P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 23-09-15, 09:01 PM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - September 26th, '15

Since 2002


































"If Volkswagen knew that every customer who buys a vehicle would have a right to read the source code of all the software in the vehicle, they would never even consider the cheat, because the certainty of getting caught would terrify them." – Eben Moglen


"Any company that supports a bill like CISA or sits silently and allows it to pass is a company that can't be trusted." – Evan Greer


"Defendants may properly invoke their Fifth Amendment right." – US District Judge Mark Kearney






































September 26th, 2015




Bush Would Roll Back Net Neutrality if Elected
Mario Trujillo

GOP presidential candidate Jeb Bush on Tuesday unveiled policy proposals that call for rolling back major Obama administration rules, including net neutrality.

Bush’s proposal laments the rules for subjecting Internet service providers — such as Verizon, AT&T or Comcast — to “antiquated ‘common carrier’ regulations,” a frequent criticism.

“Rather than enhancing consumer welfare, these rules prohibit one group of companies (Internet Service Providers) from charging another group of companies (content companies) the full cost for using their services,” according to the policy proposal.

The fight over the regulations is pitting Internet activists and major tech companies such as Netflix against large service providers such as AT&T. However, Bush framed his proposal as protecting some small broadband providers who asserted the rules “caused them to cut back on investments to upgrade and expand their networks.”

“Agencies today make far more laws than legislators. But unlike courts and legislators, regulators conduct their deliberations in relative obscurity, often outside of the public’s view and effectively accountable to no one, not even the president,” according to Bush’s proposal.

Republicans and Internet service providers are almost universally against the Federal Communications Commission’s rules approved in February, which reclassify Internet service under the authority governing landline phones that the FCC has more control over. The rules are meant to prevent service providers from slowing Internet traffic to any website or creating fast lanes for those willing to pay extra.

A group of trade groups and providers are challenging the rules in court, with oral arguments in the Appeals Court for the D.C. Circuit scheduled for December.

Other regulations that would be on the chopping block under Bush’s plan are the administration’s carbon and coal ash rules and the Dodd-Frank financial regulations.

But repealing Obama administration rules is only a sliver of Bush’s regulatory plan.

In addition, he would put a new regulatory freeze on agencies until one of his appointees approved new rules. He would also set a regulation budget, requiring offsets if new regulations bring costs. He would also pass an executive order outlining principles regulators should follow, including a preference for state action and “honest” cost-benefit analysis.
http://thehill.com/policy/technology...sh-white-house





The Wall Street Journal Doubles Down On Dumb: Falsely Claims Net Neutrality ('Obamanet') Has Crushed Broadband Investment
Karl Bode

Last week, we noted that the Wall Street Journal appeared to have reached a completely new low in the "conversation" about net neutrality, with a bizarre, facts-optional missive about how Netflix was to blame for pretty much everything wrong with the Internet. According to Holman W. Jenkins Jr., Netflix is the diabolical villain at the heart of a cabal to regulate the Internet, cleverly convincing regulators to treat hard-working, honest companies like Comcast unfairly. As we noted, the screed is part of a broader telecom-industry attempt to vilify Netflix for not only its support of net neutrality, but for daring to erode traditional cable TV subscriptions through (gasp) competition.

This week the Journal decided to double down on notably cryptic and dumb editorials, with another rambling tirade about net neutrality. Piece author Gordon Crovitz, who we've repeatedly documented as aggressively wrong on everything from surveillance to encryption, begins by riling up the partisans in claiming "'Obamanet is hurting broadband":

"The FCC never planned to set rates and terms for broadband under the laws that dictated how railroads operated in the 1880s and the phone system in the 1930s. But President Obama decided “net neutrality” was good politics, so he demanded that the commission impose the most extreme form of regulation. Today bureaucrats lobbied by special interests determine what is “fair” and “reasonable” on the Internet, including rates, tariffs and business arrangements. The FCC got thousands of requests for new regulations within weeks of the new rules."

Right, except none of that is true. While the FCC has issued some warnings about interconnection shenanigans (which has resulted in Netflix, transit and last mile ISPs suddenly getting along famously), the FCC is forbearing from most of the more aggressive portions of Title II regulations. And despite the fact that anti-net-neutrality folks don't want to believe him, it's clear that FCC boss Tom Wheeler doesn't want to regulate broadband pricing. The proof is in the fact that the agency continues to turn a blind eye to industry prices (it's simply never even mentioned as an issue), and the agency has effectively given the green light to usage caps, overages and zero rating.

If they had any sense, net neutrality opponents should be happy about this, as it's abundantly clear the FCC's only looking to enforce the most ham-fisted of neutrality abuses (filtering, blocking, heavy throttling of competing services), and ISPs can continue doing precisely what they're doing now (aggressively cashing in on uncompetitive markets) with no worry of regulatory interference. Most ISPs understand the message is subtle but it's there: ISPs can continue to experiment with this kind of "creative" pricing, they just need to be subtle about it. There's zero indication that Wheeler has any interest in serious rate regulation.

Crovitz then proceeds to parrot a new missive the broadband industry has loyal mouthpieces chanting at the top of their lungs the last few weeks: that, like neutrality opponents ingeniously predicted, the FCC's new rules have indeed stifled broadband sector investment. Like FCC Commissioner Pai last week, his evidence once again comes courtesy of broadband-industry tied "consultant" and professional statistics-massager Hal Singer:

"Now Mr. Singer has analyzed the latest data, and his prediction has come true. He found that in the first half of 2015, as the new regulations were being crafted in Washington, major ISPs reduced capital expenditure by an average of 12%, while the overall industry average dropped 8%. Capital spending was down 29% at AT&T and Charter Communications, 10% at Cablevision, and 4% at Verizon. ( Comcast increased capital spending, but on a new home-entertainment operating system, not broadband.)"

Except Mister Singer cherry picked his statistics and ignored context. AT&T and Charter's capex dropped because both were winding up major investment projects ("Project VIP" and a digital video upgrade, respectively) that had nothing to do with net neutrality. Singer also intentionally ignores that capex reductions in AT&T and Verizon's fixed-line networks are because those companies had already frozen "next-gen" broadband deployments and are hanging up on unwanted DSL users, something that again has nothing to do with net neutrality. So right out of the gate, the vast majority of Singer and Crovitz's "proof" evaporates into thin air.

While Singer acknowledges that Comcast boosted capex, he intentionally ignores that the company subsequently announced a huge nationwide plan to deploy two-gigabit broadband service. And while Verizon's capex dropped 4% due to winding down LTE upgrades (that tends to happen when a job is complete), the company just last week announced a huge investment initiative in 5G wireless broadband technology. Odd that Singer and Crovitz somehow forget to mention that two of the country's biggest neutrality opponents just announced major new investment initiatives yeah?

Singer also ignores the fact that capex was up for a huge number of broadband ISPs, including Google Fiber, Sprint, T-Mobile, Frontier, Windstream, Suddenlink, and Time Warner Cable -- not to mention continued growth on the municipal (community driven) broadband front. In short, Crovitz, Singer, Pai and other neutrality opponents are trying to make a claim that -- no matter how you twist the data -- simply can't be substantiated. The capex fluctuations they're pointing to as proof positive of broadband industry damage are perfectly ordinary and have absolutely nothing to do with net neutrality. Period. Full stop.

In the short term only the courts, not stat farmers, sockpuppets and bullhorns, can kill net neutrality. But since a 2016 administration change would allow the selection of a new (and decidedly anti-neutrality) FCC boss with the power to dismantle the rules, there are obvious benefits to riling up the uninformed masses just ahead of election season. You just hope some of them are able to read a simple spreadsheet.
https://www.techdirt.com/articles/20...vestment.shtml





Average US Connection Speed Now 11.7 Mbps, 20th Globally
Karl Bode

The global average connection speed increased 3.5% to 5.1 Mbps in the second quarter of 2015, according to the latest study by Akamai. South Korea saw an average speed of 23.1 Mbps, followed by Hong Kong (17 Mbps), Japan (16.4 Mbps), Sweden (16.1 Mbps) and Switzerland (15.6%). The United States was in twentieth place with an average broadband speed of 11.7 Mbps (up 2.2% year-on-year) followed by Canada at 11.1 Mbps.

Globally, 110 out of 144 measured countries saw average connection speeds increase from the previous quarter, with growth rates ranging from a modest 0.4% in Senegal (1.5 Mbps) to a substantial 67% in Tunisia (2.8 Mbps), notes Akamai.

As for faster connections, the study found that 21% of US connections deliver speeds of 15 Mbps or more, good for eighteenth place in the rankings.

The FCC recently changed the base definition of broadband to 25 Mbps, and has been noting that about three quarters of the public lack the option of more than one broadband provider at that speed. That's thanks largely to cable's dominance, and DSL providers being uninterested in seriously upgrading aging copper-based infrastructure.

As for peak speeds, Singapore lead the survey with average speeds of 108 Mbps, followed by Hong Kong (94.8 Mbps), South Korea (83.3 Mbps), Japan (75.1 Mbps) and Taiwan (74.5 Mbps). The average peak speed in the US was 50.4 Mbps, good for 24th worldwide.
https://www.dslreports.com/shownews/...lobally-135194





The State of LTE (September 2015)

Have we fully entered the 4G age? The answer to that question depends on where on the globe you live. In OpenSignal’s most recent batch data we found that in some countries LTE has become a near ubiquitous technology, providing broadband speeds no matter where you go. In other countries, LTE is just beginning its adolescence.

But in general we’re seeing both speeds and 4G availability creeping up across the globe as operators deploy new networks in new places and upgrade the networks they’ve already built. Getting a 20 Mbps connection is now commonplace in multiple countries as operators expand into new frequency bands and take advantage of new LTE-Advanced techniques. We’re seeing awe-inspiring data rates in seemingly unlikely places like eastern Europe as operators who entered the 4G race late make up for lost time. We’re also seeing some of LTE’s earliest adopters such as the U.S. fall behind their global peers.

OpenSignal collects its data from smartphone owners like you through its app (available on iOS and Android). That anonymous crowdsourced data goes into building our impartial coverage maps as well as our analytical reports (for a more detailed explanation, see our general methodology page). For this report, we drew data from the hundreds of thousands of OpenSignal users that have LTE-capable phones and connect to operators with live 4G networks. That data was collected in three months between June and August, but we also included our results from the previous three months for comparative purposes.

This quadrant graph provides a look into the overall performance of the world’s global LTE operators, factoring in both average network speeds and network availability. Operators that fall in the upper right hand portion of the graph provide faster speeds and a more consistent LTE signal, while those in the lower left hand quadrant have slower speeds and less consistent coverage.

While the best performing networks were in Asia, European operators delivered some impressive performances as well, notably TDC in Denmark and KPN in the Netherlands.

South Korea’s operators performed the best overall, all offering download speeds over 25 Mbps and near ubiquitous 4G coverage. Singapore’s three major operators were right behind them, beating South Korea out in speed though unable to match their Asian peers’ network availability. The real star here was Korea Telecom’s Olleh, which provided not only one of the fastest networks in the world but also delivered an active LTE signal 96 percent of the time.

You’ll notice that operators in many countries tend to cluster in different parts of the graph. For instance, the U.S. has marked out its territory in the lower right-hand quadrant, offering below-average speeds but decent coverage. Meanwhile, Japan’s operators are dominating the middle right, providing excellent coverage but average speeds. The poorest performers tend to be in developing regions of the world, but there are also a few western European service providers with underperforming networks in the lower left-hand quadrant, for instance 3’s operations in both the U.K. and Ireland as well as Italy’s Wind.

For this report, we’ve added a new element tracking the overall performance of the major multinational operator groups across their different countries. As you can see, most of these mega-operators tend be clustered in the center of our chart, though Vodafone, Deutsche Telekom and Hutchison’s 3 do have a few standout networks. In South America, the 4G race is heating up, but for now Telefónica’s Movistar group appears to have the upper hand over América Móvil’s Claro operators.

Note: While we track many more networks than the ones shown on this graph, we excluded operators for which we didn’t have a large enough sample to take an accurate gauge of overall network performance.

The proportion of time users have an LTE signal, or LTE 'Time Coverage', is our proprietary metric for looking at coverage holistically, instead of just as a measurement of geographical reach. Time coverage measures the proportion of time users spend connected to a particular network, whether they’re indoors or out, on the move or standing still. We represent time coverage as a percentage, so if an LTE network has 80 percent time coverage, that means its customers, on average, can get an LTE signal 80 percent of the time. For more details on how we calculate time coverage, see OpenSignal’s

South Korea once again leads the world in LTE availability. Customers on its networks are able to connect to LTE 97 percent of the time, making 4G almost as pervasive as 2G and 3G networks in that country. What’s even more impressive is the individual performance of Korea’s LG U+, which had an LTE time coverage number of 99.6 percent.

While the U.S., Sweden and Japan are falling behind in speed, they are among the top countries in the world in terms of coverage.

Japan scored very highly as well, but outside of the top 8, no country was able to provide a 4G signal more than 80 percent of the time. We are starting to see global LTE coverage improve steadily, though. A look at our data from the three months preceding this report (March to May) shows 37 countries had time-on-LTE percentages greater than 50. In this report, 50 countries make the cut.

Still, there are several operators that clearly have work to do when it comes to providing a consistent 4G connection. Iliad’s Free Mobile may be challenging the French powers-that-be on price, but its LTE time coverage ranked lowest in Europe at 26 percent. In the U.S. -- where LTE has been live for five years -- Sprint provided an LTE connection in just 64 percent of our signal tests. The lowest time coverage score went to Axiata’s XL in Indonesia, which provided an LTE signal only 19 percent of the time.

We’re starting to see a big bump in 4G speeds in many countries, and that’s likely the result of operators upgrading their networks. Many operators are deploying new LTE systems in new frequency bands, adding more capacity to their networks -- which allows them to serve more customers without sacrificing performance -- and several are using new LTE-Advanced technologies to boost the speeds available to devices.

LTE-Advanced is still a new technology, but we’re starting to see its impact as more countries adopt it and more LTE-A smartphones become available.

South Korea is a perfect example as we’ve seen its 4G speeds nearly double in the last year. Each of that country’s major operators now has LTE running on three different bands, and they’ve all used an LTE-Advanced technique called carrier aggregation to combine network transmissions for even speedier connections. Romania is a relative newcomer to LTE but by virtue of Vodafone and Orange’s early commitment to LTE-Advanced and multiple 4G bands, it’s among the fastest providers in the world. We’re seeing similar network investments in Singapore, Denmark, Austria and Hungary.

The speed crown today, however, goes to New Zealand, which first launched LTE just two years ago (for more details on how we calculate our country averages see the methodology section). Though LTE-Advanced hasn’t yet taken hold in New Zealand, Spark and Vodafone have launched LTE on two frequency bands each, delivering an awful lot of 4G capacity. As for individual performance goes (based on the operators where we had a large enough data sample), Singapore’s StarHub clocked the fastest average speeds of any global operator at 38 Mbps.

Conversely some of the earliest adopters of LTE -- like the U.S., Japan, Sweden and Germany -- are starting to fall behind in terms of data performance. In part, these older networks are suffering from their own success. In the U.S., for instance, LTE’s introduction in 2010 resulted in a huge base of LTE subscribers in the country today. Those subscribers are all competing for the same network resources, slowing down average speeds. In comparison, newer networks in South America and Europe are more lightly loaded. But the U.S. has also failed to keep up with the rest world in both spectrum and technology. All of the four major U.S. operators have been expanding into more frequency bands, but none have been able to match the capacity countries like South Korea and Singapore have plowed into their networks. The U.S. has also been much slower in moving to LTE-Advanced.

Smartphone users are on average connecting to LTE networks at much faster speeds than Wi-Fi. That’s not to suggest that LTE is a superior technology to Wi-Fi. The data just reflects the tremendous variance in Wi-Fi connection quality our users encounter on a daily basis. In North America or East Asia, a consumer might see 50 Mbps or better connections on their home or office networks, but then find their internet connection timing out at a local coffee shop. There’s also a lot of variance in Wi-Fi speeds between countries. In some parts of the world mobile broadband networks are coming online to make up for the lack of quality and availability of local broadband connections (which ultimately act as a bottleneck for Wi-Fi).

Since April, four more countries have launched their first 4G networks: Laos, Malawi, Guernsey and Morocco. That brings the total number of countries with at least one commercial LTE network up to 140. This interactive map shows the countries where LTE is active and where it’s scheduled to go online. Click the “play” button to see how LTE has spread globally since its introduction in northern Europe in 2010.
http://opensignal.com/reports/2015/0...f-lte-q3-2015/





Apple Music’s Functionality Failure
Bob Lefsetz

They broke Clayton Christensen’s rule.

The other night, I decided to play some MP3s. Retro, I know. But I heard a song on the radio and I wanted to hear more by that artist and I didn’t want to pay for bandwidth when I knew I had most of his canon on my phone and…

There started my problems.

Finding the artist’s MP3s was far from simple. I had to navigate to my music as opposed to streaming, I had to search, and when I hit shuffle I kept on hearing the same songs again. Did I press the wrong selection, was I only listening to one album? No, shuffle in Apple Music is broken. It’ll play the same song multiple times before it plays all of them. Furthermore, my artwork is screwed up. And this is frustrating. I want a separate Apple Music app for my MP3s and another for my streams. And that’s when it hit me, Cupertino had broken the rule outlined in the “The Innovator’s Dilemma.”

When you encounter disruption, you save your enterprise by building a cheaper, less-profitable operation across the street. And eventually there comes a tipping point when the new enterprise subsumes the old. You don’t mix them together. If you’re trying to placate your old customers, you’re screwing the new, and that’s death.

Steve Jobs never did this.

Mac aficionados know that when OS X was introduced you could boot into either it or OS 9, but they did not work on the same screen, that would be too confusing. Just like you can run Windows on your Mac today, but not without closing down OS X and rebooting into it.

Apple realized MP3s were dying. At least I hope they realized this. But they were fearful of not only cannibalizing said business, but alienating iTunes customers. Instead, Apple decided to hamstring both old and new listeners, which is important, because companies that do this fail.

You jump over the fence and join the revolution. You don’t bring the old to the new. It’s what hobbled Microsoft. So busy making sure old machines and software could work with the new operating system, PCs became clunky and the spaghetti code in the OS became untrustworthy. Instead of just working, it didn’t.

And now Apple is doing the same thing.

And this is death in tech. If you’re not willing to destroy the old business model on the way to the new, you’re gonna lose in the long run.

Yes, Apple has zillions of credit card numbers. Yes, Apple is the world’s most valuable company, a juggernaut. But IBM is a shadow of what it once was, as is Microsoft. Nothing is forever. When the great disruption comes you’ve got to sacrifice what once was, however profitable it might be, or you will die in the future.

The problem with streaming in the United States is that most people just don’t see the need to subscribe. Furthermore, they don’t see the need to experiment. Getting someone to try something is the hardest part. And when they do try something and they get less functionality than before, they’re out.

This is what’s happening with Apple Music, and this hurts not only Apple, but the music business at large.

It’d be like having a CD player that spins vinyl. Actually, they tried this. Needless to say, it failed.

As for streaming sound quality, Clayton Christensen went on to say that the new solution may not equal the quality of the old, but it’s good enough and it’s cheap. If you’re an iTunes customer you’re going to go to streaming, you just don’t know it yet. Because streaming is cheaper if you’re a heavy buyer, and owning nothing you can gain improvement along the way. Imagine if you were hobbled by your internet speed of fifteen years ago! But you kept paying the cable company and you kept getting higher speed.

As for DSL… It failed in the marketplace. Everybody moved on to cable. Verizon only succeeded with a whole new delivery system, FiOS. It wasn’t about improving copper wire, but abandoning it, which is what telephone companies are now doing.

The point is not that musicians are complaining about royalty rates. It’s not even about Neil Young’s rants about sound quality. They’re roadkill on the way to the future, diversions at best.

It’s about the world’s most valuable company trying to hold on to its customers.

We’re beholden to corporations. We follow them more than bands. They’re peopled by the best and the brightest. We study them to see when they succeed and fail. When they sacrifice credibility, when they miss innovation.

When hip-hop started to gain traction did record companies insist that DJs and MCs include rock elements to satiate the old audience?

OF COURSE NOT!

You leave the past behind.

Streaming is a disruptive technology. It’s already killed purchase. YouTube demonstrated this. The goal is to capture as many people and generate as much money as possible.

YouTube didn’t care about MP3s. Didn’t even care about copyrights at first. And so far, YouTube has won. It’s easy to navigate and easy to play. But Google was protecting no legacy interests, they started with a clean slate.

Apple Music’s interface is too cluttered. Functionality is hampered. And this scares me, Apple was once a fountain of innovation. But now that it’s protecting its past, it’s screwed.

In Silicon Valley, Clayton Christensen’s work is gospel.

How did Apple miss out?

P.S. In case you’re not using Apple Music… The app both streams and plays your MP3s. The dividing line is blurry, nearly incomprehensible, and whereas the old Music app synched only the songs you chose, the new app lists all of the tracks in your iTunes library, and you can’t find those that are actually synched! And you’ve got to keep clicking back between streams and MP3s, and even though some may say they love Apple Music, the truth is early adopters always yell loudest, but not everybody follows their lead.

P.P.S. I don’t expect Apple to break out the number of paying Music customers, it’s not their style, when they lose they obfuscate.

P.P.P.S. Just because you downloaded the app, that does not mean you use it. Look at Twitter… Massive sign-ups and little usage. Furthermore, Apple pushed Music updates, and people now download these without thinking.

P.P.P.P.S. With customers and momentum Apple still might win the music streaming wars, but based on their ignorance of Clayton Christensen’s rules one doubts the company will win in the future. You need someone to say no, you need someone to make the hard decisions. Autocrats lead the best companies, consensus builders fail, pleasing everyone ultimately pleases no one. In other words, Tim Cook knows how to make the trains run on time, but can he get them to the next destination?
http://lefsetz.com/wordpress/index.p...ality-failure/





Record Label Revenue Flat in First Half of 2015
Glenn Peoples

Big gains in paid digital access and ad-supported streaming services kept things from going underwater.

Led by streaming revenues, which accounted for a third of the total, U.S. recorded music revenue was basically flat in the first half of 2015. According to figures released by the RIAA Monday, total revenue was down 0.5 percent to $3.17 billion while wholesale revenues -- what distributors and labels actually receive -- rose 0.8 percent to $2.32 billion.

Digital revenues grew 6.3 percent to $2.32 billion as streaming gains outpaced download losses. Streaming revenues grew 23.2 percent, or $193.7 million, to $1.03 billion. The sting from the 9.4 percent drop in digital track revenues was lessened by a 4.2 percent gain in digital album revenues.

Physical sales declined 17.3 percent to $748 million. CD sales fell the furthest, dropping 31.5 percent to $494.8 million. Vinyl sales grew 51.3 percent to $226 million. Synchronization royalties rose 3.9 percent to $94.5 million.

Access models, represented by services like Spotify and SiriusXM, showed strong growth. Paid subscriptions and streaming royalties rose 23.2 percent to $1.03 billion. Digital subscription revenue grew 24.9 percent to $477.9 million, an increase of $95.2 million, when measured in retail dollars. Distributions from SoundExchange, which collects digital performance royalties from services such as Pandora and SiriusXM, grew 19.7 percent, or $63.8 million, to $387.2 million. Royalties from ad-supported streaming services grew 27.1 percent, or $34.7 million, to $162.7 million.

A better analysis of streaming royalties requires subscription revenue to be converted into wholesale dollars. Unlike revenues from subscription services, SoundExchange distributions and ad-supported royalties have no corresponding retail figure. Both amounts exist entirely as trade revenue that arose from business-to-business transactions rather than business-to-consumer transactions of subscription services. As such, subscription revenues should be converted from retail to trade value.

This alternate, apples-to-apples analysis reshapes the digital pecking order. Under this approach, subscription services accounted for about $286.7 million in wholesale revenue to record labels, an amount $100 million below SoundExchange distributions. Total wholesale subscription and streaming revenue grew $155.6 million to $836.6 million in this different accounting (is grew $193.7 million in the original accounting).

Growth in the number of paid subscribers was a disappointing 200,000, putting total paid subscriptions at 8.1 million during the period. (The RIAA provides the average number of subscribers for the six-month period. The subscriber count at the end of June was undoubtedly larger.) This gain is even more disappointing considering Spotify had offered three-month subscriptions for $1 in both November and May. But the improvement would have been better without the closing of Muve Music, to low-cost subscription service Deezer acquired from Cricket Wireless in January. But considering subscription revenue grew 24.9 while subscribers rose just 2.5 percent — meaning the average subscriber paid more — it appears many low-value Muve subscribers failed to migrate to Deezer

It should be noted that Apple Music did not impact these first-half digital numbers. Apple Music launched on June 30, the last day of this report's time period. And because Apple offered three-month free trials, people that signed up on the first day wouldn't have been counted anyway. But the free trials for these early adopters will lapse at the end of September.
http://www.billboard.com/articles/bu...t-half-of-2015





The Plot Twist: E-Book Sales Slip, and Print Is Far From Dead
Alexandra Alter

Five years ago, the book world was seized by collective panic over the uncertain future of print.

As readers migrated to new digital devices, e-book sales soared, up 1,260 percent between 2008 and 2010, alarming booksellers that watched consumers use their stores to find titles they would later buy online. Print sales dwindled, bookstores struggled to stay open, and publishers and authors feared that cheaper e-books would cannibalize their business.

Then in 2011, the industry’s fears were realized when Borders declared bankruptcy.

“E-books were this rocket ship going straight up,” said Len Vlahos, a former executive director of the Book Industry Study Group, a nonprofit research group that tracks the publishing industry. “Just about everybody you talked to thought we were going the way of digital music.”

But the digital apocalypse never arrived, or at least not on schedule. While analysts once predicted that e-books would overtake print by 2015, digital sales have instead slowed sharply.

Now, there are signs that some e-book adopters are returning to print, or becoming hybrid readers, who juggle devices and paper. E-book sales fell by 10 percent in the first five months of this year, according to the Association of American Publishers, which collects data from nearly 1,200 publishers. Digital books accounted last year for around 20 percent of the market, roughly the same as they did a few years ago.

E-books’ declining popularity may signal that publishing, while not immune to technological upheaval, will weather the tidal wave of digital technology better than other forms of media, like music and television.

E-book subscription services, modeled on companies like Netflix and Pandora, have struggled to convert book lovers into digital binge readers, and some have shut down. Sales of dedicated e-reading devices have plunged as consumers migrated to tablets and smartphones. And according to some surveys, young readers who are digital natives still prefer reading on paper.

The surprising resilience of print has provided a lift to many booksellers. Independent bookstores, which were battered by the recession and competition from Amazon, are showing strong signs of resurgence. The American Booksellers Association counted 1,712 member stores in 2,227 locations in 2015, up from 1,410 in 1,660 locations five years ago.

“The fact that the digital side of the business has leveled off has worked to our advantage,” said Oren Teicher, chief executive of the American Booksellers Association. “It’s resulted in a far healthier independent bookstore market today than we have had in a long time.”

Publishers, seeking to capitalize on the shift, are pouring money into their print infrastructures and distribution. Hachette added 218,000 square feet to its Indiana warehouse late last year, and Simon & Schuster is expanding its New Jersey distribution facility by 200,000 square feet.

Penguin Random House has invested nearly $100 million in expanding and updating its warehouses and speeding up distribution of its books. It added 365,000 square feet last year to its warehouse in Crawfordsville, Ind., more than doubling the size of the warehouse.

“People talked about the demise of physical books as if it was only a matter of time, but even 50 to 100 years from now, print will be a big chunk of our business,” said Markus Dohle, the chief executive of Penguin Random House, which has nearly 250 imprints globally. Print books account for more than 70 percent of the company’s sales in the United States.

The company began offering independent booksellers in 2011 two-day guaranteed delivery from November to January, the peak book buying months.

Other big publishers, including HarperCollins, have followed suit. The faster deliveries have allowed bookstores to place smaller initial orders and restock as needed, which has reduced returns of unsold books by about 10 percent.

Penguin Random House has also developed a data-driven approach to managing print inventory for some of its largest customers, a strategy modeled on the way manufacturers like Procter & Gamble automatically restock soap and other household goods. The company now tracks more than 10 million sales records a day, and sifts through them in order to make recommendations for how many copies of a given title a vendor should order based on previous sales.

“It’s a very simple thing; only books that are on the shelves can be sold,” Mr. Dohle said.

At BookPeople, a bookstore founded in 1970 in Austin, Tex., sales are up nearly 11 percent this year over last, making 2015 the store’s most profitable year ever, said Steve Bercu, the co-owner. He credits the growth of his business, in part, to the stabilization of print and new practices in the publishing industry, such as Penguin Random House’s so-called rapid replenishment program to restock books quickly.

“The e-book terror has kind of subsided,” he said.

Other independent booksellers agree that they are witnessing a reverse migration to print.

“We’ve seen people coming back,” said Arsen Kashkashian, a book buyer at Boulder Book Store in Boulder, Colo. “They were reading more on their Kindle and now they’re not, or they’re reading both ways.”

Digital books have been around for decades, ever since publishers began experimenting with CD-ROMs, but they did not catch on with consumers until 2008, shortly after Amazon released the Kindle.

The Kindle, which was joined by other devices like Kobo’s e-reader, the Nook from Barnes & Noble and the iPad, drew millions of book buyers to e-readers, which offered seamless, instant purchases. Publishers saw huge spikes in digital sales during and after the holidays, after people received e-readers as gifts.

But those double- and triple-digit growth rates plummeted as e-reading devices fell out of fashion with consumers, replaced by smartphones and tablets. Some 12 million e-readers were sold last year, a steep drop from the nearly 20 million sold in 2011, according to Forrester Research. The portion of people who read books primarily on e-readers fell to 32 percent in the first quarter of 2015, from 50 percent in 2012, a Nielsen survey showed.

Higher e-book prices may also be driving readers back to paper.

As publishers renegotiated new terms with Amazon in the past year and demanded the ability to set their own e-book prices, many have started charging more. With little difference in price between a $13 e-book and a paperback, some consumers may be opting for the print version.

On Amazon, the paperback editions of some popular titles, like “The Goldfinch” by Donna Tartt and “All the Light We Cannot See” by Anthony Doerr, are several dollars cheaper than their digital counterparts. Paperback sales rose by 8.4 percent in the first five months of this year, the Association of American Publishers reported.

The tug of war between pixels and print almost certainly isn’t over. Industry analysts and publishing executives say it is too soon to declare the death of the digital publishing revolution. An appealing new device might come along. Already, a growing number of people are reading e-books on their cellphones. Amazon recently unveiled a new tablet for $50, which could draw a new wave of customers to e-books (the first-generation Kindle cost $400).

It is also possible that a growing number of people are still buying and reading e-books, just not from traditional publishers. The declining e-book sales reported by publishers do not account for the millions of readers who have migrated to cheap and plentiful self-published e-books, which often cost less than a dollar.

At Amazon, digital book sales have maintained their upward trajectory, according to Russell Grandinetti, senior vice president of Kindle. Last year, Amazon, which controls some 65 percent of the e-book market, introduced an e-book subscription service that allows readers to pay a flat monthly fee of $10 for unlimited digital reading. It offers more than a million titles, many of them from self-published authors.

Some publishing executives say the world is changing too quickly to declare that the digital tide is waning.

“Maybe it’s just a pause here,” said Carolyn Reidy, the president and chief executive of Simon & Schuster. “Will the next generation want to read books on their smartphones, and will we see another burst come?”
http://www.nytimes.com/2015/09/23/bu...from-dead.html





Guess What: Millennials Aren’t All the Same When it Comes to News Consumption
Laura Hazard Owen

Millennials tend to get lumped into a big group when it comes to hand-wringing about their news consumption habits. But (shocker) defining the entire group of people born between 1980 and 1998 as a “monolithic group that doesn’t change with age and different circumstances” doesn’t really make sense, according to a new report from the Media Insight Project.

The report, out Friday, is a collaboration between The Associated Press-NORC Center for Public Affairs Research and the American Press Institute. The researchers found that “millennials’ news and Internet habits fall into four distinct types.”

Here are the essential characteristics of each of the four groups, as the report defines them:

The Unattached
— Ages 18–24, they “get their news and information mostly by just bumping into it.”
— Less than a third (31 percent) pay for a news subscription; 17 percent use a news subscription paid for by someone else.
— They “go online primarily for entertainment activities such as playing games or streaming music and movies.”

The Explorers
— Also ages 18–24, but they “actively seek out news and information.”
— Forty-four percent pay for a news subscription; 17 percent use a news subscription paid for by someone else.
— They “are interested in news and are more active in pursuing it online.”

The Distracted
— They are older, ages 25–34, “have begun to have families and are part of the middle class.”
— Forty percent pay for a news subscription; 12 percent use a news subscription paid for by someone else.
— They’re unlikely to “actively seek out” news and information online, but they do “follow a variety of lifestyle and news-you-can-use topics that show direct relevance to their jobs, their families, or solving problems in their personal lives.”

The Activists
— They are also older, ages 25–34, but more likely than “The Distracted” to “actively seek out news and information.”
— Fifty-one percent pay for a news subscription; seven percent use a news subscription paid for by someone else.
— They are “the only group that is a majority non-white.”

Some of this seems a little obvious — divide the Millennial generation in half by age; in each half, some are interested in online news and some aren’t — but it’s interesting to see who pays for news and who is still relying on someone else’s subscription (probably a parent’s) for it.

The researchers surveyed 1,045 adults between the ages of 18 and 34. The full report is here.
http://www.niemanlab.org/2015/09/gue...s-consumption/





Netflix Data Reveals Exactly When TV Shows Hook Viewers — And It’s Not the Pilot
Todd Spangler

Netflix crunched cold, hard viewing data for more than two dozen TV shows and says it has determined which specific episode grabbed most subscribers to the point where they watched the entire first season.

However, none of the shows Netflix looked at, which included originals and licensed series, hooked viewers with the pilot. In fact, two shows — “Arrow” and “How I Met Your Mother” — didn’t hit the tipping point until episode 8. In the traditional TV biz, conventional wisdom holds that a show’s pilot is the most critical linchpin to igniting viewer interest, given the nature of how new television programs debut.

But don’t get the wrong idea: Netflix has no plans to use Big Data to rejigger the way TV shows get made, in order to put the strongest emotional hooks earlier in a season (which would result in more viewing by subscribers). Instead, the company sees the metrics as validation of its binge-release strategy of delivering all episodes of a season at once.

“This won’t have any direct effect on the creative process for our showrunners/creators,” a Netflix rep explained.

Netflix pinpointed the episode for each show’s season 1 for which 70% of viewers who watched it went on to complete the entire run.

For example, in “Breaking Bad” season one, the “hook” was episode 2: the one in which Jesse Pinkman dissolves a drug rival in a bathtub — and the disintegrated remains crash down through the ceiling. For prison dramedy “Orange Is the New Black” (pictured above), which Netflix execs have said is the service’s most-watched original series, it’s episode 3. That’s when Crazy Eyes (Uzo Aduba, who just won a Primetime Emmy for the role) drops both poems and fluids in the course of her imagined romance with Piper (Taylor Schilling).

“Given the precious nature of primetime slots on traditional TV, a series pilot is arguably the most important point in the life of the show,” Netflix chief content officer Ted Sarandos said. “However, in our research of more than 20 shows across 16 markets, we found that no one was ever hooked on the pilot. This gives us confidence that giving our members all episodes at once is more aligned with how fans are made.”

Netflix found slight geographic differences in the “hook” study. For example, Germans showed early fandom for “Arrow” whereas French viewers were hooked earlier on “How I Met Your Mother” than the worldwide average.

For the study, Netflix analyzed data from accounts of subs who started watching season one of the selected series between January and July 2015 in Brazil, Belgium, Canada, Denmark, Finland, France, Germany, Ireland, Mexico, Netherlands, Norway, Sweden, the U.K. and the U.S., and between April and July 2015 for Australia and New Zealand. The company noted that the hooked episode had no correlation to overall viewership numbers or viewer attrition for a particular series.

Here’s the full list of shows Netflix analyzed, with the number of the episode when 70% of viewers were hooked (all series are the first seasons):

“Arrow”* – Episode 8
“Bates Motel” – Episode 2
“Better Call Saul”* – Episode 4
“Bloodline” – Episode 4
“BoJack Horseman” – Episode 5
“Breaking Bad”* – Episode 2
“Daredevil” – Episode 5
“Dexter”* – Episode 3
“Gossip Girl” – Episode 3
“Grace & Frankie” – Episode 4
“How I Met Your Mother” – Episode 8
“House of Cards”* – Episode 3
“Mad Men”* – Episode 6
“Marco Polo” – Episode 3
“Orange Is the New Black” – Episode 3
“Once Upon A Time” – Episode 6
“Pretty Little Liars” – Episode 4
“Scandal” – Episode 2
“Sense8″* – Episode 3
“Sons of Anarchy”* – Episode 2
“Suits”* – Episode 2
“The Blacklist”* – Episode 6
“The Killing” – Episode 2
“The Walking Dead”* – Episode 2
“Unbreakable Kimmy Schmidt” – Episode 4

* Denotes series that are not currently available in all Netflix territories.
https://variety.com/2015/digital/new...dy-1201600746/





The Netflix Smugglers of Cuba
Johnny Harris

In Cuba there is barely any internet. Anything but the state-run TV channels is prohibited. Publications are limited to the state-approved newspapers and magazines. This is the law. But, in typical Cuban fashion, the law doesn't stop a vast underground system of entertainment and news media distributors and consumers.

"El Paquete Semanal" (The Weekly Package) is a weekly trove of digital content—everything from American movies to PDFs of Spanish newspapers—that is gathered, organized and transferred by a human web of runners and dealers to the entire country. It is a prodigious and profitable operation.

I went behind the scenes in Havana to film how the Paquete works. Check out the video above to see how Cubans bypass censorship to access the media we take for granted.

There are two Paquete king pins in Havana: Dany and Ali. These two compete to develop the best collection of weekly digital content and in the fastest turnaround time possible for their subscribers. It’s a competitive market playing out in the shadows of a tightly controlled communist economy.

Paquete subscribers pay between $1-$3 per week to receive the collection of media. It's either delivered to their home or transferred at a pick up station, usually in the back of a cell phone repair shop, a natural cover for this type of operation.

Dany relies on data traffickers to deliver the files, but said he didn't know how those sources obtained the content in the first place. I gathered that most of it is being digitized via illegal satellites that are hidden in water tanks on rooftops. It's unclear how they get a hold of the content sourced from the internet (digital news publications, YouTube videos, and pirated movies, for example). Only 5 percent of Cubans can access the uncensored world wide web, and when they do, the connection is horrendously slow. It’s not the type of connection that would support downloading hundreds of gigs of content every week. Instead, some speculate that content is physically brought onto the island by incomers from Miami.

I sat down with Dany in his pink-walled apartment in Havana. While I expected a mob-like character to be at the root of this extensive black market of pirated media, I found a 26 year-old guy who looked more like a stoned surf bum than the conductor of a giant black market operation.

Dany's office shows off a lot more brawn than he does. It’s a simple room with two gigantic computers, their innards visible, tricked out lights arbitrarily flickering. Hard drives are littered around the room, stacked and labeled. Two large screens are full of Windows file directories, and in the corner of one of the screens is a live feed from Telemundo, a popular Spanish-language station, with the words "Grabando" (recording) in the corner.

"Everybody has their responsibility," Dany told me. "Everyone gathers a certain type of content and they bring it to me. I organize it, edit it, and get it ready for distribution. And then we send it through our messengers."

This is hard work. "A lot of the time is spent finding and embedding subtitles" he laments. Much of the content is pirated from American TV and movies. He and his team have scour the internet for any existing subtitle files.

The government hasn't tried to stamp out the Paquete, and Dany works to keep it that way. "We don’t put anything in that is anti-revolutionary, subversive, obscene, or pornographic. We want it to stay about entertainment and education," he says, and I catch a glimpse of the shrewd business behind the baby face and board shorts.

It might as well be Netflix

A look into an edition of the Paquete reveals a vast array of content ranging from movies that are in US theaters right now to iPhone applications. Havana-based artist Junior showed me around. He’s a pensive and gentle 34-year-old who is remarkably talented, judging by the stunning art pieces that hang from the wall. Junior paints and tattoos full time but he used to be a Paquete dealer. He’s now just a consumer. He takes me through the 934GB of data he has recently transferred from his provider.

I’m immediately struck by how polished the Paquete system is. As Junior files through the meticulously organized files, I realize it mirrors the consumption of a typical internet user. He opens the movie folder, and we browse through dozens of movies, many still in US theaters. All of them come in HD and with subtitles and poster art as the thumbnail of the file. The videos are high quality with accurate subtitles. I have to remind myself that we are not browsing Netflix, instead we are looking at an offline computer that is displaying content that has physically traveled to get here. The methods couldn’t be more different but the result is strangely similar.

He moves onto TV shows. "So do you think they have—" I start but am interrupted "they have everything" Junior says emphatically. Sure enough the show I was thinking of, Suits, was there, with the latest episodes ready to watch.

We continue to browse and look into some of the more boring but most interesting part of the Paquete: There are folders dedicated to antivirus software that can be updated weekly to the latest versions. "But there’s no internet, so there can’t be viruses" I say. "Most of this stuff has touched the internet in some way. This software protects against anything that has snuck its way on into the content."

Junior clicks over to the "Apps" folder and shows me a smorgasbord of iOS and Android apps. Many are gaming apps with updates that can be loaded in every week. But there is another called "A la mesa" a Yelp-type app that helps connect clients to restaurants in Cuba using maps, reviews, and in-app menus. Then there's the PDF folder which holds newspapers, magazines, and screenshot material from dozens of online publications, everything from tech news to sports. It’s the internet in a box.

In addition to the subscription fees, revenue for the Paquete comes from a classifieds section called "Revolico." Within the Paquete, you click a file that opens Revolico in your browser. But it’s an offline version that runs from a file structure on your local computer. There, you can click around as if you were browsing craigslist, looking and thousands of listings of everything from house rentals to big screen TVs to car tires.

Sellers pay to list their items and you can get a premium listing if you pay more. Revolico is the cash cow of the Paquete. It also happens to be one of the first semblances of an advertising market for Cubans who have lived in a world of central planning and price control.

The depth and breadth of the Paquete is astounding, so much so that I, an American who lives and works on the uncensored internet, feel a twinge of envy that I don’t have the Paquete delivered to my house every week for $2.

When I asked Dany if he is afraid that the internet will wipe out his operation, without missing a beat, he replied, "Nah. We offer a product that is like one giant webpage where you can see all the content you want for a very low price. The internet might take over some clients, but we offer something different and very effective."

"Speed is key to beating the competition," Dany said. When asked how quickly he can get a movie or TV show after it airs in the US he says "the next day." Last year, Dany started sending a hard drive on a plane to the far corners of the island.

After spending a week in Cuba, it was refreshing to talk to someone with the appetite to grow an enterprise. Most people I spoke to in Cuba work for the state and have zero incentive to deliver anything above the bare minimum. They get paid the same either way. Even the private restaurants lack the fervor of a competitive business since the economic environment they work in is still completely controlled even if they themselves are private.

But in Dany's office, I felt the thrill of cunning innovation and strategy at work. I got the sense that something big is happening. And indeed, I wasn't just standing in some dingy apartment, but rather what may be largest media distribution company in the history of Cuba.
http://www.vox.com/2015/9/21/9352095...quete-internet





Cinema Staff to Patrol Screenings with Night-Vision Goggles to Combat Movie Piracy
Ewan Palmer

Spectre staring Daniel Craig is predicted to be one of the biggest films of the year when it is released in October Picselect/Sony Pictures

Cinema staff across the country will be required to don military-style night vision goggles in order to help crack down on movie piracy ahead of the release of two of the most anticipated blockbuster smashes of the year.

The release of the latest film in the James Bond franchise, Spectre, as well as the next installment in the hugely successful Hunger Games series, Mockingjay Part 2, has meant the film industry is looking into ways to beef up security at screens in order to stop the movies leaking online.

As part of a new measure to stop piracy ahead of the release of Spectre in October, staff will use equipment that would not look out of place in the 007 blockbuster, wearing night vision googles in order to make it easier see who may be illegally recording the film.

In recent years, pirates have found new and inventive ways to record movies while watching them at the cinema screens, including using a smartphone to film through a popcorn box and covering their phone with a sock with a hole in to hide the glare of the screen.

Kieron Sharp, director general of the Federation Against Copyright Theft (FACT), said: "The bigger the film and the more anticipated it is, the higher-risk it is. We have staff on extra alert for that. James Bond is a big risk and we will be working with cinema operators and the distributors making sure we will keep that as tight as possible. We really don't want to see that recorded.

"They [cinema staff] are on alert to really drill down on who is in the auditorium and who might possibly be recording. They still do the sweeps around the auditoriums with the night vision glasses regardless of the film. But sometimes extra security is put in place for things like Bond."

The initiative arrived after a man in Nottinghamshire was arrested on suspicion of recording recently released films American Ultra and Maze Runner: The Scorch Trials and posting them on the internet.

Following the arrest, Sharp said: "Over 90% of counterfeit versions of movies originate initially from a copy recorded in a cinema. Piracy not only costs the film industry millions of pounds but can also affect thousands of jobs, so it is crucial we act upon intelligence we receive about this activity.

"With two big releases due to hit the screens in the next few months it is incredibly important we work to combat those behind illegal film recordings.
http://www.ibtimes.co.uk/cinema-staf...piracy-1520864





Tech CEOs Branded Privacy Traitors For Their Quiet Push to Pass CISA

'Internet users are fed up, companies that abandon their commitment to user privacy and security should expect the Internet to abandon them.'
Nadia Prupis

Internet users are calling out a dozen tech giants for their sudden turnaround on a controversial privacy bill, launching an email campaign this week with the plain message, "You betrayed us."

The chief executive officers of Apple, Microsoft, Adobe, IBM, Symantec, and other companies, along with Salesforce web hosting service, quietly sent a letter to U.S. Congress earlier this month endorsing the Cybersecurity Information Sharing Act (CISA), a bill that would allow tech companies to share user information with the government in cases of "cybersecurity threats"—which privacy advocates say only serves to broaden government spying powers and reduce consumer protections.

Online activists say the reason the companies changed their stance on CISA—also known as the Cyber Threat Information Sharing Legislation, as it is referred to in the letter—is because the bill would grant them "total immunity" from prosecution for sharing private user data with the government.

"[T]hese companies know that their customers hate CISA, and so they're jumping into the water together, hoping there's safety in numbers," the new campaign states at its website, YouBetrayedUs.org. "After all, you can't blame Microsoft if Apple is doing the same thing, right?"

More than 15,000 users sent emails to the tech companies reading, "By supporting CISA, you are selling out your customers' privacy to a power-obsessed government. And what are they giving you in return? Immunity from privacy laws will be nothing compared to the damage done to your businesses when consumers leave you."

In addition to the email push, digital rights group Fight for the Future is boycotting its Heroku/Salesforce web hosting service for what it called a "remarkably irresponsible approach" to cybersecurity that would undermine public trust in the tech industry.

CISA has yet to be voted upon by the Senate, although a decision is expected this fall. But public outcry and grassroots campaigns against government surveillance in the wake of National Security Agency (NSA) whistleblower Edward Snowden's 2013 revelations caught on with tech companies who said they valued user privacy over government access to data. In June, Apple CEO Tim Cook slammed the company's rivals, including Google and Facebook, for "gobbling up everything they can learn about you and trying to monetize it."

But in their letter to Senate Majority Leader Mitch McConnell, who introduced the CISA legislation, Apple and 13 other tech companies appealed for "urgent action" by Congress to pass CISA and other pending bills to "improve trust in information technology, software and data services while also shaping the law in our online world."

Fight for the Future, which has helped lead the call to kill CISA quickly galvanized online activists to challenge the companies' private backing of pro-surveillance legislation.

"Any company that supports a bill like CISA or sits silently and allows it to pass is a company that can't be trusted," said Fight for the Future campaign director Evan Greer. "Internet users are fed up, companies that abandon their commitment to user privacy and security should expect the Internet to abandon them."
http://www.commondreams.org/news/201...push-pass-cisa





Russia’s Plan to Crack Tor Crumbles

The group that won the government contract is abandoning the project.
Ilya Khrennikov

The Kremlin was willing to pay 3.9 million rubles ($59,000) to anyone able to crack Tor, a popular tool for communicating anonymously over the Internet. Now the company that won the government contract expects to spend more than twice that amount to abandon the project.

The Central Research Institute of Economics, Informatics, and Control Systems—a Moscow arm of Rostec, a state-run maker of helicopters, weapons, and other military and industrial equipment—agreed to pay 10 million rubles ($150,000) to hire a law firm tasked with negotiating a way out of the deal, according to a database of state-purchase disclosures. Lawyers from Pleshakov, Ushkalov and Partners will work with Russian officials on putting an end to the Tor research project, along with several classified contracts, the government documents say.

Last year, Russia’s Interior Ministry posted a contract seeking a group “to study the possibility of obtaining technical information on users and users’ equipment of Tor anonymous network.” A spokesman for the Interior Ministry department that placed the Tor order declined to comment on Tuesday. The Rostec research group declined to comment.

Tor, an acronym for “the onion router,” is free software that sends each user’s network traffic across various nodes around the globe, encrypting it at every layer, and making it extremely difficult to track. Tor has been adopted by hackers, criminals, and political dissidents worldwide. Edward Snowden, the former U.S. intelligence contractor currently living in Russia, is an avid Tor supporter. The number of users in Russia has jumped about 40 percent from the beginning of the year, to more than 175,000, according to data from the Tor Project, which develops the service. The Tor Project, a nonprofit funded in part by the U.S. government, had $3.53 million in revenue in 2013, the last year it reported financials on its website.
http://www.bloomberg.com/news/articl...k-tor-crumbles





Bowing to Public Pressure, Govt Withdraws Draft Encryption Policy

Bowing to pressure from the public, the government on Tuesday withdrew a draft policy that sought to control secured online communication, including through mass-use social media and web applications such as WhatsApp and Twitter.

Communications and information technology minister Ravi Shankar Prasad announced the government’s decision at a news conference, saying the draft National Encryption Policy will be reviewed before it is again presented to the public for their suggestions.
“I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded,” Prasad said. He said the draft would be re-released, but did not say when it would be made public.

“Experts had framed a draft policy...This draft policy is not the government’s final view,” he added. “There were concerns in some quarters. There were some words (in the draft policy) that caused concern.”

The draft will be reviewed and experts will be asked to specify to whom the policy will be applicable, Prasad said. He did not say when the new draft will be made public.

Those using social media platforms and web applications fell outside the scope of an encryption policy, Prasad said.

Several countries have felt the need for an encryption policy because of the boom in e-commerce and e-governance, he remarked. “Cyber space interactions are on the rise. There are concerns about security. We need a sound encryption policy,” he said.

Before Prasad announced the withdrawal of the draft policy, the government had issued an addendum early on Tuesday to keep social media and web applications like WhatsApp, Twitter and Facebook out of its purview.

Secure banking transactions and password protected e-commerce businesses too will be kept out of the ambit of the proposed policy, the addendum said.

The climb down by the government came following a storm of protests from users who objected to any stringent state controls on the use of email, social media accounts and apps.

According to the original draft, users of apps such as WhatsApp and Snapchat would be required to save all messages for up to 90 days and be able to produce them if asked by authorities.

Experts told Hindustan Times the draft policy, if implemented in its current form, could compromise the privacy of users and hamper the functioning of several multi-national service providers in India.

Nikhil Pahwa, editor of the MediaNama website that tracks cyber issues and tech news, said there were several problems even with the addendum to the draft policy.

“The usage of the phrase ‘currently in use’ renders the policy vague: Firstly, when is ‘currently’?” he questioned in a post on his website.

“Will a new service that uses a different kind of encryption to protect its users, still be covered? Why should users be ‘restricted to encryption currently in use’? Why should services like Whatsapp, Facebook and Twitter define our security standards?” said Pahwa, who also volunteers for savetheinternet.in.

Pranesh Prakash, policy director for The Centre for Internet and Society, tweeted that even the addendum “does not clarify anything, but further muddles the encryption policy”.

Social media users called the draft “draconian” and “delusional”, and Congress leader Manish Tewari too attacked the Union government.

“The encryption policy (draft) is a snooping and spying orgy. After net chats, the government may want you to keep a video record of what you do in your bedroom for 90 days,” the Congress spokesperson told reporters.

The draft policy had been posted online last week to seek suggestions from the public.
http://www.hindustantimes.com/tech/b...QZGqv4JSN.html





US Drops Effort to Make Tech Industry Report Terrorist Activity

The provision would have required the tech industry to report vaguely-defined terrorist activity
John Ribeiro

The U.S. Senate Intelligence Committee has dropped a provision that would have required Internet companies to report on vaguely-defined terrorist activity on their platforms, a move that was strongly opposed by the industry and civil rights groups.

The controversial section 603 was included in the Intelligence Authorization Act for Fiscal Year 2016 but Senator Ron Wyden, a Democrat from Oregon, had put a hold on the bill, stating that he wanted to work with colleagues to revise or remove the provision so that the rest of the bill could move forward.

On Monday, Wyden said that the "vague & dangerous" provision had been removed from the bill and he would now be lifting the hold on it.

“Social media companies aren’t qualified to judge which posts amount to 'terrorist activity,' and they shouldn’t be forced against their will to create a Facebook Bureau of Investigations to police their users’ speech,” Wyden said in a statement.

The provision would have required Internet services companies, who obtain "actual knowledge of any terrorist activity," to provide to the appropriate authorities the "facts or circumstances" of the alleged activities.

Powerful tech industry bodies like the Internet Association, Reform Government Surveillance and Internet Infrastructure Coalition found the description "any terrorist activity" as vague and overbroad. In a letter to Senate leaders in August, the associations warned that the provision could result in "overbroad reporting to the government, swamping law enforcement with useless information, and potentially raising First Amendment and privacy concerns for the user who posted the item."

Over 30 civil rights groups and trade bodies also wrote to key senators warning about the chilling effect the provision would have had on constitutionally protected speech, as Internet communications services providers would tend to over-report on the activity and communications of their users to avoid violating the law.

The House of Representatives passed a version of the Intelligence Authorization Act in June.

The dispute over the provision may, however, be far from over. A spokesman for Senator Dianne Feinstein, a California Democrat and prominent member of the intelligence committee, told some news outlets that she had agreed to drop the provision if only to let the intelligence bill move forward, but still considers it important to block the use of social media by terrorists.
http://www.itworld.com/article/29850...y-dropped.html





GCHQ Tried to Track Web Visits of “Every Visible User on Internet”

Karma Police program profiled users, tracked "suspicious" Web searches worldwide.
Sean Gallagher

If you used the World Wide Web anytime after 2007, the United Kingdom's Government Communications Headquarters (GCHQ) has probably spied on you. That's the revelation contained in documents published today by The Intercept, which detail a GCHQ operation called "Karma Police"—a program that tracked Web browsing habits of people around the globe in what the agency itself billed as the "world's biggest" Internet data-mining operation.

Karma Police—apparently named after the Radiohead song—started as a program to track individuals listening to Internet streaming audio "radio stations" as part of a research project into how radicals might "misuse" Internet radio to spread their messages. Listeners to streams that included Islamic religious content were targeted for more data collection in an effort to identify their Skype and social media accounts. The program gradually grew with its success. According to GCHQ documents, by 2009 the program had stored over 1.1 trillion "events"—Web browsing sessions—in its "Black Hole" database. By 2010, the system was gathering 30 billion records per day of Internet traffic metadata. According to another GCHQ document, that volume grew to 50 billion per day by 2012.

The Karma Police system and its Black Hole database log the IP addresses of individuals visiting Internet sites, as well as the cookies associated with their Web traffic. The users of specific sites can then be profiled by correlating recorded cookies from other sites, such as those used to deliver personalized ads (for instance, the Google "pref" cookie) or site login credentials.

In the documents, GCHQ analysts called cookies "presence events" and "target detection identifiers" and lauded their value in uncovering specific Internet users' identities. They can be used to analyze "pattern of life"—when a person is usually online and where they connect to the Internet from. Some of the sites targeted specifically for covert cookie collection include Facebook, Microsoft Live, Amazon, YouTube, Reddit, WordPress, Yahoo, Google, the YouPorn adult video site, and news sites such as Reuters, CNN, and the BBC.

Karma Police also gathered e-mail addresses and other identifiers passed in traffic, including those stored within the cookies of the Bebo social networking site. An assortment of additional tools tracked other elements of online behavior, pulling them into the data store—"Infinite Monkeys" tracked Web bulletin boards, and a tool called "Samuel Pepys" (after the 17th-century British Lord of the Admiralty who was famous for his diaries) analyzed the content of Internet sessions, including e-mails, webpages viewed, and instant messages. One example within the GCHQ documents published by the Intercept shows the tracking of someone with a Swedish IP address visiting the Cryptome website to look at a page about the GCHQ's spying.

All the data gathered by these surveillance techniques provided GCHQ and its "Five Eyes" partners with ammunition to carry out highly targeted attacks against individuals of interest. The data gathered by Karma Police was instrumental in "Operation Socialist," the hack of the Belgian telecom company Belgacom, providing the IP address of a target with a desired level of access.
http://arstechnica.com/security/2015...r-on-internet/





Forcing Suspects to Reveal Phone Passwords is Unconstitutional, Court Says

Demanding "personal thought processes" amounts to compelled self incrimination.
David Kravets

The Fifth Amendment right against compelled self-incrimination would be breached if two insider trading suspects were forced to turn over the passcodes of their locked mobile phones to the Securities and Exchange Commission, a federal judge ruled Wednesday.

"We find, as the SEC is not seeking business records but Defendants' personal thought processes, Defendants may properly invoke their Fifth Amendment right," US District Judge Mark Kearney of Pennsylvania wrote.

The decision comes amid a growing global debate about encryption and whether the tech sector should build backdoors into their wares to grant the authorities access to locked devices. Ars reported today that an Obama administration working group "considered four backdoors that tech companies could adopt to allow government investigators to decipher encrypted communications stored on phones of suspected terrorists or criminals."

Without this capability, the authorities are trying to get suspects to cough up their passwords instead. The Supreme Court has never ruled on the constitutionality of the issue. There's been a smattering of varying court rulings nationwide on the topic. In 2012, a federal appeals court said that forcing a child-porn suspect to decrypt password-protected hard drives would amount to a Fifth Amendment violation.

In the latest case, the SEC is investigating two former Capital One data analysts who allegedly used insider information associated with their jobs to trade stocks—in this case, a $150,000 investment allegedly turned into $2.8 million. Regulators suspect the mobile devices are holding evidence of insider trading and demanded that the two turn over their passcodes.

The defendants balked at supplying their passcodes, saying the Fifth Amendment protected them. The judge agreed and said that the government was going on a fishing expedition:

Here, the SEC proffers no evidence rising to a “reasonable particularity” any of the documents it alleges reside in the passcode protected phones. Instead, it argues only possession of the smartphones and Defendants were the sole users and possessors of their respective work-issued smartphones. SEC does not show the “existence” of any requested documents actually existing on the smartphones. Merely possessing the smartphones is insufficient if the SEC cannot show what is actually on the device.

Orin Kerr, a constitutional scholar and former federal prosecutor, suggested that the "Fifth Amendment issues raised by the content of the passcode could be addressed by having the defendants just enter in their passcodes rather than handing them over to the government."

Kerr added, "Having the defendant enter in his passcode would minimize the Fifth Amendment implications of the compelled compliance, as it would not involve disclosing the potentially incriminating evidence of the passcode itself."
http://arstechnica.com/tech-policy/2...al-court-says/





NSA Director Just Admitted that Government Copies of Encryption Keys are a Big Security Risk
Mark Sullivan

The director of the NSA, Admiral Michael Rogers, just admitted at a Senate hearing that when Internet companies provide copies of encryption keys to law enforcement, the risk of hacks and data theft goes way up.

The government has been pressuring technology companies to provide the encryption keys that it can use to access data from suspected bad actors. The keys allow the government “front door access,” as Rogers has termed it, to secure data on any device, including cell phones and tablets.

Rogers made the statement in answer to a question from Senator Ron Wyden at the Senate Intelligence Committee hearing Thursday.

Wyden: “As a general matter, is it correct that anytime there are copies of an encryption key — and they exist in multiple places — that also creates more opportunities for malicious actors or foreign hackers to get access to the keys?

Rogers: Again, it depends on the circumstances, but if you want to paint it very broadly like that for a yes and no, then i would probably say yes.”

View the exchange in this video.

Security researchers have been saying for some time that the existence of multiple copies of encryption keys creates huge security vulnerabilities. But instead of heeding the advice and abandoning the idea, Rogers has suggested that tech companies deliver the encryption key copies in multiple pieces that must be reassembled.

“The NSA chief Admiral Rogers today confirmed what encryption experts and data scientists have been saying all along: if the government requires companies to provide copies of encryption keys, that will only weaken data protection and open the door for malicious actors and hackers,” said Morgan Reed of the App Association in a note to VentureBeat.

Cybersecurity has taken center stage in the halls of power this week, as Chinese president Xi Jinping is in the U.S. meeting with tech leaders and President Obama.

The Chinese government itself has been linked with various large data hacks on U.S. corporations and on U.S. government agencies. By some estimates, U.S. businesses lose $300 billion a year from Chinese intellectual property theft.

One June 2nd, the Senate approved a bill called the USA Freedom Act, meant to reform the government surveillance authorizations in the Patriot Act. The Patriot Act expired at midnight on June 1st.

But the NSA has continued to push for increased latitude to access the data of private citizens, both foreign and domestic.
http://venturebeat.com/2015/09/24/ns...security-risk/





Apple Cleaning Up iOS App Store After First Major Attack
Jim Finkle

Apple Inc APPL.O said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet.

The company disclosed the effort after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps.

It is the first reported case of large numbers of malicious software programs making their way past Apple's stringent app review process. Prior to this attack, only five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc (PANW.N).

The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple's software for creating iOS and Mac apps, which is known as Xcode, Apple said.

"We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

She did not say what steps iPhone and iPad users could take to determine whether their devices were infected.

Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.

Still, he said it was "a pretty big deal" because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.

"Developers are now a huge target," he said.

Researchers said infected apps included Tencent Holdings Ltd's (0700.HK) popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc.

The tainted version of Xcode was downloaded from a server in China that developers may have used because it allowed for faster downloads than using Apple's U.S. servers, Olson said.

Chinese security firm Qihoo360 Technology Co (QIHU.N) said on its blog that it had uncovered 344 apps tainted with XcodeGhost.

Tencent said on its official WeChat blog that the security flaw affects WeChat 6.2.5, an old version of its popular chatting app, and that newer versions were unaffected. A preliminary investigation showed there had been no data theft or leakage of user information, the company said.

Didi Kuaidi said in an emailed statement users' privacy was not intruded upon, and the app has been immediately updated to address the issue.

In a mea culpa on its official Weibo microblog, NetEase apologized to users, saying their private information was not compromised and a fix has been issued.

Apple declined to say how many apps it had uncovered.

(Reporting by Jim Finkle; Additional reporting by Scott DiSavino in New York and Paul Carsten in Beijing; Editing by Chizu Nomiyama, Eric Beech and Alex Richardson)
http://uk.reuters.com/article/2015/0...0RK0ZB20150921





Apple’s iOS 9 Breaks VPNs
Alice MacGregor

Apple’s iOS 9 has been built to meet various security standards, but researchers have discovered that the latest update also breaks a key security feature – Virtual Private Network (VPN) connections to corporate servers.

The flaw was first detected in the iOS 9 beta, and has not been fixed in the released version. Neither has the bug been removed in the current iOS 9.1 beta.

Cisco reported the bug on social media, claiming that they had noticed “a couple of OS regressions between iOS 8.4.1 and iOS 9 […] Most notable is that when doing split tunneling, the Tunnel All DNS option no longer functions as expected. This was reported to Apple under Radar # 22558059. This is not resolved in the iOS 9 release.”

Due to this incompatibility, DNS resolution will not work for some users depending on their network setup. Some corporate servers will no longer be available to users, even after successful login.

The iOS 9 bug does not affect in-house corporate connections to servers, only VPN access. In addition to the popular Cisco AnyConnect service, reports suggest other VPN providers are also affected.

To re-access VPN connections, users should uninstall iOS 9 and revert back to iOS 8.4.1, restoring the device backup from iTunes – and not from iCloud. However, iOS backups are automatically cleared out by Apple, so .ipsw backup files may no longer be available. In this case, the downloads can be found online, but this puts the user at risk of choosing a jailbroken version containing malicious code. Files can also be found directly from Apple, but the device will be factory reset.

VPN’s are a continual source of controversy, with many organisations and countries ready to ban the secure network tool. Russia in particular has taken an extremely aggressive stance against its use, suggesting that restricting anonymising networks will “increase opportunities to counter the commercial distribution of malware” and help to reduce access to “forbidden” information online.
https://thestack.com/security/2015/0...9-breaks-vpns/





Volkswagen’s Diesel Fraud Makes Critic of Secret Code a Prophet
Jim Dwyer

A Columbia University law professor stood in a hotel lobby one morning and noticed a sign apologizing for an elevator that was out of order. It had dropped unexpectedly three stories a few days earlier. The professor, Eben Moglen, tried to imagine what the world would be like if elevators were not built so that people could inspect them.

Mr. Moglen was on his way to give a talk about the dangers of secret code, known as proprietary software, that controls more and more devices every day.

“Proprietary software is an unsafe building material,” Mr. Moglen had said. “You can’t inspect it.”

That was five years ago. On Tuesday, Volkswagen admitted it had rigged the proprietary software on 11 million of its diesel cars around the world so that they would pass emissions tests when they were actually spreading smog.

The breadth of the Volkswagen scandal should not obscure the broader question of how vulnerable we are to software code that is out of sight and beyond oversight.

Here is how the Volkswagen scheme worked, according to the federal Environmental Protection Agency: The cars’ software turned on the pollution-control equipment only during inspections. No human intervention needed. The software could silently deduce that an inspection was taking place based on the position of the steering wheel (cars hooked up to emissions meters don’t make turns), the speed of the vehicle, how long the engine had been running and barometric pressure. The driver and the inspector were none the wiser.

When the test was done and the car was on the road, the pollution controls shut off automatically, apparently giving the car more pep, better fuel mileage or both, but letting it spew up to 35 times the legal limit of nitrogen oxide.

This cheating was not discovered by the E.P.A., which sets emissions standards but tests only 10 to 15 percent of new cars annually, relying instead on “self certification” by auto manufacturers. The scam came to light when engineers at West Virginia University road-tested Volkswagen cars that had passed emission inspections. The cars, the engineers discovered, actually pumped out more pollutants when they were in the real world. Far from trying to make trouble for Volkswagen, the engineers had been hired by the International Council on Clean Transportation, a clean-air advocacy group that hoped to use Volkswagens to show European regulators how efficiently diesel cars could meet the strict emissions limits set by the United States.

After months of denials, Volkswagen admitted it had programmed cheating into the software.

Mr. Moglen, a lawyer, technologist and historian who founded the Software Freedom Law Center, has argued for decades that software ought to be transparent. That would best serve the public interest, he said in his 2010 speech.

“Software is in everything,” he said, citing airplanes, medical devices and cars, much of it proprietary and thus invisible. “We shouldn’t use it for purposes that could conceivably cause harm, like running personal computers, let alone should we use it for things like anti-lock brakes or throttle control in automobiles.”

On Tuesday, Mr. Moglen recalled the elevator in his hotel.

“Intelligent public policy, as we all have learned since the early 20th century, is to require elevators to be inspectable, and to require manufacturers of elevators to build them so they can be inspected,” he said. “If Volkswagen knew that every customer who buys a vehicle would have a right to read the source code of all the software in the vehicle, they would never even consider the cheat, because the certainty of getting caught would terrify them.”

That is not how carmakers or even the E.P.A. see things. The code in automobiles is tightly protected under the Digital Millennium Copyright Act. Last year, several groups sought to have the code made available for “good-faith testing, identifying, disclosing and fixing of malfunctions, security flaws or vulnerabilities,” as Alex Davies reported last week in Wired.

A group of automobile manufacturers said that opening the code to scrutiny could create “serious threats to safety and security.” And two months ago, the E.P.A. said it, too, opposed such a move because people might try to reprogram their cars to beat emission rules.

The penalties that Volkswagen faces have not yet been toted. On Monday, a federal judge sentenced the former head of a peanut company to 28 years in prison for knowingly shipping peanuts with salmonella, causing or contributing to nine deaths.

Poisoned peanut butter and poisoned air are different injuries to public welfare, but both ought to be caught long before they can kill people.
http://www.nytimes.com/2015/09/23/ny...a-prophet.html





Researchers Could Have Uncovered Volkswagen’s Emissions Cheat If Not Hindered by the DMCA
Kit Walsh

Automakers argue that it’s unlawful for independent researchers to look at the code that controls vehicles without the manufacturer’s permission. We’ve explained before how this allows manufacturers to prevent competition in the markets for add-on technologies and repair tools. It also makes it harder for watchdogs to find safety or security issues, such as faulty code that can lead to unintended acceleration or vulnerabilities that let an attacker take over your car.

The legal uncertainly created by the Digital Millennium Copyright Act also makes it easier for manufacturers to conceal intentional wrongdoing. We’ve asked the Librarian of Congress to grant an exemption to the DMCA to make it crystal clear that independent research on vehicle software doesn’t violate copyright law. In opposing this request, manufacturers asserted that individuals would violate emissions laws if they had access to the code. But we’ve now learned that, according to the Environmental Protection Agency, Volkswagen had already programmed an entire fleet of vehicles to conceal how much pollution they generated, resulting in a real, quantifiable impact on the environment and human health.

This code was shielded from watchdogs’ investigation by the anti-circumvention provision of the DMCA. Surprisingly, the EPA wrote in to the Copyright Office to oppose the exemptions we’re seeking. In doing this, the EPA is asking the Copyright Office to leave copyright law in place as a barrier to a wide range of activities that are perfectly legal under environmental regulations: ecomodding that actually improves emissions and fuel economy, modification of vehicles for off-road racing, or activities that have nothing to do with pollution. The EPA is undermining its own ability to issue nuanced regulation in this space, as well as its ability to learn about large-scale violations of the law committed by manufacturers.

When you entrust your health, safety, or privacy to a device, the law shouldn’t punish you for trying to understand how that device works and whether it is trustworthy. We hope the Copyright Office and the Librarian of Congress agree when they rule on our exemptions next month.
https://www.eff.org/deeplinks/2015/0...-hindered-dmca





Complex Car Software Becomes the Weak Spot Under the Hood
David Gelles, Hiroko Tabuchi and Matthew Dolan

There were the obvious features, like a roadside assistance service that communicates to a satellite. But Dr. Patel, a computer science professor at the University of Washington in Seattle, flipped up the hood to show the real brains of the operation: the engine control unit, a computer attached to the side of the motor that governs performance, fuel efficiency and emissions.

To most car owners, this is an impregnable black box. But to Dr. Patel, it is the entry point for the modern car tinkerer — the gateway to the code.

“If you look at all the code in this car,” Dr. Patel said, “it’s easily as much as a smartphone if not more.”

New high-end cars are among the most sophisticated machines on the planet, containing 100 million or more lines of code. Compare that with about 60 million lines of code in all of Facebook or 50 million in the Large Hadron Collider.

“Cars these days are reaching biological levels of complexity,” said Chris Gerdes, a professor of mechanical engineering at Stanford University.

The sophistication of new cars brings numerous benefits — forward-collision warning systems and automatic emergency braking that keep drivers safer are just two examples. But with new technology comes new risks — and new opportunities for malevolence.

The unfolding scandal at Volkswagen — in which 11 million vehicles were outfitted with software that gave false emissions results — showed how a carmaker could take advantage of complex systems to flout regulations.

Carmakers and consumers are also at risk. Dr. Patel has worked with security researchers who have shown it is possible to disable a car’s brakes with an infected MP3 file inserted into a car’s CD player. A hacking demonstration by security researchers exposed how vulnerable new Jeep Cherokees can be. A series of software-related recalls has raised safety concerns and cost automakers millions of dollars.

Cars have become “sealed-hood entities with complicated computers and modules,” said Eben Moglen, a Columbia University law professor and technologist. “All of this is deeply nontransparent. And all of this is grounds for cheating of all sorts.”

The increasing reliance on code raises questions about how these hybrids of digital and mechanical engineering are being regulated. Even officials at the National Highway Traffic Safety Administration acknowledge that the agency doesn’t have the capacity to scrutinize the millions of lines of code that now control automobiles.

One option for making auto software safer is to open it to public scrutiny. While this might sound counterintuitive, some experts say that if automakers were forced to open up their source code, many interested people — including coding experts and academics — could search for bugs and vulnerabilities. Automakers, not surprisingly, have resisted this idea.

“There’s no requirement that anyone except the car companies looks at the code,” says Philip Koopman, an associate professor at the department of electrical and computer engineering at Carnegie Mellon University. “Computers can now exert almost complete control over your car. But if that software misbehaves, there’s nothing you can do.”

Fear of Hacking

Andy Greenberg steered a 2014 white Jeep Cherokee down a highway in St. Louis, cruising along at 70 miles per hour. Miles away, two local hackers, Charlie Miller and Chris Valasek, sat on a leather couch at Mr. Miller’s house, laptops open, ready to wreak havoc.

As Mr. Greenberg sped along, both hands on the wheel, his ride began to go awry. First, the air-conditioning began blasting. Then an image of the hackers in tracksuits appeared on the digital display screen. Rap music began blaring at full volume, and Mr. Greenberg could not adjust the sound. The windshield wipers started and cleaning fluid sprayed, obstructing his view. Finally, the engine quit.

Mr. Greenberg was on a highway with no shoulder. A big rig blew past, blaring its horn.

“I’m going to pull over,” Mr. Greenberg said. “ ’Cause I have PTSD.”

The episode was in fact a stunt orchestrated by the hackers and Mr. Greenberg, a writer for Wired magazine, to demonstrate the Jeep’s very real vulnerabilities. The article appeared on July 21.

Days later, Fiat Chrysler, the maker of Jeep, announced a recall of 1.4 million vehicles to fix the flaws the hackers had identified — the first known recall intended to address a possible hacking threat.

Though automakers say they know of no malicious hacking incidents so far, the risks are real. Stefan Savage, a computer security professor at the University of California, San Diego, said that automakers were “in a state of panic” over the prospect. “They are trying to figure out what to do, quickly,” he said.

“Cars already have very complex computer systems across the board,” said Elliot Garbus, vice president for transportation at Intel, the computer chip maker, which has a fast-growing autos division. “We’re at the beginning of this evolution, and there’s a question of how do we do a better job of securing the vehicle from cyberthreats, and those threats are significant.”

Aware of the threats, most major carmakers have started to explore the idea of sharing critical information about security. General Motors last year appointed a chief product cybersecurity officer, the first automaker to create such a position.

Tesla has hired a new security chief from Google, who previously oversaw security for the Chrome web browser. And in early August, the company began offering $10,000 to outsiders who find security problems. (It had been giving $1,000.) “We are hiring!” the automaker wrote on a whiteboard at Def Con, a premier computer hackers’ conference in Las Vegas, in announcing the prize.

At the same conference, Tesla’s chief technology officer awarded the company’s commemorative “challenge coins” to two computer researchers. The researchers had revealed how to plug into the Tesla S computer system, unlock the sedan and stop the car under certain conditions — vulnerabilities that the company says are now patched.

Congress has moved to pressure automakers to more urgently address such risks. In July, Senator Edward J. Markey, Democrat of Massachusetts, and Richard Blumenthal, Democrat of Connecticut, introduced new legislation that would require cars sold in the United States to meet tough standards of protection against computer attacks.

While a future of malevolent hackers taking over steering wheels across the land still feels a bit like science fiction, more mundane issues are already turning up. Recalls over software are mounting. In July, Ford said that it would recall 432,000 Focus, C-Max and Escape vehicles because of a software bug that could keep the cars’ engines running even after drivers tried to shut them off. Ford dealers will update the software to fix the flaw, the automaker has said.

And last month, Toyota recalled 625,000 hybrid cars over a software malfunction that could bring the cars to a sudden stop; it recalled 1.9 million Prius hybrid cars last year for a similar problem.

Of course, software isn’t always the cause of flaws. One of the deadliest defects discovered in the last few years did not arise in chips or code: It was a mechanical problem with the ignition switch in some General Motors cars.

Hidden in Code

Software has made cars better. In fact, without software innovations, automakers could not meet tightening emissions standards in the United States, said Mr. Gerdes, the Stanford professor.

When a new car is stopped at a light, or in gridlock, for example, its engine might rev without prompting from the driver. That might feel like unintended acceleration to the driver, but inside what Mr. Gerdes called “the chemical plant” in your car, tightly controlled reactions are taking place. The internal emissions system has realized that the catalyst is getting cool, and if it gets cool, it won’t be as effective at reducing emissions. So the brains of the car command the engine to rev, creating hotter exhaust that keeps the catalyst warm.

And as the Volkswagen case has shown, these complexities create openings for automakers to game the system. Software in many of the German carmaker’s diesel engines was rigged to fool emissions tests. The cars equipped with the manipulated software spewed as much as 40 times the pollution allowed under the Clean Air Act during normal driving situations. Volkswagen executives admitted to officials in the United States that diesel cars sold in the country had been programmed to sense when emissions were being tested, and to turn on equipment that reduced them.

The German automaker got away with this trick for years because it was hidden in lines of code. It was only after investigations by environmental groups and independent researchers that Volkswagen’s deception came to light.

Errors in software, too, can be notoriously difficult to identify.

Jean Bookout was driving a 2005 Camry eight years ago on an Oklahoma highway when the car accelerated through an intersection and slammed into an embankment. Ms. Bookout, then 76, was injured, and her passenger, the 70-year-old Barbara Schwarz, died.

Experts who reviewed the source code for Toyota’s electronic throttle system — and testified in a lawsuit arising from the Oklahoma case — found that it contained bugs.

They also testified that Toyota had failed to follow proper coding rules and protocols. The resulting code, as one expert described it, was “spaghetti.”

An Oklahoma jury awarded $3 million in compensation to the plaintiffs. Toyota settled before the jury could consider awarding additional damages; to this day, the carmaker disputes that its electronic throttle system is flawed.

Enlisting the Public

Nat Beuse heads the office of vehicle safety research at N.H.T.S.A., the nation’s auto safety regulator. At a sprawling research lab in East Liberty, Ohio, a team of engineers from Mr. Beuse’s office are hacking into vehicles, tracking down safety defects as well as vulnerabilities that might allow an outsider to manipulate the critical functions of a car, like its brakes or steering.

It was in Ohio that the agency confirmed that a patch meant to fix the Jeep hacking would actually work. Now, N.H.T.S.A. investigators at the test facility are looking for vulnerabilities in other systems.

The agency is also testing a standard for writing code recently developed by the automakers. And it is studying whether black boxes in cars that record data, like a vehicle’s speed in a crash, can be programmed to record electronic faults.

But Mr. Beuse acknowledges that checking the millions of lines of code in automobiles is too gargantuan a task for regulators. In some cases, automakers can use two or three different versions of code in the same model year, he said.

“Whether you can actually police every little piece of software and electronics in a vehicle — I think the scope of that question is too large almost to answer,” he said. “What we’re focused on are very, very critical systems that affect safety — steering, throttle, braking and anything to do with battery systems.”

One model that N.H.T.S.A. has studied is the one now used by the Federal Aviation Administration, which regulates commercial aircraft. The F.A.A. dispatches representatives to plane manufacturers to directly oversee the software design process for the critical systems that control flying.

“They go in periodically, and say, ‘Show me what you’re doing and convince me that you’re doing a good job — or else I’m not signing off, and it’s not going in an airplane,’ ” Mr. Koopman of Carnegie Mellon said. “Can you tailor this so that it works for the car business? That’s a question I don’t have an answer for. But it’s clearly an option.”

If it were to carry out those inspections, N.H.T.S.A. would need skilled people. The agency estimates that it has 0.3 staff members for every 100 fatalities in automobile crashes; the F.A.A. has at its disposal over 10,000 staff members for every 100 fatalities on commercial aircraft, according to N.H.T.S.A.

“Companies are trying to use state-of-the-art software,” said Mr. Gerdes of Stanford. “If you are going to attempt to regulate that, you need to have similar expertise in-house, and that can be challenging from a recruiting and compensation and talent perspective.”

Given the challenges of regulating complex software, some experts are calling for automakers to put their code in the public domain, a practice that has become increasingly commonplace in the tech world. Then, they say, automakers can tap the vast skills and resources of coding and security experts everywhere to identify potential problems.

“We should be allowed to know how the things we buy work,” Mr. Moglen of Columbia University said. “Let’s say everybody who bought a Volkswagen were guaranteed the right to read the source code of everything in the car,” he said.

“Ninety-nine percent of the buyers would never read anything. But out of the 11 million people whose car was cheating, one of them would have found it,” he said. “And Volkswagen would have been caught in 2009, not 2015.”

Automakers aren’t buying the idea.

Fiat Chrysler’s security chief, Scott G. Kunselman, told the hackers in the Jeep incident that it would be inappropriate and irresponsible for them to publish technical details about the breach because it would amount to a how-to guide for criminals to remotely attack a vehicle, according to a summary of the correspondence provided by the company. The company declined to make Mr. Kunselman available for an interview.

Volkswagen, through its trade association, has been one of the most vocal and forceful opponents of an exemption to a copyright rule that would allow independent researchers to look at a car’s source code, said Kit Walsh, staff attorney at the Electronic Frontier Foundation, a nonprofit advocacy group for user privacy and free expression.

“If copyright law were not an impediment,” he said, “then we could have independent researchers go in and look at the code and find this kind of intentional wrongdoing, just as we have independent watchdogs that check vehicle safety with crash-test dummies.”

“Keeping source code secret does not prevent attacks,” Mr. Koopman of Carnegie Mellon said. “Either the code is vulnerable or it’s not.”

In the past, the Environmental Protection Agency has sided with automakers and opposed making automotive code public. There is a community of computer car tinkerers who tweak code to improve performance. The E.P.A.’s logic was that car owners might try to reprogram their cars to beat emissions rules.

The Volkswagen trickery has turned that argument on its head. The agency declined to comment on the copyright issue, and on Friday it announced it would conduct additional emissions testing on carmakers.

“Is the problem of individuals modifying their cars individually more serious than the risk of large-scale cheating by manufacturers?” said Mr. Moglen of Columbia.

Senator Blumenthal, a co-sponsor of the computer security bill, said that he would approach the E.P.A. about opening access to vehicle source code so that deceit could be prevented. Automakers “should not prevent the government or consumers from fixing their software,” Mr. Blumenthal said.

“The reality is that more and more decisions, including decisions about life and death, are being made by software,” Thomas Dullien, a well-known security researcher and reverse engineer who goes by the Twitter handle Halvar Flake, said in an email. “But for the vast majority of software you interact with, you are not allowed to examine how it functions,” he said.

“The misbehavior of Volkswagen’s cars would have been easily spotted,” he said, “if someone had looked at the code.”

Nick Wingfield contributed reporting.
http://www.nytimes.com/2015/09/27/bu...-the-hood.html





'Happy Birthday' Song Copyright Is Not Valid, Judge Rules
AP

The music publishing company that has been collecting royalties on the song "Happy Birthday To You" for years does not hold a valid copyright on the lyrics to the tune that is one of the mostly widely sung in the world, a federal judge ruled Tuesday.

U.S. District Judge George H. King determined the song's original copyright, obtained by the Clayton F. Summy Co. from the song's writers, only covered specific piano arrangements of the song and not its lyrics. The basic tune of the song, derived from another popular children's song, "Good Morning to All," has long been in the public domain.

King's decision comes in a lawsuit filed two years ago by Good Morning To You Productions Corp., which is working on a documentary film tentatively titled "Happy Birthday." The company challenged the copyright now held by Warner/Chappell Music Inc., arguing that the song should be "dedicated to public use and in the public domain."

"Because Summy Co. never acquired the rights to the 'Happy Birthday' lyrics, defendants, as Summy Co.'s purported successors-in-interest, do not own a valid copyright in the Happy Birthday lyrics," King concluded in his 43-page ruling.

The lawsuit also asked for monetary damages and restitution of more than $5 million in licensing fees it said in 2013 that Warner/Chappell had collected from thousands of people and groups who've paid to use the song over the years.

Marshall Lamm, a spokesman for one of the plaintiffs' lawyers, said that issue would be determined later.

In the meantime, one of the suit's co-plaintiffs, Ruypa Marya of the music group Ruypa & The April Fishes, praised Tuesday's decision.

"I hope we can start reimagining copyright law to do what it's supposed to do — protect the creations of people who make stuff so that we can continue to make more stuff," said Marya, who added she paid Warner/Chappell $455 to include "Happy Birthday To You" on a live album during which members of her band and audience sang the song to her the night before her birthday.

Warner/Chappell has said it doesn't try to collect royalties from just anyone singing the song but those who use it in a commercial enterprise.

"We are looking at the court's lengthy opinion and considering our options," Warner/Chappell said in a statement following Tuesday's ruling.

In his ruling King went into great detail about the history of "Happy Birthday To You" and its derivation from "Good Morning to All."

That song was written by sisters Mildred Hill and Patty Hill sometime before 1893, the judge said, adding that the sisters assigned the rights to it and other songs to Clayton F. Summy, who copyrighted and published them in a book titled "Song Stories for the Kindergarten."

"The origins of the lyrics to Happy Birthday (the 'Happy Birthday lyrics') are less clear," the judge continued, adding the first known reference to them appeared in a 1901 article in the Inland Educator and Indiana School Journal.

The full lyrics themselves, King said, didn't appear in print until 1911.

Since then, they have become the most famous lyrics in the English language, according to Guinness World Records. The song is also sung in countless other languages around the world.

Warner/Chappell, which eventually acquired the song's copyright from Summy, argued that its predecessor had registered a copyright to "Happy Birthday To You" in 1935 that gave it the rights to all of the song.

"Our record does not contain any contractual agreement from 1935 or before between the Hill sisters and Summy Co. concerning the publication and registration of these works," the judge said.
http://www.courant.com/nation-world/...922-story.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

September 19th, September 12th, September 5th, August 29th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - November 24th, '12 JackSpratts Peer to Peer 0 21-11-12 09:20 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 09:41 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)