known as Tailored Access Operations, the pledge was convincing. Baier did not respond to multiple phone calls, text messages, emails, and messages on social media.

In the highly secretive, compartmentalized world of intelligence contracting, it isn’t unusual for recruiters to keep the mission and client from potential hires until they sign non-disclosure documents and go through a briefing process.

When Stroud was brought into the Villa for the first time, in May 2014, Raven management gave her two separate briefings, back-to-back.

In the first, known internally as the “Purple briefing,” she said she was told Raven would pursue a purely defensive mission, protecting the government of the UAE from hackers and other threats. Right after the briefing ended, she said she was told she had just received a cover story.

She then received the “Black briefing,” a copy of which was reviewed by Reuters. Raven is “the offensive, operational division of NESA and will never be acknowledged to the general public,” the Black memo says. The NESA, or National Electronic Security Authority, was the UAE’s version of the NSA.

Stroud would be part of Raven’s analysis and target-development shop, tasked with helping the government profile its enemies online, hack them and collect data. Those targets were provided by the client, NESA, now called the Signals Intelligence Agency.

The language and secrecy of the briefings closely mirrored her experience at the NSA, Stroud said, giving her a level of comfort.

The information scooped up by Raven was feeding a security apparatus that has drawn international criticism. The Emirates, a wealthy federation of seven Arab sheikhdoms with a population of 9 million, is an ally of neighbour Saudi Arabia and rival of Iran.

Like those two regional powers, the UAE has been accused of suppressing free speech, detaining dissidents and other abuses by groups such as Human Rights Watch. The UAE says it is working closely with Washington to fight extremism “beyond the battlefield” and is promoting efforts to counter the “root causes” of radical violence.

Raven’s targets eventually would include militants in Yemen, foreign adversaries such as Iran, Qatar and Turkey, and individuals who criticized the monarchy, said Stroud and eight other former Raven operatives. Their accounts were confirmed by hundreds of Raven program documents reviewed by Reuters.

Under orders from the UAE government, former operatives said, Raven would monitor social media and target people who security forces felt had insulted the government.

“Some days it was hard to swallow, like [when you target] a 16-year-old kid on Twitter,” she said. “But it’s an intelligence mission, you are an intelligence operative. I never made it personal.”

The Americans identified vulnerabilities in selected targets, developed or procured software to carry out the intrusions and assisted in monitoring them, former Raven employees said. But an Emirati operative would usually press the button on an attack. This arrangement was intended to give the Americans “plausible deniability” about the nature of the work, said former Raven members.

TARGETING ‘GYRO’ AND ‘EGRET’

Stroud discovered that the program took aim not just at terrorists and foreign government agencies, but also dissidents and human rights activists. The Emiratis categorized them as national security targets.

Following the Arab Spring protests and the ousting of Egyptian President Hosni Mubarak in 2011, Emirati security forces viewed human rights advocates as a major threat to “national stability,” records and interviews show.

One of the program’s key targets in 2012 was Rori Donaghy, according to former Raven operatives and program documents. Donaghy, then 25, was a British journalist and activist who authored articles critical of the country’s human rights record. In 2012, he wrote an opinion piece for the Guardian criticizing the UAE government’s activist crackdown and warning that, if it continued, “those in power face an uncertain future.”

Before 2012, the former operatives said, the nascent UAE intelligence-gathering operation largely relied on Emirati agents breaking into the homes of targets while they were away and physically placing spyware on computers. But as the Americans built up Raven, the remote hacking of Donaghy offered the contractors a tantalizing win they could present to the client.

Because of sensitivity over human rights violations and press freedom in the West, the operation against a journalist-activist was a gamble. “The potential risk to the UAE Government and diplomatic relations with Western powers is great if the operation can be traced back to UAE,” 2012 program documents said.

To get close to Donaghy, a Raven operative should attempt to “ingratiate himself to the target by espousing similar beliefs,” the cyber-mercenaries wrote. Donaghy would be “unable to resist an overture of this nature,” they believed.

Posing as a single human rights activist, Raven operatives emailed Donaghy asking for his help to “bring hope to those who are long suffering,” the email message said.

The operative convinced Donaghy to download software he claimed would make messages “difficult to trace.” In reality, the malware allowed the Emiratis to continuously monitor Donaghy’s email account and Internet browsing. The surveillance against Donaghy, who was given the code name Gyro, continued under Stroud and remained a top priority for the Emirates for years, Stroud said.

Donaghy eventually became aware that his email had been hacked. In 2015, after receiving another suspicious email, he contacted a security researcher at Citizen Lab, a Canadian human rights and digital privacy group, who discovered hackers had been attempting for years to breach his computer.

Reached by phone in London, Donaghy, now a graduate student pursuing Arab studies, expressed surprise he was considered a top national security target for five years. Donaghy confirmed he was targeted using the techniques described in the documents.

“I’m glad my partner is sitting here as I talk on the phone because she wouldn’t believe it,” he said. Told the hackers were American mercenaries working for the UAE, Donaghy, a British citizen, expressed surprise and disgust. “It feels like a betrayal of the alliance we have,” he said.

Stroud said her background as an intelligence operative made her comfortable with human rights targets as long as they weren’t Americans. “We’re working on behalf of this country’s government, and they have specific intelligence objectives which differ from the U.S., and understandably so,” Stroud said. “You live with it.”

Prominent Emirati activist Ahmed Mansoor, given the code name Egret, was another target, former Raven operatives say. For years, Mansoor publicly criticized the country’s war in Yemen, treatment of migrant workers and detention of political opponents.

In September 2013, Raven presented senior NESA officials with material taken from Mansoor’s computer, boasting of the successful collection of evidence against him. It contained screenshots of emails in which Mansoor discussed an upcoming demonstration in front of the UAE’s Federal Supreme Court with family members of imprisoned dissidents.

Raven told UAE security forces Mansoor had photographed a prisoner he visited in jail, against prison policy, “and then attempted to destroy the evidence on his computer,” said a Powerpoint presentation reviewed by Reuters.

Citizen Lab published research in 2016 showing that Mansoor and Donaghy were targeted by hackers — with researchers speculating that the UAE government was the most likely culprit. Concrete evidence of who was responsible, details on the use of American operatives, and first-hand accounts from the hacking team are reported here for the first time.

Mansoor was convicted in a secret trial in 2017 of damaging the country’s unity and sentenced to 10 years in jail. He is now held in solitary confinement, his health declining, a person familiar with the matter said.

Mansoor’s wife, Nadia, has lived in social isolation in Abu Dhabi. Neighbours are avoiding her out of fear security forces are watching.

They are correct. By June 2017 Raven had tapped into her mobile device and given her the code name Purple Egret, program documents reviewed by Reuters show.

To do so, Raven utilized a powerful new hacking tool called Karma, which allowed operatives to break into the iPhones of users around the world.

Karma allowed Raven to obtain emails, location, text messages and photographs from iPhones simply by uploading lists of numbers into a preconfigured system, five former project employees said. Reuters had no contact with Mansoor’s wife.

Karma was particularly potent because it did not require a target to click on any link to download malicious software. The operatives understood the hacking tool to rely on an undisclosed vulnerability in Apple’s iMessage text messaging software.

In 2016 and 2017, it would be used against hundreds of targets across the Middle East and Europe, including governments of Qatar, Yemen, Iran and Turkey, documents show. Raven used Karma to hack an iPhone used by the Emir of Qatar, Sheikh Tamim bin Hamad al-Thani, as well as the phones of close associates and his brother. The embassy of Qatar in Washington did not respond to requests for comment.

WHAT WASHINGTON KNEW

Former Raven operatives believed they were on the right side of the law because, they said, supervisors told them the mission was blessed by the U.S. government.

Although the NSA wasn’t involved in day-to-day operations, the agency approved of and was regularly briefed on Raven’s activities, they said Baier told them.

CyberPoint founder Gumtow said his company was not involved in hacking operations.

“We were not doing offensive operations. Period,” Gumtow said in a phone interview. “If someone was doing something rogue, then that’s painful for me to think they would do that under our banner.”

Instead, he said, the company trained Emiratis to defend themselves through a program with the country’s Ministry of Interior.

A review of internal Raven documents shows Gumtow’s description of the program as advising the Interior Ministry on cyber defence matches an “unclassified cover story” Raven operatives were instructed to give when asked about the project. Raven employees were told to say they worked for the Information Technology and Interoperability Office, the program document said.

Providing sensitive defence technologies or services to a foreign government generally requires special licenses from the U.S. State and Commerce Departments. Both agencies declined to comment on whether they issued such licenses to CyberPoint for its operations in the UAE. They added that human rights considerations figure into any such approvals.

But a 2014 State Department agreement with CyberPoint showed Washington understood the contractors were helping launch cyber surveillance operations for the UAE. The approval document explains CyberPoint’s contract is to work alongside NESA in the “protection of UAE sovereignty” through “collection of information from communications systems inside and outside the UAE” and “surveillance analysis.”

One section of the State Department approval states CyberPoint must receive specific approval from the NSA before giving any presentations pertaining to “computer network exploitation or attack.” Reuters identified dozens of such presentations Raven gave to NESA describing attacks against Donaghy, Mansoor and others. It’s unclear whether the NSA approved Raven’s operations against specific targets.

The agreement clearly forbade CyberPoint employees from targeting American citizens or companies. As part of the agreement, CyberPoint promised that its own staff and even Emirati personnel supporting the program “will not be used to Exploit U.S. Persons, (i.e. U.S. citizens, permanent resident aliens, or U.S. companies.)” Sharing classified U.S. information, controlled military technology, or the intelligence collection methods of U.S. agencies was also prohibited.

Gumtow declined to discuss the specifics of the agreement. “To the best of my ability and to the best of my knowledge, we did everything as requested when it came to U.S. rules and regulations,” he said. “And we provided a mechanism for people to come to me if they thought that something that was done was wrong.”

An NSA spokesman declined to comment on Project Raven.

A State Department spokesman declined to comment on the agreement but said such licenses do not authorize people to engage in human rights abuses.

By late 2015, some Raven operatives said their missions became more audacious.

For instance, instead of being asked to hack into individual users of an Islamist Internet forum, as before, the American contractors were called on to create computer viruses that would infect every person visiting a flagged site. Such wholesale collection efforts risked sweeping in the communications of American citizens, stepping over a line the operators knew well from their NSA days.

U.S. law generally forbids the NSA, CIA and other U.S. intelligence agencies from monitoring U.S. citizens.

Working together with managers, Stroud helped create a policy for what to do when Raven swept up personal data belonging to Americans. The former NSA employees were instructed to mark that material for deletion. Other Raven operatives would also be notified so the American victims could be removed from future collection.

As time went on, Stroud noticed American data flagged for removal show up again and again in Raven’s NESA-controlled data stores.

Still, she found the work exhilarating. “It was incredible because there weren’t these limitations like there was at the NSA. There wasn’t that bullshit red tape,” she said. “I feel like we did a lot of good work on counterterrorism.”

DARKMATTER AND DEPARTURES

When Raven was created in 2009, Abu Dhabi had little cyber expertise. The original idea was for Americans to develop and run the program for five to 10 years until Emirati intelligence officers were skilled enough to take over, documents show. By 2013, the American contingent at Raven numbered between a dozen and 20 members at any time, accounting for the majority of the staff.

In late 2015, the power dynamic at the Villa shifted as the UAE grew more uncomfortable with a core national security program being controlled by foreigners, former staff said. Emirati defence officials told Gumtow they wanted Project Raven to be run through a domestic company, named DarkMatter.

Raven’s American creators were given two options: Join DarkMatter or go home.

At least eight operatives left Raven during this transition period. Some said they left after feeling unsettled about the vague explanations Raven managers provided when pressed on potential surveillance against other Americans.

DarkMatter was founded in 2014 by Faisal Al Bannai, who also created Axiom, one of the largest sellers of mobile devices in the region. DarkMatter markets itself as an innovative developer of defensive cyber technology. A 2016 Intercept article reported the company assisted UAE’s security forces in surveillance efforts and was attempting to recruit foreign cyber experts.

The Emirati company of more than 650 employees publicly acknowledges its close business relationship to the UAE government, but denies involvement in state-backed hacking efforts.

Project Raven’s true purpose was kept secret from most executives at DarkMatter, former operatives said.

DarkMatter did not respond to requests for comment. Al Bannai and the company’s current chief executive, Karim Sabbagh, did not respond to interview requests. A spokeswoman for the UAE Ministry of Foreign Affairs declined to comment.

Under DarkMatter, Project Raven continued to operate in Abu Dhabi from the Villa, but pressure escalated for the program to become more aggressive.

Before long, senior NESA officers were given more control over daily functions, former Raven operatives said, often leaving American managers out of the loop. By mid-2016, the Emirates had begun making an increasing number of sections of Raven hidden from the Americans still managing day-to-day operations. Soon, an “Emirate-eyes only” designation appeared for some hacking targets.

FBI QUESTIONS

By 2016, FBI agents began approaching DarkMatter employees reentering the United States to ask about Project Raven, three former operatives said.

The FBI wanted to know: Had they been asked to spy on Americans? Did classified information on U.S. intelligence collection techniques and technologies end up in the hands of the Emiratis?

Two agents approached Stroud in 2016 at Virginia’s Dulles airport as she was returning to the UAE after a trip home. Stroud, afraid she might be under surveillance by the UAE herself, said she brushed off the FBI investigators. “I’m not telling you guys jack,” she recounted.

Stroud had been promoted and given even more access to internal Raven databases the previous year. A lead analyst, her job was to probe the accounts of potential Raven targets and learn what vulnerabilities could be used to penetrate their email or messaging systems.

Targets were listed in various categories, by country. Yemeni targets were in the “brown category,” for example. Iran was grey.

One morning in spring 2017, after she finished her own list of targets, Stroud said she began working on a backlog of other assignments intended for a NESA officer. She noticed that a passport page of an American was in the system. When Stroud emailed supervisors to complain, she was told the data had been collected by mistake and would be deleted, according to an email reviewed by Reuters.

Concerned, Stroud began searching a targeting request list usually limited to Raven’s Emirati staff, which she was still able to access because of her role as lead analyst. She saw that security forces had sought surveillance against two other Americans.

When she questioned the apparent targeting of Americans, she received a rebuke from an Emirati colleague for accessing the targeting list, the emails show. The target requests she viewed were to be processed by “certain people. You are not one of them,” the Emirati officer wrote.

Days later, Stroud said she came upon three more American names on the hidden targeting queue.

Those names were in a category she hadn’t seen before: the “white category” — for Americans. This time, she said, the occupations were listed: journalist.

“I was sick to my stomach,” she said. “It kind of hit me at that macro level realizing there was a whole category for U.S. persons on this program.”

Once more, she said she turned to manager Baier. He attempted to downplay the concern and asked her to drop the issue, she said. But he also indicated that any targeting of Americans was supposed to be done by Raven’s Emirate staff, said Stroud and two other people familiar with the discussion.

Stroud’s account of the incidents was confirmed by four other former employees and emails reviewed by Reuters.

When Stroud kept raising questions, she said, she was put on leave by superiors, her phones and passport were taken, and she was escorted from the building. Stroud said it all happened so quickly she was unable to recall the names of the three U.S. journalists or other Americans she came across in the files. “I felt like one of those national security targets,” she said. “I’m stuck in the country, I’m being surveilled, I can’t leave.”

After two months, Stroud was allowed to return to America. Soon after, she fished out the business card of the FBI agents who had confronted her at the airport.

“I don’t think Americans should be doing this to other Americans,” she told Reuters. “I’m a spy, I get that. I’m an intelligence officer, but I’m not a bad one.”

By Christopher Bing and Joel Schectman in Washington. Editing by Ronnie Greene, Jonathan Weber and Michael Williams
https://uk.reuters.com/article/uk-us...-idUKKCN1PO1A6

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

January 26th, January 19th, January 12th, January 5th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 12:42 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)