P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 03-12-14, 10:02 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - December 6th, '14

Since 2002


































"This is probably the worst corporate hack in history." – Adam Clark Estes






































December 6th, 2014




BitTorrent Goes Legit With Its First Original Web Series

Tries to change perception as an illegal downloading service
Michelle Castillo

Peer-to-peer file sharing platform BitTorrent wants to change what the public thinks it does. Instead of being associated with all the illegal TV shows, movies and illicit content it can store, the tech company wants to be seen as a provider of premium legal content.

Next fall, BitTorrent will distribute its first original Web series, Children of the Machine. The series is helmed by Marco Weber (producer of Igby Goes Down and The Thirteenth Floor) and takes place in the year 2031, in a futuristic society where androids take over and force humans to band together to survive. And, if you're interested, the only place to get it is to download it via a BitTorrent Bundle, a service that allows artists to release content directly to consumers.

"This is a science fiction show catered to the typical tech-savvy, male-dominated audience," Weber said. "We're not trying to launch a romantic comedy, so the concept of this show moved us toward BitTorrent."

Currently, BitTorrent has more than 170 million users around the world, the majority of whom are male. Over 2 million legally licensed pieces of content are available via BitTorrent, often through the Bundle program. Artists who opt into the Bundle program get 90 percent of the sales revenue, as well as data on those who downloaded their content. Tom Yorke released his album Tomorrow's Modern Boxes, and electronic music superstar Diplo dropped Mad Descent Block Party and F10rida through this program.

Weber said he chose to release his show with BitTorrent because the site's users are his target demographic, which means a built-in audience for him and his future advertisers. The pilot and an ad-supported version of Children of the Machine will be made available for free download, but those who want to skip ads can pay $4.95 for the eight-episode season or $9.95 for bonus content. Six weeks after the pilot is released, the show will be available all at once, much like the Netflix model. The show has not signed any ad deals yet, but it's in talks with technology industry companies.

"If you put a commercial in a TV pilot, you don't get the audience as focused as you get on BitTorrent," Weber explained.

BitTorrent PR manager Kevin Fu explained that at its core, the company allows computers to talk to each other and move large data files. While that data can include information from Facebook, Amazon and Blizzard Entertainment, it can also include pirated content from platforms like The Pirate Bay. The very name "BitTorrent" has become linked with illegal downloads, but the company wants to fix that.

"We haven't done a great job over time of owning that brand name," Fu explained. "It's something that we’re working on changing."
http://www.adweek.com/news/technolog...-series-161652





Why My Book Can be Downloaded for Free
Mark Dominus

People are frequently surprised that my book, Higher-Order Perl, is available as a free download from my web site. They ask if it spoiled my sales, or if it was hard to convince the publisher. No and no.

I sent the HOP proposal to five publishers, expecting that two or three would turn it down, and that I would pick from the remaining two or three, but somewhat to my dismay, all five offered to publish it, and I had to decide who.

One of the five publishers was Morgan Kaufmann. I had never heard of Morgan Kaufmann, but one day around 2002 I was reading the web site of Philip Greenspun. Greenspun was incredibly grouchy. He found fault with everything. But he had nothing but praise for Morgan Kaufmann. I thought that if Morgan Kaufmann had pleased Greenspun, who was nearly impossible to please, then they must be really good, so I sent them the proposal. (They eventually published the book, and did a superb job; I have never regretted choosing them.)

But not only Morgan Kaufmann but four other publishers had offered to publish the book. So I asked a number of people for advice. I happened to be in London one week and Greenspun was giving a talk there, which I went to see. After the talk I introduced myself and asked for his advice about picking the publisher.

Greenspun reiterated his support for Morgan Kaufmann, but added that the publisher was not important. Instead, he said, I should make sure to negotiate permission to make the book available for free on my web site. He told me that compared with the effort that you put into the book, the money you get back is insignificant. So if you write a book it should not be because you want to make a lot of money from it but because you have an idea that you want to present to the world. And as an author, you owe it to yourself to get your idea in front of as many people as possible. By putting the book in your web site, you make it available to many people who would not otherwise have access to it: poor people, high school students, people in developing countries, and so on.

I thought that Greenspun's idea made sense; I wanted my ideas about programming to get to as many people as possible. Also, demanding that I make the book available on my web site for free seemed like a good way to narrow down the five publishers to two or three.

The first part of that plan worked out well. The second part not so well: all five publishers agreed. Some agreed reluctantly and some agreed willingly, but they all agreed. Eventually I had the book published by Morgan Kaufmann, and after a delay that seemed long at the time but in retrospect seems not so long, I put the book on my web site. It has been downloaded many times. (It's hard to say how many, since browsers often download just the portion of the PDF file that they need to display.)

Would the book have made more money if it were not available as a free download? We can't know for sure, but I don't think so. The book has always sold well, and has made a significant amount of money for me and for Morgan Kaufmann. The amount I made is small compared to the amount of work I had to put in, just as Greenspun said, but it was nothing to sneeze at either. Even now, ten years later, it is still selling and I still get a royalty check every six months. For my book to have lasted ten years is extremely rare. Most computer books disappear without a trace after six months.

Part of this is that it's an unusually good book. But I think the longevity is partly because it is available as a free download. Imagine that person A asks a question on an Internet forum, and person B says that HOP has a section that could help with the question. If B wants to follow up, they now must find a copy of HOP. If the book is out of print, this can be difficult. It may not be in the library; it almost certainly isn't in the bookstore. Used copies may be available, but you have to order them and have them shipped, and if you don't like it once it arrives, you are stuck with it. The barrier is just too high to be convenient. But since HOP is available on my web site, A can include a link, or B can find it with an easy web search. The barrier is gone! And now I have another reader who might mention it to someone else, and they might even buy a copy. Instead of drifting away into obscurity, HOP is a book that people can recommend over and over.

So my conclusion is, Greenspun's advice was exactly correct. As an author, you owe it to yourself to make your book available to as many people as possible. And the publisher may agree, so be sure to ask.

[ Addendum: Some people are just getting the news, but the book was published in 2005, and has been available as a free download since 2008. ]
http://blog.plover.com/2014/12/01/





Windows 10: Build 9888 Reportedly Leaks Onto File Sharing Sites
Andy Weir

Last week, a video was published revealing details of a new build of Windows 10. Today, it seems that that build has now leaked completely, and is being shared online.

Screenshots of the build have been posted to MDL forums.

WinBeta reports that build 9888 is now appearing on various unnamed file-sharing sites. The new build is not intended for public consumption, and will not be supported by Microsoft, so we don't recommend installing it - indeed, it is possible that Microsoft may not offer a direct upgrade path from 9888 to future public builds of the Windows 10 Technical Preview, so if you do decide to install it, you'll be doing so entirely at your own risk.

Among the new features in build 9888 are new animations, better organized context menus and a new default applications for settings.

The most recent official build of the Windows 10 Technical Preview, made available via the Windows Insider program, is build 9879, which was released last month. A new public build is not expected to arrive until next year.
http://www.neowin.net/news/windows-1...-sharing-sites





Senator Pressures Visa, MasterCard To Stop Serving File-Sharing Sites
Kate Cox

File-sharing and copyright infringement have been a bugaboo among lawmakers since internet speeds got fast enough to swap music in the late 1990s. No tactic so far has actually yet stopped audiences from swapping music and movies among themselves, and while some sites and services have been shuttered, another two or three are always ready to pop up. So now a lawmaker is trying a new strategy: appealing to the middlemen who actually move the money.

This week, Senator Patrick Leahy of Vermont (chair of the Senate Judiciary Committee) sent letters to the heads of both Visa and Mastercard asking them to pull service from a set of 30 “cyberlocker” cites. His list of targeted sites comes from a report issued recently from NetNames and the Digital Citizens Alliance, a group that creates and publishes reports about the nature and volume of online crimes.

“Cyberlockers” are just cloud-storage file hosting services. But unlike workplace-friendly names like DropBox, they’re the ones with a less, shall we say, savory reputation.

“Unlike lawful cloud storage services,” Leahy writes, cyberlockers “exist to unlawfully store and disseminate infringing files around the world.” Basically, they’re where you get and store your shared music, movies, TV, and other media of a not-legally-purchased nature.

“The cyberlockers listed in the report bear clear red flags of having no legitimate purpose or activity,” Leahy continues. Although the report doesn’t find that all of the traffic to the sites it cites is illegal, it did find a very high amount to be. Roughly 80% of the files the survey looked at across the 30 named services infringed copyright in some way. (Including, the report mentions as an aside, the 13% of content that was pornographic.)

The 30 services that the NetNames report looked at all provide “premium” subscription-level service, and those services can be paid for with a credit card. This is where Visa and Mastercard come in. The theory goes like this: if file-hosting sites can’t process payments, they don’t make a profit and can’t keep the lights and servers on.

No profit, no motivation. And if they can’t keep the lights and servers on, then they stop being. And when they stop being, sharing of copyrighted material stops. Confetti ensues.

Visa and MasterCard do prohibit their cards being used for unlawful purposes. Leahy, in his letters, reminds executives of both companies that their predecessors testified to as much before the Senate in 2006.

Since the sites exist for unlawful activity, Leahy’s argument goes, and since Visa and MasterCard don’t support unlawful activity, Visa and Mastercard are both therefore strongly urged to “revisit their policies” and to “ensure that payment processing services offered by [Visa and Mastercard] to those sites, or any others dedicated to infringing activity, cease.”

Leahy has a long history of involvement with copyright protection issues. As TorrentFreak notes, he was the lead sponsor of PIPA — one of the two bills that generated an internet-wide protest — back in 2012.
http://consumerist.com/2014/11/26/se...sharing-sites/





French Court Orders Internet Providers to Block Access to The Pirate Bay
Scott Roxborough

A French anti-piracy group, backed by the music majors, pushed for the file-sharing site to be banned online

France has become the latest country to block The Pirate Bay.

A court in Paris has ordered French Internet service providers to block access to the notorious file-sharing site, ruling in favor of collection society and anti-piracy group SCPP, which brought the legal action before the courts earlier this year.

The group — representing some 2,000 music labels, including the majors Warner, Universal and Sony — succeeded in their goal of getting an injunction forcing French ISPs to take "all necessary measures" to render The Pirate Bay inaccessible to users in the country.

The injunction requires French service providers to block both direct access to The Pirate Bay as well as access to all "its proxy and mirror sites."

The legal action follows a similar move in the U.K., which also requires all major ISPs to block access to most torrent sites, including The Pirate Bay.

Music labels and the Hollywood studios claim The Pirate Bay is responsible for facilitating massive piracy by allowing its users to share audio and video files online. The site's founders have all been convicted of copyright violation charges in Sweden. One, Gottfrid Svartholm Warg, was recently sentenced by a court in Denmark to a three-and-a-half year prison term on separate charges of computer-hacking and illegally downloading files.

Following the hack of Sony Picture's computers, screener copies of several new Sony films, including Fury and Annie, turned up on The Pirate Bay and other sites worldwide.
http://www.hollywoodreporter.com/new...oviders-754135





Kim Dotcom Beats US Bid to Get Him Thrown Back in Jail

New Zealand judge finds Megaupload founder did not violate bail conditions.
Cyrus Farivar

Kim Dotcom has successfully fended off an American government bid to put in him back in a New Zealand jail for allegedly violating his bail.

"That was a good win today, but also another attempt by the US government to get my liberty removed—it’s unbelievable," Dotcom told Ars by phone late Sunday night.

It’s been nearly three years since New Zealand authorities raided Kim Dotcom’s mansion, complete with two helicopters, as part of the American-led global shutdown of his Hong Kong-based file sharing company, Megaupload. Dotcom still faces American criminal charges of copyright infringement, online piracy, and money laundering charges, a civil case brought in April 2014 by the Motion Picture Association of America (MPAA), and more recently, a July 2014 civil forfeiture case. Dotcom and his lawyers have relentlessly fought back in multiple jurisdictions.

The Department of Justice did not immediately respond to Ars’ request for comment.

Auckland District Court Judge Nevin Dawson restored the prior conditions of Dotcom’s "free on bail" status, which requires him to check in with local police twice per week. But the judge also imposed new restrictions on Dotcom’s movements: he cannot travel by air or boat charter, only by commercial or public transit.

Last week, New Zealand authorities, working on behalf of American prosecutors pushing Dotcom’s criminal copyright case, claimed that the Megaupload founder "has breached bail conditions by having indirect contact with one of his accused; that he is a flight risk because he has the money to skip the country; and that he has been dishonest about his finances by trying to sell a NZ$500,000 Rolls Royce in London."

According to Radio New Zealand, Judge Dawson ruled from the bench on Monday (Sunday in the United States) that "the court did not accept Mr. Dotcom had hidden money and it would be inappropriate to revoke bail."

Ira Rothken, Dotcom’s California-based attorney, told Ars via text message that he was "pleased" with the result.

"This is what happens when prosecutors just want to win rather than do justice," he wrote. "We expect a similar result at the extradition hearing when the Court learns that the prosecutors made up the law of criminal secondary copyright infringement."

Dotcom told Ars that he has been perfect for over two years in meeting his bail conditions by reporting to a local police office twice per week, about a 10 minute drive away.

"I have not missed one date—I’m not even driving my own cars to make sure I'm not speeding," he said. "I’ve been exemplary for fulfilling my bail conditions. [The officers at that station] are all my friends over there. I know them all by name. They pull out a report card. I sign with my signature and I wish them a good week and then I drive back home. It takes five minutes and that’s it."

The never-ending story

Dotcom has had some intermediate victories in the last 2.5 years. Since 2012, a New Zealand judge had ruled that the initial warrants to search his home were illegal, which was then overturned in February 2014 on appeal—that issue is now pending before the New Zealand Supreme Court.

New Zealand’s Government Communications Security Bureau (GCSB), analogous to the National Security Agency in the United States, was also found to have spied on Dotcom (a German national with permanent residency status in New Zealand) before the January 2012 raid on his mansion.

As we reported in 2012, because Dotcom had obtained permanent resident status, he did not qualify as a foreigner under a version of the GCSB law at the time, and therefore should not have been subjected to GCSB surveillance. But the agency evidently misunderstood the law or failed to verify Dotcom's immigration status.

US authorities attempted to seize Dotcom’s assets under civil forfeiture back in July 2014—Dotcom’s lawyers attempted to have that case (which is separate from the criminal case) stayed until the criminal case is resolved. The judge in the civil forfeiture case has yet to rule on the motion to stay the case. Rothken argues that because Dotcom has never been to the US, he can’t possibly be a fugitive.

The extensive list of seized assets includes millions of dollars in various seized bank accounts in Hong Kong and New Zealand, multiple cars, four jet skis, the Coatesville mansion, several cars, two 180-inch TVs, three 82-inch TVs, a $10,000 watch, and a photograph by Olaf Mueller worth over $100,000.

Since then, Dotcom has been vociferously fighting being sent to the United States—his oft-delayed extradition hearing has been postponed yet again, until June 2015.

In November 2014, the case against Dotcom and his co-defendants heated up as United States federal prosecutors asked a court to transfer ownership of his seized assets (which remain in New Zealand government custody) to the United States government on "doctrine of fugitive disentitlement." If the court agrees, and Dotcom and the others are declared fugitives, then they can have no claim on the assets that have already been seized.

American authorities want the US federal court in Virginia to move quickly. As they recently told the court in a filing:

In addition, a delay in this case could jeopardize forfeiture of the assets if foreign governments proceed to release the currently restrained assets despite the United States’ requests to continue restraint. For assets located in New Zealand, at least, the restraint sought based upon the order of this Court cannot, by statute, be extended beyond April 18, 2015. The initial hearing for the New Zealand defendants’ extradition eligibility is now scheduled for June 2, 2015, which is long after those restraints will have been lifted.

Dotcom told Ars that about 18 months ago he was offered an "unofficial" plea deal through the solicitor general of New Zealand.

"The suggestion was made that this could all go away if I was willing to accept a New Zealand-based copyright charge," he added. "That if I admit some liability, that was the proposal—at that time we were winning in court, the unlawful search, and found out that the government was spying on me illegally, and I didn’t feel that I wanted to accept any liability because I haven’t done anything criminal and I told them to go away. I said I’m not interested."

“They know they will lose”

In an hour-long phone call with Ars, Dotcom claimed that American authorities were trying to essentially bleed him dry financially so that he could not mount a proper legal defense, and he again denied criminal wrongdoing.

"The US has been gaming the system from Day 1, trying to make sure that I’m running out of steam and out of funds, and they’re working with the [Recording Industry Association of America] and the MPAA," he said.

He said that his offer to come to the US to defend himself if his seized assets were unfrozen just so he could pay legal fees still stands.

"The lawyers of the MPAA have taken control of [my Mega shares]," he said, referring to the new cloud storage company he founded in the wake of the shattering of Megaupload. Dotcom has reportedly made $40 million through selling shares of two companies that he founded: Mega and Baboom, a music site. (Dotcom cut ties with Baboom in October 2014.)

He recently transferred remaining shares to a trust controlled by his estranged wife and five children as a way to shield them from being frozen or seized by the MPAA. But that had a secondary effect, which made it much harder for him to sell those shares, which provided a necessary source of income to pay his New Zealand legal team.

"That has led to my New Zealand legal team resigning [in November 2014]," he added. "They didn’t see a quick route for that to be returned—the moment that happened that was when the US moved in for the kill [and asked the court restore my bail conditions]. They are not interested in a fair extradition, or the merits of the case, because they know they will lose. Copyright is not extraditable under New Zealand law. They can only extradite under racketeering. They have nothing of these communications [to show] that there was any conspiracy to commit copyright infringement, and they allege that Megaupload was used only for the purpose for copyright infringement. They want to run me out of money."

Dotcom said that already he has paid "over $10 million in legal fees around the world, with the majority of that in New Zealand." His chief global counsel, Ira Rothken, who is based in California and flies to New Zealand every six weeks, has yet to be paid.

"There are some lawyers that are owed large sums of money, and the only way I was able to pay was to share Mega shares to interested buyers and using what the trust gained with that and now they have been restrained so that route is not available anymore," Dotcom continued.

"Now [the MPAA is] forcing me to go back to the High Court in New Zealand and to the courts in Hong Kong and let them know that the legitimate new assets that I have created are now restrained, and therefore I have to ask the courts to release funds from the assets that were seized in 2012, and that’s what's going to happen in the next few weeks. They have basically taken any chance from me to have any liquidity to have the Mega and Baboom shares. That’s their strategy. They wanted to make sure that I don’t have liquidity and that I don’t have lawyers."

Still, in the coming weeks, Dotcom and his Hong Kong-based legal team expect a judicial ruling to determine whether the shuttering of Megaupload in Hong Kong was improper. If so, then Dotcom could sue local authorities for millions in damages.
http://arstechnica.com/tech-policy/2...-back-in-jail/





Hackers Pirate Sony Films and Leak Studio Salaries
Brooks Barnes and Nicole Perlroth

Just as Sony Pictures Entertainment appeared to be recovering from a crippling online attack last month, the studio found itself confronting new perils on Tuesday. The Federal Bureau of Investigation warned United States businesses of a similar threat, and additional Sony secrets were leaked online.

Sony, the studio behind “The Amazing Spider-Man” films and the “Breaking Bad” television series, restarted many of its computer systems on Monday after a Nov. 24 breach by a group calling itself #GOP, for Guardians of Peace. Executives at the entertainment company said they were also making progress in fighting the apparently related Internet pirating of five complete films, including the unreleased “Annie.”

But Sony was newly rattled by the leak of internal documents, one of which contained the pre-bonus annual salaries of senior executives, showing 17 who earn more than $1 million a year. The documents were published late Monday on Pastebin, the anonymous Internet posting site.

The breach exposed two things the secretive movie industry is extremely sensitive about — the piracy of films and details about executive compensation — and sent a ripple of dread across Hollywood to Washington.

Although large attacks on companies are increasingly common, this one has played out like one of Sony’s own thrillers, with macabre images on computer screens of studio executives’ severed heads and theories that the attack could be retribution from North Korea for a coming Sony comedy about an assassination attempt on that country’s leader, Kim Jong-un.

Tom Kellermann, chief cybersecurity officer at Trend Micro, the private security firm, said that unlike stealth attacks from China and Russia, Sony’s hackers not only aimed to steal data, but also to send a clear message. “This was like a home invasion where after taking the family jewels the hackers set the house ablaze,” he said.

The attack at Sony comes as major American companies and government agencies are still reeling from online security threats. Breaches at major retailers like Target, Home Depot and Staples were only the beginning. Over the last year, the White House, the State Department, the nation’s largest bank, energy companies, even the Postal Service, were all breached by attackers who have yet to be identified or apprehended.

But the Sony attack, and new details about a spate of coordinated cyberattacks from Iran that emerged on Tuesday, have security experts and law enforcement authorities rattled, worried that Sony’s difficulties may be a harbinger of many more to come.

“In 2015 hackers will destroy systems not just for activism, but also for counter-incident response,” said Mr. Kellermann, suggesting that it would be more difficult for security firms and companies to investigate, respond and recover from cyberattacks.

The F.B.I. issued a private bulletin late Monday to a wide range of companies about a malicious software threat that wipes data from computers beyond the point of recovery.

The agency did not name the companies attacked, or say whether the bulletin was linked to the Sony attack, but the description mirrored the findings at Sony. The F.B.I. on Monday confirmed that it was working with the company to investigate the attack.

Joshua Campbell, an F.B.I. spokesman, said on Tuesday that the agency’s “flash” warning, first reported by Reuters, was a routine advisory intended to “help systems administrators guard against the actions of persistent cybercriminals.”

Two people with knowledge of the advisory’s contents said the bulletin warned companies of malware that could destroy data on their hard drives and prevent computers from rebooting. The malware overwrites data in such a way that it can be nearly impossible to recover using standard means.

Sony declined to comment on Tuesday beyond its previously released statements. “The company has restored a number of important services to ensure ongoing business continuity and is working closely with law enforcement officials to investigate the matter,” one statement read. Sony is notably dealing with the breach and its aftermath without a public relations chief, having dismissed its top corporate communications executive the week before the attack occurred.

To restore its computer systems, Sony’s movie and television divisions — a large music unit was not affected — hired the Mandiant division of FireEye, one of the larger online security firms.

With Mandiant’s help, business on Monday largely returned to normal at the studio, according to employees who spoke on the condition of anonymity. A previously scheduled town hall gathering to welcome a new movie marketing and distribution executive went forward as planned. The usual trade news trickled out — a casting announcement here, an international television deal there.

Inside Sony’s offices on Tuesday the mood was subdued but far from panicked, according to several employees, who said the attack had led to an unusually high degree of camaraderie. But they remained nervous about the breach of personal data and the possibility of identity theft.

On Pastebin, hackers released on Monday evening what they said were “tens of terabytes” worth of internal Sony data. The post — titled “Gift of G.O.P.” — included links to various archives that appeared to contain Sony employees’ passwords, Social Security numbers, salaries and performance reviews. (The password to open many of the files was “diespe123” (presumably an abridgment of “Die Sony Pictures Entertainment”). The studio has offered to enroll employees in a fraud protection program.

“The problem is that every time there is another leak, people clench up all over again,” said one executive in Sony’s home entertainment division.

On Nov. 24, just as Sony employees were settling into their work day, the hacking group took over many of the studio’s internal systems. Some screens included images of a menacing red skeleton with the warning, “If you don’t obey us, we’ll release data shown below to the world.”

What Sony was to obey was not specified and, aside from the pirated films, no corporate data was leaked — until the salary information showed up, along with Social Security numbers, marketing plans, financial information and even the script to an in-house recruiting video, posted to Pastebin Monday evening. The information has since been pulled from the site.

The hackers also took over certain Twitter feeds for Sony films. For instance, an account for “Starship Troopers,” a science fiction series, was hacked to say, “You, the criminals including Michael Lynton will surely go to hell. Nobody can help you.” Mr. Lynton is chief executive of Sony Pictures.

The intrusion prompted Sony technicians to shut down the studio’s computer systems, leaving employees without email, the Internet or voice mail. Movie and television production continued, in part because the studio operates a separate, more secure system for processing video.

Why Sony? Although the studio is exploring multiple explanations, one theory involves North Korea. This Christmas, Sony plans to release “The Interview,” an R-rated comedy about two American journalists who are recruited by the Central Intelligence Agency to kill Mr. Kim. A spokesman for North Korea’s Foreign Ministry called the film — apparently after seeing a trailer — “the most undisguised terrorism and a war action.”

The spokesman added that the film would invite “a strong and merciless countermeasure.”

The destructive attack at Sony mirrors similar attacks last year on computers inside South Korea that paralyzed the computer networks at three major South Korean banks and two of the country’s largest broadcasters. Those attacks were traced back to computer addresses inside China, though many suspected that hackers inside China were working on behalf of North Korea, retaliating against South Korea for conducting military exercises with the United States, and for supporting recent American-led sanctions against the north.

Regardless, Sony is moving ahead with the release of the comedy. Seth Rogen, who stars in the movie, on Tuesday began a round of long-scheduled publicity interviews.
http://www.nytimes.com/2014/12/03/bu...f-hackers.html





Sony Looks for Possible North Korea Link in Hacking Incident – Report

Sony Pictures Entertainment is investigating to determine if hackers working on behalf of North Korea might be responsible for a cyber attack that knocked out the studio's computer network earlier this week, the technology news site Re/code reported.

The attack occurred a month before Sony Pictures, a unit of Sony Corp 6758.T, is to release "The Interview." The movie is a comedy about two journalists who are recruited by the CIA to assassinate North Korean leader Kim Jong Un. The Pyongyang government denounced the film as "undisguised sponsoring of terrorism, as well as an act of war" in a letter to U.N. Secretary-General Ban Ki-moon in June.

Representatives of the North Korean mission to the United Nations could not immediately be reached for comment on Saturday.

Sony Pictures' computer system went down on Monday. Before screens went dark, they displayed a red skull and the phrase "Hacked By #GOP," which reportedly stands for Guardians of Peace, the Los Angeles Times said.

The hackers also warned they would release "secrets" stolen from the Sony servers, the Times reported.

Re/code said in a report late Friday that Sony and security consultants were investigating the possibility that someone acting on behalf of North Korea, possibly from China, was responsible. Re/code said a link to North Korea had not been confirmed but it had not been ruled out.

A source familiar with the matter told Reuters that Sony Pictures was investigating every possibility, adding no link to North Korea has been uncovered.

Sony acknowledged the computer outage in a statement on Tuesday. Emails to Sony were bouncing back on Saturday with a message asking senders to contact employees by telephone because its email system was "experiencing a disruption."

"The Interview," scheduled for release in the United States on Dec. 25, stars James Franco as the host of a tabloid television show that is enjoyed by Kim, and Seth Rogen as the show's producer. When they are granted a rare interview with Kim, the CIA wants to turn them into assassins.

KCNA, the official news agency in isolationist North Korea, quoted a Foreign Ministry spokesman in June as promising a "merciless counter-measure" if the film is released. The government also wrote to U.S. President Barack Obama asking him to stop it, the Voice of America reported.

(Reporting by Ron Grover, Michelle Nichols and Jim Finkle; Writing by Bill Trott; Editing by Frances Kerry)
http://uk.reuters.com/article/2014/1...0JD0K820141129





100 TB of Terror

Sony Pictures Hack Was Even Worse Than Everyone Thought
Adam Clark Estes

It's time to take a moment of silence for Sony Pictures, because more startling revelations about leaked information just came out and employees are starting to panic. BuzzFeed raked through some 40 gigabytes of data and found everything from medical records to unreleased scripts. This is probably the worst corporate hack in history.

We already knew that the Sony Pictures hack was bad, but this is just absurd. BuzzFeed's discoveries include documents detailing "employee criminal background checks, salary negotiations, and doctors' letters explaining the medical rationale for leaves of absence." They also include "the script for an unreleased pilot written by Breaking Bad creator Vince Gilligan to the results of sales meetings with local TV executives." Better call Saul.

Meanwhile, Fusion's Kevin Roose is reporting on what exactly happened at Sony Pictures when the hack went down. The hack was evidently so extensive that even the company gym had to shut down. And once the hackers started releasing the data, people started "freaking out," one employee said. That saddest part about all of this is that the very worst is probably still to come. Hackers say they stole 100 terabytes of data in total. If only 40 gigabytes contained all of this damning information, just imagine what 100 terabytes contains.
http://gizmodo.com/the-sony-pictures...666122168/+ace





Exclusive: FBI Warns of 'Destructive' Malware in Wake of Sony Attack
Jim Finkle

The Federal Bureau of Investigation warned U.S. businesses that hackers have used malicious software to launch a destructive cyberattack in the United States, following a devastating breach last week at Sony Pictures Entertainment.

Cybersecurity experts said the malicious software described in the alert appeared to describe the one that affected Sony, which would mark first major destructive cyber attack waged against a company on U.S. soil. Such attacks have been launched in Asia and the Middle East, but none have been reported in the United States. The FBI report did not say how many companies had been victims of destructive attacks.

"I believe the coordinated cyberattack with destructive payloads against a corporation in the U.S. represents a watershed event," said Tom Kellermann, chief cybersecurity officer with security software maker Trend Micro Inc. "Geopolitics now serve as harbingers for destructive cyberattacks."

The five-page, confidential "flash" FBI warning issued to businesses late on Monday provided some technical details about the malicious software used in the attack. It provided advice on how to respond to the malware and asked businesses to contact the FBI if they identified similar malware.

The report said the malware overrides all data on hard drives of computers, including the master boot record, which prevents them from booting up.

"The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," the report said.

The document was sent to security staff at some U.S. companies in an email that asked them not to share the information.

The FBI released the document in the wake of last Monday's unprecedented attack on Sony Pictures Entertainment, which brought corporate email down for a week and crippled other systems as the company prepares to release several highly anticipated films during the crucial holiday film season.

A Sony spokeswoman said the company had “restored a number of important services” and was “working closely with law enforcement officials to investigate the matter.”

She declined to comment on the FBI warning.

The FBI said it is investigating the attack with help from the Department of Homeland Security. Sony has hired FireEye Inc's (FEYE.O) Mandiant incident response team to help clean up after the attack, a move that experts say indicates the severity of the breach.

While the FBI report did not name the victim of the destructive attack in its bulletin, two cybersecurity experts who reviewed the document said it was clearly referring to the breach at the California-based unit of Sony Corp (6758.T).

"This correlates with information about that many of us in the security industry have been tracking," said one of the people who reviewed the document. "It looks exactly like information from the Sony attack."

FBI spokesman Joshua Campbell declined comment when asked if the software had been used against the California-based unit of Sony Corp, although he confirmed that the agency had issued the confidential "flash" warning, which Reuters independently obtained.

"The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations," he said. "This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals."

The FBI typically does not identify victims of attacks in those reports.

Hackers used malware similar to that described in the FBI report to launch attacks on businesses in highly destructive attacks in South Korea and the Middle East, including one against oil producer Saudi Aramco that knocked out some 30,000 computers. Those attacks are widely believed to have been launched by hackers working on behalf of the governments of North Korea and Iran.

Security experts said that repairing the computers requires technicians to manually either replace the hard drives on each computer, or re-image them, a time-consuming and expensive process.

Monday's FBI report said the attackers were "unknown."

Yet the technology news site Re/code reported that Sony was investigating to determine whether hackers working on behalf of North Korea were responsible for the attack as retribution for the company's backing of the film "The Interview."

The movie, which is due to be released in the United States and Canada on Dec. 25, is a comedy about two journalists recruited by the CIA to assassinate North Korean leader Kim Jong Un. The Pyongyang government denounced the film as "undisguised sponsoring of terrorism, as well as an act of war" in a letter to U.N. Secretary-General Ban Ki-moon in June.

The technical section of the FBI report said some of the software used by the hackers had been compiled in Korean, but it did not discuss any possible connection to North Korea.

(Reporting by Jim Finkle. Additional reporting by Lisa Richwine; Editing by Ken Wills)
http://www.reuters.com/article/2014/...0JF3FE20141202





Hackers With Apparent Investment Banking Background Target Biotech
Nicole Perlroth

For more than a year, a group of cybercriminals has been pilfering email correspondence from more than 100 organizations — the vast majority publicly traded health care or pharmaceutical companies — in apparent pursuit of information significant enough to affect global financial markets.

The group’s activities, detailed in a report released Monday morning by FireEye, the Silicon Valley security company, shed light on a new breed of criminals intent on using their hacking skills to gain a market edge in the pharmaceutical industry, where news of clinical trials, regulatory decisions or safety or legal issues can affect a company’s stock price.

Starting in mid-2013, FireEye began responding to intrusions at publicly traded companies — two-thirds of them, it said, in the health care and pharmaceutical sector — as well as advisory firms, such as investment banking offices or companies that provide legal or compliance services.

The attackers, whom FireEye named “Fin4” because of their focus on the financial sector, appear to be native English speakers, based in North America or Western Europe, who are well-versed in the Wall Street vernacular. Their email lures are precisely tailored toward each victim, written in flawless English and carefully worded to sound as if they were sent by someone with an extensive background in investment banking and with knowledge of the terms those in the industry employ.

Different groups of victims — frequently including top-level executives; legal counsel; regulatory, risk and compliance officers; researchers; and scientists — are sent different emails. Some senior executives have been duped into clicking on links sent from the accounts of longtime clients, in which the supposed client reveals that they found an employee’s negative comments about the executive in an investment forum.

In other cases, attackers have used confidential company documents, which they had previously stolen, as aids in their deception. In some incidents, the attackers have simply embedded generic investment reports in their emails.

In each case, the links or attachments redirect their victim to a fake email login page, designed to steal the victim’s credentials, so that the attacker can log into and read the contents of their emails.

The Fin4 attackers maintain a light footprint. Unlike other well-documented attacks originating in China or Russia, the attackers do not use malware to crawl further and further into an organization’s computer servers and infrastructure. They simply read a person’s emails, and set rules for the infiltrated inboxes to automatically delete any email that contains words such as “hacked,” “phished,” or “malware,” to increase the time before their victims learn their accounts have been compromised.

“Given the types of people they are targeting, they don’t need to go into the environment; the senior roles they target have enough juicy information in their inbox,” said Jen Weedon, a FireEye threat intelligence manager. “They are after information protected by attorney-client privilege, safety reports, internal documents about investigations and audits.”

Because the attackers do not deploy malware, and communicate in correct English, they can be tricky to track. Ms. Weedon said FireEye first began responding to Fin4 attacks in mid-2013 but did not put together its findings until five months ago, when a few of its analysts concluded the attacks did not appear to be the work of familiar attackers in Russia or China, and warranted further investigation.

FireEye would not name the victims, citing nondisclosure agreements with its clients, but said that all but three of the affected organizations are publicly listed on the New York Stock Exchange or Nasdaq, while the others are listed on exchanges outside the United States.

Half of these companies fall into the biotechnology sector; 13 percent sell medical devices; 12 percent sell medical instruments and equipment; 10 percent manufacture drugs; and a small minority of targets include medical diagnostics and research organizations, health care providers and organizations that offer health care planning services.

FireEye said it had notified the victims, as well as the Federal Bureau of Investigation, but did not know whether other organizations like the Securities and Exchange Commission were investigating.

Representatives of the F.B.I. declined to comment. Representatives of the S.E.C. did not respond to requests for comment.

Ms. Weedon said that FireEye had not had time to assess the effects of the breaches to see whether the attackers had benefited financially.

In each case, attackers logged into their victim’s email accounts using Tor, the anonymity software that routes web traffic through Internet Protocol addresses around the globe, which can make it difficult, but not impossible, to trace their origins. Last month, the F.B.I. seized dozens of criminal websites operating on the Tor network, in the largest operation of its kind.

“We don’t have specific attribution but we feel strongly this is the work of Americans or Western Europeans who have worked in the investment banking industry here in the United States,” Ms. Weedon said. “But it’s hard because we don’t have pictures of guys at their keyboards, just that they are native English speakers who can inject themselves seamlessly into email threads.”

Ms. Weedon added, “If it’s not an American, it is someone who has been involved in the investment banking community and knows its colloquialisms really well.”
http://www.nytimes.com/2014/12/02/te...companies.html





Apple Faces Trial in Decade-Old iTunes DRM Lawsuit

Plaintiffs complain that Apple married iTunes music with iPod players, and they want $350 million in damages
Grant Gross

The past is coming back to haunt Apple, as a nearly 10-year-old class-action antitrust lawsuit accusing the company of trying to monopolize online music distribution is headed to trial.

The Apple iPod iTunes antitrust litigation accuses Apple of violating U.S. and California antitrust law by restricting music purchased on iTunes from being played on devices other than iPods and by not allowing iPods to play music purchased on other digital music services.

Late Apple founder Steve Jobs will reportedly appear via a videotaped statement during the trial, scheduled to begin Tuesday morning in U.S. District Court for the Northern District of California.

Plaintiffs are seeking about US$350 million in the case. Lawyers for both sides have filed dozens of trial documents over the past decade, with the court refusing to dismiss the case against Apple, but throwing out some of the original claims in a 2005 complaint. In October, Judge Yvonne Gonzalez Rogers scheduled a trial to begin this Tuesday.

Apple representatives didn't immediately respond to a request for comment on the lawsuit.

The original January 2005 complaint in the case references a music distribution industry that no longer exists nearly a decade later. The document refers to iTunes competitors Napster, Buy.com, Music Rebellion and Audio Lunch Box, along with digital music players from Gateway, Epson, RCA and e.Digital.

The opening paragraphs of the complaint talk about defunct CD seller Tower Records.

"It would be egregious and unlawful for a major retailer such as Tower Records, for example, to require that all music CDs purchased by consumers at Tower Records be played only with CD players purchased at Tower Records," the complaint said. "Yet, this is precisely what Apple has done."

Apple has monopoly market power, lawyers for plaintiff Thomas Slattery wrote. "Apple has rigged the hardware and software in its iPod such that the device will not directly play any music files originating from online music stores other than Apple's iTunes music store," they wrote.

Apple removed DRM (digital rights management) from iTunes in early 2009, so the lawsuit covers iPods purchased from Apple between September 2006 and March 2009.
http://www.itworld.com/article/28537...m-lawsuit.html





In a Bay Area Courtroom, Lawyers Hit Replay on Apple’s History
Brian X. Chen

The opening arguments here on Tuesday in the latest antitrust trial involving Apple were a vivid reminder of a vastly different time for the technology industry — when digital music and the iPod were still new and Apple was an underdog.

In the class-action lawsuit, Apple is accused of violating antitrust law nearly a decade ago by blocking songs sold by competitors from playing on the iPod, in order to protect Apple’s grip on digital music.

At the United States District Court for the Northern District of California, lawyers for the plaintiffs said Apple harmed consumers, because people had to keep buying higher-priced iPods instead of cheaper music players to keep playing their songs.

The lawyers painted a picture of Apple’s chief executive at the time, Steven P. Jobs, and other executives planning to use software updates to keep competitors’ products from working with iPods. Apple’s lawyers contend that it issued the software updates to protect the security of the iPods while introducing new features.

Apple used the software to block songs sold by rivals and “hold on to its monopoly,” said Bonny Sweeney, the lead plaintiffs’ lawyer. The plaintiffs, Melanie Tucker of North Carolina and Mariana Rosen of New York, are seeking about $350 million in damages for consumers from Apple.

To make their point, the plaintiffs’ lawyers highlighted emails written by Mr. Jobs, who died three years ago, to show how he had reacted to emerging competition for the iPod.

In one email, written nine years ago, Mr. Jobs responded to a web article that was forwarded to him about Navio, a start-up that was devising technologies for music companies to sell songs playable on iPods without going through the iTunes Store. (An excerpt from that article is available in Internet archives.)

“Jeff, we may need to change things here…” Mr. Jobs wrote to Jeff Robbin, the head of Apple’s iTunes software, in November 2005. Lawyers then showed subsequent electronic conversations suggesting that Mr. Robbin acted on Mr. Jobs’s request within days to develop a stronger security system to prevent unauthorized third parties from injecting content into iPods.

Apple’s lawyer, William Isaacson, argued that the iTunes updates did the opposite. The updates involved in the lawsuit — versions 7.0 and 7.4 — introduced a brand new software architecture with stronger security to protect consumers from hackers, Mr. Isaacson said. He added that version 7.0 was a very significant upgrade, adding the ability to play videos in iTunes.

Mr. Isaacson said that evidence that Apple was prepared to show would demonstrate that third parties trying to work around the iPod and inject their content did so in a way that posed risks to consumers.

“Evidence will show the stranger in the middle could not get everything right,” Mr. Isaacson said. “It posed a danger to the consumer experience.”

A videotaped deposition of Mr. Jobs, recorded shortly before his death, is expected to be shown later in the trial. A transcript of the deposition included Ms. Sweeney questioning him about RealNetworks, a company that had come up with a way to allow songs sold in its store to play on iPods and other media players.

Mr. Jobs responded “I don’t remember” to many of the questions. But when asked whether he was familiar with RealNetworks, he replied bluntly, “Do they still exist?”

The judge overseeing the case, Yvonne Gonzalez Rogers, has instructed jurors to focus on whether the two software updates were intended to deliver genuine improvements. The trial is expected to last two weeks.
http://bits.blogs.nytimes.com/2014/1...pples-history/





Apple Deleted Rivals’ Songs from Users’ iPods
Jeff Elder

Apple deleted music that some iPod owners had downloaded from competing music services from 2007 to 2009 without telling users, attorneys for consumers told jurors in a class-action antitrust suit against Apple Wednesday.

“You guys decided to give them the worst possible experience and blow up” a user’s music library, attorney Patrick Coughlin said in U.S. District Court in Oakland, Calif.

When a user who had downloaded music from a rival service tried to sync an iPod to the user’s iTunes library, Apple would display an error message and instruct the user to restore the factory settings, Coughlin said. When the user restored the settings, the music from rival services would disappear, he said.

Apple directed the system “not to tell users the problem,” Coughlin said.

To plaintiffs in the case, the move showed how Apple had stifled competition for music players and downloads. They are seeking $350 million in damages in the decade-old suit, claiming Apple’s actions forced them to pay more for iPods. The damages could be tripled under antitrust laws.

Apple contends the moves were legitimate security measures. Apple security director Augustin Farrugia testified that Apple did not offer a more detailed explanation because, “We don’t need to give users too much information,” and “We don’t want to confuse users.”

Farrugia told the court that hackers with names like “DVD Jon” and “Requiem” made Apple “very paranoid” about protecting iTunes. Updates that deleted non-Apple music files were intended to protect consumers from those system break-ins. “The system was totally hacked,” he said.

Apple declined to comment outside of the court testimony.

Steve Jobs, the late Apple co-founder, also showed concern about hacking, according to evidence in the case. “Someone is breaking into our house,” Mr. Jobs said of music pirates, according to an email by Apple software chief Eddy Cue listed as an exhibit.
Cue and Phil Schiller, Apple’s head of marketing, are expected to testify this week, and portions of a videotaped 2011 deposition of Jobs are expected to be played.
http://blogs.wsj.com/digits/2014/12/...m-users-ipods/





Evidence of Alleged Apple-Google No-Poaching Deal Triggers More Lawsuits
Joel Rosenblatt

Evidence produced against Apple Inc. (AAPL), Google Inc. (GOOGL) and some Silicon Valley cohorts about an alleged conspiracy not to recruit each other’s employees has sparked new lawsuits claiming other tech and entertainment companies engage in the same anti-competitive conduct.

Pixar President Edwin Catmull acknowledged the use of such agreements when he was questioned by lawyers for thousands of employees who sued his company, along with Apple, Google and four others, in 2011. An unapologetic Catmull said he was trying to help the industry survive by stopping hiring raids, remarks that triggered a trio of complaints in the last three months against animation studios in California.

Likewise, a Google document revealed in the case from three years ago -- the search engine owner’s 2007 “Restricted Hiring” and “Do Not Cold Call” lists of all the companies it agreed not to recruit from -- has resurfaced as key evidence in complaints brought in the last two months against Oracle Corp., Microsoft Corp. (MSFT) and IAC/InterActiveCorp. (IACI)

The new complaints come as Apple, Google, Intel Corp. (INTC) and Adobe Systems Inc. (ADBE) face a trial over the original lawsuit in April with potential damages of $9 billion because they failed to win approval to settle the claims for $324.5 million.

The litigation is “mushrooming,” Orly Lobel, a University of San Diego law professor, said in an interview. “Once there’s a visible test case, you look around to see where else it’s happening, and the next cases are easier to put together.”

Novel Application

The Apple-Google case, in its novel application of traditional price-fixing claims to labor markets, is serving as a template for a new wave of group lawsuits, according to Lobel.

The newer cases are assigned to U.S. District Judge Lucy H. Koh in San Jose, California, who issued a critical ruling last year allowing the original one to advance as a class action. In August she took the unusual step of rejecting the proposed settlement amount as too small, citing “ample evidence of an overarching conspiracy.”

The first new complaint was filed a month later, naming DreamWorks Animation SKG Inc. (DWA), Walt Disney Co. (DIS) and three of its units and two Sony Corp. (6758) units as defendants. Employees of those companies alleged that Steve Jobs, who figures as a central player in the Silicon Valley case as co-founder of Apple, helped establish the animation industry no-poaching pact in his role as co-founder of Pixar.

64,000 Workers

The 64,000 workers covered by the original case include software and hardware engineers, programmers and other technical staff. The newer cases were filed on behalf of employees ranging from managers at Oracle, the database and enterprise-software maker, to digital artists at the animation studios.

Following a U.S. Justice Department investigation, Apple, Google, Intel, Adobe, Intuit Inc. (INTU) and Pixar agreed in 2010 to end illegal fixing and suppression of compensation.

Walt Disney’s Pixar and Lucasfilm Ltd., which agreed along with Intuit to settle the 2011 case for $20 million last year, are the only companies being sued again.

The alleged conspiracy by the animation companies dates back to the mid-1980s, when George Lucas, the founder of Lucasfilm, sold his computer division to Jobs, who had left his position as Apple’s CEO and started Pixar.

Lucas, best known for producing the “Star Wars” series with special effects created by his Industrial Light & Magic division, also known as ILM, reached an agreement with Jobs’s deputy, Catmull, to not solicit each other’s employees, according to the complaint. The accord was eventually extended to other studios, according to the lawsuit.

‘Belated Attempts’

The animation companies contend the new lawsuits are “belated attempts to spin off fresh litigation from a Department of Justice investigation that began more than five years ago, is now well over,” and never led to any government action against most of the employers now being targeted, according to a court filing.

Lawyers for the studios told Koh at a Nov. 5 hearing they will seek to have the cases dismissed because the employees waited too long to sue.

Koh questioned why the new cases are coming now. She asked plaintiffs’ lawyers if they were motivated by the “big number” in the proposed settlement of the original case, which included attorney fees of $81 million.

Justice Department

While Rod Stone, a lawyer for DreamWorks, argued it’s significant that the Justice Department “took no action” against the company in 2010 after it turned over documents, Daniel Small, an attorney for employees, contended that “the Justice Department doesn’t prosecute every case that can be.”

The attorney said there’s “strong evidence” from the original case that DreamWorks was involved in the conspiracy to suppress animators’ salaries.

“We have quoted documents that were produced that indicate in Mr. Catmull’s view -- the president of Pixar -- that there was a conspiracy,” Small said.

Small was referring to a 2007 e-mail Catmull wrote to former Disney Chairman Dick Cook. In the e-mail, Catmull objected to film director Robert Zemeckis hiring employees from DreamWorks at a “substantial salary increase” for a new special effects company under Disney in San Rafael, California, because it “messes up the pay structure.”

‘Avoided Raiding’

“We have avoided wars up in Northern California because all of the companies up here -- Pixar, ILM, DreamWorks, and a couple of small places -- have conscientiously avoided raiding each other,” Catmull wrote to Cook.

Asked about the e-mail during his January 2013 deposition, Catmull said he saw it as his duty to insulate Northern California film companies from salary bidding wars that drive costs up, move the animation jobs overseas, and destroy the U.S. industry.

“Like somehow we’re hurting some employees? We’re not,” Catmull said. “While I have responsibility for the payroll, I have responsibility for the long term also,” Catmull said. “I don’t apologize for this. This was bad stuff.”

Matthew Lifson, a spokesman for Glendale, California-based DreamWorks, declined to comment on the lawsuits. Matt Kallman, a spokesman for Mountain View, California-based Google, and Charles Sipkins, a spokesman for Culver City, California-based Sony Pictures Entertainment Inc., didn’t immediately respond to e-mail and phone messages seeking comment.

Disney, which owned now-defunct ImageMovers, one of the defendants, didn’t immediately respond to phone and e-mail messages seeking comment.

‘Restricted Hiring’

The lawsuits against Oracle and Microsoft reference an internal Google memo that “Google has agreed” to a “restricted hiring” protocol for Microsoft, Novell Inc., Oracle and Sun Microsystems, which was acquired by Oracle in 2010.

The Google document, which lays out separate hiring restrictions for different tiers of employees, goes on to identify more than a dozen other companies on “Do Not Cold Call” and “Sensitive” lists.

Deborah Hellinger, a spokeswoman for Redwood City, California-based Oracle, said the suit against the company is “beyond preposterous.”

“All the parties investigating the issue concluded there was absolutely no evidence that Oracle was involved,” Hellinger said in an e-mail.

Jobs ‘Nexus’

Microsoft argued in a court filing that the alleged “overarching conspiracy” in Silicon Valley didn’t involve the Redmond, Washington-based company and “lacks the nexus with Mr. Jobs” that the original case depends on.

The Google hiring memo is also central to an Oct. 17 lawsuit against New York-based IAC brought on behalf of employees at its Oakland, California-based web search unit, Ask.com. IAC, the Internet conglomerate controlled by Barry Diller, declined to comment on the suit.

The Google anti-solicitation document is a “roadmap to who conspired, how, when, and why,” according to Harvard Business School professor Ben Edelman. The memo is “proof of brazenly unlawful conduct,” and in antitrust law amounts to an indefensible violation, he said.

Such evidence gives plaintiff lawyers significant leverage by establishing that there was an actual agreement that violates the law.

Antitrust Law

Apple, Google, Intel and Adobe are appealing Koh’s rejection of their proposed settlement. If the case goes to trial, plaintiffs have said they would seek about $3 billion. Under federal antitrust law, damages awarded by a jury may be tripled.

Matthew Cantor, an antitrust lawyer not involved in the litigation, said he doesn’t believe the newer no-poaching cases will lead to a settlement as big as the one workers arrived at in the first case.

“You’d think that the class action lawyers have already gone after the largest pot,” he said. The more recent cases, going after “pockets here and pockets there,” are about lawyers seeking “more dollars with little effort,” he said.
http://www.bloomberg.com/news/2014-1...-lawsuits.html





Verizon Promises Not to Sue Over Net Neutrality—if FCC Avoids Utility Rules

But Verizon's past actions make its claim potentially difficult to believe.
Jon Brodkin

Verizon is trying to convince the Federal Communications Commission that it won't sue to block net neutrality rules as long as they're issued without reclassifying broadband providers as utilities. Yet, Verizon did sue the FCC the last time it crafted net neutrality rules without relying on its utility regulation powers.

In 2010, the FCC issued rules preventing Internet service providers from blocking or discriminating against traffic by relying on Section 706 of the Telecommunications Act, rather than the stronger powers the FCC has under Title II, which covers utilities or "common carriers." Verizon sued and won, with a federal appeals court stating that the FCC could not issue what amounted to common carrier rules without first reclassifying broadband service as a utility, similar to the traditional phone network.

That's why the FCC is now considering reclassifying broadband. It wants the next set of net neutrality rules to survive a court challenge. "We are going to be sued," FCC Chairman Tom Wheeler said last week.

In response to Wheeler's statement, Verizon Executive VP Randal Milch e-mailed Wheeler to say Verizon won't sue if the FCC uses Section 706, even though that's exactly what Verizon did last time. Section 706 requires the FCC to encourage the deployment of advanced telecommunications capability to all Americans, and it can be used to govern broadband providers' treatment of Internet traffic.

Milch's e-mail was made public in an ex parte letter filed with the commission yesterday. Milch wrote that rules based on Section 706 "will not be the object of a successful court challenge—by Verizon or anyone else."

In the blog post Milch's e-mail referred to, Verizon said that Title II regulation "fairly guarantees litigation."

Given that Verizon now wants net neutrality rules based on Section 706, if only to avoid stricter utility regulations, the company probably wishes it hadn't sued to block the FCC's first attempt at net neutrality rules based on Section 706. Verizon's fellow ISPs wish the same. AT&T and Comcast reportedly tried to convince Verizon not to sue over the 2010 rules. ISPs are reportedly furious with Verizon now that it's "victory" in court could backfire in a spectacular way for all broadband providers.
http://arstechnica.com/tech-policy/2...utility-rules/





Fiber Fight: Broadening Broadband Gig City Touted as Model in Broadband Debate
Dave Flessner

In the past couple of years, delegations from a variety of cities and institutions have visited Chattanooga and EPB to study how high-speed broadband has been implemented and its impact:

• Harvard Business School

• Pensacola, Fla.

• Lakeland, Fla.

• Albertville, Ala.

• Holland, Mich.

• Blacksburg, Va.

• Champaign, Ill.

• Bristol, Va.

• West Valley, Utah

• Tallahassee, Fla.

• Burlington, Vt.

• Fairburn, Ga.

• Midland, Tex.

• Cleveland, Tenn.

• Phoenix, Ariz.

• Cleveland, Ohio

• Tennessee Fiber Optic Communities

• Lakesite

• Dalton, Ga.

• Owensboro KY Municipal Utilities

Foreign delegations

• United Kingdom

• Embassy of Ireland

• Japan

• New Zealand (twice)

• Danish Energy Association

• Nippon Telegraph & Telephone (NTT), from Japan (twice)

• Taiwan journalist from TVBS News

In a growing number of cities, high-speed Internet is seen as another essential utility, like water, sewers, roads or electricity.

If cable and phone companies don't provide faster web service, more municipalities say they want to do it themselves as municipal electric utilities have done in Chattanooga, Tullahoma, Tenn., and Dalton, Ga.

"Broadband service is rapidly becoming a vital asset for a community and, just like turnpikes or airports, it may be that a broadband initiative is the kind of public-private partnership that we may need," Aldona Valicenti, chief information officer for the city of Lexington, Ky., said during a recent visit to Chattanooga. "We're very much looking at that."

As a model, many cities from around the globe are looking at Chattanooga and the first citywide gigabit-per-second broadband service developed in the western hemisphere, built by the city-owned EPB. Delegations from more than two dozen cities across North America, Europe and Asia have come to the self-proclaimed "Gig City" over the past couple of years to see the power of high-speed broadband.

The Chattanooga Area Chamber of Commerce estimates EPB's fiber-optic, high-speed broadband has played some role in the start or relocation of at least 91 businesses in the Scenic City. Sybil Topel, vice president of communications for the Chamber, said the high-speed Internet "created an enlivened entrepreneurial culture" in the Scenic City that has attracted new business and spurred the growth of existing businesses linked, in some way, to the addition of more than 1,000 jobs.

HomeServe USA, a telemarketing business, regularly uses high-speed broadband to support its 340-employee operation in Chattanooga. Topel said the fiber optic system also "was an important decision-point" for Claris Networks, a cloud computing company that has expanded into Chattanooga because the fiber system allows them to serve customers less expensively by locating their technical infrastructure here.

Chattanooga is also forming partnerships that should yield future economic dividends. The Annenberg Innovation Lab at the University of Southern California has formed a partnership with EPB "and we just beginning to think about what are the possibilities and uses of this technology," lab director Jonathan Taplin told a recent conference in Chattanooga on "Envisioning a Gigabit Future."

"What we're going to try to do is bring some of the brilliant people from Warner Bros., Fox, Disney and IBM down here to Chattanooga to help them get their heads wrapped around this notion that you've got to stop worrying about scarcity," Taplan said.

Last year, T-Bone Burnett, a Grammy Award winner, performed "The Wild Side of Life" from a Los Angeles studio with Chuck Mead, a founder of the band BR549 who was on stage in Chattanooga.

"They sang a song together over 2,000 miles apart," Taplin said. "That's the power of gigabit Internet. I think we're just beginning to think of the possibilities of what this thing can do."

EPB Chief Executive Harold DePriest, who led the $220 million effort to build a fiber optic network in Chattanooga, said the high-speed broadband connections were an unintended benefit of the utility's effort to build a more robust and smarter electric grid.

"Our wants quickly become our needs in America, and in the process whole new opportunities develop," DePriest said. "We originally set out to find a solution for building a better electric grid, but in the process we were able to create much more."

Tullahoma Utilities Board, Dalton Utilities, Jackson Energy Authority and Bristol Tennessee Essential Services are among municipal power unities in the region that are following EPB's lead.

Legal protections and barriers

But such municipalities are still restricted where and how they can offer telecom services in competition with private businesses in 20 states, including Tennessee.

Private telecom companies insist such laws are needed to protect against unfair government competition that could distort the marketplace and put taxpayers at financial risk.

Telephone and cable TV providers object to having to compete with government utilities, which often enjoy tax and borrowing advantages over the private sector. Although EPB's fiber optic system is separately funded from its electricity network, EPB received more than $111 million in federal stimulus funds five years ago to upgrade its power grid through its fiber optic links across the city.

That technology helps improve the efficiency and reliability of the power grid but also can be used for high-speed transmission of data, information and entertainment.

Critics of municipal broadband note that not all cities have been as successful as EPB in their broadband ventures. In its filing with the FCC, AT&T notes that many municipal broadband networks never got off the drawing board, putting taxpayers are risk, while others have pre-empted private investment.

"Although many government owned networks (GONs) have failed, or at least failed to live up to expectations, GONs can nonetheless discourage private sector investment because of understandable concerns by private sector entities of a non-level playing field," AT&T attorney Christopher Meimann said. "Any policy that risks diminishing private sector investment would be short-sighted and unwise."

AT&T wants incumbent, private telecom providers to have a "right of first refusal" to deploy high-speed broadband before a government utility starts such a competitive service. Meimann also contends that any government utility should have to pay the same taxes as investor-owned utilities and should not be given any advantage because of other utility services such as electricity or water to rights of way needed for broadband connections.

Information highway speed

The National Telecommunications and Information Administration estimates at least 98 percent of Americans have broadband service of at least 6 megabits per second downstream and 1.5 megabits per second upstream. Internet service also continues to improve in most areas of the United States with per capita investment in broadband service in America ($562 per household) more than twice as much as that in Europe ($244 per household).

"The remarkable growth and quality of broadband availability in the United States is directly attributable to private sector investment and innovation," AT&T said in a recent petition to the FCC.

Where service is not available, phone companies and cable providers suggest broadband can be subsidized through the FCC's Connect America Fund, which is targeted at the 18 million Americans living in rural areas with no access to robust broadband infrastructure.

But the United States still trails countries like Finland, Sweden and Korea.

Proponents of municipal broadband argue that municipal broadband is simply filling a needed void in the information-based economy of the 21st century. Those pushing for more broadband competition contend that telephone companies and cable TV providers have been too slow to upgrade their broadband services ahead of existing consumer demand and have sought to protect their existing tolls and control of the information highway.

"As far as I'm concerned, that law in Tennessee is nothing but a monopoly protection act and it is the worst kind of crony capitalism that exists," said Taplan, who studies digital media entertainment and communications. "If we don't get this choice (from allowing more municipal broadband), then I think we're going to have a bunch of monopolies that will just sit on it and not do any major innovation like they haven't for the past 25 years and we won't get to the future that is already here in Chattanooga."

Municipal broadband backers highlight EPB as an example of how new players in the industry will improve services and open up new markets.

"This model (opened with with high-speed municipal broadband) is more resilient, more flexible and more dynamic and it brings competition to this important last mile," said Brad Burnham, a managing partner for Union Square Ventures in New York City who previously worked with AT&T and Bell Laboratories. "This brings connectivity to places where there is no competition and no one providing any kind of high-speed broadband. So I think we all need to be supporting this notion of opening up these markets, increasing competition and innovation."

Political battle over broadband

State Sen. Janice Bowling, R-Tullahoma, plans to introduce legislation in the next Tennessee General Assembly to remove a 15-year-old restriction limiting municipalities to serve only the territory allowed by their power service agreements with TVA.

That prevents EPB from extending its gigabit-per-second broadband lines into some neighboring communities that now have only dial-up Internet links.

Bowling said she plans to propose an even bigger change than the proposal she unsuccessfully pushed in the last Legislature.

"I realized in looking at this more closely that we just need to remove the footprint restrictions (for municipal broadband service) altogether so the legislation I plan to introduce next year will be so much simpler and reduce the regulation, not create some new maze for people to try to work their way through," she said. "In rural areas and small towns if we don't remove the existing barriers we have erected in Tennessee to that information highway, many areas of our state are going to be left behind in the digital economy."

Bowling is pitching her proposal as one of local choice to allow municipalities to decide if they want their utilities or City Halls to offer broadband service.

Tennessee House Majority Leader Gerald McCormick, R-Chattanooga, also is supportive of measures to allow EPB and other municipal power utilities to extend broadband service outside of their traditional territories when local governments request such service.

"But I recognize, this is going to be a tough fight in the Legislature," he said. "I do think this should be a state and local decision, not a federal decision."

But at the federal level, Federal Communications Commission Chairman Tom Wheeler is pushing for the federal agency to supersede state limits on municipal broadband services and allow government-owned utilities to enter the telecom market.

EPB and the city of Wilson, N.C., petitioned the FCC earlier this year to step in and remove state restrictions on their ability to offer broadband service.

In June, Wheeler said private phone companies and cable TV providers, especially in rural areas, are unable or unwilling to make the investments needed for fiber optic, high-speed telecom links.

"I believe that it is in the best interests of consumers and competition that the FCC exercises its power to preempt state laws that ban or restrict competition from community broadband," he said. "Our country will not achieve our massive potential if millions of our fellow citizens and businesses in rural America are being bypassed by the Internet revolution."

The FCC is reviewing comments on its potential action on municipal broadband before issuing any decision.

But some members of Congress have already vowed to fight any federal action that would pre-empt state regulations. U.S. Rep. Marsha Blackburn, R-Tenn., says she will push budget language to restrict the FCC from limiting state restrictions on municipal broadband.

"We don't need unelected bureaucrats in Washington telling our states what they can and can't do with respect to protecting their limited taxpayer dollars and private enterprises," Blackburn said.
http://www.timesfreepress.com/news/2...ity-touted-as/





7 Colorado Communities Just Secured the Right to Build their Own Broadband
Nancy Scola

Voters in seven cities and counties in Colorado voted Tuesday to free their local governments to offer Internet service.

The votes marked a defeat for big, traditional Internet service providers such as Comcast that have successfully maneuvered to inject limits on municipal broadband into state regulations over the last decade. Now cities are figuring out ways to push back, including wiggling out from under laws the industry helped put in place.

Nearly two dozen states have laws limiting the ability of local governments or their partners to offer their own broadband services, often passed with the encouragement of big commercial broadband providers who complain about unfair competition. But Colorado's version of the law is unique in that it offers an escape hatch. The 2005 state law allows municipalities to provide high-speed broadband Internet if "an election shall be called" and a majority of voters signs off on the idea.

And that's what these Colorado municipalities did Tuesday.

In Boulder, locals voted on whether the city should be "authorized to provide high-speed Internet services (advanced services), telecommunications services, and/or cable television services to residents, businesses, schools, libraries, nonprofit entities and other users of such services." As of late Tuesday night, the city of 100,000 people, which already owns miles of unused fiber, had approved the measure with 84 percent of the vote.

Similar overrides also passed by large margins in the towns of Yuma, Wray, Cherry Hills Village and Red Cliff and in Rio Blanco and Yuma counties, according to KUNC, a public radio station in northern Colorado.

How were they able to secure such a big victory? There might be some factors at work that are bigger than even Colorado. Comcast, the state's largest cable provider, did not fight the referendum, perhaps because it is focused on getting its proposed merger with Time Warner Cable approved in Washington. (Comcast declined to comment for this report.)

The local popularity of municipal broadband puts traditional Internet service providers in a tough spot. There's a debate taking place on the national level over whether the federal government should step in to overturn laws like Colorado's, which prohibit municipal broadband. Federal Communications Commission Chairman Tom Wheeler recently signaled that he might be willing to do so.

At the time, Rep. Marsha Blackburn (R-Tenn.) shot back that, "We don't need unelected bureaucrats in Washington telling our states what they can and can't do."

That becomes a bit harder argument to make, though, when it's the smallest of small government -- counties, and even cities -- making those decisions for themselves.
http://www.washingtonpost.com/blogs/...own-broadband/





How Will the 5G Network Change the World?
Ed Ram

The global race is on to develop 5G, the fifth generation of mobile network. While 5G will follow in the footsteps of 4G and 3G, this time scientists are more excited. They say 5G will be different - very different.

If you're thinking, "Great, that's the end of my apps stalling, video faltering, and that everlasting load sign," then you are right - but that's only part of the story.

"5G will be a dramatic overhaul and harmonisation of the radio spectrum," says Prof Rahim Tafazolli who is the lead at the UK's multimillion-pound government-funded 5G Innovation Centre at the University of Surrey.

That means the opportunity for properly connected smart cities, remote surgery, driverless cars and the "internet of things".

So, how best to understand this joined-up, superfast, all-encompassing 5G network? It seems that the term "harmonisation of the radio spectrum" is key.

A quick refresher: Data is transmitted via radio waves. Radio waves are split up into bands - or ranges - of different frequencies.

Each band is reserved for a different type of communication - such as aeronautical and maritime navigation signals, television broadcasts and mobile data. The use of these frequency bands is regulated by the International Telecommunications Union (ITU).

Currently, the radio frequency spectrum is a bit of a mess. As new technologies have been developed, frequencies for them to use have been squeezed into its gaps.

This has caused problems with connection speeds and reliability.

So, to pave the way for 5G the ITU is comprehensively restructuring the parts of the radio network used to transmit data, while allowing pre-existing communications, including 4G and 3G, to continue functioning.

100 times faster

5G will also run faster, a lot faster.

Prof Tafazolli now believes it is possible to run a wireless data connection at an astounding 800Gbps - that's 100 times faster than current 5G testing.

When Samsung announced in 2013 it was testing 5G at 1Gbps, journalists excitedly reported that would mean an HD film could be downloaded in a second.

A speed of 800Gbps would equate to downloading 33 HD films - in a single second.

5G's capacity will also have to be vast.

"The network will need to cope with a vast increase in demand for communication," says Sara Mazur, head of Ericsson Research, one of the companies leading the development of 5G.

By 2020 it is thought that 50 billion to 100 billion devices will be connected to the internet. So, connections that run on different frequency bands will be established to cope with demand.

Raising the capacity of a network is a little like widening a road tunnel.

If you add more lanes more cars can go through. And ordering makes it more efficient: some lanes for long-distance, others lanes for local traffic.

The huge rise in connected devices will be due to a boom in inanimate objects using the 5G network - known as the internet of things.

It won't be just products like remotely controlling your heating or that mythical fridge ordering you more milk, trains could tell you which seats are free while they are in the station.

Devices will be able to choose dynamically between which of three still-to-be-determined bandwidths they use to avoid any of frequencies from becoming overloaded, explains Prof Tafazolli.

"Only once these frequencies are set and established can product development begin," Ms Mazur adds.

The aim is for the first of the frequency bands to come into use around the year 2020, with the other two to follow soon after.

Another defining feature will be that, crucially, 5G shouldn't break.

"It will have the reliability that you currently get over fibre connections," says Sara Mazur.

Advances in antenna technology promise an end to sudden data connection drop-outs.

This will be essential for safety. Companies including China's Huawei are already talking about using 5G to let driverless cars communicate with each other and the infrastructure they pass.

Tech such as smart transport and remote surgery, where a human remotely operates a robot to carry out complicated operations, will rely on lower latencies too.

Latency refers to the time lag between an action and a response.

Ericsson predict that 5G's latency will be around one millisecond - unperceivable to a human and about 50 times faster than 4G.

This will be critical, for example, if doctors are to command equipment to carry out surgery on patients located in different buildings.

5G trial network

So how much will it all cost? Ericsson and Huawei say they simply don't know yet.

Until the product development phase starts it is too early to tell.

But that doesn't stop them from wanting to flaunt their research to the market.

In South Korea, which spearheaded work on 4G, Samsung hopes to launch a temporary trial 5G network in time for 2018's Winter Olympic Games.

Not to be outdone, Huawei is racing to implement a version for the 2018 World Cup in Moscow.

Despite such apparent rivalries and the huge sums each is investing in R&D, the bigger story is that they are co-operating to deliver 5G. And that in turn paves the way for potentially unmatched new technologies.

"That's until 6G comes along in around 2040," Prof Tafazolli remarks.
http://www.bbc.com/news/technology-30224853





Netflix Accused of Creating Fast Lanes “at the Expense of Competitors”

FCC commissioner revives claims made by Internet service providers.
Jon Brodkin

Ajit Pai of the Federal Communications Commission today accused Netflix of “secur[ing] ‘fast lanes’ for its own content” at the expense of competitors and deploying proprietary caching systems in order to force Internet service providers to use nonstandard equipment.

Pai, one of two Republican commissioners on the five-member commission, made the accusations in a letter to Netflix CEO Reed Hastings. The letter describes Netflix’s support for regulating ISPs as utilities in order to prevent them from charging content providers for “fast lanes” and then accuses Netflix of creating fast lanes for itself. Pai’s letter cites a TechCrunch article from May that quotes Hastings’ support for “strong net neutrality,” but it provides no sources for any of the accusations he made against Netflix. It reads as follows:

Dear Mr. Hastings,

Netflix has been one of the principal advocates for subjecting Internet service providers (ISPs) to public utility regulation under Title II of the Communications Act, arguing that this step is necessary to prevent the development of so-called "fast lanes" on the Internet. "The basic argument," you have said, “is that we're big believers in the free and open Internet."

For this reason, I was surprised to learn of allegations that Netflix has been working to effectively secure "fast lanes" for its own content on ISPs' networks at the expense of its competitors.

Recent press articles report that Netflix, our nation's largest streaming video provider, has chosen not to participate in efforts to develop open standards for streaming video. Moreover, I understand that Netflix has taken—or at least tested—measures that undermine aspects of open standards for streaming video. Specifically, I understand that Netflix has at times changed its streaming protocols where open caching is used, which impedes open caching software from correctly identifying and caching Netflix traffic. Because Netflix traffic constitutes such a substantial percentage of streaming video traffic, measures like this threaten the viability of open standards. In other words, if standards collectively agreed upon by much of the industry cannot identify and correctly route Netflix traffic, those standards ultimately are unlikely to be of much benefit to digital video consumers.

Some have suggested that Netflix has taken these actions because the company is currently installing its own proprietary caching appliances throughout ISPs' networks as part of its Open Connect program. If ISPs were to install open caching appliances throughout their networks, all video content providers—including Netflix—could compete on a level playing field. If, however, ISPs were to install Netflix's proprietary caching appliance instead, Netflix's videos would run the equivalent of a 100-yard dash while its competitors' videos would have to run a marathon.

Because these allegations raise an apparent conflict with Netflix's advocacy for strong net neutrality regulations, I thought that it was important to give you a chance to respond to them directly.

I look forward to receiving a response to this letter by Tuesday, December 16.

Sincerely,

Ajit Pai


Filling in the gaps

Netflix declined to comment when contacted by Ars.

We asked Pai's office to provide further details and sources for the claims in the letter and received a partial response. Pai's office provided us links to three articles describing Netflix's refusal to join the newly formed Streaming Video Alliance, but no sources for the "fast lanes" claim or the accusation that Netflix changed its streaming protocols to prevent "open caching software" from working.

We asked whether Pai is accusing Netflix of purposely slowing its own videos down with his statement that Netflix "impedes open caching software from correctly identifying and caching Netflix traffic." Pai's legal advisor Nicholas Degani told Ars that "Netflix changing its protocol would only slow down Netflix traffic if an ISP installs the open protocol system and not Netflix’s." The letter doesn't explain why an ISP couldn't deploy both an open caching system and Netflix's.

The Netflix fast lanes Pai referred to seem to be the "Open Connect" video storage and caching boxes that Netflix provides to ISPs. Although Netflix doesn't charge ISPs for this equipment, Netflix gets to reduce its costs if the ISPs host it within their own facilities. Despite the name "Open Connect," the systems are proprietary, Pai noted. If Netflix were using a truly "open" system instead of a proprietary one, ISPs would be able to install open caching appliances that benefit all content providers, not just Netflix, Pai argued.

"Installing and maintaining these things isn’t free, so I understand that ISPs may be unwilling to incur those costs for a small startup when a deal with Netflix would solve a huge chunk of the congestion problem," Degani told Ars.

While the biggest ISPs refused Netflix's caching systems, smaller ISPs accepted Netflix's storage boxes and host them at their own expense.

As an alternative to installing caching systems inside the big ISP networks, Netflix started paying months ago to get direct connections to the networks of Comcast, AT&T, Time Warner Cable, and Verizon. These interconnects improved Netflix performance while diverting Netflix traffic away from other paths into the ISP networks that had gotten congested, indirectly improving performance of other traffic that went over these links. The ISPs argued that Netflix purposely sent traffic over congested links to lower its own costs, but now that Netflix is paying for interconnection, the conflict should no longer be affecting consumers.

The Streaming Video Alliance, composed of 17 companies including Comcast, Charter, Cisco, Fox, Level 3, and Yahoo, will not be slowed down by Netflix's absence, according to founding member Dan Rayburn, an analyst at Frost & Sullivan. The alliance is not a standards body itself but will propose best practices to standards bodies, Rayburn told Ars.

"The group is tasked with dealing with all different aspects of the streaming video ecosystem," he said. "We’re looking at a lot more technologies than just caching—encoding, 4K, content protection, all kinds of things."

When the group's formation was announced last month, Netflix told The Next Web that “We aren’t planning to join. Given the scale of Netflix video traffic, we custom-built our Open Connect network to ensure Netflix members have the best viewing experience and we provide it free to ISPs.”

During peak viewing hours, Netflix accounts for about a third of all downstream Internet traffic in North America and 9.5 percent of upstream traffic. Despite agreeing to pay ISPs for network connections, Netflix has asked the FCC to force ISPs to provide the connections for free. Apple and other content providers reportedly pay ISPs for interconnection as well.
http://arstechnica.com/information-t...f-competitors/





Americans Watch Less TV, Stream More, Report Shows
AP

Americans are turning away from live TV on the tube and tuning in to streaming services, a Nielsen report says.

That's bad news for cable and satellite TV providers. Americans are increasingly watching TV shows and movies on Netflix, Hulu, Amazon streaming and other services. CBS and HBO have announced standalone streaming services as well.

About 45 percent of Americans stream television shows at least once a month, according to research firm eMarketer. That number is expected to increase to 53 percent or 175 million people by 2018, it says.

According to the Nielsen report, which came out Wednesday, the average daily time spent watching live TV fell 12 minutes in the third quarter to four hours and 32 minutes. That means it dropped nearly 4 percent to 141 hours per month.

Meanwhile, time spent watching streaming services jumped 60 percent to nearly 11 hours each month.

That's still a small amount compared with live TV, but it is growing quickly.

"Content is still king, but consumers are shaping their own content-discovery experience, and the evolving media landscape has not lessened consumer demand for quality, professionally produced content," Dounia Turrill, senior vice president of insights at Nielsen, said in a statement. "What has changed is the number and reliability of new media available to viewers."
http://www.newstimes.com/business/te...ws-5932285.php





Who Pays for Us to Browse the Web? Be Wary of Google’s Latest Answer

Internet giants are exploring new ways to raise cash from their users, but harvesting our data remains key to their strategy
Evgeny Morozov

Google has quietly launched a new service, Google Contributor, and it’s based on an intriguing proposition: for a small monthly fee, you won’t see any ads on the websites of its partners. The fee, naturally, is split between Google and those sites – but only if they are actually visited. As Google puts it, this is all “an experiment in additional ways to fund the web”.

The experiment isn’t revolutionary. Wikipedia, with its ideological opposition to advertising, heavily relies on donations from readers. Premium members of Reddit, another popular site, could pay a fee and skip the ads. Google’s own YouTube channel has begun offering its paying customers an ad-free version – at a fee, of course. The fans can now also send money to their favourite artists.

Given that advertising remains Google’s main source of revenue, the new service has befuddled many analysts. Could Google really be worried about its future? It has had an amazing decade. But how long this financial bonanza will last is anyone’s guess; from an advertising viewpoint, browsing on smartphones is not as profitable. Besides, ad blockers – clever browser extensions for blocking intrusive ads – already allow users to cleanse their browsers of any unwanted clutter.

Google Contributor is certainly a clever publicity ploy. Giving publishers a simple tool to raise money can create some goodwill – which is exactly what Google needs as its advertising-based model gets hammered by Europe’s publishing industry. In France, Google has already had to open its coffers and promise French publishers to invest millions in new journalistic ventures. In the end, it’s becoming harder to accuse Google of destroying the media industry: the company can always turn the tables and accuse publishers of being too slow to embrace change.

More importantly, Google Contributor is probably part of Google’s delicate repositioning in the wake of the post-Snowden backlash. Advertising – rather than the messy entanglement between institutions of the deep state and those of digital hypercapitalism – has emerged as everyone’s favourite scapegoat. And more: we are assured that a world free of advertising could help us cash all those expired and bouncing cheques of the once-defunct cyber-utopian enterprise!

The case against advertising was made most cogently by MIT’s Ethan Zuckerman in a recent essay called “The Internet’s Original Sin”. Arguing that “users will pay for services that they love”, Zuckerman’s argument is simple: paying for our services upfront – rather than getting them for free but underwritten by online advertising – could help reverse the inexorable move towards “a web that is centralised, ad supported and heavily surveilled”.

It’s a curious framing. After all, many publishers of original content – the likes of the Financial Times or the Wall Street Journal – have never swallowed the cyber-utopian pill, happily charging subscription fees to their users. But Zuckerman’s essay has little to say about such sites. Instead, it focuses on services that provide the rudimentary cognitive infrastructure for our communal existence: social networking, bookmarking, blogging. It’s for their services that we are invited to pay.

And pay we might – but would it solve the problem of surveillance? Probably not. Zuckerman’s implicit bet is that the providers of fee-based services wouldn’t need to know what’s passing through their pipelines; they might, for example, deploy what’s known as “end-to-end encryption”, making it harder for the spooks to gather all the data.

The feasibility of this option rests entirely on its acceptability to lawmakers – and the kind of scale that can truly “save the web” will surely frighten them to death. But the lawmakers will invoke Islamic State (Isis), Ebola – or both – to argue that no company should be allowed to keep authorities in the dark. In fact, they already invoke such defences – and at a disturbingly increasing rate. However flawed and unappealing their reasoning, they still call the shots, which means that surveillance abuse will probably continue. Tinkering with business models is no way to deal with dysfunctional politics.

Second, while one can imagine Google souring on advertising, it’s harder to imagine it souring on data tracking – the two are not the same. Today, virtually everything Google does revolves around data collection and data personalisation. From smart thermostats to smart cars, its flagship products take constant, always-on, real-time streams of user data for granted.

Can these services be funded differently? Yes – but cut off from their data streams, they would no longer be smart and adaptable.

Google Now, the company’s fascinating virtual assistant, makes its clever predictions only because other Google services constantly generate the underlying data. Similar logic applies to wearables, self-tracking gadgets, and various components of the internet of things. Advertising might eventually help subsidise the costs of these products but they will continue spying on us all the same. And even if we replace ads with subscription fees, they will still keep spying – that’s the only way for them to provide the expected service.

Finally, there’s the question of politics. To think in binary terms of advertising and subscription fees is to frame the problem solely as one of consumer action. That certain historical forces have left us with just those two options is no reason to accept them in perpetuity. If some of these services are, indeed, infrastructure providers, we can also think of alternative ways to own, run and fund them. Several recent political campaigns around other types of infrastructure – from water to energy – prove that it’s possible to have them controlled by the public rather than rapacious profit-making firms.

When we rely on common infrastructure – say, a public convenience – should our choice be between watching a personalised ad or paying an entrance fee? This, after all, might be the case in a truly “smart city”. It’s easy to rationalise both gestures by invoking generosity, the gift economy, or the need to pay our share. What most of us forget is that we have already paid that share: it’s called tax. This is how infrastructure used to be financed – at least before our money went to bail out the banks. Besides, taxes and Silicon Valley don’t go together to begin with. With no other viable political options, it’s no wonder that we are forced to experiment “with additional ways to fund the web”. What else is going to fund it?

But do we want to live in a world where our access to basic goods, and even each other – which is precisely what our common cognitive infrastructure provides – is mediated solely by the market, either in the form of advertising or fees? Most of us easily grasp the implications of this logic when applied to physical spaces and services – and yet, having bought into the neoliberal fantasies of Silicon Valley and its cheerleaders, our intuition fails us on most things digital. At this rate, we would soon be paying both for our intelligence services and the tools that protect us from them.

Putting questions of infrastructure and ownership at the heart of the contemporary digital debate won’t be easy. It will require, invariably, creating institutions that can be trusted – not easy to do when our institutions abuse such trust every day. But even so: this is a more appealing proposition than internalising the neoliberal ethic of Google and its allies: for them, the only politics is that of the marketplace – and it is only our action as consumers – do you want to watch an ad or pay a fee? – that counts.

Advertising is not the “internet’s original sin” but neoliberalism might well be.
http://www.theguardian.com/commentis...o-fund-the-web





Europe’s Next Privacy War is with Websites Silently Tracking Users

European data protection watchdogs publish guidance on web tracking using device fingerprinting that could result in more ‘I agree’ forms
fingerprint
Samuel Gibbs

The pan-European data regulator group Article 29 has issued new opinion on how websites and advertisers can track users and the permissions they require.

The new opinion dictates that “device fingerprinting” – a process of silently collecting information about a user – requires the same level of consent as cookies that are used to track users across the internet.

“Parties who wish to process device fingerprints which are generated through the gaining of access to, or the storing of, information on the user’s terminal device must first obtain the valid consent of the user (unless an exemption applies),” the Article 29 Working Party wrote.

It means that some websites, including Google, Facebook and Microsoft, that have used alternative technical processes to try to bypass the need for a “cookie policy notice” will have to show a notification after all.

“The Article 29 Working Party has made it clear that companies cannot bypass consent by using covert methods to track users through their devices,” said Jim Killock, executive director of the Open Rights Group. “Building profiles to deliver personalised content and adverts clearly falls under e-privacy and data protection law.”

Silent tracking

Until now, device fingerprinting has been considered separate from the European legislation that covers cookies, which requires companies that store small bits of information on a users computer for storing settings and identity to explicitly ask for consent.

That requirement for consent is why most websites accessible from the UK have a small message either at the bottom or top of the site asking for permission to use cookies, or telling the user that the site uses cookies and continuing to use the site implies consent.

Since the consent for cookies legalisation was brought into play in 2012, internet firms have been working on a way to identify users without relying on cookies. Each device connected to the internet identifies itself in various ways to help websites and services deliver the requested information, be it the right sized website for a smartphone or the right video stream for a smart TV.

The small snippets of information aren’t able to uniquely identify a particular device on their own, but combined they provide a fingerprint of the device that, while not entirely unique in most cases, is able to identify a user in conjunction with other data such as their internet connection.

Advertising

Companies, including Google, Microsoft and Facebook, use this information broadcast by almost anything that connects to the internet to track users as they play, browse, buy and watch primarily for advertising purposes.

The problem with device fingerprinting, and one of the advantages over cookies as far are the technology companies are concerned, is that it is very difficult for a user to stop it happening. With cookies a user can simply prevent them from being put on their system through browser settings.

To avoid device fingerprinting users have to go to much more complex lengths, including using anonymity tools such as Tor.

Now that Article 29 has published explicit opinion on device fingerprinting techniques it has laid the ground work for developing new legislation to govern their use and protect user privacy.

“Many companies have little interest in being transparent about their use of customers’ data,” said Killock. “Profiling technologies are likely to proliferate so Article 29 are doing a vital job in explaining the line between getting consent and surreptitious tracking. The UK’s Ico needs to act on this opinion.”

Ultimately the regulation of device fingerprinting will fall to the individual data regulators in each country.

“The Information commissioners’ office (Ico) has always been clear that the law around cookies also applies to similar technologies. The Article 29 opinion adopted this week, which the Ico played a key role in drafting, confirms that digital fingerprinting is such a technology,” a spokesperson from Ico, the UK’s data watchdog, told the Guardian. “Digital fingerprinting accesses information stored on a user’s machine in a similar way to a cookie, and provides organisations with similar benefits. With that in mind, it is sensible to consider that the law applies to digital fingerprinting in the same way it does to cookies.”

“It is also worth noting that digital fingerprinting would typically see an organisation collecting information to allow identification of an individual, which brings potential data protection implications,” he said.

Microsoft, Google and Facebook were not immediately available for comment.
http://www.theguardian.com/technolog...tracking-users





EU Ministers Backpedal On One-Stop Data Protection Shop Plan
Loek Essers

European Union countries members are backpedaling on a plan that would give U.S. tech firms a one-stop shop to deal with data protection issues in the EU.

Justice ministers had discussed a plan to let tech firms like Google, Facebook, Microsoft and Apple deal with only one data protection authority (DPA) in Europe. The plan, drafted by the European Commission in 2012, is one of the main pillars of the EU’s data protection reform.

However, during a meeting of justice ministers in Brussels on Thursday a majority of ministers endorsed the general architecture of a rather different plan proposed by the Italians, who currently hold the presidency of the Council of the EU, the body where national ministers meet to adopt laws and coordinate policies.

That proposal diverges from the original Commission plan by suggesting a mechanism that kicks in only in the most important cross-border cases and consists of “cooperation and joint-decision making between several data protection authorities concerned.”

The proposal of the Italian presidency is disappointing, said a spokesman of the Industry Coalition for Data Protection (ICDP), which is comprised of 18 associations representing thousands of European and international companies, including Facebook, Google, Microsoft, Apple and Yahoo.

It seems to create a more complicated mechanism instead, in which all DPAs may get involved in the vast majority of cases, the ICDP said in a letter sent to the ministers before the meeting. If this is coupled with the ability of each “concerned” DPA to veto a decision, that would render the process at best very burdensome.

A spokesman for the Computer and Communications Industry Association (CCIA), which represents U.S. and EU Internet firms, agreed. There is a need for a real one-stop shop, which should let international tech companies as well as SMEs deal with just one privacy regulator, regardless of how many EU countries they operate in.

The Council will further discuss the further technical parts of the plan in the coming months.

The original plan considered by the justice ministers would give companies a single supervisory authority responsible for monitoring its personal-data processing activities in the EU, rather than force a company to deal with multiple bodies in different countries. Under this proposal, the supervisory authority of the country in which a search engine has its main EU operation would be responsible for the monitoring the data processing activity.
http://www.itworld.com/article/28560...shop-plan.html





Cleveland Police Believed to have Seized Telecoms Data to Find Media Source
William Turvill

Cleveland Police is the fifth UK police force believed to have obtained telecoms data as part of a search for a media source.

The admission comes in a document which was "erroneously" released to Press Gazette in a Freedom of Information Act disclosure.

The force has asked Press Gazette to delete the information, but this publication has decided to there is a strong public interest in disclosing it.

The Metropolitan Police as well as the Essex, Suffolk and Thames Valley forces have previously admitted to using the Regulation of Investigatory Powers Act to spy on journalists who were not found to have broken the law.

After these revelations, and the launch of Press Gazette's Save Our Sources campaign, the Interception of Communications Commissioner Office (IOCCO) - which oversees the use of RIPA - began an inquiry into police use of the act against journalists.

This is due to be published in January.

All forces have responded to the IOCCO with data from the past three years, but they have rejected requests under the Freedom of Information Act from Press Gazette for similar information stretching back ten years. And Cleveland Police is among those to have rejected the FoI, citing the interests of national security.

But the force has "erroreously" disclosed a document suggesting it has used RIPA to find a journalistic source.

The revelation came after Press Gazette asked Cleveland - along with all other UK forces - to disclose internal emails relating to the first RIPA FoI question.

As part of its response, Cleveland provided a document discussing the IOCCO inquiry.

The IOCCO asked forces to provide the: "Number of investigations which involve determining if a member of police force or other party have been in contact with a journalist or employee of a newspaper or television company related to news / documentaries in past 3 years."

They were also asked for the: "Number of investigations in past 3 years where a PACE order has been applied for to require disclosure of journalistic material / the identity of a journalistic source."

An internal Cleveland Police email discussing the request said: "As far as I can recall the Integrity Unit has applied for data relevant to this request on one occasion (one investigation)."

Press Gazette asked the press office for a comment and further information on this, but it refused. And the force has since sought to retract the document.

The FoI department said (their bold): "We supplied you with redacted copies of e-mails however we erroneously included some e-mails that were not within the time scale of your request that is 11th September to 7th October including one that relates to the 'Requirement Letter re the Interception Commissioner’s Inquiry into use of RIPA powers to identify journalistic sources'.

"We have attached a zip file that contains all of the e-mails applicable to your request dated between 11th September and 7th October and would ask that all others are disregarded/deleted as they are NOT relevant to your supplementary Freedom of Information request received by this office on 11th November 2014."

It was revealed earlier this week that the Met Police accessed the phone records of 1,700 News UK employees after being sent the information in error.

Despite the force having no right to the information it analysed it in a spreadsheet and hung on to the records for seven months.
http://www.pressgazette.co.uk/clevel...d-media-source





Government Uses 225-Year-Old Law to Force Companies to Unlock Phones

Revelations about how governments swallow up huge amounts of data have led to consumers and companies embracing encryption like never before, but feds may have found a hidden weapon within a centuries-old law now being used in court.

Late last month, a federal magistrate in New York approved a request filed by United States attorneys and compelled an unnamed cell phone maker to unlock a mobile device that had been seized by authorities pursuant to an investigation. In ordering the company to do as much, though, the judge agreed with an argument made weeks earlier by the US government in which its lawyers said the All Writs Act, a law first put on the books 225 years ago in 1789, should be evoked.

US attorneys told the court in an Oct. 10 filing that they had seized a mobile phone while investigating alleged credit card fraud and, despite obtaining a search warrant, had been unable to bypass the phone’s password-protection. With the data otherwise inaccessible, federal prosecutors said the court could order the manufacturer to provide “reasonable technical assistance” in unlocking the device by relying on the All Writs Act.

That legislation, Judge Gabriel Gorenstein for the Southern District of New York acknowledged in his Oct. 31 response, provides that federal courts “may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

Despite the sheer antiquity of the act, however, Gorenstein did not object to the government attorney’s interpretation of the law and ordered the cell phone manufacturer to comply, citing a Supreme Court case from 1977 in which the New York Telephone Co. was compelled under the All Writs Act to help authorities install a “pen register” device to log call data. In the latest case, the magistrate said the only caveat was that the cell phone company could argue within five business days that doing so would be “unreasonably burdensome.”

[i]“Courts have held that due process requires that a third party subject to an order under the All Writs Act be afforded a hearing on the issue of burdensomeness prior to compelling it to provide assistance to the government,” the judge wrote. “To the extent the manufacturer believes the order to be unduly burdensome or that it should be reimbursed for expenses, the manufacturer should be given clear notice that is has the opportunity to object to the order.”[i]
http://investmentwatchblog.com/gover...unlock-phones/





Operation Auroragold

How the NSA Hacks Cellphone Networks Worldwide
Ryan Gallagher

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages.

For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks.

The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.

According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance.

The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers.

Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

One high-profile surveillance target is the GSM Association, an influential U.K.-headquartered trade group that works closely with large U.S.-based firms including Microsoft, Facebook, AT&T, and Cisco, and is currently being funded by the U.S. government to develop privacy-enhancing technologies.

Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

“Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming.

“Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”

NSA spokeswoman Vanee’ Vines told The Intercept in a statement that the agency “works to identify and report on the communications of valid foreign targets” to anticipate threats to the United States and its allies.

Vines said: “NSA collects only those communications that it is authorized by law to collect in response to valid foreign intelligence and counterintelligence requirements—regardless of the technical means used by foreign targets, or the means by which those targets attempt to hide their communications.”

Network coverage

The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensure that the NSA isn’t blindsided by innovations that could evade its surveillance reach. The center’s logo is a picture of the Earth overshadowed by a large telescope; its motto is “Predict – Plan – Prevent.”

The NSA documents reveal that, as of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide—701 of an estimated 985—and was maintaining a list of 1,201 email “selectors” used to intercept internal company details from employees. (“Selector” is an agency term for a unique identifier like an email address or phone number.) From November 2011 to April 2012, between 363 and 1,354 selectors were “tasked” by the NSA for surveillance each month as part of AURORAGOLD, according to the documents. The secret operation appears to have been active since at least 2010.

The information collected from the companies is passed onto NSA “signals development” teams that focus on infiltrating communication networks. It is also shared with other U.S. Intelligence Community agencies and with the NSA’s counterparts in countries that are part of the so-called “Five Eyes” surveillance alliance—the United Kingdom, Canada, Australia, and New Zealand.

Aside from mentions of a handful of operators in Libya, China, and Iran, names of the targeted companies are not disclosed in the NSA’s documents. However, a top-secret world map featured in a June 2012 presentation on AURORAGOLD suggests that the NSA has some degree of “network coverage” in almost all countries on every continent, including in the United States and in closely allied countries such as the United Kingdom, Australia, New Zealand, Germany, and France.

One of the prime targets monitored under the AURORAGOLD program is the London-headquartered trade group, the GSM Association, or the GSMA, which represents the interests of more than 800 major cellphone, software, and internet companies from 220 countries.

The GSMA’s members include U.S.-based companies such as Verizon, AT&T, Sprint, Microsoft, Facebook, Intel, Cisco, and Oracle, as well as large international firms including Sony, Nokia, Samsung, Ericsson, and Vodafone.

The trade organization brings together its members for regular meetings at which new technologies and policies are discussed among various “working groups.” The Snowden files reveal that the NSA specifically targeted the GSMA’s working groups for surveillance.

Claire Cranton, a spokeswoman for the GSMA, said that the group would not respond to details uncovered by The Intercept until its lawyers had studied the documents related to the spying.

“If there is something there that is illegal then they will take it up with the police,” Cranton said.

By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices.

The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.

Jennifer Huergo, a NIST spokewoman, told The Intercept that the agency was “not aware of any activities by NSA related to the GSMA.” Huergo said that NIST would continue to work towards “bringing industry together with privacy and consumer advocates to jointly create a robust marketplace of more secure, easy-to-use, privacy-enhancing solutions.”

Encryption attack

The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.”

Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.”

The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.”

The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.

Last year, the Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3.

The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption.

In 2009, the British surveillance agency Government Communications Headquarters conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a “crypt attack” to penetrate the A5/3 algorithm, secret memos reveal. By 2011, GCHQ was collaborating with the NSA on another operation, called WOLFRAMITE, to attack A5/3 encryption. (GCHQ declined to comment for this story, other than to say that it operates within legal parameters.)

The extensive attempts to attack cellphone encryption have been replicated across the Five Eyes surveillance alliance. Australia’s top spy agency, for instance, infiltrated an Indonesian cellphone company and stole nearly 1.8 million encryption keys used to protect communications, the New York Times reported in February.

The NSA’s documents show that it focuses on collecting details about virtually all technical standards used by cellphone operators, and the agency’s efforts to stay ahead of the technology curve occasionally yield significant results. In early 2010, for instance, its operatives had already found ways to penetrate a variant of the newest “fourth generation” smartphone-era technology for surveillance, years before it became widely adopted by millions of people in dozens of countries.

The NSA says that its efforts are targeted at terrorists, weapons proliferators, and other foreign targets, not “ordinary people.” But the methods used by the agency and its partners to gain access to cellphone communications risk significant blowback.

According to Mikko Hypponen, a security expert at Finland-based F-Secure, criminal hackers and foreign government adversaries could be among the inadvertent beneficiaries of any security vulnerabilities or encryption weaknesses inserted by the NSA into communication systems using data collected by the AURORAGOLD project.

“If there are vulnerabilities on those systems known to the NSA that are not being patched on purpose, it’s quite likely they are being misused by completely other kinds of attackers,” said Hypponen. “When they start to introduce new vulnerabilities, it affects everybody who uses that technology; it makes all of us less secure.”

In December, a surveillance review panel convened by President Obama concluded that the NSA should not “in any way subvert, undermine, weaken, or make vulnerable generally available commercial software.” The panel also recommended that the NSA should notify companies if it discovers previously unknown security vulnerabilities in their software or systems—known as “zero days” because developers have been given zero days to fix them—except in rare cases involving “high priority intelligence collection.”

In April, White House officials confirmed that Obama had ordered NSA to disclose vulnerabilities it finds, though qualified that with a loophole allowing the flaws to be secretly exploited so long as there is deemed to be “a clear national security or law enforcement” use.

Vines, the NSA spokeswoman, told The Intercept that the agency was committed to ensuring an “open, interoperable, and secure global internet.”

“NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign-intelligence mission,” Vines said.

She declined to discuss the tactics used as part of AURORAGOLD, or comment on whether the operation remains active.
https://firstlook.org/theintercept/2...ck-cellphones/





Ron Wyden Introduces Bill to Ban FBI 'Backdoors' in Tech Products
Adi Robertson

Senator Ron Wyden (D-OR) is trying to proactively block FBI head James Comey's request for new rules that make tapping into devices easier. The Secure Data Act would ban agencies from making manufacturers alter their products to allow easier surveillance or search, something Comey has said is necessary as encryption becomes more common and more sophisticated. "Strong encryption and sound computer security is the best way to keep Americans' data safe from hackers and foreign threats," said Wyden in a statement. "It is the best way to protect our constitutional rights at a time when a person's whole life can often be found on his or her smartphone."

"The FBI says it's going to start 'going dark' because of encryption"

In a speech from mid-October, Comey warned that the FBI was in danger of "going dark," or being technically unable to access evidence on newly encrypted phones and computers. "The more we as a society rely on these devices, the more important they are to law enforcement and public safety officials," he said. Not long before, Apple and Google had announced that they would start encrypting iOS and Android user data by default, a decision that didn't sit well with Comey. In response, he proposed an update to the 1994 Communications Assistance for Law Enforcement Act, which requires telecommunications companies to provide wiretap access for targeted surveillance. It's a fight the government has picked before and lost (with the Crypto Wars), and the FBI didn't seem likely to do much better this time around. But Wyden is hoping to shut the proposal down before it manages to get off the ground.

Where Comey sees a targeted exception, Wyden and others see a backdoor in device security — a vulnerability that would defeat the purpose of user encryption and could be coopted by other hackers. Comey protested that the NSA leaks have given Americans an unrealistic idea of how far government surveillance powers reach, but Wyden says his bill is a way to rebuild trust in American technology companies, something that's been undeniably shaken by the information Edward Snowden leaked over the past year. The FBI declined to comment on the bill, referring us to Comey's statement earlier this year. "Director Comey was very clear in his comments that FBI is not seeking a backdoor, but a front door with a proper court order and the provider delivering the content to us," said a spokesperson.

In the House of Representatives, Rep. Zoe Lofgren (D-CA) took up the issue of government encryption rules earlier this year. She passed an amendment to the annual defense funding bill that bans requiring companies to install security vulnerabilities, a move that was lauded by civil liberties groups.
http://www.theverge.com/2014/12/4/73...kdoor-ban-bill





British Court Rules in Favor of Electronic Surveillance
Mark Scott

The court that oversees Britain’s intelligence agencies ruled Friday that electronic mass surveillance of people’s cellphone and online communications, like the Prism program revealed by Edward J. Snowden, is legal.

The ruling, on a complaint brought by privacy advocates and rights groups like Amnesty International, is one of the first by a high-level court in any case linked to revelations by Mr. Snowden, the former intelligence contractor. But it is unlikely to end the debate over whether intelligence agencies should have access to online communications.

The decision came after a global outcry against surveillance programs like Prism, which give American and British intelligence agencies almost unfettered access to Internet communications without individuals’ knowledge.

The privacy groups said they would appeal the British court’s decision at the European Court of Human Rights, which would move the deliberations to the Continent, where citizens’ digital privacy rights are generally afforded higher protection than in Britain.

Other lawsuits have also been filed against the use of these surveillance programs, including a case brought by the American Civil Liberties Union against the National Security Agency in the United States that was dismissed last year because of security concerns.

The British case was the first time that the country’s intelligence agencies had openly defended the programs. Lawyers for Britain’s Government Communications Headquarters, or GCHQ, testified that the electronic spying was needed to protect Britons.

Last month, one of Britain’s top intelligence officials, Robert Hannigan, demanded in an opinion article in The Financial Times that American technology companies do more to help Western intelligence agencies combat the threat from terrorists and online criminals.

The groups that brought the lawsuit, which also include Privacy International and Liberty, said the data collection programs used by Britain’s intelligence agencies violated the country’s human rights laws. They also criticized the court for keeping secret many of the rules governing the collection practices.

But after hearing months of legal arguments, the British court ruled that the programs were legal and that there were enough safeguards in place to protect people’s online privacy.

“The ‘Snowden revelations’ in particular have led to the impression voiced in some quarters that the law in some way permits the intelligence services carte blanche to do what they will,” the Investigatory Powers Tribunal, which handles cases involving Britain’s intelligence agencies, said in its ruling. “We are satisfied that this is not the case.”

The privacy groups disagreed.

“Today’s decision by the Investigatory Powers Tribunal that this is business as usual is a worrying sign for us all,” Eric King, deputy director at Privacy International, said in a statement on Friday. “The idea that previously secret documents can justify this scale of intrusion is just not good enough.”

The case involved the activities of the N.S.A. and its British counterpart, GCHQ, which collected data from phone applications that revealed location, age and other personal information, according to British intelligence documents.

During the proceedings, many of the GCHQ’s techniques, including malware that allowed the British government to turn on computer microphones and cameras without the owners’ consent, were made public for the first time.

While the court ruled Friday that the intelligence activities at issue did not violate British law, it raised concerns that previous efforts to intercept some people’s communications might prove to be illegal. That could include efforts to indiscriminately collect information on people’s online communications without a specific reason to do so, it said.

“We have left open for further argument the question as to whether prior hereto there has been such a breach,” the court decision said.

Many privacy experts said the European Court of Human Rights, which will not hear the appeal before late 2015 at the earliest, would probably show more sympathy for the concerns voiced by groups like Amnesty International.

The British court “seems very reassured by the system of safeguards that are in place, although some have been kept secret,” said Ian Brown, a professor of information security and privacy at Oxford. “In general, European courts are usually less reassured.”
http://www.nytimes.com/2014/12/06/wo...-is-legal.html





BlackBerry's Deal to Buy Voice Crypto Company Secusmart Blessed by German Government

The deal will let BlackBerry step up its cross-platform push with better security
Mikael Ricknäs

BlackBerry is now free to integrate German security vendor Secusmart's voice encryption technology on its smartphones and software, after the German government approved its acquisition of the company.

BlackBerry CEO John Chen still wants his company to be the first choice of CIOs that want nothing but the best security as he works to turn around the company's fortunes. The acquisition of Secusmart lets the company add the capability to encrypt voice and data communication to government security standards.

In this post-Edward Snowden world, cross-border acquisitions of security vendors have become even more touchy than before. Since Secusmart's technology is used by the German government -- including chancellor Angela Merkel , according to the company itself -- it was extra sensitive.

After careful consideration the deal has now been approved, and the German government has protected its national security with the help of a special treaty, a spokeswoman at the German Federal Ministry for Economic Affairs and Energy said on Friday. She didn't elaborate on what demands the treaty puts on BlackBerry.

When BlackBerry announced the deal to buy Secusmart back in July, it didn't come as much of a surprise. The two companies had already been working intimately with each other on SecuSuite for BlackBerry 10.

The product was launched in March last year and encrypts both phone calls and data communications. It uses a microSD card for storing encrypted documents, and a smartcard chip that performs the encryption. The new BlackBerry Passport handset was added to the list of compatible products this month.

The acquisition doesn't just let BlackBerry integrate Secusmart's features on its own OS. It can also help BlackBerry advance its cross-platform push. For example, Secusmart has developed the Secure Call app with network operator Vodafone, which lets users make encrypted phone calls using Android-based devices and Apple's iPhones.

That part of Chen's turnaround plan has become increasingly important as sales of BlackBerry's own smartphones represented less than 1 percent of total smartphone shipments during the third quarter, according to Strategy Analytics. This month, BlackBerry also joined forces with Samsung Electronics to integrate BES (BlackBerry Enterprise Server) 12 with Galaxy smartphones and tablets.
http://www.computerworld.com.au/arti...an-government/





The UK's Sexist New Pornography Restrictions Aren't Just an Act of State Censorship, But Could be the First Step Towards Something Even Worse

It's not just the depiction of certain sex acts which is under attack — our freedom is too
Myles Jackman

As you might have already heard, an act of state censorship has been declared against British pornography in the guise of innocuous regulation. But what you might not know is that it has also marked the first stage in a campaign to impose global trade sanctions. Strangely, this proposition has received less coverage.

The current discussion around these regulations has focused on the absurd restrictions which are being imposed on pornography. For example, male ejaculation is acceptable to shoot; but its female equivalent is absolutely beyond the pale. Bang out of order. It might be urine. We’re not sure. Probably best to ban it.

However, ignoring the inherent sexism of this proposition, it is actually the framework in which these regulations have been allowed to emerge that is of greatest concern to all forms of freedom of expression.

The regulations are supposed to create equality between the types of content that can be purchased from licenced sex shops in the UK with that which can be purchased on the internet. At the moment, what is available to physically purchase in the UK is different to the internet, which allows individuals access to goods and services from foreign jurisdictions.

Due to the financial threat from the free content distributed via free streaming sites, over-the-counter sales of pornography in the UK are in freefall. The attempt to regulate online content is clearly a pretext to controlling the runaway online market.

About 24 UK pornographic video on demand websites have currently registered with the authority that has been tasked by Ofcom to uphold the new regulations. From a consumer perspective this is an insignificant fraction of all the pornography hosted on the internet.

If only there was a way to regulate content hosted in foreign jurisdictions and shut down those pesky Tube sites...

Enter Peter Johnson, the Director of The Authority for Television On Demand (ATVOD), who has explicitly stated that he believes pornographic websites with editorial control outside the UK may be in breach of the Obscene Publications Act 1959 if their content is downloaded in this country.

His basis for this proposition seems to be contained within the Crown Prosecution Service’s recently updated guidelines, which state that: “There are very difficult jurisdictional issues about whether material hosted overseas is within reach of the English criminal law… [However] if a web site is hosted abroad and is downloaded in the UK [...] there is publication both when images are uploaded and when they are downloaded.”

If this logic is followed, all foreign pornographic websites selling content within the UK would need to register with ATVOD. Apparently Johnson agrees with this rationale. According to the journalist Thomas Newton, he has argued that blocking credit card payments from the UK could put the free streaming sites operating outside of the UK out of business: “Our view is that cutting off the funds to premium services, which use the free sites as a marketing platform would disrupt and undermine the free and unrestricted provision of hardcore porn. Without the underlying payments, the free sites would wither on the vine”.

Put simply, what he is proposing are financial sanctions. It looks like an unelected quango is gearing up to impose foreign financial sanctions, by utilising unelected bankers to decline payments to foreign jurisdictions, based on a selective interpretation of the unelected CPS’ Guidelines on the OPA, drafted in collaboration with unelected film censors at the BBFC.

This is a spectacularly dangerous precedent.

It might not be your cup of tea. But pornography is the canary in the coal mine of free speech. It is the first freedom to die. If assaults on liberty like this are allowed to go unchallenged, further freedoms will fall as a consequence.
http://www.independent.co.uk/voices/...e-9903830.html





Music Publishers' Suit Over Illegal File Sharing Hits Wrong Note
The Times Editorial Board

The entertainment industry spent years suing Internet users, file-sharing companies and websites over illegal music and movie downloading while the companies that make high-speed downloads possible —broadband providers such as Time Warner Cable and AT&T — watched from the sidelines. That changed last week, when music publishers BMG Rights Management and Round Hill Music sued one of the country's larger Internet service providers, cable TV operator Cox Communications, for not cutting off customers accused repeatedly of illegal file sharing. The publishers are right to expect Cox to help fight piracy, but the courts should resist their attempt to turn ISPs into bare-knuckled enforcers.

The publishers' lawsuit is based on the 1998 Digital Millennium Copyright Act, which absolves ISPs from liability for their users' copyright violations if they meet certain conditions. According to the publishers' complaint, Cox failed to comply with the law's requirement to implement a policy cutting off repeat infringers' accounts. The publishers say their anti-piracy contractor, Rightscorp, notified Cox of millions of infringements on roughly 200,000 Cox accounts, yet the accounts have remained open "without consequence."

Rightscorp monitors file-sharing networks, then threatens legal action against those whose broadband accounts were allegedly used for piracy unless they pay a small fine. In other words, it seeks a cheaper, easier way to enforce copyrights than rights holders can obtain through the courts and their pesky due-process rules. Its approach won't work, however, if ISPs don't identify the account holders, and they're under no legal obligation to do so unless the copyright owner has filed suit. Nor are ISPs compelled to forward Rightscorp's demands for money to their subscribers, who may be blissfully unaware that someone was using their account for piracy. Rightscorp shouldn't be able to use the 1998 law to compel ISPs to support its business model.

The larger question raised by the publishers' lawsuit is: At what point do ISPs have to disconnect subscribers whose accounts are used repeatedly to violate copyrights? Yet BMG, Round Hill Music and Cox don't need to answer that to make headway against piracy. The Copyright Alert System jointly developed by the major movie studios, record labels and largest ISPs doesn't threaten to cut off anyone's Internet access, but it does send out warnings and take increasingly intrusive steps to prod broadband subscribers to stop piracy. The system sent out more than 2 million warning letters to users in its first year, and the vast majority responded by stopping the infringements in short order. Cox has a similar "graduated response" system, but it lacks the clarity and standardization of the other ISPs' effort. Rather than trying to impose new rules through the courts, the publishers should join Cox in making the existing warning system work for all concerned.
http://www.latimes.com/opinion/edito...205-story.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

November 29th, November 22nd, November 15th, November 8th, November 1st


Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 03:26 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)