P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 24-09-14, 07:01 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - September 27th, '14

Since 2002


































"The internet poses one of the greatest threats to our existence." – Palmer United Party Senator Glen Lazarus


"FBI director James Comey's criticism closely tracked complaints earlier this week by Ronald T. Hosko, a former FBI assistant criminal division director who wrote in The Washington Post that Google's and Apple's policies would have resulted in the death of a hostage in a recent North Carolina kidnapping. The newspaper subsequently corrected Hosko's claims after concluding that the new encryption systems would not have hindered the FBI's rescue of the kidnap victim." – Ken Dilanian


"It is not extortion to demand that Comcast provide its own customers the broadband speeds they’ve paid for so they can enjoy Netflix. It is extortion when Comcast fails to provide its own customers the broadband speed they’ve paid for unless Netflix also pays a ransom." – Jonathan Friedland, Netflix


"It is idiot-proof and anonymous." – Patrick Gray






































September 27th, 2014




Radiohead Frontman Surprises with Album by File-Sharing
Shaun Tandon

Radiohead's ever-experimental frontman Thom Yorke on Friday released a surprise new album through computer file-sharing, testing a new way of revenue generation that he hopes can directly benefit musicians.

Called "Tomorrow's Modern Boxes," Yorke's second solo album is a melancholy, ambient composition whose layered but measured textures of electronic rifts reflect his frequent theme of the role of the individual in an increasingly industrialized world.

While the sound will be instantly familiar to Radiohead fans, Yorke chose a new way to sell the album -- over BitTorrent, the system to share large files between computers that has become notorious for the free swapping of copyrighted material.

"Tomorrow's Modern Boxes" breaks new ground by charging for the files, although the $6 price is less than most album sales.

"I am trying something new, don't know how it will go," Yorke wrote on Twitter as he suddenly released the album.

In a longer message, Yorke said that BitTorrent could allow artists -- who frequently complain of meager royalties -- to bypass "the self-elected gate-keepers" and sell their work directly.

"If it works well, it could be an effective way of handing some control of Internet commerce back to people who are creating the work," he said.

But Yorke admitted he was unsure the public will "get its head around" the idea. In an age when streaming and smartphones are transforming the music industry, BitTorrent relies on computers with "Tomorrow's Modern Boxes" unavailable on iTunes.

Radiohead has frequently experimented on distribution techniques, with the last album "The King of Limbs" self-released for downloading on the band's website before it went on general sale.

In 2007, Radiohead let customers name their own price when downloading "In Rainbows." A study later found that, while many fans paid, more people downloaded it -- for free -- on BitTorrent than from the band's website.

The latest innovative release comes weeks after mega-stars U2 took a different approach by releasing album "Songs of Innocence" for free on iTunes as part of a promotion with Apple.

- Dark sci-fi atmosphere -

"Tomorrow's Modern Boxes" further hones Radiohead's sound developed in the late 1990s on albums such as the seminal "Kid A," when the former guitar-driven alternative rockers turned to keyboards and classical theory with Yorke's voice subservient to the songs' greater atmosphere.

Yorke's keyboards duel throughout "Tomorrow's Modern Boxes" with a tighter rhythm section, as the dark and sometimes wobbly digitized chords impatiently toy with picking up the tempo.

The first track, "A Brain in a Bottle," sets the tone for the album with an accompanying video glaring at a disheveled Yorke from assorted angles before he retreats behind boxing gloves.

"Oh, what's that seeking us? Steel hands have come to talk to us. Take me back," Yorke sings over an electronic backdrop that produces an air of science fiction.

Yorke similarly rues the direction of modernization on "Interference," in which he sings, "In the future, we will change our numbers and lose contact / In the future, leaves will turn brown when we want them."

"Tomorrow's Modern Boxes" gradually shifts into long instrumental sections, with pulsating keyboards that would be at home on the hazy floor of a trance set -- even if the pace is barely danceable.

The album could be followed by fresh Radiohead work.

Yorke recently sent out a series of cryptic tweets hinting at a new album -- including a link to an untitled picture of a white turntable.

While the picture could have foreshadowed "Tomorrow's Modern Boxes," Yorke also indicated that he has spent two days in the studio with longtime Radiohead collaborator Stanley Donwood.
https://news.yahoo.com/radioheads-th...231048013.html





Canberra's Wi-Fi Network to Block File Sharing P2P Traffic
Andrew Colley

ISP iiNet will block peer-to-peer file sharing on the free wi-fi network it has been contracted to build and operate for the ACT Government, in a bid to prevent users breaching its usage conditions.

The ACT Government has confirmed with iTnews that it has given Australia’s third largest broadband provider permission to block peer-to-peer file sharing traffic.

A spokeswoman for the Chief Minister of the ACT’s Treasury and Economic Development Directorate Kathy Leigh said that iiNet had sought to permission to block file sharing on CBRfree.

“During negotiation of the contract, iiNet requested blocking of certain types of traffic generally considered to be bandwidth intensive and not in the spirit of free public wi-fi,” the spokeswoman said.

She added that other types of peer-to-peer applications focused on social networking, including Skype, Facebook, Whatsapp and Viber remained “types of activity that both iiNet and the Territory see as appropriate uses of CBRfree”.

The ACT has also requested that the iiNet provide the means to filter “content considered inappropriate for publicly supported service”. However, it said that aside from Interpol’s child abuse material list “no request to actively filter content of any kind has been made”.

The ISP aims to deploy over 700 wireless access points across 12 business districts in the territory by June next year.

The ACT Government revealed it would spend about $2.5 million on the final design of the network in a redacted version of its contract with iiNet published on its tender site.

The ACT Government’s overall spend has been reported to be around $4 million over five years.

The ACT’s contract with iiNet contained long list of activities considered to be “unlawful” uses of CBRfree including:

• gaining access to any material that is pornographic, offensive or objectionable;
• engaging in any conduct that offends Federal or Territory laws and regulations;
• bullying or harassment (sexually or otherwise) of another person;
• engaging in any defamatory message - including reading and then forwarding a message of which you are not the author;
• sending or forwarding any material that is abusive, sexist, racist, pornographic, offensive or otherwise illegal; and
• engaging in activities of an illegal or fraudulent nature.

It also prohibits using the service for “anonymous peer to peer file sharing, television restreaming, hosting of internet services or services, unauthenticated email”.

Mr Bader said that there was scope to increase the level of filtering on CBRfree but warned that it was difficult to be 100 percent effective blocking pornography.

At this stage, he said, the ACT was content with a level equivalent to that applied to 4G mobile networks.

“With all our large customers that consume IP, we provide filtering capability – base line is the really bad stuff and it goes up from there. We have some customers that are very restrictive - think schools for example.

“The ACT government is no different. It’s largely the customers call as to what we activate outside of base line – at this stage they will be adopting a ‘lite’ approach to filtering,” Mr Bader said.

In May, Telstra announced it would spend $100 million rolling out 8000 hot spots to be part of a commercial wi-fi network.

Telstra declined to comment on its usage policy for its wi-fi network.

“We are not in a position to give an update about our wi-fi roll out at this stage. We will come back to you when we have more information to share,” a Telstra spokesman said.
http://www.itnews.com.au/News/392353...p-traffic.aspx





Terror Laws Clear Senate, Enabling Entire Australian Web to be Monitored and Whistleblowers to be Jailed
Ben Grubb

Australia's spy agency could soon have the power to monitor the entire Australian internet after new anti-terrorism laws passed the Senate on Thursday night.

Australian spies will soon have the power to monitor the entire Australian internet with just one warrant, and journalists and whistleblowers will face up to 10 years' jail for disclosing classified information.

The government's first tranche of tougher anti-terrorism bills, which will beef up the powers of the domestic spy agency ASIO, passed the Senate by 44 votes to 12 on Thursday night with bipartisan support from Labor.

The bill, the National Security Legislation Amendment Bill (No. 1) 2014, will now be sent to the House of Representatives, where passage is all but guaranteed on Tuesday at the earliest.

Anyone - including journalists, whistleblowers and bloggers - who "recklessly" discloses "information ... [that] relates to a special intelligence operation" faces up to 10 years' jail.

Any operation can be declared "special" by an authorised ASIO officer

This also gives ASIO immunity for criminal and civil liability in certain circumstances.

Many, including lawyers and academics, have said they fear the agency will abuse this power.

Those who identify ASIO agents could also face a decade in prison under the new bill, a tenfold increase on the existing maximum penalty.

The new bill also allows ASIO to seek just one warrant to access a limitless number of computers on a computer network when attempting to monitor a target, which lawyers, rights groups, academics and Australian media organisations have condemned.

They said this would effectively allow the entire internet to be monitored, as it is a "network of networks" and the bill does not specifically define what a computer network is.

ASIO will also be able to copy, delete, or modify the data held on any of the computers it has a warrant to monitor.

The bill also allows ASIO to disrupt target computers, and use innocent third-party computers not targeted in order to access a target computer.

Professor George Williams of the University of NSW has warned previously the bill was too broad.

And, unlike the government's controversial plans to get internet providers to store metadata for up to two years, the bill passed on Thursday allows for the content of communications to be stored.

Most groups that had complained about the new bill also said they feared its disclosure offences went too far, with the Australian Lawyers Alliance saying they would have "not just a chilling effect but a freezing effect" on national security reporting.

Attorney-General George Brandis did not seek to allay their concerns on Thursday but said that, in a "newly dangerous age", it was vital that those protecting Australia were equipped with the powers and capabilities they needed.

When the bill passed on Thursday night, he said it was the most important reform for Australia's intelligence agencies since the late 1970s.

On Wednesday afternoon, Senator Brandis confirmed that, under the legislation, ASIO would be able to use just one warrant to access numerous devices on a network.

The warrant would be issued by the director-general of ASIO or his deputy.

"There is no arbitrary or artificial limit on the number of devices," Senator Brandis told the Senate.

However, Senator Brandis did say on Thursday that the new bills did not target journalists specifically, despite concerns from media organisations that they would be targets.

The new legislation instead targeted those who leaked classified information, such as the former US National Security Agency contractor Edward Snowden, Senator Brandis said.

"These provisions have nothing to do with the press."

Despite this, Senator Brandis refused to say whether reporting on cases similar to Australia's foreign spy agency ASIS allegedly bugging East Timor's cabinet and the Australian Signals Directorate tapping the Indonesian president and his wife's mobile phone would result in journalists or whistleblowers being jailed.

The Australian Greens, through Senator Scott Ludlam, put forward an amendment that would limit the number of computers ASIO could access with one warrant to 20 but it failed to gain support from Labor or the government.

Speaking after the bill passed, Senator Ludlam told Fairfax Media he was disappointed.

"What we've seen [tonight] is, I think, a scary, disproportionate and unnecessary expansion of coercive surveillance powers that will not make anybody any safer but that affect freedoms that have been quite hard fought for and hard won over a period of decades," Senator Ludlam said.

"I have very grave concerns about the direction that the Australian government seems to be suddenly taking the country."

Independent Senator Nick Xenophon and Liberal Democratic Senator David Leyonhjelm also put forward amendments that would protect whistleblowers but these did not gain enough support either.

The legislation, which also covers a number of other issues, addresses many of the recommendations of a joint parliamentary inquiry into Australia's national security laws.

After concerns were raised by Labor and Senator Leyonhjelm, the government agreed to amend the legislation to specifically rule out ASIO using torture.

"ASIO cannot, does not and has never engaged in torture," Senator Brandis said.

The Palmer United Party was also successful in amending the law so anyone who exposes an undercover ASIO operative could face up to 10 years behind bars instead of one.

"The internet poses one of the greatest threats to our existence," Palmer United Party Senator Glen Lazarus said, speaking out against Senator Ludlam's amendment.

The Australian Greens voted against the bill, slamming the new measures as extreme and a "relentless expansion of powers" of the surveillance state.

Senator Leyonhjelm and Senator Xenophon also opposed the legislation, as did independent Senator John Madigan.

One of the amendments put forward by Senator Xenophon would have required ASIO's watchdog, the Inspector-General of Intelligence and Security, to report publicly each year on how many devices ASIO accessed.

But Labor and the government voted against it, with Senator Brandis saying it "would not be appropriate" to report figures as it would reveal information about ASIO's capabilities.

The legal changes come amid growing concern over Islamic State extremists in the Middle East and terrorism threats at home.

Islamic State (also known as ISIL) has ordered followers to target civilian Australians.

In less than a week, police in two states launched the biggest counter-terrorism raids in Australia's history, and shot dead a known terrorist suspect after he stabbed two officers in Melbourne.

A second anti-terrorism bill targeting foreign fighters was introduced in the Senate on Wednesday and will be debated next month.

These changes have opposition support and would make it a criminal office to travel to a terrorist hot-spot without a reasonable excuse.

A third bill enabling the collection of internet and phone metadata for a period of up to two years for warrantless access by law-enforcement and spy agencies will be introduced later this year.
http://www.smh.com.au/digital-life/c...26-10m8ih.html





TOR Users Become FBI's No.1 Hacking Target After Legal Power Grab

Be afeared, me hearties, these scoundrels be spying our signals
John Leyden

The FBI wants greater authority to hack overseas computers, according to a law professor.

A Department of Justice proposal to amend Rule 41 of the Federal Rules of Criminal Procedure would make it easier for domestic law enforcement to hack into the computers of people attempting to protect their anonymity on the internet.

The change in search and seizure rules would mean the FBI could seize targets whose location is "concealed through technological means", as per the draft rule (key extract below). Concealed through technological means is legal speak for hosted somewhere on the darknet, using Tor or proxies or making use of VPN technology.

Authority to Issue a Warrant. At the request of a federal law enforcement officer or an attorney for the government: (6) a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if: (A) the district where the media or information is located has been concealed through technological means; or (B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.

The DoJ has said that the amendment is not meant to give courts the power to issue warrants that authorise searches in foreign countries.

However the "practical reality of the underlying technology means doing so is almost unavoidable", according to Ahmed Ghappour, a visiting professor at UC Hastings College of the Law.

Ghappour argues that the proposals would result in "broadest expansion of extraterritorial surveillance power since the FBI’s inception".

Asked whether the FBI enhanced extraterritorial power might encroach on the NSA's turf, Ghappour told El Reg that the issue goes further than that and might also affect the US State Department and CIA. "Uncoordinated unilateral 'cyber' ops by FBI may interfere with US foreign affairs (or covert ops)," he said. Security experts think Ghappour may well be onto something on this point.

"Malware from the FBI to, say, Syria could very well trigger congressional investigations," noted Matthew Green, an assistant research professor who lectures in computer science and cryptography at Johns Hopkins University, in an update to his Twitter account.

The FBI reportedly used malware to identify users sharing child abuse images on the dark net as part of its bust of Freedom Hosting last year. In addition, LulzSec kingpin-turned-FBI snitch Hector Xavier “Sabu” Monsegur reportedly led cyber-attacks against foreign governments while under FBI control, so there's evidence that the FBI is already involved in overseas cyber-ops of one form or another. Viewed from this perspective, the proposed DoJ changes would involve regulating actions and operations that are already taking place.

Professor Ghappour - who also serves as director of the Liberty, Security and Technology Clinic – has put together a detailed blog post at ‪justsecurity.org‬ breaking down the DoJ's proposal here.
http://www.theregister.co.uk/2014/09...acking_powers/





Tor Challenge Inspires 1,635 Tor Relays
Rainey Reitman

Good news for whistleblowers, journalists, and everyone who likes to browse the Internet with an added cloak of privacy: the Tor network got a little stronger. Tor—software that lets you mask your IP address—relies on an international network of committed volunteers to run relays to help mask traffic. And that network is stronger now, thanks to the 1,000+ volunteers who participated in our second-ever Tor Challenge.

The goal of the Tor Challenge is simple: to improve the Tor network by inspiring people to run relays. These relays are the backbone of the Tor network; they're the machines that actually forward and anonymize Tor users' communications. We also see this Challenge as an opportunity to educate people about the value of Tor, address common misconceptions about Tor, and give technically oriented folks a concrete, somewhat measurable way of promoting freedom and privacy online.

This is the second time we’ve held this challenge, and the outpouring of support from the technical community far exceeded our hopes. When launching this campaign in June, we were hoping to surpass 549 participating relays—the total number of relays that took part in the challenge in 2011. And that was an ambitious number; 2011 was during the Arab Spring, and the EFF Tor Challenge was one small way that technologists could lend support to democratic activists who relied on Tor to organize and reach the larger Web. We hoped that this year we’d be able to inspire just as much participation.

The results far outstripped our hopes: we had nearly three times as many participating relays. That’s over 1,600 relays—either new or increased in bandwidth—helping to strengthen the Tor network.

Here’s a breakdown of the results:

Tor Challenge 2011 Tor Challenge 2014

Exit Relays 123 326
Middle Relays 299 1203
Bridges 127 106
Total Participating Relays 549 1,635

One of the reasons this campaign was so successful was that we teamed up with three other organizations: the Free Software Foundation, Freedom of the Press Foundation, and the Tor Project. These organizations’ promotional efforts were key to the campaign’s success.

The other key? Over 1,000 individuals who cared enough to help contribute bandwidth to the Tor network. Our gratitude goes out to each of the participants. Thanks for making the Internet a little more private and a bit more resistant to censorship.
https://www.eff.org/deeplinks/2014/0...635-tor-relays





Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying
Kim Zetter

The National Security Agency has some of the brightest minds working on its sophisticated surveillance programs, including its metadata collection efforts. But a new chat program designed by a middle-school dropout in his spare time may turn out to be one of the best solutions to thwart those efforts.

Prompted by Edward Snowden’s revelations about the government’s intrusive surveillance activities, loosely knit citizen militias of technologists and security professionals have cropped up around the world to develop systems to protect us from government agencies out to identify us online and grab our communications.

John Brooks is now among them.

Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. The program, which he dubbed Ricochet, began as a hobby. But by the time he finished, he had a full-fledged desktop client that was easy to use, offered anonymity and encryption, and even resolved the issue of metadata—the “to” and “from” headers and IP addresses spy agencies use to identify and track communications—long before the public was aware that the NSA was routinely collecting metadata in bulk for its spy programs. The only problem Brooks had with the program was that few people were interested in using it. Although he’d made Ricochet’s code open source, Brooks never had it formally audited for security and did nothing to promote it, so few people even knew about it.

Then the Snowden leaks happened and metadata made headlines. Brooks realized he already had a solution that resolved a problem everyone else was suddenly scrambling to fix. Though ordinary encrypted email and instant messaging protect the contents of communications, metadata allows authorities to map relationships between communicants and subpoena service providers for subscriber information that can help unmask whistleblowers, journalists’s sources and others. It’s not just these kind of people whose privacy is harmed by metadata, however; in 2012 it was telltale email metadata that helped unmask former CIA director and war commander General David Petraeus and unravel his affair with Paula Broadwall.

With metadata suddenly in the spotlight, Brooks decided earlier this year to dust off his Ricochet program and tweak it to make it more elegant—he knew he’d still have a problem, however, getting anyone to adopt it. He wasn’t a known name in the security world and there was no reason anyone should trust him or his program.

Enter Invisible.im, a group formed by Australian security journalist Patrick Gray. Last July, Gray announced that he was working with HD Moore, developer of the Metasploit Framework tool used by security researchers to pen-test systems, and with another respected security professional who goes by his hacker handle The Grugq, to craft a secure, open-source encrypted chat program cobbled together from parts of existing anonymity and messaging systems—such as Prosody, Pidgin and Tor. They wanted a system that was highly secure, user friendly and metadata-free. Gray says his primary motivation was to protect the anonymity of sources who contact journalists.

“At the moment, when sources contact a journalist, they’re going to leave a metadata trail, whether it’s a phone call record or instant message or email record [regardless of whether or not the content of their communication is encrypted],” he says. “And that data is currently accessible to authorities without a warrant.”

When Brooks wrote to say he’d already designed a chat program that eliminated metadata, Gray and his group took a look at the code and quickly dropped their plan to develop their own tool, in favor of working with Brooks to develop his.

“He writes incredible code,” Gray says, “and really thinks like a hacker, even though he doesn’t have a security background.”

Brooks, who moves around a lot but currently resides with his parents in Utah, has been working as a contract software engineer developing a Linux-based smartphone for the Finnish firm Jolla.

Why It May Be Better Than the Competition

Although a number of encrypted communications solutions already exist for email and chats, many are not entirely secure or are difficult to use. What’s more, few solutions purport to eliminate the metadata problem. Ricochet’s absence of metadata, and its ease of use, means it has a good chance of going mainstream in a way others have not.

Wickr, for example, is a competing encrypted chat program that doesn’t preserve the communication or metadata of users, so there’s nothing recorded by default for spy agencies or law enforcement to collect from Wickr with a court order. But unlike Ricochet, it uses central servers to transmit the communication, which Brooks says make users vulnerable to timing attacks. Anyone tapping the connections to Wickr’s servers could conceivably map the parties who are communicating and establish relationships between them.

“[i]ntel agencies can watch the traffic going in and out, and just the timing of those messages will probably be enough to tell you which IP address is talking to this IP address,” Brooks notes.

Wickr CEO Nico Sell says the company has implemented a number of solutions, including proprietary ones that she declined to identify, that prevent timing attacks from occurring. So far, however, Wickr is only available for the mobile platform, though Sell says they’re expanding to other platforms soon.

Tox is another solution that isn’t ideal in its current state. A protocol developed by members of the 4Chan forum, it uses peer-to-peer technology to securely transmit files, text, and voice communication. But it has at least one problem.

“Tox pushes [secure communication] forward in that there’s not really a central server…but as it’s currently designed, it allows a direct IP-to-IP connection [that can be tracked],” says Gray. “That’s the problem with this whole anonymous space. Nine out of ten people who are trying to do it don’t really know what the problem is. The problem is metadata.”

Brooks says he’s surprised it has taken this long to address the metadata problem; though given that user-friendly email encryption is still something developers have yet to perfect, it perhaps shouldn’t be a surprise.

“We should have had [content encryption] figured out fifteen years ago,” he says. “It’s embarrassing as a securing industry that…we’re scrambling to [get it right] now. But the metadata is something fairly new and very challenging and something we’re only figuring out now.”

How Ricochet Works

To build Ricochet, Brooks patterned his program on something that already existed—TorChat, a peer-to-peer instant messaging program released in 2007 that used Tor hidden services to transmit communications. TorChat had a number of implementation problems when it came out, however, and has largely been abandoned by users and its developers. Brooks vastly improved the concept.

Ricochet doesn’t communicate with central servers like Wickr and doesn’t allow direct connections like Tox. Instead, each desktop client operates as a Tor hidden service and uses the Tor network to transmit encrypted and anonymous communication. The client generates a random 16-character public key or ID to authenticate the user and establish the channel for secure communication in a simple way that doesn’t require users to install Tor separately. Generating the public key occurs with a single click, and the key is stored on the user’s machine, or on a USB drive so a user can communicate with Ricochet from different machines.

“It is idiot-proof and anonymous,” says Gray.

When someone wants to communicate with another Ricochet user, their client reaches out through the Tor network to arrange a rendezvous point. The client first connects anonymously via three hops to a Tor relay, which doesn’t know where the connection originated. That relay looks up the other person’s Ricochet client ID—published by the person in their Twitter profile or email signature—and obtains a list of other Tor relays that can be used to reach out to the other party’s Ricochet client—a list that changes every 24 hours. When the message reaches the other Ricochet client indicating a neutral relay for the rendezvous, the two clients meet there to exchange communication. But at any time, there are at least six relays between the two users, three on each side.

The first relay is the only one that knows your IP address, but it doesn’t know the ID of your Ricochet client and can’t match your IP address to that ID. It also doesn’t know the Ricochet ID of the person you’re trying to contact. That only gets revealed to the relay three hops down the line from you, which peels off a layer of the Tor encryption to reveal the ID.

“If you have two people communicating and someone is [passively] monitoring one or the other party, this will protect them,” Moore says. “Unless someone is [directly] monitoring that person and you at the same time, it will be very hard to identify the communication.”

“At no point do you ever contact anyone directly,” Brooks says. “There is no way you could find my IP address or anything about who I am or where I am.”

Ricochet is already available for download as a binary. But Brooks has been revamping the custom protocol Ricochet uses to make it more secure before they release a new version in November. Invisible.im recently got $10,000 from Blueprint for Free Speech, an Australian non-profit, to fund Brooks’ development costs and with that group as a fiscal sponsor now, Invisible.im can also apply for grants as an NGO.

The new version of Ricochet they plan to release in November will use the revamped protocol and have a file-transfer feature. Although the code hasn’t undergone a proper security audit yet, the group is negotiating with a code-review firm to run a scan on the completed program, and they plan to conduct a full security audit once the revamped protocol is done. They don’t anticipate any surprises, though.

“John writes good code, so we’re not expecting a horror show,” Gray says.

They also eventually want to add another layer of encryption on top of the existing Tor encryption—given that the NSA has reportedly been trying for years to crack Tor—as well as more features to authenticate users.

When it’s all done, Gray says Ricochet will have “meaningfully” advanced the state of communications privacy.

He notes that their aim, however, isn’t to stop the NSA from tracking legitimate national security threats but to simply prevent people “from leaving vast trails” of what should be considered private data.

“It’s a matter of being able to have some confidence that a conversation you’re having is private. If the NSA is already targeting you, you’re screwed,” he says, because the NSA likely already knows who you are and has compromised your computer. “But this is about stopping the wholesale violation of privacy and making it harder for people who shouldn’t have access to this information from having access to it.”
http://www.wired.com/2014/09/new-enc...ting-metadata/





FBI Chief: Apple, Google Phone Encryption Perilous
Ken Dilanian

The FBI director on Thursday criticized the decision by Apple and Google to encrypt smartphones data so it can be inaccessible to law enforcement, even with a court order.

James Comey told reporters at FBI headquarters that U.S. officials are in talks with the two companies, which he accused of marketing products that would let people put themselves beyond the law's reach.

Comey cited child-kidnapping and terrorism cases as two examples of situations where quick access by authorities to information on cellphones can save lives. Comey did not cite specific past cases that would have been more difficult for the FBI to investigate under the new policies, which only involve physical access to a suspect's or victim's phone when the owner is unable or unwilling to unlock it for authorities.

"What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law," Comey said. At another point, he said he feared a moment when "when people with tears in their eyes look at me and say, 'What do you mean you can't?'"

Comey said he was gathering more information about the issue and would have more to say about it later.

An FBI spokesman Thursday was not able to immediately amplify Comey's remarks.

Both Apple and Google announced last week that their new operating systems will be encrypted, or rendered in code, by default. Law enforcement officials could still intercept conversations but might not be able to access call data, contacts, photos and email stored on the phone.

Even under the new policies, law enforcement could still access a person's cellphone data that has been backed up to the companies' online-storage services. They could also still retrieve real-time phone records and logs of text messages to see whom a suspect was calling or texting, and they could still obtain wiretaps to eavesdrop on all calls made with the phones.

Apple, in an explanation of its new policy, says on its website that on devices running its new operating system, "your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession. ..."

Comey's criticism closely tracked complaints earlier this week by Ronald T. Hosko, a former FBI assistant criminal division director who wrote in The Washington Post that Google's and Apple's policies would have resulted in the death of a hostage in a recent North Carolina kidnapping.

The newspaper subsequently corrected Hosko's claims after concluding that the new encryption systems would not have hindered the FBI's rescue of the kidnap victim in Wake Forest, North Carolina. In that case, the FBI pulled telephone records associated with the number used to contact the victim's family for the ransom demand, retrieved other connected toll records and eventually obtained a traditional wiretap to eavesdrop on the kidnappers' conversations and locate and rescue the victim.

The only telephone physically seized in the North Carolina case belonged to a woman accused in the plot, after the hostage was already rescued. Authorities had tried to seize the cell phone from one of the alleged plotters, Kevin Melton, but he smashed it to pieces inside his prison cell on April 9, roughly four hours before the FBI rescued the victim in an Atlanta apartment.

A spokeswoman for Apple and spokesman for Google did not immediately return phone messages from The Associated Press. Google previously said in a statement that its Android phones have offered encryption for three years, but it was being turned on by default in the next release of its operating system.
http://www.mercurynews.com/business/...ption-perilous





How Two Men Unlocked Modern Encryption

The idea of public-key cryptography is surprisingly simple, once you've figured it out.
Sarah Laskow

In September of 1974, when he was 30 years old, Whitfield Diffie was obsessed with cryptography. So obsessed that he was criss-crossing the country trying to talk to anyone who could help him expand his ideas. He'd moved to California a few years before to work at a Stanford artificial intelligence lab, and, in the end, it was at Stanford where he found Martin Hellman. Hellman would later describe that meeting to the journalist Stephen Levy as "an immediate meeting of the minds." Within two years the two men would speed towards "the brink of a revolution in cryptography." And in 1976 they published the paper describing public key cryptography—a system used in everything from Blackberries to financial transactions.

The idea of public-key cryptography is surprisingly simple. For centuries, codes depended on private keys—the secret to translating information into code and back out again, into a readable form—that had to be agreed on before information was sent from one person to another. The problem was that, somehow, both parties needed to get ahold of the key. Often that meant having a courier shuttle it around. The system that Diffie and Hellman described solved that problem by splitting the key in two, a public key and a private key.

A public key system depends on relatively simple mathematical operations that are easy to perform and easy to reverse with the key information but extremely time consuming and difficult to reverse engineer without it. (For example, RSA, a more complete public key system conceived by a team of researchers at MIT shortly after Diffie and Hellman presented their idea, involved the two prime factors of a 125 or 126 digit number: It's almost impossible to derive the two factors from the resulting number.) Because it's so difficult to reverse engineer these operations, the key that encodes the material can be shared on insecure channels. Using the public key, anyone can encode information and send it on, but only the holder of the private half of the key could decrypt it.

Since 1976, this idea has become the basis for the systems that makes it possible for the internet to operate with some measure of security at all. It's built into, for instance, the internet protocols SSL/TSL. If you've ever made a financial transaction of any sort over the internet or used a Blackberry you've depended, at least in part, on public key cryptography. It's also built into the encryption systems, like PGP, that internet users depend on for sending secure messages online.

There was a moment, Diffie told Levy (who reported and wrote extensively on what did become a revolution in cryptography), when the answer he was searching for almost slipped out of his mind:

"The thing I remember distinctly is that I was sitting in the living room when I thought of it the first time and then I went downstairs to get a Coke and I almost lost it," he says. "I mean, there was this moment when - I was thinking about something. What was it? And then I got it back and didn't forget it."

If he had forgotten it though, the problem of public key cryptography wouldn't still be puzzling us. Diffie and Hellman weren't the only ones working on this problem; another team of researchers would almost certainly have come upon the same solution soon enough. And, although Diffie and Hellman were the first to tell the world how public key cryptography could work, they weren't actually the first to figure it out. It later came out that a British intelligence agency had put together all the main elements of public key cryptography by 1975—the agency just didn't reveal that its researchers had been there first until 1997.
http://www.theatlantic.com/technolog...yption/380520/





China Clamps Down on Web, Pinching Companies Like Google
Keith Bradsher and Paul Mozur

Google’s problems in China just got worse.

As part of a broad campaign to tighten internal security, the Chinese government has draped a darker shroud over Internet communications in recent weeks, a situation that has made it more difficult for Google and its customers to do business.

Chinese exporters have struggled to place Google ads that appeal to overseas buyers. Biotechnology researchers in Beijing had trouble recalibrating a costly microscope this summer because they could not locate the online instructions to do so. And international companies have had difficulty exchanging Gmail messages among far-flung offices and setting up meetings on applications like Google Calendar.

“It’s a frustrating and annoying drain on productivity,” said Jeffrey Phillips, an American energy executive who has lived in China for 14 years. “You’ve got people spending their time figuring out how to send a file instead of getting their work done.”

The pain is widespread. Two popular messaging services owned by South Korean companies, Line and Kakao Talk, were abruptly blocked this summer, as were other applications like Didi, Talk Box and Vower. American giants like Twitter and Facebook have long been censored by China’s Great Firewall, a system of filters the government has spent lavishly on to control Internet traffic in and out of the country.

Even as Google and other big technology companies have lobbied heavily for an easing of the restrictions, Beijing’s broader scrutiny of multinationals has intensified. In late July, antimonopoly investigators raided Microsoft offices in four Chinese cities to interrogate managers and copy large amounts of data from hard drives. Qualcomm, a big maker of computer chips and a holder of wireless technology patents, faces a separate antimonopoly investigation.

The increasingly pervasive blocking of the web, together with other problems like severe air pollution in China’s urban centers, has led some businesses to transfer employees to regional hubs with more open and speedier Internets, like Singapore. And more companies are considering similar moves.

“Companies overlooked Internet problems when the economy was booming,” said Shaun Rein, managing director of the China Market Research Group, a Shanghai consulting firm. “But now a lot of companies are asking whether they really need to be in China.”

The chief technology officer of a start-up in China said it had been especially difficult to use Google Drive this summer, making it a challenge for employees to share files and documents.

“We were hooked on collaborative editing,” said the chief technology officer, who insisted on anonymity for fear of reprisal from the Chinese authorities. “You can edit a Word document or spreadsheet together and everything is kept in sync — that way our management could track the status of the products we were working on.”

As Alibaba’s initial public offering of stock in New York on Thursday demonstrated, China has produced many highly successful web businesses. But many executives and researchers say that a number of homegrown Internet services are poor substitutes for the multinationals’ offerings.

Jin Hetian, an archaeologist in Beijing, said it was difficult to do research using Baidu, a local search engine that has limitations for searches in English and other non-Chinese languages and that provides fewer specialized functions. “I know some foreign scientists are studying the rings of ancient trees to learn about the climate, for example, but I can’t find their work using Baidu,” Ms. Jin said. “When in China, I’m almost never able to access Google Scholar, so I’m left badly informed of the latest findings.”

Kaiser Kuo, a spokesman for Baidu, said the company focused on indexing websites written in Chinese, since most of its customers are Chinese speakers.

Access to some overseas academic sites has also been blocked. A Peking University professor was recently unable to file a letter of recommendation for a student applying to study at an American university because China had blocked the school’s website, said a physics researcher at Peking University who insisted on anonymity for fear of retaliation by the Chinese authorities.
Continue reading the main story

Google had a third of China’s market for Internet searches in 2009, before Chinese censors began blocking more and more searches from reaching Google’s servers. Google’s share is now down to 10.9 percent.

Google’s troubles in China have been building up for years.

The company shut down its servers in mainland China in March 2010 to avoid online censorship and began directing users in China to obtain unfiltered results from its servers in Hong Kong. The Chinese government then began intermittently blocking the Hong Kong servers as well, notably by halting the ability to reach the site for up to 90 seconds if a user tried to enter anything on a very long list of banned Chinese characters, including those in national leaders’ names, and some English words.

Google began encrypting users’ searches and results all over the world early this year, partly in response to the former National Security Agency contractor Edward J. Snowden’s disclosures about United States government surveillance. That shift by Google — using Internet addresses that start with “https” — made it harder for Chinese censors to determine who was pursuing the types of inquiries that they discourage.

But the Chinese government responded on May 29 by blocking virtually all access to Google websites, instead of just imposing 90-second delays when banned search terms were used. Experts initially interpreted the move as a security precaution ahead of the 25th anniversary of the Tiananmen Square crackdown on June 4. But the block has largely remained in place ever since.

“Internet security is being raised to a much higher degree,” said Xiao Qiang, a specialist in Chinese Internet censorship at the University of California, Berkeley, School of Information. “It overrides the other priorities, including commerce or scientific research.”

The Chinese authorities typically allow a tiny fraction of searches and other Google activities to go through normally each day, with a slightly higher percentage being completed from mobile devices than from other devices. The government even unblocks Google for several hours roughly once a month, before reblocking it.

Because censors permit a trickle of traffic to reach Google’s servers in Hong Kong, many Chinese users keep reloading their Google pages again and again in the hope of getting through. This is creating an impression among many Chinese users, which state-controlled media have done little to dispel, that the problem must lie in shoddy Google service and not in the government’s blocking of most Google activity.

“We’ve checked extensively, and there’s nothing technically wrong on our end,” said Taj Meadows, a spokesman at the company’s Asia headquarters, in one of Singapore’s most expensive harbor-front office buildings.

Mr. Meadows declined to provide any comment on the blocking, except to say that Google was still focused on selling mobile and display ads in China and on providing ads and other services to Chinese businesses seeking to attract global consumers.
.
China’s crackdown on foreign Internet services coincides with two trends. One lies in the country’s growing worries about domestic terrorism, particularly after a series of deadly attacks at train stations this year. The other is ever-rising nationalism, directed primarily at Japan but also at Japan’s allies, notably the United States.

President Xi Jinping of China, who is also the Communist Party chief, has made clear that he wants to maintain the party’s primacy. He has signaled the importance he places on controlling the Internet by personally taking the top position in the party‘s leading group on cybersecurity.

Internet users have tried any number of workarounds in China, with varying degrees of success.

Mr. Phillips, the energy executive, said some of his friends in China used Outlook email instead of Gmail because Outlook email tended not to be blocked. But he voiced reluctance to switch his own email account after seeing media reports of the government raids on Microsoft’s offices. “What if they get blocked next? You can’t keep switching services all the time.”

Frustrated users have often resorted to “virtual private network,” or V.P.N., services to evade China’s Internet filters. But those services, too, have come under concerted attack from the authorities, who have interrupted service to them with increasing frequency. Many ordinary citizens cannot afford or obtain access to V.P.N.s to begin with.

In the meantime, Google’s business continues to erode. Its share of the Chinese search engine market fell to 10.9 percent in the second quarter of this year, as the stepped-up blocking began to take effect — compared with one-third in 2009, when it still had servers there.

Google’s problems extend far beyond search. Its application store, called Google Play, is only partly accessible in China.

That has led to the rise of a number of locally run application stores, which analysts say will sometimes market pirated copies of software or charge extra to promote a new application. Companies are often forced to create versions of their apps for China that are slightly different from the versions distributed to the rest of the world on Google’s app store.

“Because Google Play has low market share” in the Chinese market, “app publishers who have applications worldwide on Google Play don’t receive the proportionate share of users in China without publishing to local Android stores, even if they have localized Chinese versions,” said Bertrand Schmitt, chief executive of App Annie, a company that tracks global app distribution.

Google also hosts publicly available libraries of coding scripts and fonts on its servers, but China now blocks these libraries. The chief technology officer at the start-up said his company had resorted to creating its own libraries and hosting them on its own servers, wasting costly computing power and space.

“We have our own closed server in the office and host things there,” he said. “That’s not going to the cloud; it’s like going back to the early 2000s.”
________

Choe Sang-Hun contributed reporting from Seoul, South Korea, and Austin Ramzy from Taipei, Taiwan. Huang Shaojie contributed research from Beijing.

http://www.nytimes.com/2014/09/22/bu...ke-google.html





DuckDuckGo Joins Google in Being Blocked in China
Steven Millward

Privacy-oriented search engine DuckDuckGo is now blocked in China. We noticed this over the weekend, and on Sunday DuckDuckGo founder and CEO Gabriel Weinberg confirmed to Tech in Asia that the team has noticed the blockage in China:

@SirSteven @duckduckgo @jasonqng we did get blocked as far as we know

— Gabriel Weinberg (@yegg) September 21, 2014

Weinberg added that he has “no idea” when it happened exactly. We also cannot pinpoint an exact date, but it was accessible in China earlier in the summer. DuckDuckGo had been working fine in mainland China since its inception, aside from the occasional ‘connection reset’ experienced when accessing many overseas websites from within the country. But now the search engine is totally blocked in China. (Update 7 hours after publishing: the GreatFire index of blocked sites suggest that DuckDuckGo got whacked on September 4).

DuckDuckGo joins Google in being censored and blocked in the nation. Google, after years of being throttled by China’s Great Firewall since the web giant turned off its mainland China servers in 2010, was finally blocked totally in June this year.

Only foreign search engines that have Chinese servers, such as Bing and Yahoo, work in China. But, operating under Chinese media laws, both Bing and Yahoo heavily censor their search results – in contrast to Google and DuckDuckGo.

Chinese search engines Baidu and Qihoo dominate the market.

Editing by Paul Bischoff

http://www.techinasia.com/duckduckgo...blocked-china/





From 2006

The Athens Affair
Vassilis Prevelakis, Diomidis Spinellis

On 9 March 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his Athens loft apartment, an apparent suicide. It would prove to be merely the first public news of a scandal that would roil Greece for months.

The next day, the prime minister of Greece was told that his cellphone was being bugged, as were those of the mayor of Athens and at least 100 other high-ranking dignitaries, including an employee of the U.S. embassy [see sidebar “CEOs, MPs, & a PM.”]

The victims were customers of Athens-based Vodafone-Panafon, generally known as Vodafone Greece, the country's largest cellular service provider; Tsalikidis was in charge of network planning at the company. A connection seemed obvious. Given the list of people and their positions at the time of the tapping, we can only imagine the sensitive political and diplomatic discussions, high-stakes business deals, or even marital indiscretions that may have been routinely overheard and, quite possibly, recorded.

Even before Tsalikidis's death, investigators had found rogue software installed on the Vodafone Greece phone network by parties unknown. Some extraordinarily knowledgeable people either penetrated the network from outside or subverted it from within, aided by an agent or mole. In either case, the software at the heart of the phone system, investigators later discovered, was reprogrammed with a finesse and sophistication rarely seen before or since.

A study of the Athens affair, surely the most bizarre and embarrassing scandal ever to engulf a major cellphone service provider, sheds considerable light on the measures networks can and should take to reduce their vulnerability to hackers and moles.

It's also a rare opportunity to get a glimpse of one of the most elusive of cybercrimes. Major network penetrations of any kind are exceedingly uncommon. They are hard to pull off, and equally hard to investigate.

Even among major criminal infiltrations, the Athens affair stands out because it may have involved state secrets, and it targeted individuals—a combination that, if it had ever occurred before, was not disclosed publicly. The most notorious penetration to compromise state secrets was that of the “Cuckoo's Egg,” a name bestowed by the wily network administrator who successfully pursued a German programmer in 1986. The programmer had been selling secrets about the U.S. Strategic Defense Initiative (“Star Wars”) to the Soviet KGB.

But unlike the Cuckoo's Egg, the Athens affair targeted the conversations of specific, highly placed government and military officials. Given the ease with which the conversations could have been recorded, it is generally believed that they were. But no one has found any recordings, and we don't know how many of the calls were recorded, or even listened to, by the perpetrators. Though the scope of the activity is to a large extent unknown, it's fair to say that no other computer crime on record has had the same potential for capturing information about affairs of state.

While this is the first major infiltration to involve cellphones, the scheme did not depend on the wireless nature of the network. Basically, the hackers broke into a telephone network and subverted its built-in wiretapping features for their own purposes. That could have been done with any phone account, not just cellular ones. Nevertheless, there are some elements of the Vodafone Greece system that were unique and crucial to the way the crime was pulled off.

We still don't know who committed this crime. A big reason is that the UK-based Vodafone Group, one of the largest cellular providers in the world, bobbled its handling of some key log files. It also reflexively removed the rogue software, instead of letting it continue to run, tipping off the perpetrators that their intrusion had been detected and giving them a chance to run for cover. The company was fined 76 million this past December.

To piece together this story, we have pored through hundreds of pages of depositions, taken by the Greek parliamentary committee investigating the affair, obtained through a freedom of information request filed with the Greek Parliament. We also read through hundreds of pages of documentation and other records, supplemented by publicly available information and interviews with independent experts and sources associated with the case. What emerges are the technical details, if not the motivation, of a devilishly clever and complicated computer infiltration.

The cellphone bugging began sometime during the fevered run-up to the August 2004 Olympic Games in Athens. It remained undetected until 24 January 2005, when one of Vodafone's telephone switches generated a sequence of error messages indicating that text messages originating from another cellphone operator had gone undelivered. The switch is a computer-controlled component of a phone network that connects two telephone lines to complete a telephone call. To diagnose the failures, which seemed highly unusual but reasonably innocuous at the time, Vodafone contacted the maker of the switches, the Swedish telecommunications equipment manufacturer Ericsson.

We now know that the illegally implanted software, which was eventually found in a total of four of Vodafone's Greek switches, created parallel streams of digitized voice for the tapped phone calls. One stream was the ordinary one, between the two calling parties. The other stream, an exact copy, was directed to other cellphones, allowing the tappers to listen in on the conversations on the cellphones, and probably also to record them. The software also routed location and other information about those phone calls to these shadow handsets via automated text messages.

Five weeks after the first messaging failures, on 4 March 2005, Ericsson alerted Vodafone that unauthorized software had been installed in two of Vodafone's central offices. Three days later, Vodafone technicians isolated the rogue code. The next day, 8 March, the CEO of Vodafone Greece, Giorgos Koronias, ordered technicians to remove the software.

Then events took a deadly turn. On 9 March, Tsalikidis, who was to be married in three months, was found hanged in his apartment. No one knows whether his apparent suicide was related to the case, but many observers have speculated that it was.

The day after Tsalikidis's body was discovered, CEO Koronias met with the director of the Greek prime minister's political office. Yiannis Angelou, and the minister of public order, Giorgos Voulgarakis. Koronias told them that rogue software used the lawful wiretapping mechanisms of Vodafone's digital switches to tap about 100 phones and handed over a list of bugged numbers. Besides the prime minister and his wife, phones belonging to the ministers of national defense, foreign affairs, and justice, the mayor of Athens, and the Greek European Union commissioner were all compromised. Others belonged to members of civil rights organizations, peace activists, and antiglobalization groups; senior staff at the ministries of National Defense, Public Order, Merchant Marine, and Foreign Affairs; the New Democracy ruling party; the Hellenic Navy general staff; and a Greek-American employee at the United States Embassy in Athens.

Within weeks of the initial discovery of the tapping scheme, Greek government and independent authorities launched five different investigations aimed at answering three main questions: Who was responsible for the bugging? Was Tsalikidis's death related to the scandal? And how did the perpetrators pull off this audacious scheme?

To understand how someone could secretly listen to the conversations of Greece's most senior officials, we have to look at the infrastructure that makes it possible.

First, consider how a phone call, yours or a prime minister's, gets completed. Long before you dial a number on your handset, your cellphone has been communicating with nearby cellular base stations. One of those stations, usually the nearest, has agreed to be the intermediary between your phone and the network as a whole. Your telephone handset converts your words into a stream of digital data that is sent to a transceiver at the base station.

The base station's activities are governed by a base station controller, a special-purpose computer within the station that allocates radio channels and helps coordinate handovers between the transceivers under its control.

This controller in turn communicates with a mobile switching center that takes phone calls and connects them to call recipients within the same switching center, other switching centers within the company, or special exchanges that act as gateways to foreign networks, routing calls to other telephone networks (mobile or landline). The mobile switching centers are particularly important to the Athens affair because they hosted the rogue phone-tapping software, and it is there that the eavesdropping originated. They were the logical choice, because they are at the heart of the network; the intruders needed to take over only a few of them in order to carry out their attack.

Both the base station controllers and the switching centers are built around a large computer, known as a switch, capable of creating a dedicated communications path between a phone within its network and, in principle, any other phone in the world. Switches are holdovers from the 1970s, an era when powerful computers filled rooms and were built around proprietary hardware and software. Though these computers are smaller nowadays, the system's basic architecture remains largely unchanged.

Like most phone companies, Vodafone Greece uses the same kind of computer for both its mobile switching centers and its base station controllers—Ericsson's AXE line of switches. A central processor coordinates the switch's operations and directs the switch to set up a speech or data path from one phone to another and then routes a call through it. Logs of network activity and billing records are stored on disk by a separate unit, called a management processor.

The key to understanding the hack at the heart of the Athens affair is knowing how the Ericsson AXE allows lawful intercepts—what are popularly called “wiretaps.” Though the details differ from country to country, in Greece, as in most places, the process starts when a law enforcement official goes to a court and obtains a warrant, which is then presented to the phone company whose customer is to be tapped.

Nowadays, all wiretaps are carried out at the central office. In AXE exchanges a remote-control equipment subsystem, or RES, carries out the phone tap by monitoring the speech and data streams of switched calls. It is a software subsystem typically used for setting up wiretaps, which only law officers are supposed to have access to. When the wiretapped phone makes a call, the RES copies the conversation into a second data stream and diverts that copy to a phone line used by law enforcement officials.

Ericsson optionally provides an interception management system (IMS), through which lawful call intercepts are set up and managed. When a court order is presented to the phone company, its operators initiate an intercept by filling out a dialog box in the IMS software. The optional IMS in the operator interface and the RES in the exchange each contain a list of wiretaps: wiretap requests in the case of the IMS, actual taps in the RES. Only IMS-initiated wiretaps should be active in the RES, so a wiretap in the RES without a request for a tap in the IMS is a pretty good indicator that an unauthorized tap has occurred. An audit procedure can be used to find any discrepancies between them.

It turns out Vodafone had not purchased the lawful intercept option at the time of the illegal wiretaps, and the IMS phone-tapping management software was not installed on Vodafone's systems. But in early 2003, Vodafone technicians upgraded the Greek switches to release R9.1 of the AXE software suite. That upgrade included the RES software, according to a letter from Ericsson that accompanied the upgrade. So after the upgrade, the Vodafone system contained the software code necessary to intercept calls using the RES, even though it lacked the high-level user interface in the IMS normally used to facilitate such intercepts.

That odd circumstance would turn out to play a role in letting the Athens hackers illegally listen in on calls and yet escape detection for months and months.

It took guile and some serious programming chops to manipulate the lawful call-intercept functions in Vodafone's mobile switching centers. The intruders' task was particularly complicated because they needed to install and operate the wiretapping software on the exchanges without being detected by Vodafone or Ericsson system administrators. From time to time the intruders needed access to the rogue software to update the lists of monitored numbers and shadow phones. These activities had to be kept off all logs, while the software itself had to be invisible to the system administrators conducting routine maintenance activities. The intruders achieved all these objectives.

They took advantage of the fact that the AXE allows new software to be installed without rebooting the system, an important feature when any interruption would disconnect phone calls, lose text messages, and render emergency services unreachable. To let an AXE exchange run continuously for decades, as many of them do, Ericsson's software uses several techniques for handling failures and upgrading an exchange's software without suspending its operation. These techniques allow the direct patching of code loaded in the central processor, in effect altering the operating system on the fly.

Modern GSM systems, such as Vodafone's, secure the wireless links with a sophisticated encryption mechanism. A call to another cellphone will be re-encrypted between the remote cellphone and its closest base station, but it is not protected while it transits the provider's core network. For this reason—and for the ease of monitoring calls from the comfort of their lair—the perpetrators of the Vodafone wiretaps attacked the core switches of the Vodafone network. Encrypting communications from the start of the chain to its end—as banks, for example, do—makes it very difficult to implement legal wiretaps.

To simplify software maintenance, the AXE has detailed rules for directly patching software running on its central processor. The AXE's existing code is structured around independent blocks, or program modules, which are stored in the central processor's memory. The release being used in 2004 consisted of about 1760 blocks. Each contains a small “correction area,” used whenever software is updated with a patch.

Let's say you're patching in code to force the computer to do a new function, Z, in situations where it has been doing a different function, Y. So, for example, where the original software had an instruction, “If X, then do Y” the patched software says, in effect, “If X, then go to the correction area location L.” The software goes to location L and executes the instructions it finds there, that is, Z. In other words, a software patch works by replacing an instruction at the area of the code to be fixed with an instruction that diverts the program to a memory location in the correction area containing the new version of the code.

The challenge faced by the intruders was to use the RES's capabilities to duplicate and divert the bits of a call stream without using the dialog-box interface to the IMS, which would create auditable logs of their activities. The intruders pulled this off by installing a series of patches to 29 separate blocks of code, according to Ericsson officials who testified before the Greek parliamentary committee that investigated the wiretaps. This rogue software modified the central processor's software to directly initiate a wiretap, using the RES's capabilities. Best of all, for them, the taps were not visible to the operators, because the IMS and its user interface weren't used.

The full version of the software would have recorded the phone numbers being tapped in an official registry within the exchange. And, as we noted, an audit could then find a discrepancy between the numbers monitored by the exchange and the warrants active in the IMS. But the rogue software bypassed the IMS. Instead, it cleverly stored the bugged numbers in two data areas that were part of the rogue software's own memory space, which was within the switch's memory but isolated and not made known to the rest of the switch.

That by itself put the rogue software a long way toward escaping detection. But the perpetrators hid their own tracks in a number of other ways as well. There were a variety of circumstances by which Vodafone technicians could have discovered the alterations to the AXE's software blocks. For example, they could have taken a listing of all the blocks, which would show all the active processes running within the AXE—similar to the task manager output in Microsoft Windows or the process status (ps) output in Unix. They then would have seen that some processes were active, though they shouldn't have been. But the rogue software apparently modified the commands that list the active blocks in a way that omitted certain blocks—the ones that related to intercepts—from any such listing.

In addition, the rogue software might have been discovered during a software upgrade or even when Vodafone technicians installed a minor patch. It is standard practice in the telecommunications industry for technicians to verify the existing block contents before performing an upgrade or patch. We don't know why the rogue software was not detected in this way, but we suspect that the software also modified the operation of the command used to print the checksums—codes that create a kind of signature against which the integrity of the existing blocks can be validated. One way or another, the blocks appeared unaltered to the operators.

Finally, the software included a back door to allow the perpetrators to control it in the future. This, too, was cleverly constructed to avoid detection. A report by the Hellenic Authority for the Information and Communication Security and Privacy (the Greek abbreviation is ADAE) indicates that the rogue software modified the exchange's command parser—a routine that accepts commands from a person with system administrator status—so that innocuous commands followed by six spaces would deactivate the exchange's transaction log and the alarm associated with its deactivation, and allow the execution of commands associated with the lawful interception subsystem. In effect, it was a signal to allow operations associated with the wiretaps but leave no trace of them. It also added a new user name and password to the system, which could be used to obtain access to the exchange.

Software that not only alters operating system code but also hides its tracks is called a “rootkit.” The term is known to the public—if at all—because of one that the record label Sony BMG Music Entertainment included on some music CDs released in 2005. The Sony rootkit restricted copying of CDs; it burrowed into the Windows operating system on PCs and then hid its existence from the owner. (Sony stopped using rootkits because of a general public outcry.) Security experts have also discovered other rootkits for general-purpose operating systems, such as Linux, Windows, and Solaris, but to our knowledge this is the first time a rootkit has been observed on a special-purpose system, in this case an Ericsson telephone switch.

With all of this sophisticated subterfuge, how then was the rogue software finally discovered? On 24 January 2005, the perpetrators updated their planted software. That upgrade interfered with the forwarding of text messages, which went undelivered. These undelivered text messages, in turn, triggered an automated failure report.

At this point, the hackers' abilities to keep their modifications to the switch's AXE software suite secret met their limits, as it's almost impossible to hide secrets in somebody else's system.

The AXE, like most large software systems, logs all manner of network activity. System administrators can review the log files, and any events they can't account for as ordinary usage can be investigated.

It's impossible to overstate the importance of logging. For example, in the 1986 Cuckoo's Egg intrusion, the wily network administrator, Clifford Stoll, was asked to investigate a 75 U.S. cents accounting error. Stoll spent 10 months looking for the hacker, who had penetrated deep into the networks of Lawrence Livermore National Laboratory, a U.S. nuclear weapons lab in California. Much of that time he spent poring over thousands of log report pages.

The AXE, like most sophisticated systems nowadays, can help operators find the nuggets of useful information within the voluminous logs it generates. It is programmed to report anomalous activity on its own, in the form of error or failure reports. In addition, at regular intervals the switching center generates a snapshot of itself—a copy, or dump, of all its programs and data.

Dumps are most commonly consulted for recovery and diagnostic purposes, but they can be used in security investigations. So when Ericsson's investigators were called in because of the undelivered text messages, the first thing they did was look closely at the periodic dumps. They found two areas containing all the phone numbers being monitored and retrieved a list of them.

The investigators examined the dumps more thoroughly and found the rogue programs. What they found though, was in the form of executable code—in other words, code in the binary language that microprocessors directly execute. Executable code is what results when a software compiler turns source code—in the case of the AXE, programs written in the PLEX language—into the binary machine code that a computer processor executes. So the investigators painstakingly reconstructed an approximation of the original PLEX source files that the intruders developed. It turned out to be the equivalent of about 6500 lines of code, a surprisingly substantial piece of software.

The investigators ran the modules in simulated environments to better understand their behavior. The result of all this investigative effort was the discovery of the data areas holding the tapped numbers and the time stamps of recent intercepts.

With this information on hand, the investigators could go back and look at earlier dumps to establish the time interval during which the wiretaps were in effect and to get the full list of intercepted numbers and call data for the tapped conversations—who called whom, when, and for how long. (The actual conversations were not stored in the logs.)

While the hack was complex, the taps themselves were straightforward. When the prime minister, for example, initiated or received a call on his cellphone, the exchange would establish the same kind of connection used in a lawful wiretap—a connection to a shadow number allowing it to listen in on the conversation.

Creating the rogue software so that it would remain undetected required a lot of expertise in writing AXE code, an esoteric competency that isn't readily available in most places. But as it happens, for the past 15 years, a considerable part of Ericsson's software development for the AXE has been done under contract by a Greek company based in Athens, Intracom Telecom, part of Intracom Holdings. The necessary know-how was available locally and was spread over a large number of present and past Intracom developers. So could this have been an inside job?

The early stages of the infiltration would have been much easier to pull off with the assistance of someone inside Vodafone, but there is no conclusive evidence to support that scenario. The infiltration could have been carried out remotely and, indeed, according to a state report, in the case of the failed text messages where the exact time of the event is known, the last person to access the exchange had been issued a visitor's badge.

Similarly, we may never know whether Tsalikidis had anything to do with the wiretaps. Many observers have found the timing of his death highly suggestive, but to this day no connection has been uncovered. Nor can observers do more than speculate as to the motives of the infiltrators. [See the sidebar, “An Inside Job?” for a summary of the leading speculation; we can neither endorse nor refute the theories presented.]

Just as we cannot now know for certain who was behind the Athens affair or what their motives were, we can only speculate about various approaches that the intruders may have followed to carry out their attack. That's because key material has been lost or was never collected. For instance, in July 2005, while the investigation was taking place, Vodafone upgraded two of the three servers used for accessing the exchange management system. This upgrade wiped out the access logs and, contrary to company policy, no backups were retained. Some time later a six-month retention period for visitor sign-in books lapsed, and Vodafone destroyed the books corresponding to the period where the rogue software was modified, triggering the text-message errors.

Traces of the rogue software installation might have been recorded on the exchange's transaction logs. However, due to a paucity of storage space in the exchange's management systems, the logs were retained for only five days, because Vodafone considers billing data, which competes for the same space, a lot more important. Most crucially, Vodafone's deactivation of the rogue software on 7 March 2005 almost certainly alerted the conspirators, giving them a chance to switch off the shadow phones. As a result investigators missed the opportunity of triangulating the location of the shadow phones and catching the perpetrators in the act.

So what can this affair teach us about how to protect phone networks?

Once the infiltration was discovered, Vodafone had to balance the need for the continued operation of the network with the discovery and prosecution of the guilty parties. Unfortunately, the responses of Vodafone and that of Greek law enforcement were both inadequate. Through Vodafone's actions, critical data were lost or destroyed, while the perpetrators not only received a warning that their scheme had been discovered but also had sufficient time to disappear.

In the telecommunications industry, prevailing best practices require that the operator's policies include procedures for responding to an infiltration, such as a virus attack: retain all data, isolate the part of the system that's been broken into as much as possible, coordinate activities with law enforcement.

Greek federal telecom regulations also specify that operators have security policies that detail the measures they will take to ensure the confidentiality of customer communications and the privacy of network users. However, Vodafone's response indicates that such policies, if they existed, were ignored. If not for press conferences and public investigations, law enforcement could have watched the behavior of the shadow cellphones surreptitiously. Physical logbooks of visitors were lost and data logs were destroyed. In addition, neither law enforcement authorities nor the ADAE, the independent security and privacy authority, was contacted directly. Instead, Vodafone Greece communicated through a political channel—the prime minister's office. It should be noted the ADAE was a fairly new organization at the time, formed in 2003.

The response of Greek law enforcement officials also left a lot to be desired. Police could have secured evidence by impounding all of Vodafone's telecommunications and computer equipment involved in the incident. Instead it appears that concerns about disruption to the operation of the mobile telephone network led the authorities to take a more light-handed approach—essentially interviewing employees and collecting information provided by Vodafone—that ultimately led to the loss of forensic evidence. They eventually started leveling accusations at both the operator (Vodafone) and the vendor (Ericsson), turning the victims into defendants and losing their good will, which further hampered their investigation.

Of course, in countries where such high-tech crimes are rare, it is unreasonable to expect to find a crack team of investigators. Could a rapid deployment force be set up to handle such high-profile and highly technical incidents? We'd like to see the international police organization Interpol create a cyberforensics response team that countries could call on to handle such incidents.

Telephone exchanges have evolved over the decades into software-based systems, and therefore the task of analyzing them for vulnerabilities has become very difficult. Even as new software features, such as conferencing, number portability, and caller identification, have been loaded onto the exchanges, the old software remains in place. Complex interactions between subsystems and baroque coding styles (some of them remnants of programs written 20 or 30 years ago) confound developers and auditors alike.

Yet an effective defense against viruses, worms, and rootkits depends crucially on in-depth analysis that can penetrate source code in all its baroque heterogeneity. For example, a statistical analysis of the call logs might have revealed a correlation between the calls to the shadow numbers and calls to the monitored numbers. Telephone companies already carry out extensive analysis on these sorts of data to spot customer trends. But from the security perspective, this analysis is done for the wrong reasons and by the wrong people—marketing as opposed to security. By training security personnel to use these tools and allowing them access to these data, customer trend analysis can become an effective countermeasure against rogue software.

Additional clues could be uncovered by merging call records generated by the exchange with billing and accounting information. Doing so, though, involves consolidating distinct data sets currently owned by different entities within the telecom organization.

Another defense is regular auditing of the type that allowed Ericsson to discover the rogue software by scrutinizing the off-line dumps. However, in this case, as well as in the data analysis case, we have to be sure that any rogue software cannot modify the information stored in the logs or the dumps, such as by using a separate monitoring computer running its own software.

Digital systems generate enormous volumes of information. Ericsson and Vodafone Greece had at their fingertips all the information they needed to discover the penetration of Vodafone's network long before an undelivered text message sent them looking. As in other industries, the challenge now is to come up with ways to use this information. If one company's technicians and one country's police force cannot meet this challenge, a response team that can needs to be created.

It is particularly important not to turn the investigation into a witch hunt. Especially in cases where the perpetrators are unlikely to be identified, it is often politically expedient to use the telecom operator as a convenient scapegoat. This only encourages operators and their employees to brush incidents under the carpet, and turns them into adversaries of law enforcement. Rather than looking for someone to blame (and punish), it is far better to determine exactly what went wrong and how it can be fixed, not only for that particular operator, but for the industry as a whole.

Merely saying—or even legislating—that system vendors and network operators should not allow something like this to occur is pointless, because there is little that can be done to these companies after the fact. Instead, proactive measures should be taken to ensure that such systems are developed and operated safely. Perhaps we can borrow a few pages from aviation safety, where both aircraft manufacturers and airline companies are closely monitored by national and international agencies to ensure the safety of airline passengers.
http://spectrum.ieee.org/telecom/sec...-athens-affair





Phone Hacking: Trinity Mirror to Pay Out Over 10 Claims

Claimants include ex-England manager Sven-Goran Eriksson, actor Christopher Eccleston and the BBC’s Alan Yentob
Mark Sweney and Jane Martinson

The publisher of the Daily Mirror has agreed to pay compensation to 10 victims of alleged phone hacking by its papers, including former England manager Sven-Goran Eriksson, actor Christopher Eccleston and BBC executive Alan Yentob.

The publisher of the Daily Mirror, Sunday Mirror and Sunday People said on Wednesday that the alleged phone hacking took place “many years ago”.

The company said it had admitted liability to four individuals, apologised to them and agreed to pay compensation.

They are Yentob, the BBC creative director, EastEnders stars Shane Richie and Lucy Benjamin, and Coronation Street actor Shobna Gulati.

It added that it had already settled six other alleged phone-hacking claims and has agreed compensation.

These claimants are Eriksson, ex-footballer Garry Flitcroft, former Doctor Who star Eccleston, Richie’s wife Christie Roche and his agent Phil Dale, and Abbie Gibson, a former nanny for the Beckham family.

“The company today confirms that its subsidiary MGN Ltd has admitted liability to four individuals who had sued MGN for alleged interception of their voicemails many years ago,” said Trinity Mirror in a statement.

“MGN has apologised to those individuals and agreed to pay compensation. The amount of that compensation will be assessed by the court if it cannot be agreed.”

Trinity Mirror is understood to have set aside high single-digit millions to cover the costs of dealing with claims of phone hacking including the £4m announced in July this year.

There are understood to be 19 further individuals who have issued claims against Trinity Mirror with a further 10 known to be considering further action.

Mark Lewis, who acted for clients including Eriksson, Gibson, Gulati and Benjamin, said that the admission of hacking is likely to mean more claims against the publisher.

“Mirror Group initially repeated the mantra ‘all our journalists have complied with the criminal law and Press Complaints Commission code’,” he said.

“Their new chief executive, Simon Fox, indicated that a full internal investigation had been made and there was no substance in the allegations. This was completely wrong. It has finally come out that Mirror group journalists included people who did not follow the PCC code and the paper’s denials in the past have been false. There are many more people who will now be able to make claims against the Mirror Group titles in respect of their unlawful activities.”

Until now, the UK phone-hacking scandal has centred on Rupert Murdoch’s News International and its now closed News of the World newspaper. Trinity Mirror’s announcement confirms that the practice was more widespread than ever before admitted on what used to be known as Fleet Street.

Eriksson’s claim was filed in October 2012 and relates to a time when Piers Morgan edited the Daily Mirror. Morgan has denied any knowledge of phone hacking.

Trinity Mirror has always robustly defended itself against allegations of phone hacking at its titles. In January 2012 Sly Bailey, the former chief executive, explained why there had been no internal investigation to the Leveson inquiry by saying, “I don’t think it’s a way to conduct a healthy organisation to go around conducting investigations when there’s no evidence that our journalists have been involved in phone hacking.

“There was no evidence and we saw no reason to investigate. We have only seen unsubstantiated allegations and I have seen no evidence that phone hacking has ever taken place at Trinity Mirror.”

Shares in Trinity Mirror remained largely unmoved on the news.
http://www.theguardian.com/media/201...ur-individuals





Apple’s New Feature to Curb Phone Tracking Won’t Work if You’re Actually Using Your Phone
Ashkan Soltani and Hayley Tsukayama

A highly praised privacy function in Apple's latest operating system that is designed to thwart tracking may not be as effective as originally thought, according to a new post from Bhupinder Misra, a principal systems engineer of the WiFi analytics firm AirTight Networks. The feature, first revealed in June, is designed to prevent unwanted retail tracking that occurs as consumers move around malls and retail shops by randomizing the unique code that smartphones use to identify themselves as they search for nearby WiFi networks.

Misra found that the Apple privacy feature only works on select phones, namely the iPhone 5s, when the phone is locked and location capabilities such as GPS are disabled. That means the privacy protections go away if you use a fitness-tracking app or check your text messages briefly while shopping. Older iPhone users are also out of luck.

According to Misra, most iPhone users won't benefit from the feature, which is only active when users have disabled all location privacy sharing and their phones aren't in use. That significantly narrows the likelihood that users will use this feature, he said. If, for example, you wake up your phone to send a text message or check Twitter, your phone will still broadcast the unique code -- known as a MAC address -- as normal, even when you're using your carrier’s data connection and not WiFi.

"If you're using the phone, it doesn't randomize," he said in an interview with The Post. "It's only randomizing if the location services are off and [the phone] is in sleep mode. There's only a small percentage of people who would do that."

In his post, Misra also said that the randomization only appears to work with newer devices running iOS 8 -- the iPhone 5s and 5c. He has not yet had the opportunity to test Apple's newest phones, the iPhone 6 and iPhone 6 Plus.

Apple declined to comment on Misra's findings. Location services are turned off by default on new iOS devices; users have the option to turn them on during set-up in order to use location-aware apps such as Maps or Runkeeper.

Privacy has been one way in which Apple is striving to distinguish itself from competitors such as Google and Microsoft. And the randomization feature is one that Apple specifically highlights as a privacy strength on its a page it set up to describe its privacy policies to consumers.

"When you’re out running errands with your phone in your pocket, Wi-Fi hotspots have the ability to track your movements and behavior by scanning your Wi-Fi MAC address," the company's page says. "Because your MAC address now changes when you’re not connected to a network, it can’t be used to persistently track you."

But it's not clear from that blurb -- or the company's privacy policy -- that the feature only works when users have disabled the location tracking that many common apps for mapping, fitness and photo apps often rely on to function. The company has disclosed those limitations in a publicly available white paper on security, although this does not mention location services.

Misra said that it was difficult, even for him, to figure out exactly how and when randomization will work. "I thought it would be a mainstream feature, where out of the box, it would work," he said. But even as a person familiar with Apple's documentation, he said it was not clear how the feature worked.

Airtight Wireless provides WiFi security and analyzes WiFi data for businesses -- including some customer-tracking features. Hemant Chaskar, the firm's vice president of technology and innovation, said that he doesn't think the Apple privacy feature will hurt his company's ability to do that at all.

A recent study by mobile marketing professionals pointed out that the average smartphone user reaches for his or her phone approximately every 6 minutes, or roughly 150 times per day. So unless you're in and out of the store in that time, they’re going to have a record of your visit.
http://www.washingtonpost.com/blogs/...ng-your-phone/





How Apple and Samsung Like Their Customers
Thom Holwerda

Chris Nacca has posted an interesting video, in which the startup times of applications are compared between a Nexus 5 (released about a year ago) and the brand new iPhone 6. As you can see in the video, application startup times are essentially the same between the two devices, and in both cases, applications open very quickly.

This raises an interesting question, more so because of this article I read on The Verge today, about some guy who was very depressed about his brand new iPhone 6 Plus because he couldn't use it with one hand. Aside from two obvious points - one, you have two hands, and two, didn't you know how big the phone was? - it struck me that with phones being used almost exclusively for very lightweight tasks, why would you rush out and buy the latest iPhone or Galaxy or whatever when it doesn't bring you any obvious benefit?

The iPhone 5S, or even the 5, is still a perfectly fine, fast, and capable phone, and other than getting a larger screen, upgrading to an iPhone 6 or 6 Plus will get you absolutely nothing. If even a year-old Nexus 5 that's only half the price gives you about the same performance when checking Twitter, Facebook, Instagram, and so on, what's the point in spending $700-$900 on the new iPhone or Galaxy?

The video is not interesting because a Nexus 5 and iPhone 6 show equal application startup performance, but because it illustrates that the specifications race has already run its course. On desktop computers, newer machines at least give you better gaming performance, but on phones? Are you going to notice that little bit of extra AA or whatever the iPhone 6 is going to give you over the 5S?

Phones have really gotten into the numbers game, and it serves absolutely nobody, except the bank accounts of Apple and Samsung. The person in The Verge article is exactly how Apple and Samsung like their customers: rushing out to buy the latest and greatest phone, without giving it any obvious thought - not because they need it, but because they feel inferior if they don't have the latest and greatest, actual needs be damned.
http://www.osnews.com/story/27955/Ho...heir_customers





Anonymous Peer-Review Comments May Spark Legal Battle
Kelly Servick

The power of anonymous comments—and the liability of those who make them—is at the heart of a possible legal battle embroiling PubPeer, an online forum launched in October 2012 for anonymous, postpublication peer review. A researcher who claims that comments on PubPeer caused him to lose a tenured faculty job offer now intends to press legal charges against the person or people behind these posts—provided he can uncover their identities, his lawyer says.

The issue first came to light in August, when PubPeer’s (anonymous) moderators announced that the site had received a “legal threat.” Today, they revealed that the scientist involved is Fazlul Sarkar, a cancer researcher at Wayne State University in Detroit, Michigan. Sarkar, an author on more than 500 papers and principal investigator for more than $1,227,000 in active grants from the U.S. National Institutes of Health, has, like many scientists, had his work scrutinized on PubPeer. More than 50 papers on which he is an author have received at least one comment from PubPeer users, many of whom point out potential inconsistencies in the papers’ figures, such as perceived similarities between images that are supposed to depict different experiments.

Recently, PubPeer was contacted about those comments by Nicholas Roumel, an attorney at Nacht, Roumel, Salvatore, Blanchard & Walker P.C. in Ann Arbor, Michigan, who represents Sarkar and spoke to ScienceInsider on his behalf. On 9 June, the University of Mississippi Medical Center announced that Sarkar would join the faculty in its school of pharmacy. Records from a meeting of the Mississippi Board of Trustees of State Institutions of Higher Learning note that he was offered a tenured position and a salary of $350,000 per year, effective 1 July.

But on 19 June, Roumel says, Sarkar got a letter from the University of Mississippi revoking its offer. Science has not seen the letter, but Romel says that in his view, “it made it crystal clear the PubPeer postings were the reason they were rescinding the job offer.” A representative for the University of Mississippi declined to comment on the case, citing prospective employees’ confidentiality.

According to Roumel, Wayne State allowed Sarkar to keep the position he had formally resigned but revoked his tenure. The events have “had a devastating effect on his career,” Roumel says. A representative of Wayne State confirmed that Sarkar is employed there but gave no details about any change in his status.

Roumel says that because Sarkar suspects the person or persons who posted some of the PubPeer comments also circulated them to the University of Mississippi, as well as to colleagues in his department at Wayne State, he wants to find out their identities and file suit against them. One possible charge is defamation, Roumel says, because he believes several comments—some now removed by PubPeer’s moderators—stray from the facts to insinuate deliberate misconduct, in violation of PubPeer’s posting guidelines. Roumel has exchanged letters with PubPeer requesting the identity of the commenters, but no suits or request for a subpoena have been filed.

PubPeer argues that researchers should defend their papers against online comments without resorting to legal action. “Authors have every opportunity to respond directly to any comments on PubPeer they feel are unjustified,” an anonymous PubPeer contact told ScienceInsider in an e-mail.

Roumel’s response is that his client has no responsibility to critics who refuse to put a name to their accusations. “I don’t think he has any obligation to provide the data [behind the papers called into question] to anyone other than a journal,” he says.

PubPeer’s own liability is a separate issue. If the site merely provided a forum for the comments and did not contribute to their content, as its moderators maintain, they would be immune from libel actions under a section of the Telecommunications Act of 1996, says Nicholas Jollymore, a libel lawyer at Jollymore Law Office P.C. in San Francisco, California, who represents PubPeer. But the effort to identify the commenters may involve a subpoena to PubPeer for information about it users, Roumel says.

And although those who post comments have a right to anonymity under the First Amendment, “it’s by no means an absolute right,” says Alexander Abdo, a lawyer with the American Civil Liberties Union (ACLU) in New York City. They can lose this protection if there is a strong case of wrongdoing against them. “Whoever is trying to unmask someone needs to show that there is some likelihood of success of their claim,” Abdo says. He says the ACLU would work with Jollymore to defend PubPeer should Sarkar go forward with a lawsuit or subpoena.

It’s not clear how much information a subpoena would yield. Users can create a PubPeer account using their e-mail address at an academic or research institution, but others submit “unregistered” comments through the site’s moderators. PubPeer may have names and e-mails for registered posters, but only IP addresses for the others. An Internet service provider may be able to look up who accesses the Internet from an IP address at a given time, Abdo says, but there are also ways to conceal one’s identity from such a search. Asked about possible wrongdoing by the PubPeer community, the moderators replied, “We will do everything possible to protect our users.”
http://news.sciencemag.org/people-ev...k-legal-battle





MIT Students Battle State’s Demand for Their Bitcoin Miner’s Source Code
Kim Zetter

Four MIT students behind an award-winning Bitcoin mining tool will face off against New Jersey state authorities in court today when they attempt to fight back against a subpoena demanding their source code.

The Electronic Frontier Foundation is representing 19-year-old MIT student Jeremy Rubin and three classmates in a remarkable case that stands out for the measure of aggression the state is using to obtain the code and identify anyone who might have tested the mining tool.

The case is reminiscent of a federal one that targeted Aaron Swartz after he was arrested by MIT police in 2011 for downloading more than 4 million scholarly journal articles from the JSTOR digital library, offered to MIT students, to make them more widely available. Swartz faced multiple charges for his activity and killed himself as he was preparing for trial. Although there is currently no indictment or pending criminal charges against Rubin and his friends, state authorities have indicated that they believe the researchers may have violated state laws. The case marks a disturbing trend among authorities to go after researchers, innovators, tinkerers and others who try to do cutting-edge projects to help the tech community, says EFF staff attorney Hanni Fakhoury.

“It’s a very broad subpoena that hints at criminal liability and civil liability,” he says. “For a bunch of college kids who put something together for a hackathon—they didn’t make any money, the project never got off the ground and now is completely disbanded—there are some very serious implications.”

The mining tool, known as Tidbit, was developed in late 2013 by Rubin and his classmates for the Node Knockout hackathon—only Rubin is identified on the subpoena but his three classmates are identified on the hackathon web site as Oliver Song, Kevin King and Carolyn Zhang. The now defunct tool was designed to offer web site visitors an alternative way to support the sites they visited by using their computers to mine Bitcoins for them in exchange for having online ads removed.

“We believe our utility for the end user comes in freeing up real estate on web pages,” King wrote about their program on the Node Knockout site. “Imagine a web where your amazon shopping cart doesn’t follow you around to every website you visit. We believe there should be more options than advertising for monetizing a website, and we believe we have a novel and non-intrusive solution. In this way, we provide utility to developers who can now include higher quality content on their websites, and utility to end users who are spared the wasted time in looking at ads.”

The clever design won the award for innovation in the programming competition.

“This is a very intriguing idea that could really transform online economics if it works,” one supporter wrote on the hackathon site. “There is a much broader discussion to have about mining bitcoins vs doing other useful tasks (e.g. a friendly form of mechanical turk).”

But the program never got beyond the proof-of-concept stage before Rubin and Tidbit, as an entity, were hit with subpoenas from the New Jersey Division of Consumer Affairs just weeks after winning the award.

The state’s attorney general claims Rubin and his classmates violated New Jersey computer crime laws and demanded they hand over source code for their creation and any documentation related to the tool. Rubin was the only one named in the subpoena, Fakhoury says, because he registered the web site for Tidbit.

The authorities also demanded the names and addresses of any Bitcoin wallets used in association with Tidbit, the names of anyone whose computer was used for mining in the project and a list of web sites that may have run the code.

Fakhoury says that although Tidbit made the code available to download and embed on web sites, it wasn’t fully functional and no Bitcoins actually got mined through the Tidbit server.

Indeed, one person on the hackathon site said that although he embedded the code on a website and it looked like Tidbit was successfully mining Bitcoins, “the coins did not seem to show up in the account info dashboard,” he wrote. “Maybe there is a bug? (or is the dashboard not real time?)”

Rubin responded that they had not been able to finish implementing the dashboard before the hackathon ended, but they would eventually complete it.

The MIT community has rallied behind the Tidbit students in support of them and their efforts, in stark contrast to the school’s silence when Swartz was arrested.

MIT sent a letter to the New Jersey attorney general asking his office to withdraw the subpoenas, noting that such actions would have a “chilling effect on MIT teaching and research.” More than 800 people—students and faculty—have also signed letters of support in vain.

The EFF’s Fakhoury will argue in court that the attempt by New Jersey state authorities to target a Massachusetts resident like Rubin is unconstitutional and that the out-of-state authorities have no jurisdiction over him.

“While the state certainly has a right to investigate consumer fraud, threatening out of state college students with subpoenas isn’t the way to do it,” Fakhoury noted in a statement about the case. “As MIT students and faculty have warned, the fear that any state can issue broad subpoenas to any student anywhere in the country will have a chilling effect on campus technological innovation beyond Tidbit.”

He is also arguing that if the court does demand the students hand over any data, they should be given immunity. If not, the court would be forcing the students to relinquish their Fifth Amendment protection against incriminating themselves, since the documentation they provide may contain information that authorities could use to charge them under New Jersey’s anti-hacking law or under the federal Computer Fraud and Abuse Act.
http://www.wired.com/2014/09/mit-stu...n-mining-tool/





FCC Democrats Want to Ban Fast Lanes and Impose Stricter Rules on Wireless

But the chairman, also a Democrat, may stand in the way.
Jon Brodkin

FCC commissioners Jessica Rosenworcel and Mignon Clyburn yesterday called for stronger network neutrality rules than the ones fellow Democrat and Federal Communications Commission Chairman Tom Wheeler has thus far supported.

In a speech yesterday at a congressional forum on net neutrality, Rosenworcel said, "we cannot have a two-tiered Internet with fast lanes that speed the traffic of the privileged and leave the rest of us lagging behind."

The FCC's tentative proposal approved in May would not prevent Internet service providers from charging Web services for priority access to consumers over the network's last mile, but it asked the public for comments on whether the commission should impose stricter or weaker rules. A total of 3.7 million comments poured in, mostly in favor of stronger restrictions on how ISPs treat Internet traffic.

The FCC's tentative net neutrality vote in May was 3-2, with Republican commissioners Ajit Pai and Michael O'Rielly dissenting. Final rules could again come down to what the three Democratic commissioners want, but chairman Wheeler hasn't revealed his plans.

Stronger rules could require reclassifying broadband as a utility, opening Internet providers up to regulations similar to those placed on telephone providers under Title II of the Communications Act.

"So as we look for a way forward, I am pleased that Chairman Wheeler has recently acknowledged that all options, including Title II, are on the table," Rosenworcel said. "As we proceed, we must also be mindful that more than 3.7 million people have written the agency to express their opinion."

Former Republican FCC chairman Michael Powell is now leading the fight against Title II reclassification for the cable industry as head of the National Cable & Telecommunications Association.

Clyburn also spoke at the forum yesterday, saying the commission should apply similar rules to fixed broadband and cellular service. The FCC's tentative rules on blocking and traffic discrimination would impose weaker restrictions on cellular data than fixed broadband.

Consumers often use mobile devices over Wi-Fi, which is an extension of fixed broadband networks and could thus be subject to different rules than cellular, Clyburn noted.

"Cisco projects that 52 percent of mobile data traffic will be offloaded to Wi-Fi by 2018, and from the consumers’ perspective, they often do not know whether they are using cellular data or Wi-Fi, because the transition is seamless," Clyburn said. "To me, this means we need to be careful, to avoid creating differing or conflicting standards or rules for Wi-Fi and mobile."

Many lower-income consumers use mobile devices as "their only access to broadband—if they have broadband at all," she said. "Given these trends, I will be focusing my review on how different proposals will impact the consumer’s experience. What is the impact on a consumer whose mobile broadband may be her only access to broadband? If we have lower standards for mobile, will providers make clear that the experience may be different?"

Clyburn supported reclassification of broadband under Title II in 2010, when the FCC passed its first net neutrality rules. Those were struck down in court this year because they imposed utility-like regulations without classifying broadband as a utility, setting off the current round of rulemaking. In her speech yesterday, Clyburn said the FCC needs to decide on the right policy first and then "determine the appropriate legal framework to achieve that result."
http://arstechnica.com/tech-policy/2...s-on-wireless/





Huawei to Invest $4 Billion in Fixed Broadband R&D in Next Three Years

Huawei Technologies Co Ltd [HWT.UL], the world's largest telecommunications equipment maker, said it would invest more than $4 billion in fixed broadband technology research and development (R&D) in the next three years.

Huawei, which has shifted its focus to the mobile device market in recent years, said in a statement on Thursday that fixed broadband - the pipes connecting homes and offices - remained a "key direction for strategic investment."

The Shenzhen-based company said it would research basic technologies such as photonics used in fiber optic cables as well as software-defined networking.

Huawei said investing in fixed broadband technology will be important given the rise of high-resolution video technology, which for instance powers 4K television sets as well as commercial big data operations that also consume significant bandwidth.

Fixed broadband has largely been overshadowed by the runaway growth of mobile broadband, which has grown 20 percent this year in worldwide users, according to a UN report this week.

Originally a maker of fixed-line switches, Huawei rode the wave of mobile telecoms growth worldwide during the 2000s to become a global force, winning contracts to build cell networks for carriers around the world. In 2012 the company overtook Ericsson to become the world's leading telecoms equipment maker.

(Reporting by Gerry Shih; Editing by Gopakumar Warrier)
http://uk.reuters.com/article/2014/0...0HK0BB20140925





Comcast Accuses Rivals of ‘Extortion’ in Opposing Its Bid for Time Warner Cable
Emily Steel

Comcast has declared war in media land.

The company on Wednesday accused its business partners and rivals of “extortion,” lashing out against opposition to Comcast’s proposed $45 billion acquisition of Time Warner Cable.

If approved by regulators, the deal is poised to reshape the country’s video and broadband markets, giving Comcast control of 35 percent of broadband Internet service coverage and a major presence in 16 of the top 20 cable markets.

In nearly 1,000 pages of documents submitted late Tuesday to the Federal Communications Commission, Comcast said many of the media and tech companies that have urged regulators to block or add conditions to the deal were doing so out of their own business interests.

“Motive can and often does inform credibility,” said David L. Cohen, an executive vice president at Comcast.

Among the prominent companies to oppose Comcast‘s acquisition of Time Warner Cable are Netflix, the Internet streaming business; Discovery Communications, the television group; and Dish, the satellite television provider. The companies have said that a greatly enlarged Comcast would have anticompetitive leverage to push around Internet companies and television networks.

“It is like ‘Snow White and the Seven Dwarfs,’ and Comcast has become like Snow White,” said Amy Yong, a media analyst with Macquarie Securities. “Comcast has just become so powerful in media and distribution that it is somewhat scary and intimidating for other companies.”

She added that the media companies that have not denounced the Comcast-Time Warner Cable combination are most likely keeping quiet because they are exploring their own consolidation deals. Also awaiting regulatory approval is AT&T’s $48.5 billion bid for DirecTV.

Comcast said in its filing that allegations from its rival and business partners were spurious, typically coming after Comcast refused to “grant various self-interested requests” made after the deal was announced.

Among those demands were requests for free access to faster Internet connections as well as the renegotiation of distribution agreements with television programmers. Comcast said the programming costs requests alone would have totaled more than $5 billion above estimates in the coming years, adding more than $4 a month to customers’ bills by 2019.

“The significance of this extortion lies in not just the sheer audacity of some of the demands, but also the fact that each of the entities making the ‘ask’ has all but conceded that if its individual business interests are met, then it has no concern whatsoever about the state of the industry, supposed market power going forward, or harm to consumers, competitors or new entrants,” Comcast said in the filing.

Comcast argued that acquiring Time Warner Cable would improve video and broadband services for millions of additional customers and also give it added scale to upgrade its networks, improve its technology and better compete against a lineup of global media and technology companies.

Some analysts said that Comcast’s accusations of extortion are not likely to sway regulators’ assessment of the deal. “Regulators are a sophisticated audience,” said Craig Moffett, a media analyst with MoffettNathanson Research. “They can assess the merits of the various arguments without having to be coached on what incentives might be behind why someone did or didn’t say what they did.”

Despite the strong language from Comcast, most media and technology companies that previously have spoken out against the deal did not pull their punches.

Comcast had accused Netflix of trying to shift its own costs to other companies. Netflix said on Wednesday that the merger was “clearly not ‘great’ for consumers” because of Comcast’s increased control over the market for high-speed residential Internet access. The company noted that it had “grudgingly” paid Comcast for better performance, a “precedent that remains damaging for consumers (who ultimately pay higher costs) and for other innovative businesses (that can be held over the barrel by Comcast to do the same).”

“It is not extortion to demand that Comcast provide its own customers the broadband speeds they’ve paid for so they can enjoy Netflix,” Jonathan Friedland, a Netflix spokesman, said in a statement. “It is extortion when Comcast fails to provide its own customers the broadband speed they’ve paid for unless Netflix also pays a ransom.”

Comcast had accused Discovery Communications, the home of the Discovery, TLC and Animal Planet networks, of trying to use the proceedings to renegotiate the fees Comcast pays to carry its networks at higher rates long before the current deal had expired.

Discovery said that it stood by its concerns that Comcast could use its enhanced leverage from the proposed merger “to impose onerous terms that jeopardize the ability of independent programmers like Discovery to continue investing in a diverse portfolio of content and brands.”

“Comcast’s silence on the details of key issues like program discounts, and instead, its continued strategy of intimidating voices that are not fully supportive of its position, is troubling,” David Leavy, a spokesman for Discovery, said in a statement.

One company spared from Comcast’s barbs is Univision, the Hispanic media group. Randy Falco, the chief executive of Univision, said this year that the deal was “truly a cause for concern” because after the merger Comcast would serve 91 percent of Hispanic households in the United states. At the time, Comcast was the only major cable distributor that did not carry Univision’s popular sports network.

This month, Comcast announced that it had struck a deal to distribute the Univision Deportes network.
http://www.nytimes.com/2014/09/25/bu...ner-cable.html





For Cinephiles, Netflix Is Less and Less an Option
Jon Brooks

A few months ago I encountered a dilemma I thought had been permanently solved in the age of everything/anywhere media: I really needed to see a particular movie, and I couldn’t find it for rent. I was slotted to write an essay on Sweet Sweetback’s Baadasssss Song, the seminal black independent film by Melvin Van Peebles, but it was unavailable on Netflix’s DVD service, my longtime resource for such fare.

This was weird, because I had rented it once before from Netflix, in 2009.

What had happened to it?

I tried Amazon streaming and iTunes, but no dice. I would have run down to my local video store, but I don’t have a local video store. I struck out at the San Francisco Public Library as well, leaving me with two choices: I was either going to have to buy the DVD, eating into my fee, or try to download it illegally.

Luckily, I found a last-minute solution when my wife borrowed Sweetback from a library in Marin. But the entire process took about a week, leaving me with less time to write about the film. (Update Sept 23: The San Francisco Public Library does have the film now, apparently. Someone has also posted it on YouTube. I actually talked to Melvin Van Peebles today and asked him if he’d given permission to anyone to put the film on YouTube. “No,” he said, “but if I run into them in a dark alley they’ll be sorry.”)

The episode was disconcerting. I had started using Netflix around the millennium because it seemed like a great idea with no downside (the eventual disappearance of video stores notwithstanding). I was paying a fortune in late fees at my local disc-o-mat, and Netflix’s so-called “long tail” strategy of amassing a vast array of niche content in addition to popular titles appealed to me, as did having the ability to get what looked to be every single movie ever released on DVD delivered straight to my door. And rarely did Netflix disappoint when there was something I wanted to watch, no matter how esoteric.

Which is why I have remained one of the doddering, AARP-eligible movie fans who have never moved to Netflix’s streaming service, despite the company’s best efforts to push me in that direction. True, I sometimes feel like my grandmother, who often mistook cell phones for electric razors, but I have my reasons, the main one being the considerable dearth of content on the streaming side. Here’s a for-instance, and as random benchmarks go it’s not bad: IndieWire reported last year that only six of the movies on Spike Lee’s list of 86 essential films were available on Netflix streaming. (Lee later revised the list, and Netflix currently streams eight of those 94 films.)

The meager selection is so notorious that The Onion targeted it this year. From the humor website in January:

“In a swift and unexpected departure from their present business model, officials from Netflix revealed Wednesday that the company is currently considering adding a good movie to their online streaming service…..“We feel the addition of a popular, above-average, well-made film would provide a nice counterbalance to our existing library of poorly received sequels, totally unknown indie dramas from four or five years ago that you’ve never heard of, and horrendous direct-to-DVD horror features.”

Now Go the DVDs…

And now it seems, while still nowhere as haphazard as the streaming selection, the company’s once reliably complete DVD selection is becoming less so all the time. After my Sweet Sweetback dilemma, I began to note that some DVDs that used to sit patiently awaiting their turn in my queue had dropped down to the “saved” section, where the time of their availability is listed as “unknown.” I think it is safe to say, you can translate that as “never.” Earlier this year, I mentioned this incredibly shrinking DVD phenomenon to John Taylor, the buyer at San Francisco’s Le Video, and he told me Netflix’s DVD collection was now absent a growing number of significant titles, including a passel of Woody Allen films.

Woody Allen? I checked, finding all unavailable as DVDs or Blu-rays: Bananas, Mighty Aphrodite, Everyone Says I Love You, Deconstructing Harry, Sweet and Lowdown, Everything You Wanted to Know About Sex *But Were Afraid to Ask, and September. And just a few months later, additionally AWOL from Allen’s oeuvre: Love and Death, Celebrity, The Curse of the Jade Scorpion, Small Time Crooks, Bullets Over Broadway, and Take the Money and Run. (Via streaming, you can watch only Annie Hall, Scoop, and Manhattan.)

While Netflix’s legacy DVD service still fares relatively well on the Spike Lee test, 11 films from his original list, or 13 percent, are listed as unavailable or “Very long wait.” Watching the mailbox for a “very long wait,” experience shows, is like waiting for The Great Pumpkin. Such staples of home consumption as La Strada, Raising Arizona and The Road Warrior are included in the missing.

Cinephiles in a Bind

Mark Taylor is KQED’s senior interactive producer for arts and culture and teaches media theory and criticism at USF and the Art Institutes of California. He’s on Netflix’s five DVDs-at-at-a-time plan, which costs $27.99 a month ($33.99 including Blu-ray) and has long used Netflix to preview films he’s considering teaching in class. But he says he can no longer rely on the service for research the way he once did.

“My experience is that you end up with a bunch of things that have a very long wait and then they never come,” he said. “Things that were once available aren’t anymore.” Nine of the films at the top of his DVD queue are very long waits, he said, “sitting there forever.”

Netflix didn’t want to talk to me about their movie catalogue, leaving me to rely on the speculation of a couple of video store folks that the company’s DVD selection is shrinking most likely because it is not replacing damaged disks.

“Things go out of print and become much harder to find,” said David Hawkins, co-owner of Lost Weekend Video in San Francisco. He said that when something is no longer available through the usual outlets, breaks or is stolen, any store has to make a decision about whether to invest in purchasing a copy at prices that can be exorbitant because of its scarcity. (Which still wouldn’t explain why Netflix doesn’t have DVDs like Bullets Over Broadway, Celebrity or Sweet and Low Down, readily available to purchase on Amazon.)

In any event, for those who still rely on Netflix’s DVD service, the conventional wisdom is it would be wise to prepare to be cast adrift entirely. Netflix says it now makes more than twice the profits from streaming than from DVDs. Last quarter, its DVD business lost another 391,000 subscribers, leaving the total number of physical-media dead-enders, still excited by the sight of a fresh red envelope in the mailbox, at 6.3 million in the U.S. That’s compared to about 35 million streamers. Last year, Netflix started closing its distribution centers around the country and recently it stopped shipping on Saturdays. The Guardian reports that Netflix has spent no money on marketing its DVD business this year. Summing it all up, Businessweek wrote last October: “The writing is on the wall … At some point, there’s an end of the line for Netflix’s DVD business. We just don’t quite know yet when that point will come.”

Where Have All The Good Films Gone?

If and when the inevitable does happen, and Netflix sells off its vast supply of DVDs for drink coasters, what will cinephiles like Mark Taylor and I do? Wait for streaming to become as robust as the DVD service once was?

Unlikely. The death of Netflix DVDs could very well spell the end of the golden days of one-stop shopping. Check out this 2013 Netflix PR video communicating that the company should no longer be looked upon as a massive movie library. What it really is, it says, is the “Internet’s largest television network.”

With every title we add, we remain focused on our goal of being an expert programmer (vocal emphasis in the video) offering a mix that delights our members rather than trying to be a broad distributor. We’re selective about what titles we add to Netflix …. we can’t license everything and also maintain our low prices. So we look for those titles that deliver the biggest viewership relative to the licensing costs. This also means that we’ll forego or choose not to renew some titles that aren’t watched enough relative to their costs.

What Netflix is talking about here is not just the absence of exotic fare like Sweet Sweetback, it affects a lot of newer films, too. And that is not going to change anytime soon, writes Farhad Manjoo in his New York Times piece from March called “Why Streaming Sites So Fail to Satisfy.”

“(W)e aren’t anywhere close to getting a service that allows customers to pay a single monthly fee for access to a wide range of top-notch movies and TV shows,” he writes. “For those of us with even slightly selective preferences, we’ll have to pick between different rental and subscription services offering different catalogs of programs, none very extensive, at vastly different price points.”

The reason? Bloomberg’s Megan McArdle put it this way in January:

Old-fashioned video rental stores, and Netflix’s DVD-by-mail service, are governed by something called “first-sale doctrine”: Once I sell you a physical copy of a movie or song, you can do whatever you like with the physical object, except copy it or show it publicly… But streaming is governed by a different set of rules for digital content. You can’t stream a movie to someone unless the rights holders have agreed to let you do so. … Essentially, Netflix cannot afford to buy the rights to all the movies you want to watch.

“The renting of videos was not a permissions-based business model,” says Ted Hope, a film producer and former head of the San Francisco Film Society who is now the CEO of Fandor, a subscription streaming site that focuses on independent and art films. “Any store could buy and rent videos. So it was ideal for access; you could find anything, and every city had one of these great video stores that specialized in breadth of content. The irony is we now get to hear about everything better than we ever did, but accessing it is a real challenge, because the licensing model hasn’t evolved at the same pace of technology. Consumers are at this moment where there’s a gulf between what’s affordable for a platform and what licensers expect to get.”

Back to the Video Store?

Megan McArdle wrote in that same article that Netflix’s movie library “is no longer actually a good substitute for a good movie rental place.”

You can’t get most of the esoteric stuff online whereas a place like San Francisco’s Le Video, run by certified film nuts, is packed with obscure titles you’ve never even heard of. Ah, Le Video. Mark Taylor still makes the trek across the city from his Potrero Hill home when he can’t procure a film more easily. “Le Video has everything,” he says, exaggerating only slightly. The store, renting videos, DVDs, and Blu-rays since 1980, is home to some 80-90,000 titles, still available even in its less roomy incarnation.

So, considering the jejune grab bag of films available via streaming, and assuming streaming may one day be the only game in town, you wonder: Could there be an opportunity for video stores to become relevant again?

Michael Fox is a local film critic who used to regularly frequent Gramophone Video on Polk Street to review films for the CinemaLit film series he runs at the Mechanics’ Institute in San Francisco. “If I wanted to check out The Life and Times of Judge Roy Bean, for instance, I went to Gramophone,” he said.

So where does he find those films now that the store is closed?

“I’m just not seeing those movies,” he said. “I try and research, do more reading online to get a sense of the picture, or talk to people whose opinions I trust, which is not ideal.”

The few remaining local video stores in San Francisco are barely getting by. Still, they are not devoid of patrons. At Lost Weekend Video on Valencia Street recently, maybe 10 customers entered the store over the course of an hour. I asked one, Cass Cantine of San Francisco, why he still got his movies there. “Local video stores like this have exactly what I want to see when I want to see it,” he said.

What about Netflix?

“Netflix doesn’t carry what I want.”

A recent analysis of the video rental industry by business forecasting firm IBIS World held out some hope for brick-and-disc stores, provided they can adapt. While the report said the industry is in “the declining stage of its life cycle,” it conceded that “some niche, specialized stores will be able to maintain a profit.” For example, the report said, stores might offer a deep collection of genre or locally relevant films.

Gwen Sanderson, co-owner of Video Wave in Noe Valley, says for those who want to simply rent a film as opposed to purchasing, many titles are still only available through video stores. She mentions The Seven Percent Solution, a Sherlock Holmes movie starring Alan Arkin as Sigmund Freud, unavailable on Netflix or iTunes and purchasable on Amazon for about $18 (and not carried by the San Francisco, Oakland, San Jose, or Berkeley public libraries — still resources for many).

“There are hundreds like this,” Sanderson said. “If we close, people will have to buy them to watch them. The reality is we’re going to leave a lot of options behind that are available to us in our current collection.”

I asked her if she thought video stores could retool themselves as repositories of harder-to-find titles. “I don’t know if we can address that in time to save our business,” she said. But renting rarer films for a higher fee might be one option, she suggested.
Still, if you really want to see a particular film…

… I have found you probably will be able to find it online — somehow, some way — though your ability to overcome technical obstacles, overlook inferior image quality, and tolerate dipping into the louche world of illegal downloading will dictate the quality of the experience. Technology reporter Alex Hearn of the UK’s Guardian stuck up for physical media recently when he wrote, “When it comes to discs, a flaky broadband connection or buggy BT Homehub can’t derail the experience — something that can’t be said for streaming. There’s little worse than settling down for an evening movie and watching it buffer for five minutes, before playing 30 seconds then buffering again.”

Still, it’s a mark of just how much stuff is out there that I was able to find several films online that interviewees in this piece mentioned were unavailable. And with tools like Google’s Chromecast I could even stream them to my TV.

Looked terrible. But you get used to it.
http://ww2.kqed.org/arts/2014/09/12/...treaming_dvds/





Netflix Refuses CRTC Demand to Hand Over Subscriber Data

Video streaming company not 'in a position to produce competitively sensitive information'
CBC News

Netflix was ordered last week to give confidential subscriber data to the Canadian Radio-television and Telecommunications Commission. The company did not comply with the CRTC deadline.

Netflix says it won't turn over confidential subscriber information to Canada's broadcast regulator in order to safeguard private corporate information.

The video streaming company was ordered last week to give the data to the Canadian Radio-television and Telecommunications Commission by Monday, along with information related to the Canadian content it creates or provides to subscribers.

A Netflix official said Tuesday that while the company has responded to a number of CRTC requests, it is not "in a position to produce the confidential and competitively sensitive information."

But in a statement, the company said it is "always prepared to work constructively with the commission."

The comments came in the middle of the regulator's "Let's Talk TV" hearings on the future of broadcasting rules, including allowing cable customers to be able to create their own personalized cable packages. Since Netflix is not a conventional broadcaster, there's much doubt that the Broadcasting Act that the CRTC enforces even applies to the company.

What happens now is very much in the air, University of Ottawa law professor Michael Geist told the CBC in an interview Tuesday. "Netflix likely felt pushed into the corner on a bigger issue, which is the CRTC’s authority to regulate online new media," he said.

"The issue has been simmering for about a decade, but everybody took a hands-off approach," Geist said. "Once there was a threat from the CRTC on Friday, it really did force Netflix’s hand."

Thorny issue

A Netflix executive told the country's broadcast regulator on Friday before being ordered to hand over the confidential company information that regulating the internet to help boost Canadian content will only hurt consumers.

In an occasionally tense appearance before the CRTC, Corie Wright urged the broadcast regulator to let market forces dictate what consumers can watch.

Netflix was one of 13 organizations that testified on the last day of public hearings last week before the CRTC on the future of television regulation in Canada.

The impact of Netflix and other online video providers on the country's traditional TV broadcasting sector was central to the hearings.

Wright, Netflix Inc.'s global public policy director, told the five-member CRTC panel that regulating internet-based video services would fly in the face of competition, innovation and consumer choice.

"Netflix believes that regulatory intervention online is unnecessary and could have consequences that are inconsistent with the interests of consumers," Wright said.

She said viewers should have the ability "to vote with their dollars and eyeballs to shape the media marketplace."

Fight over confidential data

During the hearings, CRTC chairman Jean-Pierre Blais became agitated when Wright refused a direct request to provide confidential subscriber information.

Wright said Netflix was concerned that private corporate information submitted to the commission might later find its way into the public sphere, which could make the service vulnerable to exploitation by its competitors.

Blais steadfastly ordered Netflix to provide the data — along with information related to the Canadian content it creates or provides to subscribers — by the end of the day on Monday.

"Netflix's kind of late-1990s view of the internet as some unregulatable space was dragged into the 21st century and was put on notice," said Carleton University journalism professor Dwayne Winseck, who characterized Wright's appearance as "theatre."

"The CRTC has a Broadcasting Act to live up to and Netflix ... has to have a respectful conversation in that light."

For his part, Geist said the fight between the regulator and the streaming company is likely to end up in court. "My guess is they find a way to resolve this behind closed doors with Netflix voluntarily providing the info the CRTC is asking for and everybody goes back to the status quo, where there’s open questions about the CRTC’s ability to regulate here."

This third and final phase of hearings was launched with the intent of providing consumers will greater choice and helping Canada's television broadcasting sector adapt to quickly changing technologies that have TV networks, local stations and traditional third party content suppliers struggling to maintain revenues.

The hearings also heard from a wide range of stakeholders about proposals to allow Canadians to pay for only the TV channels they want, rather than being forced to subscribe to bundled channels — a so-called pick-and-pay model that has been touted by the federal Conservatives as good for consumers.

American TV network executives also appeared before the CRTC, arguing for regulations that would see stations south of the border compensated for providing "free" programming on Canadian airwaves — something Blais suggested would run counter to the regulator's mandate.
http://www.cbc.ca/news/business/netf...data-1.2774921





Not Just Netflix: Google Challenges the CRTC’s Power to Regulate Online Video
Michael Geist

The Netflix – CRTC battle has generated considerable attention, but Netflix is not alone in contesting the CRTC’s authority to regulate Internet video services. As I suggested in a post yesterday, Google has adopted a similar position, refusing to provide the Commission with all of the information it was seeking. While the Google and Netflix submissions have oddly not yet been posted by the CRTC (all others have), the Globe obtained a copy that confirms Google’s position that it believes it also falls outside the Broadcasting Act. According to the report (also not online), Google declined to provide some requested data, noting that “Google does not publish or otherwise disclose this commercially sensitive business information.” The company adopted the position that its disclosures were voluntary and that it is not part of the Canadian broadcast system.

The Google position is notable because it is presumably not based on the question of presence within Canada, since Google maintains a significant Canadian presence. Rather, the core challenge will likely focus on whether a service such as Youtube (which once went by the slogan “Broadcast Yourself”) can properly be characterized as broadcasting for the purposes of current Canadian law.

Since Google appeared on the first day, it is easy to forget that its appearance before the CRTC was also marked by tension with the Commission. For example, there was this exchange between CRTC Chair Jean-Pierre Blais and Google’s Jason Kee:

THE CHAIRPERSON: Now, in your submission you’re arguing that Canadians are very successful in the online environment, both in terms of creating the content and exporting it, in a sense, beyond the borders, yet I seem to find no evidence or research that supports exactly what kind of Canadian content or content made by Canadians we are talking about. I find that a bit surprising from a company that prides itself to being the information and web search expert.
MR. KEE: It’s precisely for that reason that at least I provided some of the anecdotal examples of a few of the success stores that we have seen on the platform. In the online environment it’s actually not unusual that detailed information like that is actually not disclosed, largely for competitive reasons, which is why it wasn’t included.
THE CHAIRPERSON: Our rules allow for filing information in confidence. Are you saying that you have that information?
MR. KEE: I’m saying that I would have to have internal discussions about the availability of the information.
THE CHAIRPERSON: What do you mean by that?
MR. KEE: I would have to have a discussion internally about whether or not that information could be obtained.
THE CHAIRPERSON: That doesn’t really answer my question. Is that information available in terms of the amount of content available that is of Canadian origin, let’s say on the YouTube offerings?
MR. KEE: Internally we are able to determine where the content was uploaded from, which is what we are defining as Canadian content for the purpose of this discussion. As noted in my submission and in my presentation, that identifying something as Canadian content in the sense that the CRTC uses rules to determine it or, say, for a CAVCO scale for example, is not information that we have.
THE CHAIRPERSON: But you are able to identify how much of that content has been uploaded from a Canadian site or a Canadian location?
MR. KEE: Correct.
THE CHAIRPERSON: Whether or not it is 10 out of 10 or 9 out of 10 within the traditional regulatory network — regulations; is that correct?
MR. KEE: I’m not –
THE CHAIRPERSON: Well, you’re able to tell me you have information on where that audio-visual content is being posted; is that correct?
MR. KEE: Where it’s being uploaded from, correct.
THE CHAIRPERSON: Would you be able to provide that between now and the 19th of September?
MR. KEE: I would have to have internal discussions, with respect, because we don’t customarily disclose that kind of information.
THE CHAIRPERSON: This is a regulatory process and I can understand that you don’t necessarily share information with the public-at-large, that’s why we have rules and undertakings.
MR. KEE: And I can undertake to have a discussion internally with respect to the provision of that information.
THE CHAIRPERSON: And I guess if you don’t provide it, we can draw the conclusions that we can from that lack of co-operation.
MR. KEE: It wouldn’t be intended as a lack of co-operation.
THE CHAIRPERSON: Whether you intend it that way or not, it may be perceived that way.
So will you be able to undertake to come back to us by the 19th of September on that issue?
MR. KEE: I can certainly come back with a response.


CRTC Chair Jean-Pierre Blais did not raise a regulatory threat as he did with Netflix, but the reference to drawing conclusions on Google’s lack of cooperation was a clear shot across the bow. In light of those comments, both Google and Netflix appear to have concluded that they will cooperate voluntarily where possible, but are prepared to challenge the CRTC’s jurisdiction over their online video services. With two of the biggest Internet companies in the world disputing the CRTC’s authority to regulate, the Commission may well head to the courts to either enforce its perceived powers or simply ask the courts by way of reference to determine whether the Broadcasting Act applies to Internet video services.
http://www.michaelgeist.ca/2014/09/j...-online-video/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

September 20th, September 13th, September 6th, August 30th


Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - November 24th, '12 JackSpratts Peer to Peer 0 21-11-12 09:20 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 01:52 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)