P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 24-02-16, 09:28 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - February 27th, '16

Since 2002


































"Due to recent regulatory requirements we have had to cease all activities relating to SlySoft Inc. I am really sorry for that, but this is final. SlySoft is gone… Thanks to all our customers and supporters for their loyalty. Goodbye red fox." – SlySoft


"Ad blocking is a symptom of a pervasive problem. If consumers enjoyed the web experience and felt there were adequate controls for privacy and the ad industry was making a sincere effort to fight abuse and malfeasance, we wouldn’t be having this conversation." – Craig Spiezle


"This is what separates us from communism, isn’t it? The fact we have the right to privacy. I think Apple is definitely within their rights to protect the privacy of all Americans. This is what makes America great to begin with, that we abide by a Constitution that gives us the right of privacy, the right to bear arms, and the right to vote." – Carole Adams


"I'll be honest with you, I think that there is a reasonably good chance that there is nothing of any value on the phone." – San Bernardino police chief Jarrod Burguan






































February 27th, 2016




Thanks to Encryption, UK Efforts to Block Torrent Sites are Pointless
Mark Wilson

In the UK, ISPs are required to block access to a number of big-name torrent sites -- the thinking being that sites such as The Pirate Bay are used primarily for (gasp!) downloading pirated material. Despite the government's desire to control what people can access online, good old HTTPS means that people are able to very easily bypass any blocks that may be put in place.

There are all manner of proxy services and mirror sites that provide access to otherwise-blocked content, but these are really not needed. With the likes of The Pirate Bay and Kickass Torrents offering secure, encrypted connection, accessing the goodies they contain could involve little more than sticking an extra 's' in the URL.

Based on feedback from its visitors, TorrentFreak has been able to determine that a number of torrent sites (including The Pirate Bay, KickassTorrents, RARBG and Torrentz) are all accessible in the UK if people simply opt to visit the HTTPS versions. While this is not a new trick by any means, it seems that the word is spreading and HTTPS torrenting is increasing in popularity.

In some instance, rather than offering HTTPS as an option, a number of torrent sites default to the secure connection, automatically sidestepping ISP-level blocks. TorrentFreak explains:

The HTTPS issue is not new and it appears that many ISPs don’t have a countermeasure in place. According to our information, only Sky is structurally blocking secure versions of various pirate sites.

The precise technical explanation for the issue is unclear, but since HTTPS connections can strip HTTP headers it may be harder to detect that a blocked site is being accessed.

In theory ISPs could also block the site’s IP-addresses, but since many use shared IPs from CloudFlare this would also take down other unrelated websites.


It may not work forever, so if HTTPS is giving you access to sites that would otherwise be blocked, make the most of it while you can.
http://betanews.com/2016/02/23/https-for-torrents/





HTTP GZIP Leaks Data on the General Location of Tor Websites

Some Tor servers may leak timezone info via gzipped files
Catalin Cimpanu

Jose Carlos Norte, developer for the eyeOS virtual desktop project, has discovered an obscure setting in the HTTP GZIP compression format that may help authorities identify the timezone and general location of a Tor-based server.

A long time ago, Web servers started supporting the compression of HTTP requests and responses. When users connected to a Web server, the server would ask their browsers if it supported compression and which compression they would like to use.

As browsers evolved, two HTTP compression formats started being used above other solutions, mainly due to their quick compression operation and relatively small output size. These were GZIP and DEFLATE.

"GZIP header leaks server timezone information"

Mr. Norte discovered that servers that use the GZIP compression format send compressed data with a header attached. According to the GZIP spec, this header includes a special field where the server writes the date at which the data was gzipped. This date is in the server's local time.

While this is not a big issue for freely advertised servers, for websites hosted on the anonymous Tor network, this can be a very big issue.

Law enforcement agencies could extract the server's compression date from the GZIP header and get a general idea in which timezone a Tor server or .onion website is hosted. While not incredibly useful, this information can be used with other Tor protocol leaks to narrow down the search for Tor-based services.

"Default server setups prevent the leak"

The good news is that, according to Mr. Norte's research, most Web servers will fill the GZIP compression date header field with zeros by default, citing performance issues.

Nevertheless, Mr. Norte says that some webmasters change this setting manually and that around 10% of the Tor websites he tested included this detail whenever negotiating and sending GZIP-compressed data.

To help webmasters test if their website or Tor .onion site is leaking timezone info via GZIP, Mr. Norte has released a proof-of-concept PHP script.
http://news.softpedia.com/news/http-...s-500771.shtml





Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Tor Traffic

CloudFlare is only the tip of the iceberg, many companies do the same, including Yahoo, Google, Akamai
Catalin Cimpanu

Tensions are rising between Tor Project administrators and CloudFlare, a CDN and DDoS mitigation service that's apparently making the life of Tor users a living hell.

The issue, raised by a Tor Project member, revolves around a series of measures that CloudFlare implemented to fight malicious traffic coming from the Tor network. These measures are also affecting legitimate Tor users.

The way CloudFlare deals with Tor users is by flagging Tor exit nodes and showing a CAPTCHA challenge before allowing them to continue to their desired website.
"CloudFlare's CAPTCHA challenge for Tor users is not working properly"

Tor Project maintainers are saying that CloudFlare's anti-DDOS technology often malfunctions and forces users to fill in CAPTCHAs multiple times over before reaching their desired website. This issue is also confirmed by your reporter who often times had to fill in CloudFlare CAPTCHAs for more than ten times before finally being redirected to a desired website.

Besides discriminating Tor users by showing them CAPTCHAs, Tor Project maintainers are also accusing CloudFlare of adding cookies to Tor traffic sessions so they could track users. Furthermore, Tor Project members found it very difficult to engage with the company and talk with someone about all these issues.

Currently, Tor Project maintainers are thinking of adding a message that would read "Warning this site is under surveillance by Cloudflare," whenever Tor users would be accessing a CloudFlare-protected website.

"Other companies also discriminate Tor users"

The practice of discriminating Tor users is not something that's specific to CloudFlare only. A recent study by eight researchers from the UK and the US has come to the same conclusion.

The researchers found that over 1.3 million websites actively block connections from the Tor network, including 3.67% of Top 1,000 Alexa sites.

The Tor Project is very well aware of this issue, and even maintains a list of services that actively block its users.

Outside these, there were also numerous sites that even if they don't block Tor traffic, they make it extremely uncomfortable for Tor users to navigate and use their services.

Many sites are using CAPTCHA challenges or are limiting access to some of their services' features (Yahoo and Google, for example). In their study, researchers concluded that while not ideal, showing CAPTCHA challenges is a much more appropriate solution to dealing with Tor users than blocking them altogether.

While multiple studies have shown that the Tor network is often leveraged for cyber-attacks, researchers said that it would not be fair to discriminate against all users because of a few rotten apples.
http://news.softpedia.com/news/tor-p...c-501035.shtml





Confirmed: Carnegie Mellon University Attacked Tor, Was Subpoenaed By Feds
Joseph Cox

Update: Kenneth Walters, a spokesperson from CMU, told Motherboard in an email, "We have nothing to add beyond our Nov. 18 statement." When asked how the FBI knew that a Department of Defense research project on Tor was underway, so that the agency could then subpoena for information, Jillian Stickels, a spokesperson for the FBI, told Motherboard in a phone call that “For that specific question, I would ask them [Carnegie Mellon University]. If that information will be released at all, it will probably be released from them.”

Update 25 Feb: In a statement, the Tor Project told Motherboard that "the Tor network is secure and has only rarely been compromised. The Software Engineering Institute ("SEI") of Carnegie Mellon University (CMU) compromised the network in early 2014 by operating relays and tampering with user traffic. That vulnerability, like all other vulnerabilities, was patched as soon as we learned about it. The Tor network remains the best way for users to protect their privacy and security when communicating online."

In November, Motherboard reported that a “university-based research institute” provided information to the Federal Bureau of Investigation that led to the identification of criminal suspects on the so-called dark web. Circumstantial evidence pointed to that body being the Software Engineering Institute (SEI) of Carnegie Mellon University (CMU). After a media-storm, CMU published a very carefully worded press release, implying that it had been subpoenaed for the IP addresses it obtained during its research.

Now, both the name of the university and the existence of a subpoena have been confirmed in a recent filing in one of the affected criminal cases.

“The record demonstrates that the defendant's IP address was identified by the Software Engineering Institute (“SEI”) of Carnegie Mellon University (CMU”) [sic] when SEI was conducting research on the Tor network which was funded by the Department of Defense (“DOD”),” an order filed on Tuesday in the case of Brian Farrell reads. Farrell is charged with conspiracy to distribute cocaine, heroin, and methamphetamine due to his alleged role as a staff member of the Silk Road 2.0 dark web marketplace.

“Farrell's IP address was observed when SEI was operating its computers on the Tor network. This information was obtained by law enforcement pursuant to a subpoena served on SEI-CMU,” the filing continues.

Between January and July 2014, a large number of malicious nodes operated on the Tor network, with the purpose, according to the Tor Project, of deanonymising dark web sites and their users. The attack relied on a set of vulnerabilities in the Tor software—which have since been patched—and according to one source, the technique could unmask new hidden services within two weeks.

Evidence has pointed to SEI being behind that attack: SEI researchers Alexander Volynkin and Michael McCord were due to present research at the Black Hat hacking conference in August 2014 on how to unmask the IP addresses of Tor hidden services and their users, before the talk was suddenly canceled without explanation. SEI also submitted a research paper to the 21st ACM Conference on Computer and Communications Security (CCS) in 2014 on unmasking dark web users and sites, although that paper was apparently based on simulations, rather than in-the-wild attacks. That research was funded by Department of Defense contract number FA8721-05-C-0003. (The Tor Project has made an unsubstantiated claim that CMU was paid by the FBI to the tune of at least $1 million to carry out the attack. The Tor Project did not respond to questions about this claim in light of the subpoena.)

This new court document shows that, as many suspected, SEI was indeed behind the attack on Tor, and that information obtained from that move was accessed by law enforcement via a subpoena, facts that Farrell's defense has been aware of for some time, judging by the latest filing.

When asked how the FBI knew that a Department of Defense research project on Tor was underway, so that the agency could then subpoena for information, Jillian Stickels, a spokesperson for the FBI, told Motherboard in a phone call that “For that specific question, I would ask them [Carnegie Mellon University]. If that information will be released at all, it will probably be released from them.”

The Tor Project did not immediately respond to a request for comment, and neither did CMU, DoJ, or Farrell’s representatives. This story will be updated if we hear back.

This latest order was in response to a motion to compel discovery filed by Farrell’s defense in January. They have received “basic information” about the Tor attack, as well as the funding and structure relationship between SEI and DOD, according to the order, but have requested other materials too. The motion was denied by the Honorable Richard A. Jones.

Many of the filings are under seal, so it's not clear what exact information Farrell's lawyers have been trying to get hold of, but this latest order provides some indications. The defense has sought more information on the attack, and “disclosures regarding contacts between SEI, the Department of Justice, and federal law enforcement,” the order reads, encompassing periods before and after SEI performed the attack itself, with a particular emphasis on meetings between the DoJ and SEI.

As for why the court ordered that no further details about how SEI operated and collected IP addresses should be provided to the defendant, Jones claimed that IP addresses, and even those of Tor users, are public, and that Tor users lack a reasonable expectation of privacy.

“SEI obtained the defendant’s IP address while he was using the Tor network and SEI was operating nodes on that network, and not by any access to this computer,” the order reads.

“In order for a prospective user to use the Tor network they must disclose information, including their IP addresses, to unknown individuals running Tor nodes, so that their communications can be directed towards their destinations. Under such a system, an individual would necessarily be disclosing his identifying information to complete strangers,” the order continues.

This line of argument echoes that made in a recent case of FBI mass hacking, where a judge wrote that Tor doesn't give its users complete anonymity because users do have to provide their real IP address to a node of the network at some point. Indeed, in his order, Jones pointed explicitly to this ruling.

In sum, “SEI's identification of the defendant's IP address because of his use of the Tor network did not constitute a search subject to Fourth Amendment scrutiny,” the order reads.

Jones adds that the request for further discovery was made “despite the understanding communicated by the Tor Project that the Tor network has vulnerabilities and that users might not remain anonymous.” When it comes to the other requests made by Farrell's defense, the judge ordered they were irrelevant, overbroad, and that enough information has already been provided.

Farrell's case is far from the only one affected by SEI's attack on Tor.

Earlier this month, Gabriel Peterson-Siler pleaded guilty to one count of possession of child pornography, and another drug case in Ireland indicates it was also swept up in the institutes's actions. In fact, the search warrant issued against Farrell stated that approximately 78 IP addresses that accessed the vendor portion of Silk Road 2.0 were obtained. On top of this, the seizure of Silk Road 2.0 was part of the wider Operation Onymous, which ended in the shuttering of around 27 different dark web sites, suggesting that many more criminal suspects, or those already convicted, were likely discovered with the same approach.

The full court filing is embedded below.
https://motherboard.vice.com/read/ca...oenaed-by-feds





'Ricochet', the Messenger That Beats Metadata, Passes Security Audit
Joseph Cox

Although users are now saturated with options on mobile and desktop for encrypted messaging, very few of the tools available deal with the core problem of metadata. Even if the content of your messages is kept from prying eyes, it may still be possible for a resourceful attacker to see who you are, and who you're talking to.

Now, one program designed to tackle that problem head-on has passed its first professional security audit, signaling that it is on the right track for wider use. Ricochet, which is available for Windows, Mac and Linux, announced the audit results on Monday.

“They had very positive things to say about code quality and security overall,” John Brooks, the program's maintainer, told Motherboard in a chat using Ricochet. The audit was carried out by cybersecurity company NCC Group, and financed by the Open Technology Fund's (OTF) 'Red Team Lab' project. Ultimately, the OTF is funded by US Congressional appropriations.

Mark Manning, a senior consultant who is based in NCC Group's New York office, told Motherboard in an email that, “The report should reflect that while there are improvements that can be made, the Ricochet project (during the period that the audit was carried out) takes security seriously.”

One vulnerability was found that could deanonymize users, Brooks said, and that issue has been fixed with the latest release. This vulnerability was also independently found by a member of the Ricochet community, where users have been reviewing the code on their own for longer. Ricochet, in its current form, has been around since 2014.

What sets Ricochet apart from other messaging clients is its use of Tor hidden services.

“The concept with Ricochet is: how can we do messaging without any server in the middle—without trusting anything to forward your messages to your contacts,” Brooks said. “That turns out to be exactly one of the problems that hidden services can solve: to contact someone, without anybody in the middle knowing who you are or who you're contacting.”

With a hidden service, a user's traffic never leaves the Tor network, making it much harder for an attacker to see where traffic is going or coming from.

“Every Ricochet client hosts a hidden service, and that's what you're giving out with your Ricochet ID—it's literally an .onion address. Anyone with that address can contact you,” Brooks continued. Ricochet also encrypts the contents of messages by default.

The funders behind the audit see Ricochet's potential, especially in supporting activists and other groups at risk of surveillance.

“The Open Tech Fund supports technologies designed to protect human rights defenders, journalists, and political dissidents, among others, who are living in some of the world's most oppressive places,” a spokesperson for Radio Free Asia, of which the Open Tech Fund is a part, told Motherboard in an email. “We support audits of Internet freedom projects in order to improve their security and reliability by finding and addressing vulnerabilities.”

“We’re interested in technologies that make up the growing Tor ecosystem, especially those developing novel censorship-resistant capabilities,” the spokesperson continued. “We view Ricochet as a tool pushing forth the development of Tor hidden services, a technology utilized by many sites—such as Facebook—to circumvent repressive censorship, particularly in authoritarian countries.”

But, even with the successful audit, that doesn't necessarily mean users who rely on encrypted programs for highly sensitive work, or to ensure their freedom, should start using only Ricochet.

Brooks referred to the “Be Careful” statement on the project's website, which reads that “Ricochet is an experiment. Security and anonymity are difficult topics, and you should carefully evaluate your risks and exposure with any software.”

As for what happens now, Brooks is looking to get funding for the development of Ricochet itself, and implement a file-sharing feature.

“It'll be an exciting year,” he said.
https://motherboard.vice.com/read/ri...roblem-head-on





90 Percent of All SSL VPNs Use Insecure or Outdated Encryption

Many SSL VPNs don't use the latest encryption tech
Catalin Cimpanu

Information security firm High-Tech Bridge has conducted a study of SSL VPNs (Virtual Private Networks) and discovered that nine out of ten such servers don't provide the security they should be offering, mainly because they are using insecure or outdated encryption.

An SSL VPN is different from a classic IPSec VPN because it can be used inside a standard Web browser without needing to install specific software on the client-side.

SSL VPNs are installed on servers, and clients connect to the VPN via their browsers alone. This connection between the user's browser and the VPN server is encrypted with the SSL or TLS protocol.

"Three-quarters of all SSL VPNs use untrusted certificates"

Researchers from High-Tech Bridge say they analyzed 10,436 randomly selected SSL VPN servers and they found that most of them are extremely insecure.

They claim that 77% of all SSL VPNs use SSLv3 or SSLv2 to encrypt traffic. Both of these two versions of the SSL protocol are considered insecure today. These protocols are so insecure that international and national security standards, such as the PCI DSS and NIST SP 800-52 guidelines, have even gone as far as to prohibit their usage.

Regardless of their SSL version, 76% of all SSL VPN servers also used untrusted SSL certificates. These are SSL certificates that the server has not confirmed, and that attackers can mimic and thus launch MitM (Man-in-the-Middle) attacks on unsuspecting users.

High-Tech Bridge experts say that most of these untrusted certificates are because many SSL VPNs come with default pre-installed certificates that are rarely updated.

"Some VPNs still use MD5 to sign certificates"

Additionally, researchers also note that 74% of certificates are signed with SHA-1 signatures, and 5% with MD5 hashes, both considered outdated.

41% of all SSL VPNs also used insecure 1024 key lengths for their RSA certificates, even if, for the past years, any RSA key length below 2048 was considered to be highly insecure.

Even worse, one in ten SSL VPNs is still vulnerable to the two-year-old Heartbleed vulnerability, despite patches being available.

Out of all the tested SSL VPNs, researchers say that only 3% followed PCI DSS requirements. None managed to comply with NIST (National Institute of Standards and Technology) guidelines.

High-Tech Bridge is also providing a free tool that can tell users if their SSL VPN or HTTPS website is actually doing a good job of protecting them.
http://news.softpedia.com/news/90-pe...n-501038.shtml





Baltimore Librarian Carla Hayden Nominated as Librarian of Congress: Will Her Patriot Act Opposition Get in the Way?
David Rothman

DrHaydenHeadshot_Signature_Name_graysigCarla Hayden is President Obama’s nominee for Librarian of Congress. She is CEO of the Enoch Pratt Free Library in Baltimore, an African-American and a former president of the American Library Association.

What a contrast to James Billington, the long-time librarian who retired last year and was temporarily replaced by Acting Librarian David Mao. Billington’s background is from academia. He was not a professional librarian. What’s more, he was so far out of touch that he preferred fax to e-mail; and for the most part, this Reagan-era leftover hated e-books.

By contrast, Dr. Hayden is a real public librarian familiar with such issues as the digital divides. Among her past titles was board member of the Harvard-originated Digital Public Library of America (see LibraryCity). The DPLA very well may have come into existence partly as a Billington bypass, given his technophobia. Will we see some DPLA staffers ending up at the Library of Congress? Maura Marx, a DPLA alum, already is a deputy director at the Institute of Museum and Library Services.

Although I think Dr. Hayden would be a far, far better Librarian of Congress than Billington—no, she won’t neglect the academic side—she may face severe obstacles from the the Republican obstructionists on Capital Hill.

Racism not the only possible obstacle

Her race isn’t the only factor here. In fact, a far bigger one could be her opposition to the Patriot Act, along with general Republican opposition to long-term appointments by the White House. Already, library watchers are raising these issues on e-mail lists, and their fears are on the mark. See, too, Andrew Albanese’s piece in Publisher’s Weekly in July—asking appropriately, “Could the nomination of the next Librarian of Congress speak a political battle?”

Still, I hope Dr. Hayden makes it to LoC ultimately, even if, as in the case of the next Supreme Court justice, this may depend on a Democratic victory in November.

In nominating Carla Hayden, President Obama said: “Michelle and I have known Dr. Carla Hayden for a long time, since her days working at the Chicago Public Library, and I am proud to nominate her to lead our nation’s oldest federal institution as our 14th Librarian of Congress. Dr. Hayden has devoted her career to modernizing libraries so that everyone can participate in today’s digital culture. She has the proven experience, dedication, and deep knowledge of our nation’s libraries to serve our country well and that’s why I look forward to working with her in the months ahead. If confirmed, Dr. Hayden would be the first woman and the first African American to hold the position – both of which are long overdue.”

The full press release follows.

The White House

Office of the Press Secretary

For Immediate Release

February 24, 2016
President Obama Announces His Intent to Nominate Carla D. Hayden as Librarian of Congress

WASHINGTON, DC – Today, President Barack Obama announced his intent to nominate Carla D. Hayden as Librarian of Congress.

President Obama said, “Michelle and I have known Dr. Carla Hayden for a long time, since her days working at the Chicago Public Library, and I am proud to nominate her to lead our nation’s oldest federal institution as our 14th Librarian of Congress. Dr. Hayden has devoted her career to modernizing libraries so that everyone can participate in today’s digital culture. She has the proven experience, dedication, and deep knowledge of our nation’s libraries to serve our country well and that’s why I look forward to working with her in the months ahead. If confirmed, Dr. Hayden would be the first woman and the first African American to hold the position – both of which are long overdue.”

Carla D. Hayden, Nominee for Librarian of Congress, Library of Congress:

Dr. Carla D. Hayden is CEO of the Enoch Pratt Free Library in Baltimore, Maryland, a position she has held since 1993. Dr. Hayden was nominated by President Obama to be a member of the National Museum and Library Services Board in January 2010 and was confirmed by the Senate in June 2010. Prior to joining the Pratt Library, Dr. Hayden was Deputy Commissioner and Chief Librarian of the Chicago Public Library from 1991 to 1993. She was an Assistant Professor for Library and Information Science at the University of Pittsburgh from 1987 to 1991. Dr. Hayden was Library Services Coordinator for the Museum of Science and Industry in Chicago from 1982 to 1987. She began her career with the Chicago Public Library as the Young Adult Services Coordinator from 1979 to 1982 and as a Library Associate and Children’s Librarian from 1973 to 1979. Dr. Hayden was President of the American Library Association from 2003 to 2004. In 1995, she was the first African American to receive Library Journal’s Librarian of the Year Award in recognition of her outreach services at the Pratt Library, which included an afterschool center for Baltimore teens offering homework assistance and college and career counseling. Dr. Hayden received a B.A. from Roosevelt University and an M.A. and Ph.D. from the Graduate Library School of the University of Chicago.
http://www.teleread.com/baltimore-li...et-in-the-way/





Slysoft is Gone Forever – the End of an Era
Jan Willem Aldershoff

A team member from Slysoft today posted on the company’s forum that ‘Slysoft is gone’. This marks the end of an era that lasted 13 years while the company was continuously under pressure from all kinds of organisations that tried to shut it down. Slysoft was a target because it developed software that could circumvent a range of copy protections found on CDs, DVDs and Blu-ray discs.

The team member posted the same statement as previously already found on Slysoft.com with some additional information.

He writes, “Hi all, We were not allowed to respond to any request nor to post any statement, but now it is official: SlySoft has been shut down after after almost 13 years. The official statement on the website (http://www.slysoft.com/ or http://h4.slysoft.com/) is kind of short: Due to recent regulatory requirements we have had to cease all activities relating to SlySoft Inc. We wish to thank our loyal customers/clients for their patronage over the years. I am really sorry for that, but this is final. SlySoft is gone… Thanks to all our customers and supporters for their loyalty. Goodbye red fox…”

In another post, after an user criticized the Antiguan CEO of the company Giancarlo Bettini by writing, “Thanks Mr. Bettini for being such a wimpy moneybag!”, the team member writes, “I regret you that, but you are wrong. SlySoft is under massive pressure since 2007. From Web Sheriff over Irdeto, US department of Justice to AACS-LA. He resisted for many years. More than anybody else. So please, be fair.”

Slysoft started by acquiring the licenses to sell software once developed by Elaborate Bytes. Elaborate Bytes developed CloneCD, a very successful CD copy application that was able to deal with many copy protections such as Safedisc and SecuROM. Besides CloneCD also CloneDVD was licensed by Slysoft which accompanied by AnyDVD made it possible and fairly easy to backup copy protected DVD movies.

The CEO of Slysoft was Giancarlo Bettini, a former casino owner who after the Patriot Act became in effect in 2001 searched for a new venture. This new law made it illegal to gamble online outside the US for US citizens. He started Slysoft in 2003 and acquired the rights to sell software formerly developed by Elaborate Bytes (now Elby). This company was German and the copyright laws in that country made it impossible to continue operating from there.

Eventually Slysoft’s software portfolio was expanded with AnyDVD and DVD Region Killer that were also acquired from Elaborates Bytes. Later the company also acquired Game Jackal, which due legislation in Australia could no longer be sold by its original developers.

Especially AnyDVD and AnyDVD HD, which made it fairly easy to make backups of copy protected movies, made the company a target of authorities and license bodies.

In February 2014 the company was found guilty of violating the Antiguan copyright laws and Bettini was fined 30,000 East Caribbean Dollar, about $11,000. That fine might seem small but for Blu-ray copy protection licensing body AACS-LA the precedent was important. While it could not close down Slysoft, it hoped to go after companies providing services to the Antigua based company. Due to the conviction they could tell those companies, “you’re doing business with a company that conducts illegal activities”.

In 2011 the AACS-LA also took Slysoft to court but nothing came out of the case. Apparently the AACS-LA tried to settle with Slysoft, or at least tried to let them cease operation voluntarily. As an AACS-LA attorney once stated, “We discovered SlySoft several years ago and tried to offer various forms of self help, if you will”, and adds, ”We didn’t get very far with that”.

In 2013 the World Trade Organisation gave permission to Antigua to violate U.S. copyrights. The generated income should have compensated for US restrictions on gambling sites hosted in the country.

In 2015, documents leaked by Wikileaks showed that Slysoft was still the AACS-LA’s hit list.

It’s unclear what has happened to the people behind Slysoft. Although the CEO was known by name, the other team members have always been mysterious entities.

While the Slysoft.com domain is closed, just as Slysoft Inc., it could be that the source code of the software is still in the hands of the people that have been running the company. If they can somehow release it to the public or sell it, the software could possibly come back, but it’s too early to speculate. One thing we do know for now, it’s time to say goodbye to the Red Fox that has served many of you so well for many years.

Hopefully it will follow the path of the Chinese monkey that was able to resurrect.
http://www.myce.com/news/slysoft-is-gone-forever-78664/





Slysoft Developer: AnyDVD (HD) Will Continue to Work
Jan Willem Aldershoff

A Slysoft developer (with the avatar of a sleeping red fox) has posted information on whether AnyDVD (HD) will continue to work now the company has decided to cease operations after legal issues. For AnyDVD customers there’s good news, the software hasn’t become useless.

AnyDVD (HD) uses a so called “Online Protection Database” (OPD) that contains information about discs that helps the software to remove the copy protection from them. Now Slysoft has closed down, the OPD can be taken offline any moment. Nevertheless, without the OPD the software is able to continue to work. Below an overview posted by the Slysoft developer on what will work and what won’t.

• DVDs: All DVDs should continue work. OPD is only used to speed up things, it is optional.
• HD-DVDs: All work.
• Blu-Ray AACS: AnyDVD contains data for roughly 130000 discs, these will continue to work. Discs not included in AnyDVD will need the OPD. OPD results will be cached locally, if you copy the cache, you can move it to another PC.
• Blu-Ray BD+, 20th Century Fox: Recent discs (1-2 years?) need OPD. Older titles work. OPD results will be cached locally, if you copy the cache, you can move it to another PC.
• Blu-Ray Java protection (mostly Lionsgate): Recent discs (1 year?) need OPD. Older titles work. OPD results are not cached.
• Blu-ray cinavia: Will continue to work with current players & software.

According to the same developer the OPD servers are currently still up. They can be taken offline without any warning but also might stay online for a while. Because the DNS entries are removed AnyDVD currently can’t reach them, but this can be solved by modifying your ‘hosts file’.

This can be done by starting Notepad as administrator. To do so, right-click the Notepad icon and select ‘Run as Administrator’. When Notepad has started open the ‘hosts file’ by navigating to C:\Windows\System32\drivers\etc.

Then add to that file the following line: [IP address of the key server] key.slysoft.com

And save the file.

We don’t list the IP address here, you need to find it yourself by e.g. clicking on the provided link.

The Slysoft developer also stresses that AnyDVD doesn’t do any online validation of its registration key. He writes, “There are no registration/validation servers. I always insisted, that we don’t follow the trend with “key authentication”. AnyDVD and the key is not bound to your hardware. As long as you have your keyfile, you can install it on your PC.”
http://www.myce.com/news/slysoft-dev...to-work-78688/





Pirated App Store Client for iOS Found on Apple’s App Store
Zeljka Zorz

An app called 开心日常英语 (“Happy Daily English”), which has been offered for download via Apple’s official App Store, has been revealed to be a fully functional third party App Store client for iOS, offering users in mainland China a way to install modified versions of iOS apps on non-jailbroken devices.

Its discovery shows that there are new techniques that can be used to fool Apple reviewers into allowing potentially malicious apps into the App Store, that enterprise certificates can be easily abused, and that there are ways for bypassing Apple’s prohibition of apps dynamically loading new code.

How did this happen?

The app hasn’t been flagged as potentially dangerous by Apple’s strict code reviewers, most likely because the app was made to look like a simple app for learning English if a reviewer (or user) accessed the app from anywhere outside China, and showed its true face only for those located in China.

App Store

Also, it’s coded in the Lua programming language, and this allows the developers to update the app remotely and repeatedly without triggering Apple’s app review process.

The app was available for download in the App Store for over three and a half months (since October 30, 2015 to the end of last week), but has now been removed.

The researchers haven’t discovered any actual malicious functionality in the app, but given its capabilities, it should definitely be considered risky to use. They dubbed it ZergHelper, and discovered over 50 enterprise signed versions of the app being distributed in the wild through alternative channels.

ZergHelper allows the installation of modified (and potentially malicious) versions of iOS apps, abuses enterprises certificate and personal certificates to sign and distribute apps, asks users to input an Apple ID and uses it to log in to an Apple server to perform operations in background, and offers valid Apple IDs to users who don’t have one or don’t want to user their own (it’s still unknown were these Apple IDs came from).

“In addition to its abuse of enterprise certificates, this riskware used some new and novel approaches to install apps on non-jailbroken devices,” the researchers pointed out.

“It re-implemented a tiny version of Apple’s iTunes client for Windows to login, purchase and download apps. It also implemented some functionalities of Apple’s Xcode IDE to automatically generate free personal development certificates from Apple’s server to sign apps in the iOS devices – which means the attacker has analyzed Apple’s proprietary protocols and abused the new developer program introduced eight months ago.”

So far, it seems that ZergHelper didn’t steal any account information, and collected only some device info for statistical purposes.

“ZergHelper’s main functionality appeared to be to provide another App Store that includes pirated and cracked iOS apps and games,” the researchers noted.

The app was developed by a company in China, and the developers used the open-source, original “Happy Daily English” app and embedded in it their own code.
https://www.helpnetsecurity.com/2016...les-app-store/





Apple Still Holds the Keys to Its Cloud Service, but Reluctantly
Mike Isaac

In Silicon Valley — if not Washington — Apple is being hailed for digging in its heels on a court order requiring it to aid the Federal Bureau of Investigation in gaining access to an an iPhone used by one of the attackers in the December mass shooting in San Bernardino, Calif.

Timothy D. Cook, Apple’s chief executive, emphasized on Tuesday in a letter to customers that helping the F.B.I. essentially hack into one of the company’s own phones would be a dangerous precedent. What’s more, Apple said it would have to create new software to do this.

But while company executives have embraced the notion that Apple is no longer able to intervene for law enforcement when investigators want access to an iPhone, it has repeatedly cooperated with court orders for access to online services like its iCloud.

That may sound like hypocrisy, but to people familiar with how Apple’s products and services work, it is simply a matter of technology.

ICloud is an Internet service Apple customers can use to back up information that is stored on their devices. It is helpful if your phone, tablet or computer is lost or badly damaged. And it, like other online services, is a gold mine for law enforcement — as the government spying revelations by the former National Security Agency contractor Edward J. Snowden showed.

Every few months for the last few years, tech giants like Facebook, Google, Microsoft and Twitter have published transparency reports, which are lists of instances in which a company turned over data on users at the behest of a court order in the United States or other countries.

In its most recent report, covering the first six months of 2015, Apple received nearly 11,000 requests from government agencies around the world regarding information on roughly 60,000 devices. Apple provided some data in roughly 7,100 of those requests, the report said.

The company has stated repeatedly that it would hand over data to comply with a court order when it is technically able to do so. And as that report indicates, it has. Often.

But the operative phrase to understand the difference between Apple’s cooperation and its resistance is “technically able.”

In the fall of 2014, with an update to its iOS software, Apple switched off its ability to retrieve data from its phones and tablets. By doing this, Apple tried to take itself out of the equation when law enforcement is looking for access to a phone. In essence, the company could no longer fulfill a request if it was technically unable to do so.

ICloud is a different story. Apple encrypts that data on its servers and holds on to the key, which it uses to gain access to the data when it is required to do so by a court order.

There are practical reasons for managing security in the cloud differently from on an iPhone. ICloud exists, in part, to save backups in the event that, say, you drop your phone in a swimming pool. Apple needs to have that key to get your data back for you.

It is not so easy for a company to take away its ability to gain access to your information when that company’s ability to retrieve your information is the reason you are using its service.

“They’re a consumer-focused company, not a defense contractor,” said Steven M. Bellovin, a professor of computer science at Columbia University. “If someone loses their phone or forgets their password, they still want to be able to get their data back.”

That could soon change. Just as Apple has updated encryption practices for devices — like FileVault, which protects a Mac’s start-up disk, for example — the company plans to strengthen encryption on other products, said two senior Apple executives, who spoke on the condition of anonymity because the plans are not public.

That could include iCloud, if Apple can figure out a consumer-friendly way to keep the data under lock and key — a key Apple wouldn’t be able to use — without making it inconvenient for people who need to retrieve backups.

That is no simple feat. Apple would have to find a way to let users retrieve their own data safely even without the company’s help, while keeping out hackers and other sorts of data thieves.

There is reason to be cautious about mucking with iCloud’s security. In 2014, for example, a number of private photos were stolen from the iCloud accounts of celebrities like the actress Jennifer Lawrence. Apple said the episode was not a result of any widespread attack on the company’s software products. But it was a cautionary note for consumers of the service.

None of this iCloud discussion would apply to iMessage, Apple’s proprietary text messaging service. It uses technology called end-to-end encryption, which means messages sent using iMessage cannot be intercepted and decrypted. Only the sender and receiver, and not Apple, have the keys to read such messages. Apple retains encrypted iMessages on its servers until they are read by the user or expire after several days.

For now, the best bet to protect your personal information from snoops may be to keep it off iCloud — and the many, many apps that may pass or store unencrypted information through data centers. It is safer on your device.

Just try not to drop your phone in a swimming pool.
http://www.nytimes.com/2016/02/22/te...luctantly.html





Solid Support for Apple in iPhone Encryption Fight: Poll
Jim Finkle

Nearly half of Americans support Apple Inc's (AAPL.O) decision to oppose a federal court order demanding that it unlock a smartphone used by San Bernardino shooter Rizwan Farook, according to a national online Reuters/Ipsos poll.

Forty-six percent of respondents said they agreed with Apple's position, 35 percent said they disagreed and 20 percent said they did not know, according to poll results released on Wednesday.

Other questions in the poll showed that a majority of Americans do not want the government to have access to their phone and Internet communications, even if it is done in the name of stopping terror attacks.

The responses to the privacy questions in the poll are similar to results from a 2013 Reuters/Ipsos poll, showing a consistent desire on the part of Americans to keep their phone, Internet communications and other data private.

Most of those polled also feel that unlocking Farook's phone would set a dangerous precedent that authorities would use to force the company to unlock more phones, a claim that Apple Chief Executive Tim Cook made in an open letter to customers last week.

When asked if the government would use the ability to unlock phones to "spy on iPhone users," 55 percent said they agreed, 28 percent disagreed and the rest said they were not sure.

“I don’t believe in giving up our right to privacy in order to make people feel safer,” said Steve Clevenger, a 55-year-old real-estate appraiser from Wheelersburg, Ohio, who took part in the poll and is supporting Apple.

“The government overstepped its bounds with the Patriot Act and they are likely to do it again,” he said, referring to a 2001 law that eased federal investigators' access to people's communications and financial records.

When asked if the U.S. government should be able to look at data on Americans' phones to protect against terror threats, 46 percent agreed, 42 percent disagreed and the rest said they were not sure.

The government has said Apple must help because there is no way to get at the data on Farook's phone without the company engineering a special software solution. Apple executives have refused, saying it is an onerous request that puts the security of its customers at risk.

Mike Kostrzewa, a 69-year-old retiree from Fairfax, Virginia, said he believed Apple should comply with the court order. “If a person has nothing to hide, there is no reason they should be afraid of the government looking at specific content with a warrant,” said Kostrzewa, one of the poll's respondents.

Younger Americans are more likely than older Americans to agree with Apple's stand. Of those between 18 and 39 years old, 64 percent agreed with the company's decision to oppose the court order. That is nearly twice the percentage of older people who are supporting Apple.

The poll results reflect a deep sense of skepticism among Americans about the security of their information, said Ipsos pollster Chris Jackson.

Privacy concerns have grown in response to revelations about U.S. government surveillance programs as well as a constant stream of high-profile security breaches that compromised consumer records including credit cards numbers, email logins and medical information, he said.

"People are very distrusting of everybody, but Americans actually trust Apple a bit more than the government on some issues," Jackson said.

The Reuters/Ipsos poll shows that large numbers of Americans want to keep their phone records, text messages, emails and other Internet activity private.

For example in this month's poll, 69 percent said they would not give up email privacy even if it would help the government foil foreign terror plots and 75 percent said they would be unwilling to give up text-message privacy for the same reason.

Opinion on whether Apple is right is divided by political party lines: 54 percent of Democrats agree with Apple, while only 37 percent of Republicans support the company.

Donald Trump, front-runner for the Republican presidential nomination, last week said he would boycott the company's products until it unlocks the phone.

Democratic U.S. Representative Ted Lieu on Tuesday asked the Federal Bureau of Investigation to rescind the unlock order.

"There is this tension: Americans want terrorists to be prosecuted, but in the context of issues about security and privacy, it becomes a much more nuanced discussion," Jackson said.

On Monday, Pew Research Center said its polling found that 51 percent of Americans believe Apple should unlock the phone and just 38 percent support the company's refusal.

The Pew question provided less information about Apple’s concerns and mentioned that the FBI’s need is “an important part” of their investigation. (pewrsr.ch/1RiI8dB)

The Reuters/Ipsos poll question on the same issue stated the company's position, which is that complying with the request would set a precedent that would require it to provide similar assistance in future cases.

The online survey was conducted Feb. 19 to 23 with more than 1,500 U.S. adults, as Apple and the government made public statements to sway public opinion in the high-stakes case. It has a credibility interval of plus or minus 2.8 percentage points for all respondents.

FBI spokesman Christopher Allen declined comment on the poll results. Apple did not respond to requests for comment.

Here's the link to the poll: polling.reuters.com/#poll/TM853Y16/dates/20160220-20160223/type/overall

Take a look at these graphics here (PDF).
http://uk.reuters.com/article/us-app...-idUKKCN0VX159





Carole Adams, Mom Who Lost Son in San Bernardino Shooting, Sides with Apple
Kellan Howell

A mother whose son was killed in the San Bernardino, California, shooting last year is siding with Apple in its battle to protect consumer’s privacy rights by refusing the FBI’s demands for new software to break into the iPhone of her son’s killer.

Carole Adams, the mother of Robert Adams — a 40-year-old environmental health specialist who was shot dead by Syed Rizwan Farook and his wife in December — told the New York Post Thursday that the constitutional right to privacy “is what makes America great to begin with.”

She stood by Apple’s decision to fight a federal court order to create software that would allow federal authorities to access the shooter’s password-blocked iPhone. The software would allow authorities to retrieve personal banking passwords, photos and other information.

Apple CEO Tim Cook has argued that such software could be used in the future and would create a dangerous precedent for cell phone evidence in court cases.

“The government suggests this tool could only be used once, on one phone. But that’s simply not true,” Mr. Cook said. “Once created, the technique could be used over and over again, on any number of devices.”

Ms. Adams said such software could undermine the Constitution.

“This is what separates us from communism, isn’t it? The fact we have the right to privacy,” she told the New York Post. “I think Apple is definitely within their rights to protect the privacy of all Americans.

“This is what makes America great to begin with, that we abide by a Constitution that gives us the right of privacy, the right to bear arms, and the right to vote.”

Federal authorities want to hack into Farook’s phone to retrace the Islamic State sympathizer’s steps on Dec. 2 when he and his wife, Tashfeen Malik, shot and killed 14 people at the Inland Regional Center in San Bernardino.

California US Magistrate Judge Sheri Pym has ordered Apple to create a back door for the FBI to bypass an iPhone feature that destroys data after 10 consecutive unsuccessful unlock attempts.
http://www.washingtontimes.com/news/...bernardino-sh/





Tech Companies to Unite in Support of Apple

Google, Facebook and Microsoft among the companies that will back Apple in its iPhone fight with the U.S. government
Deepa Seetharaman and Jack Nicas

Several tech companies, including Google parent Alphabet Inc., Facebook Inc. and Microsoft Corp., plan to file a joint motion supporting Apple Inc. in its court fight against the Justice Department over unlocking an alleged terrorist’s iPhone, according to people familiar with the companies’ plans.

At least one other tech company plans to be included in a joint amicus brief next week generally supporting Apple’s position that unlocking the iPhone would undermine tech firms’ efforts to protect their users’ digital security, these people said. Twitter Inc. also plans to support Apple in a motion, though it is unclear if it will join the combined filing, another person familiar said.

Microsoft President and Chief Legal Officer Brad Smith told Congress on Thursday that his company would file a motion supporting Apple.

The joint filing is set to unite much of Silicon Valley firmly behind Apple in its fight against the U.S. that has polarized much of the nation in a debate over supporting national security versus protecting personal privacy. Tech executives so far have generally supported Apple publicly, though many have declined to weigh in while statements by others have been tepid.

Apple on Thursday filed a motion opposing a federal judge’s order to help the Federal Bureau of Investigation unlock a phone used by a suspect in the San Bernardino, Calif., shootings. In the filing, Apple called the order “unprecedented” with “no support of the law.” Apple Chief Executive Tim Cook said last week in a letter that the order would “undermine the very freedoms and liberty our government is meant to protect.”

Google CEO Sundar Pichai said last week on Twitter that while Google provides user data to law enforcement under court orders, “that’s wholly different than requiring companies to enable hacking of customer devices and data. Could be a troubling precedent.”

Facebook CEO Mark Zuckerberg said Monday he was “sympathetic” to Apple’s argument and that he didn’t “think requiring back doors into encryption is either going to be an effective way to increase security or is really the right thing to do.”

—Yoree Koh contributed to this article.
http://www.wsj.com/news/article_emai...MTI2NTMyMzUwWj





Arizona County Attorney to Ditch iPhones Over Apple Dispute with FBI

The decision, though symbolic, reflects the challenges ahead for Apple
John Ribeiro

Apple’s refusal to help the FBI unlock an iPhone 5c used by one of the terrorists in the San Bernardino, California attack on Dec. 2 has prompted the Maricopa County attorney’s office in Arizona to ban providing new iPhones to its staff.

“Apple’s refusal to cooperate with a legitimate law enforcement investigation to unlock a phone used by terrorists puts Apple on the side of terrorists instead of on the side of public safety,” Maricopa County Attorney Bill Montgomery said in a statement on Wednesday.

Montgomery described as a corporate public relations stunt Apple’s positioning of its refusal to cooperate on privacy grounds. The evidence obtained through searches using warrants to unlock encrypted smartphones, including iPhones, have proven critical to the investigation and prosecution of defendants charged with drug trafficking, sexual exploitation, murder and other serious offenses, he added.

The county prosecutor's decision is more symbolic and is unlikely to impact Apple’s sales as there are 564 smartphones deployed throughout the office, 366 of which are iPhones. But it could be an indication of the various levers available to law enforcement agencies in the U.S. to try to get Apple to come around to its point of view. "If Apple wants to be the official smartphone of terrorists and criminals, there will be a consequence,” Montgomery said.

Magistrate Judge Sheri Pym of the U.S. District Court for the Central District of California ordered Apple last week to provide assistance, including by providing signed software if required, to help the FBI try different passcodes by brute force on the locked iPhone 5c, without triggering an auto-erase feature in the phone.

Apple CEO Tim Cook said in an email to employees that it was possible to do what the FBI was asking, but added that the company believes it "too dangerous to do," as it would undermine the security features of the device.

The company’s decision hasn’t gone down well with many other people, besides Montgomery. A study released Monday by the Pew Research Center found that 51 percent of respondents said they think Apple should unlock the iPhone to help the FBI with its investigation, while 38 percent opposed it. Eleven percent of the respondents had no opinion either way.

The decision by the Maricopa County attorney's office, first disclosed to the relevant staff on Sunday, was made public on Wednesday. The county office will discontinue providing iPhones as replacements or upgrades for existing employees. It has over 900 full-time employees.
http://www.networkworld.com/article/...-with-fbi.html





San Bernardino Police Chief Says there's a 'Reasonably Good Chance that there's Nothing of Any Value' on Shooter's iPhone
Kif Leswing

One overlooked fact in the battle between the FBI and Apple: there probably isn't any useful information on Syed Farook's government-issued phone.

That's according to San Bernardino police chief Jarrod Burguan, who was part of the investigation into the two shooters who killed 14 during a mass shooting event last December.

NPR aired his remarks in an interview published Friday.

"I'll be honest with you, I think that there is a reasonably good chance that there is nothing of any value on the phone," Burguan said.

Burguan is siding with the FBI, though, which is seeking to compel Apple to build custom software to allow law enforcement to extract data from Farook's phone. He believes that it would be unfair to the victims' families not to at least look at what's on the phone.

"This is an effort to leave no stone unturned in the investigation," Burguan told NPR. "To allow this phone to sit there, and not make an effort to get the information or the data that may be inside of that phone is simply not fair to the victims or the families."

Law enforcement is hoping that there may be contacts on Farook's iPhone that could lead to a larger plot or larger network of terrorists.

In a motion filed on Thursday, Apple said that the San Bernardino case isn't "about one isolated iPhone."

"Rather, this case is about the Department of Justice and the FBI seeking through the courts a dangerous power that Congress and the American people have withheld: the ability to force companies like Apple to undermine the basic security and privacy interests of hundreds of millions of individuals around the globe," the motion reads.

Apple also pointed out that it has provided all the iCloud backups it has to the FBI, and that Farook's iPhone had its iCloud password changed while in custody, preventing Apple from trying one of its tricks to extract the data from the device.
http://www.businessinsider.com/san-b...-iphone-2016-2





Justice Department Seeks to Force Apple to Extract Data From About 12 Other iPhones

Apple embroiled in phone court fights beyond San Bernardino; cases don’t involve terrorism charges, sources say
Devlin Barrett

The Justice Department is pursuing court orders to force Apple Inc. to help investigators extract data from iPhones in about a dozen undisclosed cases around the country, in disputes similar to the current battle over a terrorist’s locked phone, according to people familiar with the matter.

The other phones are at issue in cases where prosecutors have sought, as in the San Bernardino, Calif., terror case, to use an 18th-century law called the All Writs Act to compel the company to help them bypass the passcode security feature of phones that may hold evidence, these people said.

The specifics of the roughly dozen cases haven’t been disclosed publicly, but they don’t involve terrorism charges, these people said.

Privacy advocates are likely to seize on the cases’ existence as proof the government aims to go far beyond what prosecutors have called the limited scope of the current public court fight over a locked iPhone used by one of the San Bernardino shooters.

Law-enforcement leaders, however, may cite the existence of the other cases as evidence that the encryption of personal devices has become a serious problem for criminal investigators in a variety of cases and settings.

In the San Bernardino case, the Federal Bureau of Investigation is trying to force Apple to help it beat the passcode system on a work phone used by Syed Rizwan Farook who, along with his wife, carried out a terror attack on his co-workers on Dec. 2 that killed 14 and injured 22. A judge has granted the Justice Department’s request for a court order directing Apple to help the FBI, and Apple is fighting the order.

Separately, federal prosecutors in New York are sparring with Apple over an iPhone seized in a drug investigation there. In that case, prosecutors filed a letter with U.S. Magistrate Judge James Orenstein late Monday that indicates there are other cases in which the government has obtained similar court orders, but the letter doesn’t provide further detail.

“In most of the cases, rather than challenge the orders in court, Apple simply deferred complying with them, without seeking appropriate judicial relief,’’ the prosecutors wrote.

Apple argues that helping the FBI the way the bureau wants would endanger the privacy of its customers. “Forcing Apple to extract data in this case, absent clear legal authority to do so, could threaten the trust between Apple and its customers,’’ the company has argued in court papers in the New York case.

In that case, prosecutors have criticized Apple for resisting their demands, saying the company for years complied with such orders until late last year, when Apple began asserting it should not be forced to provide such assistance. Prosecutors have been particularly critical of Apple’s contention that to help bypass the passcode feature would “tarnish the Apple brand.’’

The judge in the New York case has asked whether it was legal for the government to force Apple to extract data from a locked phone—an indication to some legal experts that he is considering rejecting the government’s rationale.

The dozen other phones now the subject of legal battles were seized in a variety of criminal investigations, but they are not terrorism cases like the San Bernardino investigation, people familiar with the matter said.

The dozen or so cases are also distinct from San Bernardino in that many of them involve phones using an older Apple operating system, which has fewer security barriers to surmount, these people said.

But they are similar in the sense that the government is trying to force Apple through the courts to help investigators extract data from otherwise locked iPhones, these people said.

As the fight over the San Bernardino phone became public last week, federal prosecutors and the FBI said they are not seeking to set a precedent in the case, but to get the company to help them open a single phone that may hold crucial evidence to help explain the most deadly terrorist attack on U.S. soil since Sept. 11, 2001.

In a filing last week in the San Bernardino case, federal prosecutors argued the order they have obtained “is tailored for and limited to this particular phone. And the order will facilitate only the FBI’s efforts to search the phone… Nor is compliance with the order a threat to other users of Apple products.’’

The same filing also argued that what is at stake in the case is permission for the government “to search one telephone of an individual suspected of being involved in a terrorist attack.’’

Apple has directly challenged those claims.

“The government suggests this tool could only be used once, on one phone. But that’s simply not true,’’ Apple CEO Tim Cook wrote last week in a letter to customers. “Once created, the technique could be used over and over again, on any number of devices… The government is asking Apple to hack our own users and undermine decades of security advancements.’’
http://www.wsj.com/article_email/jus...MjIzMzMyMTMwWj





Apple Is Said to Be Trying to Make It Harder to Hack iPhones
Matt Apuzzo and Katie Benner

Apple engineers have begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts.

If Apple succeeds in upgrading its security — and experts say it almost surely will — the company will create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year’s San Bernardino, Calif., rampage. If the Federal Bureau of Investigation wanted to get into a phone in the future, it would need a new way to do so. That would most likely prompt a new cycle of court fights and, yet again, more technical fixes by Apple.

The only way out of this scenario, experts say, is for Congress to get involved. Federal wiretapping laws require traditional phone carriers to make their data accessible to law enforcement agencies. But tech companies like Apple and Google are not covered, and they have strongly resisted legislation that would place similar requirements on them.

“We are in for an arms race unless and until Congress decides to clarify who has what obligations in situations like this,” said Benjamin Wittes, a senior fellow at the Brookings Institution.

Companies have always searched for software bugs and patched holes to keep their code secure from hackers. But since the revelations of government surveillance made by Edward J. Snowden, companies have been retooling their products to protect against government intrusion.

For Apple, security is also a global marketing strategy. New security measures would not only help the company in its fight with the government, but also reassure investors and customers.

“For all of those people who want to have a voice but they’re afraid, we are standing up, and we are standing up for our customers because protecting them we view as our job,” Apple’s chief executive, Timothy D. Cook, said on Wednesday in an interview with ABC News.

The company first raised the prospect of a security update last week in a phone call with reporters, who asked why the company would allow firmware — the software at the heart of the iPhone — to be modified without requiring a user password.

One senior executive, speaking on the condition of anonymity, replied that it was safe to bet that security would continue to improve. Separately, a person close to the company, who also spoke on the condition of anonymity, confirmed this week that Apple engineers had begun work on a solution even before the San Bernardino attack. A company spokeswoman declined to comment on what she called rumors and speculation.

Independent experts say they have held informal conversations with Apple engineers over the last week about the vulnerability. Exactly how Apple will address the issue is unclear. Security experts who have been studying Apple’s phone security say it is technically possible to fix.

“There are probably 50 different ideas we have all sent to Apple,” said Jonathan Zdziarski, a security researcher.

Apple built its recent operating systems to protect customer information. As Mr. Cook wrote in a recent letter to customers, “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”

But there is a catch. Each iPhone has a built-in troubleshooting system that lets the company update the system software without the need for a user to enter a passcode. Apple designed that feature to make it easier to repair malfunctioning phones.

In the San Bernardino case, the F.B.I. wants to exploit that troubleshooting system by forcing Apple to write and install new software that strips away several security features, making it much easier for the government to hack into the phone. The phone in that case is an old model, but experts and former Apple employees say that a similar approach could also be used to alter software on newer phones. That is the vulnerability Apple is working to fix.

Apple regularly publishes security updates and gives credit to researchers who hunt for bugs in the company’s software. “Usually, bug reports come in an email saying, ‘Dear Apple Security, we’ve discovered a flaw in your product,’ ” said Chris Soghoian, a technology analyst with the American Civil Liberties Union. “This bug report has come in the form of a court order.”

The court order to which Mr. Soghoian referred was issued last week by a federal judge magistrate, and tells Apple to write and install the code sought by the F.B.I. Apple has promised to challenge that order. Its lawyers have until Friday to file its opposition in court.

In many ways, Apple’s response continues a trend that has persisted in Silicon Valley since Mr. Snowden’s revelations. Yahoo, for instance, left its email service unencrypted for years. After Mr. Snowden revealed the National Security Agency surveillance, the company quickly announced plans to encrypt email. Google similarly moved to fix a vulnerability that the government was using to hack into company data centers.

Apple’s showdown with the Justice Department is different in one important way. Now that the government has tried to force Apple to hack its own code, security officials say, the company must view itself as the vulnerability.

“This is the first time that Apple has been included in their own threat model,” Mr. Zdziarski said. “I don’t think Apple ever considered becoming a compelled arm of the government.”

The F.B.I. director, James B. Comey Jr., signaled this week that he expected Apple to change its security, saying that the phone-cracking tool the government sought in the San Bernardino case was “increasingly obsolete.” He said that supported the government’s argument that it was not seeking a skeleton key to hack into all iPhones.

Apple, though, says the case could set a precedent for forcing company engineers to write code to help the government break into any iPhone. “The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” Mr. Cook said in his letter.

The heated back-and-forth between the government and technology companies is, at least in part, a function of the Obama administration’s strategy. The White House has said it will not ask Congress to pass a law requiring tech companies to give the F.B.I. a way to gain access to customer data. That has left the Justice Department to fight for access one phone at a time, in court cases that often go unnoticed.

While it is generally accepted that Silicon Valley’s tech giants can outgun the government in a technical fight, the companies do face one important limitation. Security features often come at the expense of making products slower or clunkier.

Apple’s brand is built around creating products that are sleek and intuitive. A security solution that defeats the F.B.I. is unworkable if it frustrates consumers. One of the impediments to encrypting all the data in Apple’s iCloud servers, for instance, has been finding a way to ensure that customers can easily retrieve and recover photos and other information stored there.

“Telling a member of the public that they’re going to lose all the family photos they’ve ever taken because they forgot their password is a really tough sell,” Mr. Soghoian said. “A company wants to sell products to the public.”

Matt Apuzzo reported from Washington and Katie Benner from San Francisco.
http://www.nytimes.com/2016/02/25/te...cant-hack.html





Obama Administration Set to Expand Sharing of Data That N.S.A. Intercepts
Charlie Savage

The Obama administration is on the verge of permitting the National Security Agency to share more of the private communications it intercepts with other American intelligence agencies without first applying any privacy protections to them, according to officials familiar with the deliberations.

The change would relax longstanding restrictions on access to the contents of the phone calls and email the security agency vacuums up around the world, including bulk collection of satellite transmissions, communications between foreigners as they cross network switches in the United States, and messages acquired overseas or provided by allies.

The idea is to let more experts across American intelligence gain direct access to unprocessed information, increasing the chances that they will recognize any possible nuggets of value. That also means more officials will be looking at private messages — not only foreigners’ phone calls and emails that have not yet had irrelevant personal information screened out, but also communications to, from, or about Americans that the N.S.A.’s foreign intelligence programs swept in incidentally.

Civil liberties advocates criticized the change, arguing that it will weaken privacy protections. They said the government should disclose how much American content the N.S.A. collects incidentally — which agency officials have said is hard to measure — and let the public debate what the rules should be for handling that information.

“Before we allow them to spread that information further in the government, we need to have a serious conversation about how to protect Americans’ information,” said Alexander Abdo, an American Civil Liberties Union lawyer.

Robert S. Litt, the general counsel in the office of the Director of National Intelligence, said that the administration had developed and was fine-tuning what is now a 21-page draft set of procedures to permit the sharing.

The goal for the final rules, Brian P. Hale, a spokesman for the office, said in a statement, is “to ensure that they protect privacy, civil liberties and constitutional rights while enabling the sharing of information that is important to protect national security.”

Until now, National Security Agency analysts have filtered the surveillance information for the rest of the government. They search and evaluate the information and pass only the portions of phone calls or email that they decide is pertinent on to colleagues at the Central Intelligence Agency, the Federal Bureau of Investigation and other agencies. And before doing so, the N.S.A. takes steps to mask the names and any irrelevant information about innocent Americans.

The new system would permit analysts at other intelligence agencies to obtain direct access to raw information from the N.S.A.’s surveillance to evaluate for themselves. If they pull out phone calls or email to use for their own agency’s work, they would apply the privacy protections masking innocent Americans’ information — a process known as “minimization” — at that stage, Mr. Litt said.

Executive branch officials have been developing the new framework and system for years. President George W. Bush set the change in motion through a little-noticed line in a 2008 executive order, and the Obama administration has been quietly developing a framework for how to carry it out since taking office in 2009.

The executive branch can change its own rules without going to Congress or a judge for permission because the data comes from surveillance methods that lawmakers did not include in the main law that governs national security wiretapping, the Foreign Intelligence Surveillance Act, or FISA.

FISA covers a narrow band of surveillance: the collection of domestic or international communications from a wire on American soil, leaving most of what the N.S.A. does uncovered. In the absence of statutory regulation, the agency’s other surveillance programs are governed by rules the White House sets under a Reagan-era directive called Executive Order 12333.

Mr. Litt declined to make available a copy of the current draft of the proposed procedures.

“Once these procedures are final and approved, they will be made public to the extent consistent with national security,” Mr. Hale said. “It would be premature to draw conclusions about what the procedures will provide or authorize until they are finalized.”

Among the things they would not address is what the draft rules say about searching the raw data using names or keywords intended to bring up Americans’ phone calls or email that the security agency gathered “incidentally” under the 12333 surveillance programs — including whether F.B.I. agents may do so when working on ordinary criminal investigations.

Under current rules for data gathered under a parallel program — the no-warrant surveillance program governed by the FISA Amendments Act — N.S.A. and C.I.A. officials may search for Americans’ information only if their purpose is to find foreign intelligence, but F.B.I. agents may conduct such a search for intelligence or law enforcement purposes. Some lawmakers have proposed requiring the government to obtain a warrant before conducting such a search.

In 2013, The Washington Post reported, based on documents leaked by the former intelligence contractor Edward J. Snowden, that the N.S.A. and its British counterpart, Government Communications Headquarters, had tapped into links connecting Google’s and Yahoo’s data centers overseas and that the American spy agency had collected millions of records a day from them. The companies have since taken steps to encrypt those links.

That collection occurred under 12333 rules, which had long prohibited the N.S.A. from sharing raw information gathered from the surveillance it governed with other members of the intelligence community before minimization. The same rule had also long applied to sharing information gathered with FISA wiretaps.

But after the attacks of Sept. 11, 2001, the Bush administration began an effort to tear down barriers that impeded different parts of the government from working closely and sharing information, especially about terrorism.

In 2002, for example, it won permission, then secret, from the intelligence court permitting the C.I.A., the F.B.I. and the N.S.A. to share raw FISA wiretap information. The government did not disclose that change, which was first reported in a 2014 New York Times article based on documents disclosed by Mr. Snowden.

In August 2008, Mr. Bush change d 12333 to permit the N.S.A. to share unevaluated surveillance information with other intelligence agencies once procedures were developed.

Intelligence officials began working in 2009 on how the technical system and rules would work, Mr. Litt said, eventually consulting the Defense and Justice Departments. This month, the administration briefed the Privacy and Civil Liberties Oversight Board, an independent five-member watchdog panel, seeking input. Before they go into effect, they must be approved by James R. Clapper, the intelligence director; Loretta E. Lynch, the attorney general; and Ashton B. Carter, the defense secretary.

“We would like it to be completed sooner rather than later,” Mr. Litt said. “Our expectation is months rather than weeks or years.”
http://www.nytimes.com/2016/02/26/us...ntercepts.html





Labor, Coalition Vote Against Strong Encryption in Senate
Renai LeMay

Both of Australia’s major political parties have explicitly rejected a Senate motion calling on the Government to support public use of strong encryption technologies, in a move that comes in the wake of the US Government’s demand that Apple provide it with a backdoor for open access to its iPhone handset.

Yesterday in the Senate, Greens Senator and Communications Spokesperson Scott Ludlam (pictured) moved a motion dealing with encryption technology.

The motion called upon the Senate to note that strong digital encryption protects the personal and financial information of millions of people; that encryption is an important tool to prevent identity theft and other crime; that encryption ensures that public interest whistleblowers, journalists and other civil society actors can conduct their activities more securely; and that the Government, through services such as Medicare and Centrelink, and digital platforms such as myGov, depends on encryption to keep client information safe.

The motion also called upon the Senate to note that any decrease in public trust in digital systems and services will present an obstacle to the Government’s agile innovation agenda”.

Secondly, it called upon the Federal Government to “support the continued development and use of strong encryption technologies; resist any push from other governments to weaken encryption on personal devices; and work with law enforcement to develop alternative avenues to obtain information through warrants and targeted surveillance that does not put every Australian at greater risk of identity theft.”

The motion was defeated, with only the Greens and independent Senators Lambie, Leyonhjelm, Wang, Lazarus, Muir and Xenophon voting for it. Both Labor and the Coalition voted against the motion.

Ludlam’s motion comes amid increasing debate around how much governments should intervene in private sector use of encryption technology.

Over the past several weeks, the Federal Bureau of Investigation in the United States has repeatedly requested that technology giant Apple build a version of its iOS operating system that would allow the agency to access locked iPhones for law enforcement purposes.

One particular case revolves around December’s San Bernadino massacre. However, Apple has refused to comply, warning in a letter to customers that the demand was a “chilling” breach of privacy and would have far-reaching implications.

The issue has been discussed in Australia over the past several weeks.

Attorney-General George Brandis has joined those who call for Apple to concede on the affair, telling the ABC: “We would expect, as in Australia, that all orders of courts should be obeyed by any party which is the subject of a lawful order by a court.”

“Frankly, if data is encrypted in a way that is entirely inaccessible, without the cooperation of the ISP or the maker of the device, then that makes inaccessible relevant investigative information that would hitherto have been accessible and that’s a problem for law enforcement,” Brandis went on to say.

The eSafety Commissioner Alastair MacGibbon took a similar view when he tweeted that the US Government’s request seemed “reasonable”.

Ludlam did not speak on the issue in the Senate yesterday, but issued a statement last week stating that encryption developers “should not be bullied” into making digital protections weaker.

“The US FBI’s demand that Apple build a ‘back door’ into the iPhone is extraordinarily reckless. There are millions of iOS devices in use in Australia. This proposal would put every single one of those users at risk of identity theft,” said Ludlam.

“We’re already enduring the expensive, intrusive and ineffective metadata retention scheme in the name of the ‘war on terror’. Using the tragedies of terror attacks for a blatant power grab is an absolute disgrace, and it will have no tangible impact, and huge consequences.”

“We strongly urge Attorney-General George Brandis to help keep millions of Australian smartphone users safe, and write to his US counterparts to urge them to reconsider the request to break a technology we all depend on.”
https://delimiter.com.au/2016/02/24/...ion-in-senate/





German Government to Use Trojan Spyware to Monitor Citizens

Intelligence agencies in Germany can now use malware to track computers of people under suspicion. The Trojan will be able to track user chats and conversations on smartphones and PCs.

A spokesman for the German interior ministry announced on Monday that the government had approved the usage of Trojans to monitor suspected citizens.

The interior ministry spokesman defended the government's decision, saying "basically we now have the skills in an area where we did not have this kind of skill." The program was already endorsed by members of the government in autumn 2015, the ministry said.

Trojans are software programs, also known as malware, specially designed to get into users' computers. They are often used by hackers and thieves to gain access to somebody else's data.

In order to use the malware, government officials will have to get a court order, allowing authorities to hack into a citizen's system.

The new software will be able to monitor users' activities in real time

The approval will help officials get access to the suspect's personal computer, laptop and smartphone. Once the spyware installs itself on the suspect's device, it can skim data on the computer's hard drive and monitor ongoing chats and conversations.

Members of the Green party protested the launching of the Trojan, with the party's deputy head Konstantin von Notz saying, "We do understand the needs of security officials, but still, in a country under the rule of law, the means don't justify the end."

Bug-Brother ist watching You #bundestrojaner #ozapftis #BugBrother
— Konstantin v. Notz (@KonstantinNotz) February 22, 2016

Germany-based hacker association Chaos Computer Club (CCC) also expressed doubts with the government's decision. Its spokesman, Frank Rieger, told German radio Deutschlandfunk that the technical capabilities of the software needed to be toned down. "It's almost like you're watching people think, if you're reading as they type," Rieger said.

According to a 2008 decision by the German Constitutional Court, remote access to a citizen's computer is permissible only if there is life-threatening danger or suspicion of criminal activity against the state.
http://www.dw.com/en/german-governme...ens/a-19066629





Cops are Asking Ancestry.com and 23andMe for their Customers’ DNA
Kashmir Hill

When companies like Ancestry.com and 23andMe first invited people to send in their DNA for genealogy tracing and medical diagnostic tests, privacy advocates warned about the creation of giant genetic databases that might one day be used against participants by law enforcement. DNA, after all, can be a key to solving crimes. It “has serious information about you and your family,” genetic privacy advocate Jeremy Gruber told me back in 2010 when such services were just getting popular.

Now, five years later, when 23andMe and Ancestry both have over a million customers, those warnings are looking prescient. “Your relative’s DNA could turn you into a suspect,” warns Wired, writing about a case from earlier this year, in which New Orleans filmmaker Michael Usry became a suspect in an unsolved murder case after cops did a familial genetic search using semen collected in 1996. The cops searched an Ancestry.com database and got a familial match to a saliva sample Usry’s father had given years earlier. Usry was ultimately determined to be innocent and the Electronic Frontier Foundation called it a “wild goose chase” that demonstrated “the very real threats to privacy and civil liberties posed by law enforcement access to private genetic databases.”

The FBI maintains a national genetic database with samples from convicts and arrestees, but this was the most public example of cops turning to private genetic databases to find a suspect. But it’s not the only time it’s happened, and it means that people who submitted genetic samples for reasons of health, curiosity, or to advance science could now end up in a genetic line-up of criminal suspects.

Both Ancestry.com and 23andMe stipulate in their privacy policies that they will turn information over to law enforcement if served with a court order. 23andMe says it’s received a couple of requests from both state law enforcement and the FBI, but that it has “successfully resisted them.”

23andMe’s first privacy officer Kate Black, who joined the company in February, says 23andMe plans to launch a transparency report, like those published by Google, Facebook and Twitter, within the next month or so. The report, she says, will reveal how many government requests for information the company has received, and presumably, how many it complies with. (Update: The company released the report a week later.)

“In the event we are required by law to make a disclosure, we will notify the affected customer through the contact information provided to us, unless doing so would violate the law or a court order,” said Black by email.

Ancestry.com would not say specifically how many requests it’s gotten from law enforcement. It wanted to clarify that in the Usry case, the particular database searched was a publicly available one that Ancestry has since taken offline with a message about the site being “used for purposes other than that which it was intended.” Police came to Ancestry.com with a warrant to get the name that matched the DNA.

“On occasion when required by law to do so, and in this instance we were, we have cooperated with law enforcement and the courts to provide only the specific information requested but we don’t comment on the specifics of cases,” said a spokesperson.

As NYU law professor Erin Murphy told the New Orleans Advocate regarding the Usry case, gathering DNA information is “a series of totally reasonable steps by law enforcement.” If you’re a cop trying to solve a crime, and you have DNA at your disposal, you’re going to want to use it to further your investigation. But the fact that your signing up for 23andMe or Ancestry.com means that you and all of your current and future family members could become genetic criminal suspects is not something most users probably have in mind when trying to find out where their ancestors came from.

“It has this really Orwellian state feeling to it,” Murphy said to the Advocate.

If the idea of investigators poking through your DNA freaks you out, both Ancestry.com and 23andMe have options to delete your information with the sites. 23andMe says it will delete information within 30 days upon request.
http://fusion.net/story/215204/law-e...customers-dna/





Prosecutors Halt Vast, Likely Illegal DEA Wiretap Operation
Brad Heath and Brett Kelman

Prosecutors in a Los Angeles suburb say they have dramatically scaled back a vast and legally questionable eavesdropping operation, built by federal drug agents, that once accounted for nearly a fifth of all U.S. wiretaps.

The wiretapping, authorized by prosecutors and a single state-court judge in Riverside County, alarmed privacy advocates and even some U.S. Justice Department lawyers, who warned that it was likely illegal. An investigation last year by The Desert Sun and USA TODAY found that the operation almost certainly violated federal wiretapping laws while using millions of secretly intercepted calls and texts to make hundreds of arrests nationwide.

Riverside’s district attorney, Mike Hestrin, acknowledged being concerned by the scope of that surveillance, and said he enacted “significant” reforms last summer to rein it in. Wiretap figures his office released this week offer the first evidence that the enormous eavesdropping program has wound down to more routine levels.

“I definitely don’t apologize for using this tool to hit the cartels in Riverside County,” said Hestrin, who took office last year. “I think the reforms I put in place were necessary, but this is still a tool that I believe in. It needs to be used cautiously, but it should be available when necessary.”

The number of wiretaps authorized in Riverside County started to climb in 2010; it quadrupled by 2014, when the county court approved 624 wiretaps — three times as many as any other state or federal court. Most of the surveillance was conducted at the behest of U.S. Drug Enforcement Administration agents, who used the eavesdropping to make arrests and seize drugs and cash as far away as New York and Virginia.

Officials approved another 607 wiretaps in 2015, according to the figures released by the district attorney’s office. Most were approved in the first half of the year, before Hestrin said he installed a “stricter” standard that required every new wiretap application to have a “strong investigatory nexus” to Riverside County.

Taps have dwindled since then. So far this year, Hestrin has approved only 14. In the first two months of last year, his office approved 126.

If the current rate continues, Riverside County will end 2016 with about between 85 and 120 wiretaps — still enough to rank it among the nation’s busiest wiretapping jurisdictions, based on 2014 records. But the county will no longer be in a stratosphere all its own.

“I’m pleased to hear this, but it never should have gotten out of hand in the first place,” said Steve Harmon, the Riverside County Public Defender. “If there is no strong investigative connection to Riverside County, then Riverside County has no interest being in this business.”

Privacy advocates, who had expressed alarm in the past, were more cautious.

Jennifer Lynch, a senior staff attorney with the Electronic Frontier Foundation, said it was “reassuring” the Riverside wiretap numbers had normalized, but worried there is “no oversight” even for new eavesdropping orders. Almost all wiretaps are sealed, and are sometimes kept secret even from the suspects who are arrested as a result of the eavesdropping, Lynch said.

“We are reliant on the prosecutors and the law enforcement officers to do their jobs and the judges not to just stamp a signature on them, but without releasing these on a regular basis it’s hard to be satisfied that the system is operating the way it should be,” Lynch said.

A Justice Department spokesman declined to comment on the abrupt drop in eavesdropping. In the past, DEA officials had said the surveillance was an important tool for targeting cartels that had turned the suburbs around Riverside into one of the nation's busiest drug trafficking corridors.

The majority of Riverside’s wiretap surge occurred under the watch of former District Attorney Paul Zellerbach, a one-term top prosecutor who was ousted by Hestrin at the end of 2014.

In interviews last fall, Zellerbach said his staff was “efficient and effective” at processing wiretaps. As word spread through law enforcement circles, the office received more and more requests to eavesdrop. Zellerbach had no qualms about leading the nation in taps. “I thought we were doing a hell of a job," Zellerbach said in November.

Others did not share that opinion. Justice Department lawyers warned the DEA in private that the wiretaps were unlikely to withstand a legal challenge, and they generally refused to use them as evidence in federal court.

The surveillance also suffered a more systematic flaw. The Desert Sun and USA TODAY found last year that Zellerbach had been allowing lower-level lawyers in his office to approve wiretap applications, despite a federal law that required him to do it himself. That flaw has the potential to invalidate as many as 738 wiretaps since 2013.

As a result, Riverside’s wiretap operation is now facing its first significant legal challenge. Lawyers for a marijuana trafficking suspect last week asked a federal judge in Kentucky to declare that five wiretaps used in that case were illegal. But their attack on the surveillance spoke far more broadly.

“In sum, Riverside County made a mockery of individual privacy rights, ignored federal requirements limiting the use of wiretaps and permitted law enforcement to intercept telephone calls at their whim and caprice,” argued attorney Brian Butler, a former federal prosecutor.

Although Zellerbach left the district attorney’s office at the end of 2014, the surge of eavesdropping continued well into 2015, with prosecutors approving hundreds in just the first few months of the year. Hestrin, the new district attorney, said most of those he approved were “spinoffs” of previous wiretaps, needed for investigations that he inherited from the Zellerbach administration. The volume was “staggering,” he said.

“A spinoff is technically a new wire but it’s from an existing investigation,” Hestrin said. “Maybe a bad guy is dropping one phone and getting a new one. And I wasn’t going to come in and shut down massive investigations into the cartel.”

Eventually, by the summer, the inherited investigations had run their course and Hestrin introduced his “new standard” for wiretap applications, limiting their use to cases in which the crime was closely tied to the county. In the past, court records show prosecutors had approved surveillance based on tenuous links to Riverside, including one case in which the DEA sought to use a Riverside wiretap to gather evidence on a money laundering suspect in Los Angeles on the basis that the phone belonging to a suspected courier had been in contact with a phone that had, in turn, been in touch with another phone belonging to a Riverside County nightclub owner.

After that change, Hestrin said law enforcement kept asking for wiretaps, but prosecutors “said no frequently.” Eventually, the requests stopped coming.

Riverside’s increased scrutiny of wiretaps applications is a step in the right direction, but it doesn’t erase years of taps that were awarded under questionable policies, said Adrienna Wong, an attorney for the American Civil Liberties Union of Southern California.

Wong said Wednesday that the ACLU submitted a public records request asking the DA’s office for wiretap polices — both old and new — after The Desert Sun/USA TODAY investigation was published.

The DA’s office refused.

“Given the lack of transparency, we remain concerned about the issue,” Wong said. “And the fact that the problem may be solved, at least for the time being … doesn’t address what may have happened in the past.”

Heath reported from McLean, Va. Kelman reports for The Desert Sun in Palm Springs, Calif.
http://www.usatoday.com/story/news/2...back/80891460/





The Ad Blocking Wars
Kate Murphy

YOU might have noticed that even when using a lightning-fast Internet connection, it takes a few beats, enough time to drum your fingers, for web pages to load. It’s likely because of online advertising, which bogs down your browser, drains your battery and jacks up mobile charges — not to mention collects private data.

So it’s little wonder that the use of ad-blocking software grew 41 percent last year, with 198 million active users worldwide, according to a study conducted by Adobe and PageFair. This represents an existential threat to the $50 billion online advertising industry and has ignited a bitter feud between advertisers and developers of ad-blocking apps. On the sidelines, privacy advocates are pumping their fists for consumer choice while web publishers wring their hands over lost revenue.

The fight became public last month when Randall Rothenberg, the president and chief executive of the Interactive Advertising Bureau, lobbed several verbal grenades at developers of ad blockers during his keynote address to his group’s annual leadership meeting. He called them “an unethical, immoral, mendacious coven of techie wannabes.” His venom was directed particularly at for-profit ad blockers who, for a fee, will unblock advertisers who meet certain standards of nonintrusiveness. Rothenberg called the practice “extortion.”

Ad blockers fired right back. “We are as motivated to protect consumers as advertisers are to abuse them,” said Roi Carthy, the chief marketing officer for Shine, an Israeli company that recently began offering ad-blocking software to wireless carriers, which are increasingly weary of the burden data-intensive ads place on their networks. Heretofore, ad blockers were mainly sold or given away to individuals. “This is a holy war for us,” Mr. Carthy said.

Shine is partly financed by the Hong Kong billionaire Li Ka-Shing who also has stakes in Facebook, Spotify and the Bitcoin payment company BitPay. Shine’s first major client is the Caribbean mobile service Digicel, and Mr. Carthy claims his team is negotiating with 60 other carriers.

“I feel like I’m caught between two parents fighting,” said Niero Gonzalez, founder of Destructoid, a website for gamers. “There is a valid security and privacy reason to run ad-blocking software, obviously, but then you have the brands who want their ads to pop up and autoplay and take over. This is killing the free web.”

His primary audience, tech-savvy gamers, were early adopters of ad-blocking software because they realized, more than most, the commotion going on behind the scenes the moment you direct your browser to a website. As many as 100 companies might be alerted, thus setting off a digital scrum as marketing and tracking entities elbow one another to figure out, based on your past online activity, whether you’d be more likely to click on an ad to say, lose weight, refinance your mortgage or improve your sexual potency.

The goal is to make an “impression” (industry lingo for when an ad appears on the page you’re viewing), and publishers get paid when they allow advertisers the privilege. Advertisers get paid by brands and trackers get paid by, well, everybody. All this is automated and happens in seconds, sometimes milliseconds.

Within the last six months or so, ad blocking has left the geek realm and gone mainstream. Howard Stern raved about ad blockers on his radio show, and ad blocking was the theme of a recent episode of “South Park.”

Moreover, when Apple made ad blockers available in its App Store last fall, they quickly became among the most downloaded apps. And later this year, Microsoft is reportedly going to allow an extension to its Edge browser that supports the most popular blocker, Adblock Plus. Read what you will into the fact that Apple and Microsoft’s business models aren’t overly reliant on advertising, unlike their rivals Google and Facebook.

But focusing on ad-blocking software misses the real point, said Jason Kint, the chief executive of Digital Content Next, a trade organization that represents digital content companies like ESPN, Bloomberg, Condé Nast, BBC and The New York Times.

“By installing ad blockers, consumers are telling us very clearly they don’t want to be tracked across the web,” he said. “That’s going to be uncomfortable for a lot of advertising technology companies out there who have been enjoying what has been the Wild West.”

The advertising industry’s solution thus far has been AdChoices, a program that allows consumers to opt out of some targeted ads. But critics dismiss it as window dressing because it’s confusingly presented, cumbersome to enable and not comprehensive, and does not stop tracking.

While The New York Times is still weighing its options, other web publishers have responded to ad blockers using a variety of tactics. Some, like Forbes, have fought back with technology that blocks the ad blockers. But judging from the experience of the technology news website Ars Technica, blocking the blockers is a futile exercise.

BACK in 2010, Ars Technica tried it, and within 12 hours a coder had uploaded a workaround to Adblock Plus. Following that, the site’s founder and editor in chief, Ken Fisher, wrote an article titled “Why Ad Blocking Is Devastating to the Sites You Love.”
“That article lowered the ad-block rate by 12 percent, and what we found was that the majority of people blocking ads on our site were doing it because other sites were irritating them,” Mr. Fisher said. “It’s the worst players in the web publishing world that’s driving this.”

But he said the number of ad blockers is creeping back up, so Ars Technica plans to start a program similar to ones that have been used on a trial basis on other sites like Wired, The Washington Post, Slate and The Atlantic. The goal is to detect people who are blocking and inform them of ways to support the site. They can selectively unblock the site, subscribe, buy temporary access or just keep reading knowing it’s depriving the site of needed revenue. A possible gauge of the effectiveness of guilt is listener-supported NPR, which has a 36 percent donation rate.

“The temptation is to block these people who honestly aren’t going to respond to ads anyway,” Mr. Fisher said. “I think what everybody should focus on is the educational aspect and give people the option to pay for an ad-free experience.”

Google recently began offering that option with its Contributor program. And Sprint’s Boost Mobile is testing a program where it actually pays users to look at ads.

But it may be instructive to look at what happened back in the 1990s when spam was the scourge of consumers. The fix came only when entities like Spamhaus started compiling lists of bad actors, based in part on what consumers marked as spam. Email providers then subscribed to those lists so they could block offenders.

Craig Spiezle, executive director of the Online Trust Alliance, a consumer advocacy group, said something similar could happen with online advertising, where stakeholders agree to observe best practices, including respecting Do Not Track, or D.N.T., which is a preference consumers can activate in their browsers. Right now, D.N.T. is largely ignored by advertisers and websites. Obscuring ads and autoplay audio and video would also likely be prohibited.

“Those who don’t follow the rules will be blacklisted like spammers,” said Mr. Spiezle, who formerly oversaw security of Microsoft’s Hotmail.

The Federal Trade Commission has yet to intervene on this issue. And it’s unlikely that Congress will act given how heavily politicians rely on tracking and other online advertising technology to court voters.

The Online Trust Alliance conducted an audit of the presidential candidates, and the vast majority received failing grades in terms of tracking and protecting the privacy of the people who visited their websites.

“Ad blocking is a symptom of a pervasive problem,” Mr. Spiezle said. “If consumers enjoyed the web experience and felt there were adequate controls for privacy and the ad industry was making a sincere effort to fight abuse and malfeasance, we wouldn’t be having this conversation.”
http://www.nytimes.com/2016/02/21/op...ml?ref=opinion





Researchers Create Super-Efficient Wi-Fi

Passive Wi-Fi consumes 1/10,000th the power of conventional wireless networks.
Sean Gallagher

A team of computer scientists and electrical engineers from the University of Washington has developed an extremely power-efficient version of Wi-Fi wireless networking technology that consumes 10,000 times less power than the current Wi-Fi components, allowing Wi-Fi networking to be built into a much wider range of devices. The team will present a paper (PDF) with the results of their research into what they have dubbed Passive Wi-Fi at the upcoming USENIX Symposium on Networked Systems Design and Implementation in March.

Passive Wi-Fi is, as the name suggests, partially passive—it takes in radio wave energy from an outside source and reflects that signal with its data added to it. Vamsi Talla, a UW electrical engineering doctoral student and co-author of the research, explained, "All the networking, heavy-lifting and power-consuming pieces are done by the one plugged-in device. The passive devices are only reflecting to generate the Wi-Fi packets, which is a really energy-efficient way to communicate."

The technology works much in the way Radio Frequency Identification (RFID) chips (and, more infamously, retroreflector bugs like the ones used by the Soviet Union to bug the US Embassy in Moscow) do—using a technique called backscatter communication.

Backscatter of normal Wi-Fi signals has been used in the past in experiments to create separate narrowband channels for "Internet of Things" (IoT) communications, such as with BackFi, a similar technology developed by a team at Stanford University unveiled last year. BackFi, which used existing Wi-Fi networks' signals to generate a reflected signal, was capable of transmitting 5 megabits per second of data back to the network.

Passive Wi-Fi is compatible with normal Wi-Fi, but it uses a separate base station to generate the radio signal for its backscatter-based devices. It's capable of handling data at speeds up to 11 megabits per second and has been tested to work at distances of over 100 feet.

Because backscatter communication only requires devices to use a tiny amount of power to modulate the reflected radio signal, Passive Wi-Fi could be used in devices that would typically use Bluetooth or another low-power wireless networking technology, with the added benefit of Wi-Fi security. It can also easily be integrated into IoT sensors and other devices, allowing them to talk directly to the cloud rather than depend on another device (such as a smartphone or PC) to act as an intermediary.
http://arstechnica.com/information-t...w-power-wi-fi/





Telstra 4G Will Support 1000Mbps Download Speeds Soon
Spandas Lui

Telstra’s 4G mobile network in capital cities is going to get a lot faster with the company revealing that it will upgrade it to support LTE Category 16 standard devices, which will support theoretical maximum download speeds of 1000Mbps. Read on to find out more.

Last year, Telstra began supporting Category 9 that had a theoretical maximum download speed of around 450Mbps along with other technologies that upped that speed even further for its 4GX network. This time around, the increase is dramatic and even the theoretical maximum upload speed will be given a significant boost, sitting at 150Mbps.

Of course, theoretical download speeds mean jack all if you’re not in the right area or have the right device to take advantage of them. You also have to remember that you’re sharing the network with others so you’ll never get the theoretical maximum. Telstra lists on their website that 4GX devices currently have a typical download speed of 2 to 75Mbps on 4GX.

Nonetheless, Telstra will still be able to boast that it will be the first telco in the world to support the fastest network standard. It plans to release compatible devices that will be able to make the most of the upgraded 4GX network later this year and will look to upgrade its broader 4G network in the future. Telstra is also teaming up with Netgear to create the world’s first Category 16 hotspot.

Currently, the 4GX network coverage is patchy and caters only to densely populated areas, as you can see on Telstra’s coverage map.

Telstra’s competitor, Optus, also offers limited support for Category 9 devices on its 4G network. No word yet on whether Optus will follow suit on upgrading its network but stay tuned.
http://www.lifehacker.com.au/2016/02...d-speeds-soon/





5G Is a New Frontier for Mobile Carriers and Tech Companies
Mark Scott

On the outskirts of this sleepy commuter town just south of London, plans are underway to build the fastest cellphone network in the world.

The work is being done at the University of Surrey, where a leafy campus is dotted with rundown Brutalist-style buildings. Here, researchers and some of the world’s biggest tech companies, including Samsung and Fujitsu, are collaborating to offer mobile Internet speeds more than 100 times faster than anything now available.

Their work on so-called fifth-generation, or 5G, wireless technology is set to be completed in early 2018 and would, for example, let students download entire movies to smartphones or tablets in less than five seconds, compared with as much as eight minutes with current fourth-generation, or 4G, technology. Companies also could connect millions of devices — including smartwatches and tiny sensors on home appliances — to the new cellphone network, and automakers could potentially test driverless cars around the suburban campus.

“A lot of the technology already works in a laboratory environment,” said Rahim Tafazolli, director of the university’s research center that oversees the 5G project, which includes almost 70 powerful radio antennas around the two-square-mile campus. “Now, we have to prove it works in real life.”

The work by Dr. Tafazolli and his team puts them at the heart of a heated race. Fueled by people’s insatiable appetite for accessing videos, social media and other entertainment on their mobile devices, many of the world’s largest carriers, like AT&T and NTT DoCoMo of Japan, are rushing to be the first to offer customers this next-generation ultrafast wireless technology.

The competition has led to research worth billions of dollars from telecommunications equipment makers like Ericsson of Sweden and Huawei of China, which are hoping to secure lucrative contracts to upgrade the mobile Internet infrastructure of operators like AT&T from the United States and China Mobile in Asia. Those plans have become even faster paced as tech giants including Google consider their own ambitions for the latest, and fastest, high-speed Internet.

“Everyone is rushing to demonstrate they are a leading player for 5G,” said Bengt Nordstrom, co-founder of Northstream, a telecom consulting firm, in Stockholm.

The efforts around 5G will be on display at Mobile World Congress, a four-day tech and telecom event in Barcelona that begins on Monday. Most of the world’s largest operators and device makers like Samsung are expected to announce their latest wireless technology, including smartphones, wearable products and digital applications at the trade show.

Not to be outdone, telecom manufacturers also have announced glitzy demonstrations — including driverless cars, remote-controlled drones and autonomous robots balancing balls on tablets — to showcase their 5G credibility. The need to persuade carriers to buy the latest wireless technology has become ever more important as operators consider cutting investment plans in the face of a global economic downturn.

“If we miss the chance to make our networks relevant, it will be a disaster,” said Ulf Ewaldsson, Ericsson’s chief technology officer. “The billion-dollar question is what will a 5G network look like?”

Despite companies’ efforts to outspend each other, that question remains unanswered.

A global standard for 5G wireless technology will not be finished before 2019, at the earliest. Companies worldwide must agree on how their networks talk to each other, so users’ mobile connections do not become patchy when traveling overseas. That involves lengthy negotiations over what type of radio waves the new technology should use, among other complicated global agreements, which can take years.

As a result, carriers, telecom equipment makers and tech companies are lobbying global-standard bodies and national lawmakers to promote their own technologies over rivals’, according to industry executives and telecom analysts. Because of this jockeying, a widespread rollout of 5G networks is not expected until well into the next decade.

Some analysts question why carriers are focusing on the next generation of wireless technology when many parts of the world, particularly in emerging markets, still suffer from achingly slow mobile Internet access. And industry experts say mobile Internet speeds in much of the developed world, especially in places like South Korea, where connections are often comparable to traditional broadband, already meet people’s needs.

“A lot of this is about carriers and equipment makers looking for new ways to make money,” said Thomas Husson, an analyst at Forrester Research in Paris. “Consumers shouldn’t expect great things until after 2020.”

These challenges have not stopped companies from staking a claim in hopes of being at the forefront of 5G.

That is particularly true ahead of major global sporting events like the Olympics and the World Cup, at which carriers and national governments want to promote their technological know-how. At the 2018 World Cup, which will be held in Russia, for instance, the local operators MegaFon and MTS are expected to test 5G-style services, including ultrafast mobile Internet, even without global standards in place.

The Korean mobile operator KT also plans to offer its own version of 5G technology at the 2018 Winter Olympics in Pyeongchang, South Korea, and NTT DoCoMo has said it will have similar trials ready for the 2020 Summer Olympics in Tokyo.

“The only way of learning is by doing,” said Mats Svardh, head of networks at the Scandinavian carrier TeliaSonera, which will test its own 5G technology in both Stockholm and Tallinn, Estonia, in 2018. “It’s about putting pressure on ourselves to move forward with specifics, not just theories.”

United States carriers have also jumped on the 5G bandwagon, partly to offer people new services as current mobile speeds have become relatively interchangeable between major operators nationwide.

Last year, Verizon Wireless announced that it would start testing new wireless technology in 2016 in order to offer new services, including potentially ultrafast mobile Internet, sometime next year. Last month, AT&T countered with its own tests — expected to start in Austin, Tex., by the end of 2016 — that could offer mobile speeds roughly 100 times faster than its current offering.“We will be ready when it’s ready,” said John Donovan, AT&T’s chief strategy officer, who added that traditional rivals like Verizon and new arrivals like Google could eventually compete to offer 5G services. “Everywhere you don’t solve a problem, someone else might step in.”

For Dr. Tafazolli, of the University of Surrey, whose team started working on 5G in late 2011, these battles have led to an increasing number of companies offering support — including the use of high-speed computer servers, costly radio antennas and millions of dollars of financing to research and build the next-generation wireless network on his college campus, he said. Their primary goal: to test their latest technology in a real-world setting.

“In the race to 5G, everyone wants to be first,” he said.
http://www.nytimes.com/2016/02/22/te...-congress.html





Google Fiber Joins Forces with Municipal Broadband Network

Google will offer Internet service over city-owned fiber in Huntsville, Alabama.
Jon Brodkin

Google Fiber said on Monday that it plans to bring its gigabit Internet service to Huntsville, Alabama. But instead of laying its own fiber, Google will offer service over a network that is being built by the city-owned Huntsville Utilities. Huntsville will lease space on the network to Google so it can offer Internet service. But it's not an exclusive deal, so other Internet providers could offer broadband over the same fiber. Huntsville, a city of nearly 190,000 residents, has been planning the fiber build for more than a year.

City officials "see it as a low-risk investment, as compared to administering the gigabit Internet themselves, which would require a massive increase in personnel in an arena where they have limited expertise," local news station WHNT reported today. Google Fiber should be available to the first Huntsville customers by the middle of 2017, but it could take a few years to extend service throughout the city, the report said.

Google Fiber offers service in Kansas City, Kansas and Missouri; Provo, Utah; Austin, Texas; and Atlanta, Georgia. Huntsville is now one of six additional cities where Google says it will offer service. Google lists 11 other cities as "potential" Fiber locations, bringing the total of possible deployments to 21 metro areas.

"To date, we’ve built the majority of our Google Fiber networks from scratch," Google said in its announcement. But in some cities, Google is taking advantage of existing infrastructure. "In Provo, Utah, our Google Fiber service is being delivered over a network we purchased from the city. In Atlanta, Georgia, we’re both constructing our own network and using existing fiber to provide Google Fiber to some apartment buildings. And now, due to the leadership of the Mayor [Tommy Battle] and Huntsville Utilities CEO Jay Stowe, we’ll be working with a muni-owned network to bring our high-speed service to Huntsville."

Google noted that Huntsville has a high concentration of engineers "and ranks among the best places in the country for STEM workers."

Google Fiber will be competing against AT&T, which is planning to bring its GigaPower fiber Internet service to Huntsville.

Elsewhere in the country, government officials in Louisville, Kentucky this month voted to give Google Fiber easier access to utility poles, despite opposition from AT&T and Time Warner Cable.
http://arstechnica.com/business/2016...and-broadband/





Google Fiber Expanding Faster, Further -- And Making Comcast Very Nervous
Karl Bode

While Google Fiber was originally seen as an adorable little experiment primarily designed to bring PR attention to a lack of broadband competition, over the last six months Wall Street has woken up to the fact that Google Fiber isn't playing around. While the number of customers that can actually sign up for Google Fiber remains in the several hundred thousand range, Google's announcements to tackle sprawling areas like Atlanta, San Antonio, Chicago, and Los Angeles has many Wall Street analysts changing their tune.

In 2012 or so, Wall Street analysts proclaimed it would just be too expensive to deploy Google Fiber at any scale. Fast forward to 2016, and you'll notice that a very different tune is being sung:

Although Google’s announcement is just that, could lead to nothing, and requires minimum capital commitment by Alphabet at this stage, it increases on the margin the likelihood that Google Fiber will pass a large number of locations within five years. Correspondingly, it increases the chances that we will see Alphabet’s capex in the non-core businesses, or what the company has referred to as “Other Bets,” increase significantly. Indeed, if Google Fiber were to build out in Chicago and/or Los Angeles and their surroundings, it could precipitate increased interest from other major metro areas, making it easier for Fiber to scale up. Our high end estimate of 20-25 million homes passed by Google Fiber may prove less aggressive than we thought.

Google Fiber has learned some hard lessons in trying to build a broadband network from scratch, so it has started leaning more heavily on existing builds (or plans to build). This week for example Google Fiber announced in a blog post it would be riding on a planned open access municipal broadband network being built by the city of Huntsville, Alabama. This comes on the heels of the company's announcement it's also riding on existing apartment fiber builds in Atlanta to speed up availability there:

To date, we’ve built the majority of our Google Fiber networks from scratch. But over the past five years, we’ve repeatedly seen that every city is unique. So in order to bring Fiber to more people, we’ve taken different approaches in different places. In Provo, Utah, our Google Fiber service is being delivered over a network we purchased from the city. In Atlanta, Georgia, we’re both constructing our own network, and using existing fiber to provide Google Fiber to some apartment buildings. And now, due to the leadership of the Mayor and Huntsville Utilities CEO Jay Stowe, we’ll be working with a muni-owned network to bring our high speed service to Huntsville.

There's every indication that Huntsville's network will be open to any other ISP competitors, an idea Google Fiber originally trumpeted then backed off from. So, yes, while Google Fiber still has a small footprint now as it labors to dig fiber trenches (Austin, Kansas City, Provo), the sheer number of builds in progress or close to finalization is starting to become mammoth (Louisville, Salt Lake City, Portland, Phoenix, San Antonio, San Diego, San Jose, Charlotte, Nashville...). In other words, by 2020 or so things should start to look notably different:

Broadband ISPs, much like Wall Street, generally thought Google Fiber would never be big enough to seriously impact their bottom line. But as Google Fiber pushes into Comcast territories like Atlanta, flyers being handed out by the cable giant make it abundantly clear it's getting nervous about having to face real competition:

Unfortunately for Comcast, Atlanta is one of the many markets where Comcast is engaged in usage cap and overage fee "trials," which oddly is omitted in the company's attempt to deflate Google Fiber "hype." Most of Comcast's flyer claims are either misleading (WiFi is as fast as the router you buy) or just not very interesting (wow, video on demand?). Few if any of Comcast's claimed advantages are going to be much help against a patient company actually willing to compete on price.
https://www.techdirt.com/articles/20...-nervous.shtml





AT&T Sues Louisville Over Utility Pole Law Adopted for Google Fiber
Chris Otts

AT&T sued Louisville Metro government on Thursday to stop an ordinance the Metro Council passed this month to make it easier for new broadband providers like Google Fiber to attach their equipment to utility poles.

In a lawsuit filed in federal court in Louisville, AT&T said Louisville Metro does not have the authority to permit a third party like Google Fiber to remove, alter or move AT&T’s equipment on utility poles, as the city’s “One Touch Make Ready” ordinance purports to allow.

AT&T spokesman Joe Burgan said in a prepared statement that Louisville “has no jurisdiction under federal or state law to regulate pole attachments.”

“Google can attach to AT&T’s poles once it enters into AT&T’s standard Commercial Licensing Agreement, as it has in other cities,” the statement said. “This lawsuit is not about Google. It’s about the Louisville Metro Council exceeding its authority.”

Louisville Metro’s ordinance represents a “drastic departure” from the regulations of the Federal Communications Commission, and in Kentucky, pole attachment issues are the “sole jurisdiction” of the state Public Service Commission, according to the lawsuit.

Supporters of the ordinance – including officials with Mayor Greg Fischer’s administration – have said it will reduce disruption in neighborhoods as Google or other broadband providers install thousands of miles of new fiber-optic cable throughout Jefferson County.

"We will vigorously defend the lawsuit filed today by ATT; gigabit fiber is too important to our city's future @googlefiber," Mayor Fischer tweeted Thursday night.

Metro Councilman Bill Hollander, the ordinance’s sponsor, said earlier this month that the changes “will make the whole (installation) process faster and make the community more broadband ready.”

Under current rules, each provider would have to send a contractor to move its equipment to make way for new services like Google Fiber, officials have said.

“Depending on where you are in Jefferson County and which pole you’re talking about, there could be five or six different trucks dispatched in six months or more to get everybody moving their lines to make room for the last attacher,” Ted Smith, chief of civic innovation for Metro government, told the Metro Council’s public works committee in early February.

But the ordinance, which was also opposed by Time Warner Cable, would allow a third party like Google to temporarily “seize” AT&T’s property – without notice, in most cases, according to the lawsuit.

Louisville is on the short list of cities that might get Google Fiber’s super-fast “gigabit” residential and business Internet and TV service.

Seeing it as a boon for the city’s economy and reputation in the tech sector, Louisville officials have been trying to streamline Google’s installation of the network. The California search engine giant has not yet fully committed to Louisville.

AT&T, meanwhile, is bringing GigaPower, its own “gigabit” fiber service, to Louisville’s residential market, though the company has not yet announced which neighborhoods will get GigaPower or when it will be installed.
http://www.wdrb.com/story/31319058/a...r-google-fiber





AT&T Gave $62K to Lawmakers Months Before Vote to Limit Muni Broadband

Missouri bill would make it difficult for cities to offer Internet service.
Jon Brodkin

A Missouri legislative committee last week approved a bill that would limit the spread of municipal broadband networks, helping private Internet service providers such as AT&T avoid competition.

A few months before that vote, AT&T donated a total of $62,500 to political committees in Missouri. This included $20,000 to the House Republican Campaign Committee, $20,000 to the Missouri Democratic State Committee, $7,500 to the Missouri Republican Party, and $15,000 to the Missouri Senate Campaign Committee (apparently a Republican group). One of the donations is listed by the Missouri Ethics Commission as occurring just two weeks ago, but we’ve been told it was made in September 2015 and not deposited until this month because the original check was lost.

The donations were made before the legislature went into session; AT&T's policy is to not make contributions during legislative sessions. AT&T gave similar amounts in previous years.

CenturyLink, which also supports restrictions on municipal broadband, gave $6,000 to the Missouri Senate Campaign Committee in November 2015. CenturyLink opposed a municipal broadband network in Columbia, Missouri, in 2014.

AT&T wants a “level playing field”

The anti-municipal broadband bill, HB 2078, was introduced in January and approved with a 16-2 vote on February 18 by the Missouri House Utility Infrastructure committee. The bill was sent to the Select Committee on Utilities, the last step before a debate in front of the entire House, which is more than 70 percent Republican.

"We believe that if a governmental entity seeks to deploy or operate a GON [government operated network] in a market that can be served by the private sector, there should be safeguards in place to ensure a 'level playing field,' which is why we expressed support for HB 2078," AT&T told Ars.

AT&T has also donated smaller amounts to members of the Utility Infrastructure Committee, which is chaired by Republican Lyndall Fraker. AT&T told us that it gives donations to all members of that committee; records kept by the National Institute on Money in State Politics turns up AT&T donations to 17 of 19 members.

Fraker, who sponsored HB 2078, has received $3,450 from AT&T in his time as a lawmaker since 2011. He has also received $2,300 from CenturyLink and $1,500 from Comcast.

“I only sponsor bills that I believe in,” Fraker told Ars when asked if the donations had any impact on the municipal broadband bill.

CenturyLink and Comcast have also donated to a majority of the committee members. CenturyLink supports the municipal broadband bill, a company spokesperson told Ars. We’re still waiting to hear from Comcast.

AT&T’s opposition to municipal broadband is well-known. In Tennessee, Sen. Todd Gardenhire (R-Chattanooga) recently called AT&T “the most powerful lobbying organization in this state by far” and a “villain” in the state’s municipal broadband battles.

AT&T also just sued the local government in Louisville and Jefferson County, Kentucky, to stop a new ordinance designed to give Google Fiber access to utility poles.

How Missouri wants to restrict muni broadband

Missouri already has a law from 1997 that says municipalities may not sell telecommunications services to the public with the exception of “Internet-type services.” This made it difficult to build a financially sound Internet service because it couldn’t be bundled with other telecom products like telephone calling, municipal broadband advocate Christopher Mitchell told Ars. Mitchell is director of the Community Broadband Networks project for the Institute for Local Self-Reliance.

The “Internet-type services” carveout allowed North Kansas City, Missouri, to build a municipal broadband network. The new bill would mostly close the “Internet-type services” exception going forward, but it would allow existing networks to continue and allow new ones to be built under some circumstances.

City or town Internet services would have to be approved by a majority of voters in the municipality unless certain conditions are met. No vote has to be held if fewer than 50 percent of residents have access to Internet service or if the municipal network will cost less than $1 million over five years.

Before a vote could be held, municipal leaders would be required to complete a financial study on the proposed network.

“The only limit this bill puts on the local governments is asking the citizens to vote on investments of over one million dollars,” Fraker told Ars. “Many feel government shouldn't compete with private companies unless the people of that government entity have good reason to.”

Ballot requirements often kill municipal broadband projects, according to attorney James Baller of the Baller Herbst Law Group. That group has been fighting attempts to restrict municipal broadband for years.

“While municipalities sometimes prevail in such referenda, they are time-consuming and burdensome, making public communications initiatives much more cumbersome than private initiatives,” Baller wrote in an FCC filing in 2014. “Moreover, in most cases, the incumbent communications providers vastly outspend municipalities and dominate the local news through their control of the local cable system.”

The exceptions in the Missouri bill are difficult if not impossible to meet, Mitchell said.

“I've called these a ‘leprechaun riding on a unicorn bill,’ which is to say, ‘you can do this action if you can bring a leprechaun riding on a unicorn,’ kind of like the whole knights who say Ni who force you to chop down a tree with a herring,” Mitchell said.

The exception for communities where fewer than 50 percent of residents have Internet access is “kind of fascinating,” he said. “It's kind of like, if the private sector is serving 80 percent of the town, the last 20 percent can just suck it.”

Restrictions like the ones proposed in Missouri can also prevent public/private partnerships, Mitchell said. “We saw this with Google when it was trying to figure out which cities it wanted to work with; it tended to stay away from states that had a lot of complication tied into them.”

FCC court case could wipe out state laws

The new Missouri bill is similar to one that was introduced a year ago but did not pass.

About 20 states have laws limiting municipal telecommunications services, but one court case could lead to some of the laws being wiped out. The Federal Communications Commission voted a year ago to preempt state laws in North Carolina and Tennessee. The states sued, but if a federal appeals court rules in the FCC’s favor, cities and towns in other states could petition the FCC to preempt similar laws.
http://arstechnica.com/tech-policy/2...uni-broadband/





What Happens when Google Doc Credentials are Leaked on the Dark Web

Guess what? People start looking at your documents
Jeremy Kirk

A security company recently laid tempting bait online in order to see how hackers would react. The findings aren't surprising but show how quickly leaked data is used by shady characters.

California-based Bitglass, which specializes in cloud-based security, created a fake digital identity for an employee of a non-existent bank.

The details included credentials for a Google Drive account, complete with real credit card details, fake corporate data and personal data, according to Bitglass' report.

The files were tagged with a tracker so Bitglass could obtain some technical data on systems that accessed it. They also created a fake banking site portal.

The experiment simulated what would happen if a person was "phished," or had their online credentials stolen in some kind of trick or cyberattack. Bitglass leaked the details to so-called Dark Web websites where cybercriminals mingle.

Unsurprisingly, the Google Drive credentials were used fairly quickly. Bitglass said there were three attempted logins to Google Drive in the first day and five attempted logins to the fake bank site.

Within two days, files were downloaded from the Google Drive account. Most of those who accessed Google Drive also tried to use the same credentials for the victim's other online accounts.

Twelve percent of those who accessed Google Drive tried to download the sensitive files there, and one also managed to crack an encrypted file.

Bitglass conducted a similar experiment a year prior where it found that people accessing the tagged documents rarely used the anonymity network Tor, short for the The Onion Router.

This year, however, 68 percent of those who accessed the Google Drive account used Tor. Still, that leaves more than a third who didn't take any protections to mask their real IP address, which means they're more likely to be traced.

The finding demonstrates that "hackers are becoming more security conscious and know to mask their IPs when possible to avoid getting caught," the company said.

Of the systems that did not use Tor, 35 percent of the logins came from Russia, with about 16 percent in the U.S. and 3.5 percent from China, Bitglass said.
http://www.csoonline.com/article/303...-dark-web.html





Supercomputer Quietly Puts U.S. Weather Resources Back On Top
Doyle Rice

In a nondescript office building here, one of the world’s most powerful weather supercomputers quietly hums on a 24/7 mission to analyze billions of pieces of data that ultimately will tell you whether you need a sweater or sunscreen when you leave the house.

Forecasts, critical not only for your wardrobe choices but for ship captains, airline pilots and shipping companies, depend on sophisticated data crunching and computer models, but three years ago European models delivered a blow to the U.S. weather apparatus. The European weather models accurately predicted the path and strength of the devastating Hurricane Sandy that hit the New Jersey coastline and caused $65 billion in damage.

Now, the U.S. is on the rebound with this monumental supercomputer that collects, processes and analyzes billions of observations from weather satellites, weather balloons, airplanes, buoys and surface stations from around the world to help meteorologists make better weather forecasts.

The brand-new Cray supercomputer — designed, owned and operated by the National Oceanic and Atmospheric Administration (NOAA) — processes 3 quadrillion calculations per second. If that sounds like a lot, it is — you'd need about 12,500 high-end laptops to get close to that kind of power. Still, the supercomputer is merely the 18th fastest in the U.S. and 42nd fastest in the world, Michaud said.

NOAA's purchase of the school-bus size device stemmed partly from competition from the top European weather model — better known in some circles by its acronym ECMWF (European Center for Medium-range Weather Forecasting). It predicted Sandy's now infamous and unusual left hook in 2012 days before the top American model — the GFS (Global Forecast System).

The one-two punch pushed the U.S. to invest $44.5 million to develop better forecasts. In a case of keeping up with the Joneses, the U.S. chose Seattle-based Cray to build its new supercomputer. The company is a leading maker of supercomputers worldwide and supplied the ones used by European weather agencies. NOAA installed the Reston computer and its backup twin in Orlando, a safe distance away in case of a natural disaster, late last year.

Together, they provide a 10-fold increase in computer power over previous systems and put American forecasting systems back on par or even above European ones, said University of Washington meteorologist Cliff Mass. "It's a huge improvement over what they had," he said.

Mass was highly critical of the federal government's lagging computing capacity in recent years and called it a "national embarrassment." One consideration he has is that the new computer resources should be used for critical tasks, such as high-resolution ensemble forecasts, and not wasted on legacy (older, underperforming) models, Mass said.

The tidal wave of data NOAA sifts through each day is equal to more than twice that contained in the entire printed collection of the Library of Congress, said David Michaud, director of the office of central processing at the National Weather Service, which is part of NOAA.

In this Washington, D.C., suburb, the supercomputer takes in current weather data around the world then uses models and mathematical equations to predict the forecast in the hours, days and weeks ahead. It displays its mission proudly: large photos of lightning bolts, a hurricane, a tornado, a snowstorm and other weather phenomena cover the computer's surface.

It's not all about the machines: Meteorologists refine and interpret the computer's predictions to make timely, accurate and reliable forecasts for specific cities and regions, from day-to-day weather to ferocious hurricanes, tornadoes, floods and blizzards.

The supercomputer, hidden behind a maze of unmarked doors, would work up a damaging sweat if it weren't for an extensive cooling and ventilation system and ice-cold water flowing through its internal pipes.

A combination of cool and dry prevents condensation. Water chilled to 45 degrees circulates throughout the massive computer. NOAA keeps the room's temperature dialed to 69-72 degrees with a relative humidity of 30-50%, said IBM's Travis McPhail, project manager at IBM Global Services.

In the months ahead, the supercomputer will focus on severe weather, storm surge and river forecasting, just in time for spring's flood season and summer's hurricane season. Its speed helps it process the enormous amount of data streaming into its lines so it can provide "more timely, accurate, and reliable forecasts," NOAA head Kathryn Sullivan said.

The supercomputer showed its prowess last month, predicting an East Coast blizzard with great accuracy days before the storm, said Louis Uccellini, director of the National Weather Service.

That's only a glimpse of what's to come.

"We expect to see better forecasts for hurricanes, severe weather, floods and other extreme events this year," Uccellini said.
http://www.usatoday.com/story/weathe...-ibm/80290546/





Does it Really Take 11 Producers to Win a Grammy?

Producer inflation may be a huge trend in music, but to win a Grammy, it seems you need to go the opposite way
Michael Barclay

Last week the Grammy Awards named Taylor Swift’s 1989 the Album of the Year. That particular award goes to the producer of the album—or, as is increasingly the case, producers, plural: 1989 boasted no fewer than 11 people taking credit for its success. That may seem like a lot of cooks in the kitchen, but some of Swift’s fellow nominees would disagree: Kendrick Lamar had 17 people credited as producers on critical favourite To Pimp a Butterfly, and Toronto’s The Weeknd had 15 on his breakthrough, Beauty Behind the Madness.

Those numbers are not an anomaly for a modern pop album, which often appear to be made by committee: just look at the most recent records by Rihanna (21 producers) and Justin Bieber (19 producers). Twenty years ago, blockbuster albums regardless of genre usually had no more than three producers: in 1995-96, bestselling records by Hootie and the Blowfish and Alanis Morissette—even the Waiting to Exhale soundtrack—all had only one producer. The one hip-hop album to ever win Album of the Year, in 1999, was credited solely to one producer: the artist herself, Lauryn Hill. In 2010, Taylor Swift only needed four producers to shepherd her album Fearless to a Grammy. Likewise, the first two times Eminem was up for Album of the Year, in 2001 and 2003, he had only five producers; in 2011 he had 16.

In the age of streaming and shuffle, few people sit down and listen to a full album anymore anyway—so who cares if it sounds like a dog’s breakfast? Grammy voters do. Notoriously conservative, as proven by Beck’s (self-produced) triumph over Beyoncé (13 producers) in 2015—they prefer albums meant to be consumed as a full listening experience, not a series of singles. And most Grammy winners keep it lean, even lately: everyone from Arcade Fire to Daft Punk, Herbie Hancock to the Dixie Chicks, have no more than two producers—and that’s counting the artists themselves as credited producers.

In fact, in the 48-year history of the awards, Swift’s 1989 becomes only the third non-compilation album credited to more than 10 producers to win Album of the Year. The first was Celine Dion’s Falling Into You in 1997 (14 producers); the second was Santana’s Supernatural in 2000 (13 producers).

Even having more than three producers on a Grammy-winning album is unusual: it’s only happened five other times, and all since 2003 (Adele, U2, Ray Charles, Norah Jones—and Swift’s Fearless). Before Mariah Carey’s 1991 nomination for her self-titled debut (with seven producers), you’d be hard pressed to even find an Album of the Year nominee with more than three people at the helm—though two Album-of-the-Year-winning soundtracks, Saturday Night Fever and The Bodyguard, were credited to 14 and 13 producers, respectively.

It’s a producer’s job to shape the sound of the music, decide on arrangements and which performance is best. Increasingly in pop and hip hop, the producer also makes the beats and writes the hook, leaving the lyrics up to the singer or rapper. A producer like Max Martin is considered essential to a hit record: since he broke through writing for the Backstreet Boys 20 years ago, he’s penned massive hits for Britney Spears, Kelly Clarkson, Katy Perry, Taylor Swift, Ariana Grande and Adele. Any aspiring pop star would be wise to blow their budget hiring Martin for one song—which is exactly what The Weeknd did (“Can’t Feel My Face”), and it worked. (The Weeknd also employed songwriter-producer Stephan Moccio, the Canadian behind huge hits for Céline Dion, Miley Cyrus and Nikki Yanofsky.)

In a music business that’s bleeding money, almost every pop album is a potpourri of the best talent money can buy, in pursuit of a hit song. 2015’s biggest song, Drake’s “Hotline Bling,” wasn’t attached to any album or accompanying marketing strategy. And it’s a myth that only pop, R&B and hip hop pile on the producers. Hit-hungry chart-chasers like Coldplay or late-period U2 also employ multiple pop producers to make themselves seem relevant.

As technology evolves and the very definition of a song has been redefined, how a song sounds is just as—if not more—important than its melody or chords. Which is why the roles of producers and songwriters have been conflated. In that sense, modern pop records are no different in their construction from the age-old model of Nashville or Motown or the Brill Building: throwing a bunch of songwriters together in an office and cherry-picking the best results for a star artist’s album.

The Grammys may reward parsimony. But everywhere else in the world—as Taylor Swift will be the first to tell you—a star needs a squad.
http://www.macleans.ca/culture/does-...-win-a-grammy/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

February 20th, February 13th, February 6th, January 30th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 12:51 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)