P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 17-12-14, 08:35 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - December 20th, '14

Since 2002


































"Sony has no further release plans for the film." – Sony spokeswoman


"I wish [Sony] had spoken to me first. I would have told them do not get into a pattern where you’ll be intimidated by these attacks." – President Barack Obama


"A private interest is influencing some attorneys general’s offices. Tragically, that is how the world operates nowadays." – Peggy Lautenschlager


"The Attorney General may prefer a pre-filtered Internet but the Constitution and Congress have denied him the authority to mandate it." – Google


"Law enforcement's warrantless and constant covert video surveillance of Defendant's rural front yard is contrary to the public's reasonable expectation of privacy and violates Defendant's Fourth Amendment right to be free from unreasonable search. The video evidence and fruit of the video evidence are suppressed." – Senior U.S. District Court Judge Edward Shea


"If Kim Jong Un and his henchmen were upset before, wait till they see the movie we're going to make." – Larry Flynt






































December 20th, 2014




Sony Cancels North Korea Movie in Apparent Win for Pyongyang Hackers
Eric Kelsey, Lisa Richwine and Piya Sinha-Roy

Sony Pictures has cancelled the release of a comedy on the fictional assassination of North Korea's leader, in what appears to be an unprecedented victory for Pyongyang and its abilities to wage cyber-warfare.

Hackers who said they were incensed by the film attacked Sony Corp (6758.T) last month, leaking documents that drew global headlines and distributing unreleased films on the Internet.

Washington may soon officially announce that the North Korean government was behind the attack, a U.S. government source said.

The $44 million (£28.2 million) raunchy comedy, "The Interview", had been set to debut on Dec. 25, Christmas Day, on thousands of screens.

"Sony has no further release plans for the film," a Sony spokeswoman said on Wednesday when asked whether the movie would be released later in theatres or as video on demand.

Earlier in the day, Sony cancelled next week's theatrical release, citing decisions by several theatre chains to hold off showing the film. The hacker group that broke into Sony's computer systems had threatened attacks on theatres that planned to show it.

North Korea has denied it was behind the hacking, but security experts in Washington said it was an open secret Pyongyang was responsible.

"The North Koreans are probably tickled pink," said Jim Lewis, a senior fellow with the Center for Strategic and International Studies. "Nobody has ever done anything this blatant in terms of political manipulation. This is a new high."

Sony came under immediate criticism for the decision to pull the movie.

"With the Sony collapse, America has lost its first cyberwar. This is a very, very dangerous precedent," said former Republican House of Representatives speaker Newt Gingrich in a Twitter post.

However, Sony's shares closed 4.8 percent higher in Tokyo on Thursday, outperforming the 2.3 percent gain on the Nikkei benchmark index, as investors said there was hope the movie’s cancellation would help bring an end to the crisis.

"By not releasing the movie, they won’t be hacked again. Investors think that from here on, further damage probably won’t be done," said Makoto Kikuchi, CEO of Myojo Asset Management. "Whether that justifies a 5 percent jump in Sony’s stock, I’m not so sure."

Macquarie analyst Damian Thong estimated last week, before the cancellation of "The Interview", that losses from the hacking including online leaks of other movies such as “Fury” and “Annie”, would likely be around 10 billion yen (£54.1 million). The worst case scenario, he said, would be an impairment of 25 billion yen.

"TEAM AMERICA"

The film industry showed support for the film in various ways. Hollywood filmmakers and actors, many of them friends of "The Interview" stars Seth Rogen and James Franco, also criticised the decision made by theatres and Sony.

Texas cinema chain Alamo Drafthouse said its Dallas-Fort Worth theatre would show the puppet-comedy "Team America: World Police" in which a U.S. paramilitary force try to foil a terrorist plot by late North Korean leader Kim Jong Il.

The White House National Security Council said the United States was investigating the Sony breach and would provide an update about who did it at the appropriate time.

"The U.S. government is working tirelessly to bring the perpetrators of this attack to justice, and we are considering a range of options in weighing a potential response," NSC spokeswoman Bernadette Meehan said, adding that the government was not involved with Sony's decision to pull the film.

The U.S. Federal Bureau of Investigation warned theatres and other businesses associated with "The Interview" on Tuesday that they could be targeted in cyber-attacks, according a copy of the document reviewed by Reuters.

Still, several U.S. national security officials told Reuters the government had no credible evidence of a physical threat to moviegoers.

Sony said it was "deeply saddened at this brazen effort to suppress the distribution of a movie, and in the process do damage to our company."

The studio said it stood by the film makers of "The Interview".

(Additional reporting by Jim Finkle in Boston, Mark Hosenball in Washington, Ritsuko Ando, Thomas Wilson and Reiji Murai in Tokyo; Editing by Chizu Nomiyama, Richard Chang and Raju Gopalakrishnan)
http://uk.reuters.com/article/2014/1...0JV2HN20141218





Pirate Bay Shutdown Has Had Virtually No Effect on Digital Piracy Levels
Todd Spangler

The Pirate Bay was deep-sixed this week in its home port of Stockholm, Sweden, after cops raided a data center hosting the world’s most famous piracy organization. But its absence appears to have put hardly a dent in global piracy activity over the last four days.

On Monday, Dec. 8, a total of 101.5 million Internet addresses worldwide were engaged in torrent downloads of relevant titles tracked by anti-piracy firm Excipio (including movies, TV shows, music, videogames, software and other digital media). On Dec. 9, Swedish law-enforcement authorities — acting on a complaint from an anti-piracy group based in the country — descended on a Web-hosting facility used by Pirate Bay and confiscated its servers and other equipment.

The result: The total number of IP addresses engaged in peer-to-peer downloads of content tracked by Excipio dropped slightly from 99.0 million on Dec. 9 to 95.0 million and 95.6 million the following two days, before bouncing back to 100.2 million on Friday, Dec. 12. That’s roughly in line with the daily average of 99.9 million since Nov. 1, according to Excipio.

While the Pirate Bay had attracted millions of users, pirates are still pillaging Hollywood content using any one of dozens of other sites or services.

For the six days ended Dec. 11, the top five pirated moves were 20th Century Fox’s “The Maze Runner” (with 491,798 average daily piracy users per day), Marvel’s “Guardians of the Galaxy” (470,182), “Lucy” (405,258), Sony Pictures’ “Fury” (290,494) and Paramount Entertainment’s “Teenage Mutant Ninja Turtles” (265,581), per Excipio.

On the TV front, over the Dec. 6-11 period, pirates swarmed over AMC’s “The Walking Dead” (717,190 average peers per day), followed by CW’s “The Flash” (576,093), CW’s “Arrow” (518,816), FX’s “Sons of Anarchy” (427,167), Showtime Network’s “Homeland” (413,620) and CBS’ “The Big Bang Theory” (412,729).

The Pirate Bay, founded in Sweden in 2003, has been the target of multiple lawsuits, criminal prosecutions and police raids over the years.

Since the Swedish-hosted site of the Pirate Bay was unplugged from its website with the domain suffix .se, other sites have claimed to have picked up its mantle. But some of those are malware-laced fake sites, and others are opportunistic placeholders that do not replicate the original piracy haven.

In a blog this week by one of the piracy organization’s founders, Peter Sunde (who goes by the online pseudonym “Brokep”) wrote that the Pirate Bay had “no soul left” and that he didn’t care if the site had been shut down. “It feels good that it might have closed down forever, just a real shame the way it did that,” Sunde wrote.
https://www.yahoo.com/movies/s/pirat...191141913.html





Cyber Attack Against Swedish Government After File-Sharing Website Raided

Hackers hacked the e-mails of Swedish government members after the country's authorities raided the serves of a file-sharing website called Pirate Bay, according to a report by Russian news site Russia Today.

The Pirate Bay site, which was considered one of the oldest and largest in the file-sharing world, stopped working about a week ago and sparked viral riots all over the world.
http://www.ynetnews.com/articles/0,7...603541,00.html





Hackers Leak Swedish Government Logins in Response to Pirate Bay Raid
Melanie Watson

Pirate BayA group of hackers leaked the log-in details of 38 government emails (who were mostly from Sweden) in retaliation for the Pirate Bay police raid last week.

The Anonymous hacktivist group also claims to have hacked into government email accounts of Israel, India, Brazil, Argentina and Mexico.

According to Swedish news site The Local, the Swedish Internet company Telia also suffered because of the Pirate Bay raid. On 12 December they suffered a distributed denial-of-service attack, which affected their online services and user connections.

Pirate Bay, the illegal file sharing site, was taken down last week after a Swedish police raid but it was shortly brought back to life by file sharing competitors Isohunt.

“We, the Isohunt.to team, copied the base of the PirateBay in order to save it to the generations of users. Nothing will be forgotten.”

David Jacoby, Kaspersky Lab’s chief researcher, commented on the latest attacks:

“These attacks don’t come from nowhere. The Pirate Bay raid has provoked feelings in these groups”.
http://www.itgovernance.eu/blog/hack...rate-bay-raid/





isoHunt Now Lets Anyone Launch their Own Version of The Pirate Bay
Emil Protalinski

Not satisfied with merely launching The Old Pirate Bay, torrent site isoHunt today debuted The Open Bay, which lets anyone deploy their own version of The Pirate Bay online. This is achieved via a new six-step wizard, which the group says requires you to be somewhat tech-savvy and have “minimal knowledge of how the Internet and websites work.”

The Pirate Bay, the most popular file sharing website on the planet, went down last week following police raids on its data center in Sweden. As we’ve noted before, The Old Pirate Bay appears to be the best alternative at the moment, but since The Pirate Bay team doesn’t know if it’s coming back yet, there is still a huge hole left to be filled.

In fact, The Pirate Bay recently said that if its site code wasn’t “so shitty,” the team would make it public “so that everyone could start their own bay.” isoHunt.to, the isoHunt of today which has no relation to the original isoHunt.com nor its staff, wants to do just that, although of course it’s offering its own code, not The Pirate Bay’s.

To launch your own torrent site, you’ll need some basic server equipment, hosting, and your own domain name. isoHunt is giving access to its own database and its Spinx search engine, but you can use whatever source you’d like.

In fact, the company has released a torrent database file with the combined content from isoHunt, KickassTorrents (via its public API), and The Old Pirate Bay. That said, isoHunt admitted to VentureBeat that there isn’t much original content unique to just The Pirate Bay:

When we started to recollect data after the TPB police raid across the web not a lot of pure information was found. We started to separate our own data to find the torrents that were taken from TPB for the last year. So partially our databases are mixed.

The team goes on to explain that this is because public trackers are constantly checking each other to grab new torrents, resulting in a lot of overlap. When new files are uploaded to one torrent site, they are available everywhere else in a matter of minutes. In short, whatever you end up building via The Open Bay, you’ll be joining the broader torrent swarm.

isoHunt has also open sourced the code for The Open Bay project on GitHub. The goal is to let the broader file-sharing community build new functions and features for “the distributed TPB” so that it can continue to improve.

The group says its hope is that this will spur the creation of thousands of websites like The Old Pirate Bay, making it impossible for authorities to shut them down all at once. “This way we want to show everybody that ideas are immortal and belong to everybody,” isoHunt said in a statement.

Of course, that’s nothing new: There are many torrent sites out there, large and small, and new ones arrive every year. Yet unless The Pirate Bay decides to come back, there is a lot of hype around the brand that many want to capitalize on, and now they can do so with ease.
http://venturebeat.com/2014/12/19/is...he-pirate-bay/





Now There's A Torrent Network That Could Be Impossible For Police To Shut Down
James Cook

Researchers from Delft University of Technology have unveiled a new torrent client that they claim is "impossible to shut down," TorrentFreak reports.

BitTorrent is the internet file-sharing technology that virtually all illegal file-sharing sites use to let people download stolen movies and music. It works by distributing the download of a file between lots of computers, meaning that no single server hosts all of the content.

The way BitTorrent works at the moment might sound like the perfect way to shares files online, but it's actually vulnerable to police raids and and websites being seized. There are two parts to downloading a torrent file: Browsing a torrent site to find what you want, and then using a torrent client to download the file. If a torrent site goes down, then no matter how distributed the download network is, people are still going to have problems downloading content.

On December 9, The Pirate Bay was taken offline after a police raid in Stockholm. Despite being one of the biggest file-sharing sites on the internet, it was still vulnerable to something as simple as a police raid on the location where it hosts part of its servers.

As TorrentFreak reports, university researchers have developed a new kind of torrent client that is, in theory, impossible to take offline. Tribler, as it's called, is a torrent client, a program used to download files. But what's different about it is that it doesn't need to connect to a website to search for files: It all takes place within the program.

Another reason why Tribler is more secure than normal torrent sites is that it uses an anonymous network, similar to Tor, to mask its users' real identities. When you use a standard torrent client, your IP address (the number tied to your real-life location) is shown publicly. But Tribler uses onion routing, meaning it wraps data with multiple layers of encryption.

Dr. Pouwelse, one of the researchers who developed the program, praised Tribler as "an attack-resilient and censorship-resilient infrastructure for publishing." Interestingly, he also claimed that Tribler saw a 30% increase in users after the Pirate Bay was shut down.
http://www.businessinsider.com/delft...client-2014-12





Xiaomi's India Smartphone Ban Exposes Wider Patent Risk
Sumeet Chatterjee and Gerry Shih

The court order that banned Chinese mobile maker Xiaomi from selling its phones in India has halted its breakneck expansion into the world's fastest growing major smartphone market and could be just the start of a string of patent challenges.

Xiaomi Technology [XTC.UL] only started selling in India in July and quickly became the country's fastest growing smartphone brand; with minimal marketing, it is already outselling even low-cost smartphones running Google's Android One.

Hugo Barra, the former Google executive now leading Xiaomi's international operations, told Reuters in November how rapidly the country had taken to his brand.

All it took was a single Facebook post to draw dozens of superfans to a California Pizza Kitchen in Mumbai to meet him, he said.

"It was far more than we expected. The community has really, really embraced us," he said.

And then came Wednesday's court order to stop selling, after a patent infringement case was filed by telecom equipment maker Ericsson. The ban will last until at least Feb. 5, when the Delhi court hears the case again.

But that is unlikely to be the end of the young company's battle over intellectual property (IP) rights.

Sources close to Xiaomi say its leadership has privately acknowledged for years its vulnerability to patent entanglements. The higher risks of IP litigation in Western markets even played a role in shaping Xiaomi's strategy of expanding in India and Southeast Asia, the sources said.

Xiaomi said in a statement that "it isn't easy" to build up a patent portfolio as a start-up company, but it aims to have filed 8,000 applications by 2016.

On its home turf, Xiaomi has already been dogged by IP controversies with other Chinese firms, mostly over content rights for its streaming TV service.

As its smartphone business, already number one in China, continues to grow, however, industry analysts expect greater pressure at home, particularly since two of its fiercest handset rivals, Huawei and ZTE Corp, are among the top telecom patent holders in China.

GROWTH SETBACK

Until it is lifted, the ban in India will be particularly hard on growth prospects. In a country where just one in 10 people use smartphones, the potential is vast. The market grew 82 percent in the third quarter, while China expanded at a relatively modest 10.8 percent, according to research firm IDC.

Barra posted a message on the company's website on Friday apologising to fans.

"Rest assured that we're doing all we can to revert the situation," he wrote. "Stay tuned for more information."

In China, Xiaomi already outsells Apple and Samsung Electronics in smartphones, and it became the world's third-largest vendor as of October, though it is little known outside Asia.

Unlike Apple, which introduces a new iPhone just once a year, Xiaomi rolls out updated models frequently, usually in small batches that sell out in seconds. It sells only online, and with minimal advertising, relying on word of mouth to build anticipation for each new launch.

In India, Xiaomi initially imported 10,000 devices a week but soon had to ramp that up to 60,000 to 100,000 to meet demand, India business chief Manu Jain told Reuters before the sales ban. It has chartered flights four times to rush in fresh supplies.

Jain did not respond to a request for comment on the business impact after the order.

Rushabh Doshi, an analyst at technology research firm Canalys in Singapore, said the ban would "leave a gap in the market, to be quickly filled by local or international vendors looking to increase market share".

The court case will also make phone vendors wary about their current patent portfolio and require them to step up their spending on research and development, he added.

(Additional reporting by Jeremy Wagstaff in Jakarta and Miyoung Kim in Singapore; Editing by Emily Kaiser and William Waterman)
http://uk.reuters.com/article/2014/1...0JS08620141214





Apple Wins Decade-Old Suit Over iTunes Updates
Brian X. Chen

A jury took about three hours to reject an antitrust lawsuit — 10 years in the making — that accused Apple of using a software update to secure a monopoly over the digital music market.

The eight-member jury in federal court here unanimously determined that Apple had, in fact, used an update of the iTunes software that it issued eight years ago to deliver genuine improvements for older iPods.

The verdict rendered on Tuesday wrapped up a class-action suit that had been in various courts and in various forms — and even contained various accusations — before it finally went to trial in early December.

The lawsuit involved iPods sold from September 2006 to March 2009 that were able to play only songs sold in the iTunes Store or those downloaded from CDs — not music from some competing stores. Apple was accused of violating antitrust law by using a copyright management system to lock people into buying iPods rather than cheaper alternatives.

The plaintiffs were seeking at least $350 million in damages, an amount that could have tripled if the jury found that Apple violated antitrust law.

Apple applauded the verdict in a statement. “We created iPod and iTunes to give our customers the world’s best way to listen to music,” a spokeswoman said. “Every time we’ve updated those products — and every Apple product over the years — we’ve done it to make the user experience even better.”

Before the trial began, the lawsuit was expected to provide a window into a very different time in the technology industry, when Apple was still an underdog and it was not clear who would eventually dominate online music. It featured videotaped testimony of Steven P. Jobs, the Apple co-founder, recorded shortly before his death, as well as some of his emails. Several other Apple executives were called to the witness stand.

But the case handed to the jury on Monday was very different from the one presented when the trial opened.

Lawyers discovered that two of the plaintiffs initially named in the suit did not buy iPods in the relevant time period, so they were removed from the case. The judge overseeing the trial appointed a new plaintiff, Barbara Bennett of Marshfield, Mass., a few hours before the case was handed to the jury on Monday. But Ms. Bennett was not given time to testify.

Among other arguments in their closing statements, Apple’s lawyers repeatedly pointed out that the plaintiffs’ side lacked any actual iPod customers saying they were harmed.

“There’s not one piece of evidence of a single individual who lost a single song, not even a complaint about it,” said William Isaacson, Apple’s lead lawyer in the case. “This is all made up at this point.”

The substance of the plaintiffs’ claims was also whittled down during the trial.

The jury was initially instructed to assess whether two versions of iTunes software were genuine product improvements. But the judge tossed out a claim about the second iTunes version after an economist testifying for the plaintiffs, Roger Noll from Stanford University, conceded in court that he had not assessed any impact made by that version of the software.

The backdrop for the trial was an old fight between Apple and RealNetworks, an Internet media service that created a workaround to allow songs sold in its store to play on iPods and other media players. In response, Apple in 2004 issued a statement accusing RealNetworks of hacking the iPod and warning that future software updates might prevent songs sold by RealNetworks from playing on iPods. RealNetworks was not a party in the suit.

In their testimony, Apple executives emphasized that iTunes software updates included security enhancements to protect iTunes music from hackers. In his videotaped deposition, Mr. Jobs said iTunes hacks subjected Apple to violating its contracts with the music companies, which could result in the labels’ withholding their music.

“We went to great pains to make sure that people couldn’t hack” into Apple’s copyright system, Mr. Jobs had said. “Because if they could, we would get nasty emails from the labels threatening us to, you know, that they were going to yank the license.”

Mr. Jobs added that in the process of fixing hacks, “it might screw up the Real technology anyway, as collateral damage.”

Over the weekend, the lawyers suing Apple filed papers adding another accusation: that Apple and the online retailer Amazon had colluded to make their products successful while blocking their competitors. The judge overseeing the case, Yvonne Gonzalez Rogers, expressed her displeasure with the move.

“You know, lawyers, you overreach,” Judge Gonzalez Rogers told the plaintiffs’ lawyers before the jury entered the room on Monday. “And by overreaching, I don’t trust you.” She did not allow them to share the argument with the jury.

Patrick Coughlin, a lawyer for the plaintiffs, said that it was a very tough case and that his side was planning to appeal.

“But at least we got a chance to get in front of a jury, and that’s all you can ask,” he said in a conversation with reporters outside the courtroom.

Michael A. Carrier, a professor at the Rutgers School of Law, said the verdict was no surprise because the plaintiffs’ lawyers faced an uphill battle trying to demonstrate that Apple was not adding innovations with its iTunes software, even if blocking competitors’ songs was a side effect.

But it was a surprise, Mr. Carrier said, that the two named plaintiffs in the case did not own the right iPods, a shocking oversight for a lawsuit so long in the making.

“Frankly, I find that flabbergasting, that in a universe of eight million potential plaintiffs, the two that were selected were disqualified,” Mr. Carrier said. “That really tells you a lot about this trial.”
http://www.nytimes.com/2014/12/17/te...pod-music.html





How Digital Music Missed Its Big Chance
Caleb Garling

Jeff Patterson wanted everyone to try Zima. It was the early 1990s and he’d brought a few six-packs into the offices of the Internet Underground Music Archive (IUMA).

IUMA, co-founded by Patterson, was the first major online outlet where fans could download the music of unsigned musicians, and it needed money. Zima, the now-defunct “alcopop” beverage, had offered to install a banner advertisement on IUMA’s homepage, a groundbreaking revenue idea at the time. So Patterson called an all-hands meeting and passed out bottles to a staff of hackers hell-bent on overturning the music industry.

But IUMA had to keep it real. If they liked Zima, the banner ad would go up; if they didn’t, they’d decline the cash. After a few sips, Patterson recalls, “we said no fucking way were we going to have Zima.

“So we turned them down.”

That uncompromising attitude would be the public face of IUMA until 2006, when after a long, slow decline it finally shuttered its doors. Before Napster, MySpace, Soundcloud and Spotify were a twinkle in a programmer’s eye, IUMA’s creators were already shaking their fists at the music industry. Founded when the number of people using the ’net measured in the tens of millions, IUMA became the online repository for upstart bands, where they could upload and advertise their tunes, build their own pages, sell merchandise and, eventually, let people play tracks right from the site. Bands could choose whether to charge or give away their music, in order to build a following for live shows.

At the time Patterson and co-founder Rob Lord trumpeted the coming music industry upheaval, the “leveling” of the playing field and the end of labels. Soon we’ll be beaming bands directly to our living rooms, they promised, and every band will have a group of fans waiting to find them.

As the first high-profile site to offer music downloads, IUMA inevitably encountered technical roadblocks that later music sites could overcome. Slow Internet connections, for example, made the process of uploading and downloading tracks arduous, limiting the site’s reach. Streaming music services today, such as Soundcloud, harness faster connections and mobile devices to succeed where IUMA failed—the German company, which may be the closest heir to IUMA’s mantle, now reaches over 350 million people every month. Yet technical constraints were not the only reason that IUMA would ultimately fail. Its leadership never hit on a business model that worked, which would, along with Napster’s explosion, seal the company’s fate as no more than an introductory chapter in the history of digital music.

I meet Patterson at a little cafe on South Park in San Francisco. He’s still soft-spoken, but his once long hair is peppered grey. Now a grizzled startup veteran sporting a hoodie, he still follows the music business but only as a listener. His days as a revolutionary have passed.

In the early 1990s Santa Cruz held an exalted place in the tech universe, home to numerous “Geek Houses,” where hackers cohabited and coded the new web. These geeks — described in the LA Times as “nerds with social skills”—recognized the early web as a new medium of social interaction. Yet upload and download speeds were so slow that large files were almost useless—especially audio files. As The San Jose Mercury News noted at the time, “the digital information required for a single song would consume the entire capacity of a typical hard disk drive.”

In late 1993 Patterson and Lord were audiophile computer science students fascinated by the code that shrunk huge sound files. Numerous compression algorithms had begun emerging, both in academic circles and around the web, and the two young men began blind-testing compressed songs to see if they could spot the difference in quality. (Jon Luini, IUMA’s third co-founder, would join a few months later)

After a while, they could no longer tell the difference between a compressed song and an uncompressed one. CDs, they realized, could now go online. “That we geeked out on compression algorithms led us to do IUMA,” Patterson says.

Patterson played in an experimental rock group called Ugly Mugs, which he noted at the time, had “no commercial appeal.” Today he laughs and simply says they weren’t very good. But seeing the Ugly Mugs’ songs on the Internet, available to anyone, it became clear that a record label didn’t have to be the gatekeeper. Anyone could share their music online and potentially build an audience.

Compliments from listeners in Wisconsin, Russia and elsewhere started pouring in, and soon bands around town were uploading their tracks. Patterson says punk-ska band Sublime used those comments to prove to MCA, their eventual label, that they had a following outside southern California (perhaps marking the first time that Internet comments were useful). These sorts of tales kept coming, turbo-charging the IUMA offices. The team’s visions of re-architecting the music industry seemed to be coming true. Coders starting volunteering their services.

One of the many bands to use IUMA in the mid-90s was a Bay Area group called The Himalayans. The band already had momentum, but guitarist Dan Jewett still remembers when he and his bandmates started putting tracks online. “There was this hope that you could suddenly reach this much larger audience,” he recalls. “It’s hard for people to imagine.”

It didn’t take long for the sleeping giants to notice. Geffen Records called a meeting. Warner Brothers flew the founders to LA and wined and dined them. The executives curried favor with the IUMA crew, letting them raid their CD vaults and offering to take someone’s demo tape to “see what they can do.”

But the co-founders were walking around the lion’s den, and Patterson says they knew it. “We were worried what they’d try to do to us,” he says. IUMA targeted unsigned artists, so it was largely free of copyright concerns. Even so, digital replays of songs were becoming more common, and the labels had already begun flexing their legal muscles and lobbying lawmakers for more favorable royalty conditions. They recognized that the free flow of music could undercut their business. “If we don’t get this, our future is seriously threatened,” David Liebowitz, then executive vice president of the Recording Industry Association of America, said at the time.

Through the mid-90s IUMA’s popularity grew, but as a company it was hobbled by the fact that downloading music and doing business on the Internet was still slow and difficult. IUMA managed to land some flashy partnerships—the House of Blues brought it on to stream shows—but by the late ’90s it was running on fumes.

Clashes over business strategy splintered the founders. Patterson says Lord had wanted to focus on music sales while he wanted to bank on ads. In 1996 Lord (who didn’t return interview requests) left the company. Two years later eMusic, an online music store, began the process of acquiring IUMA for $7.6 million. It began lavishing money on the site, funding such gimmicks as a battle of the bands at The Fillmore in San Francisco that included Primus. At one point IUMA even offered to pay parents for naming a baby after the site. (Hope you saw some of that $5,000, Iuma Dylan-Lucas!)

But in 1999 the music industry changed forever. Napster showed the world — not just geeks — how easily one could pirate music. Copyrighted content spilled all over the Internet, and for a time it seemed like it would never be cleaned up. Consumers began to believe that music should be free.

So models like IUMA, with easy upload and download of content, were suddenly shunned by the boardroom in favor of models that either had compelling revenue streams or were less likely to run afoul of copyright law (and a record label’s legal team). Eventually eMusic tightened the pursestrings on IUMA, saying investing in unsigned artists wasn’t promising. When Universal Music offered to buy eMusic in 2001, Patterson says IUMA wanted no part of the giant. That year Vitaminic, a European music platform, bought IUMA for $900,000 in cash and stock.

But even in the face of failure IUMA kept up the gritty facade. In a statement after the Vitaminic deal in April 2001, Patterson declared, “IUMA cannot be stopped. We were here first and we are going to be here forever. When we ran out of cash the staff volunteered — when the staff became overwhelmed, the artists volunteered. We’re supported by a community of 25,000 artists with a voice that grows stronger every day, and we are simply too passionate to let this community die.”

Patterson left IUMA the following year. Vitaminic continued to provide a lifeline for the company, but soon it began its final death walk and closed in 2006, taking the collections of tens of thousands of artists with it.

Musician Thomas Dolby once mused that a label is nothing more than a “bank stupid enough to loan money to musicians,” a punchy quote that isn’t quite fair. Labels provide rolodexes, publicists and lawyers. Yet digitization has eroded the power of the first two on that list, and left the labels swinging the third like a samurai sword.

In the years following IUMA’s decline, online music startups have come and gone, many of them victims of legal skirmishes with the industry’s heavyweights. The struggle today is much as it was in IUMA’s day: hitting on a business model that can support the company and evade the threat of litigation. Streaming music service Soundcloud, which focuses on independent artists, has taken IUMA’s baton. The Berlin-startup has found traction with DJs and electronic musicians, and has wisely tried to stay out of record labels crosshairs (though sampled tracks have made that hard).

It boasts over 10 million users who create songs and other audio files, and 175 million listeners tune in every month. Without the painfully slow download speeds IUMA faced, Soundcloud is able to give small and unsigned artists a platform to beam their tunes anywhere. A once unknown Kiwi singer named Lorde, for example, released her debut EP on Soundcloud.

The idea is that as its artists grow, so does the platform. Yet when artists graduate from “indie” to the bigtime, as Lorde once did, they move to bigger platforms and management — and paradoxically this is the point when consumers will pay for their music. So if consumers won’t pay at the earlier stages in an artist’s career, digital music companies are forced to charge for services, either by asking musicians to pay for premium tools or advertisers to pay for placement.

To that end Soundcloud has been releasing more tools for small-time artists to monetize music on the platform. “We think it makes a lot of sense to pair up brands with bands,” says co-founder Eric Wahlforss. “We don’t think it’s great to have a paywall in front of content. We want the content to flow freely.” So you get songs such as SizzleBird’s “Leaves, PRESENTED BY JAGUAR.” Call it selling out or call it being smart — either way the band gets paid.

Those three sources—artist, advertiser and consumer—are so far the only revenue sources digital music businesses have found to keep the lights on. But a major challenge remains. When Patterson and Lord were building up IUMA, they welcomed the coming deluge of digital music that Soundcloud’s Wahlforss, and many others, today call a “democratization of content.” No gatekeepers need separate consumers and bands. Get a Tunecore account and your tracks will be on iTunes, Spotify, Rdio, Amazon and Google. Anyone can broadcast their music—and that’s the rub. Twelve hours—half a day—of new audio post to Soundcloud every minute.

Artists used to hustle by stapling posters to telephone poles and bathroom doors. Now their marketing efforts include launching clever crowdfunding campaigns, getting retweeted by someone famous or making lightning strike with the mystical viral video—all while also creating good music. “The part we didn’t solve was the discovery,” Patterson says of IUMA. “Great, now your music is out there — but how are people finding it? I still don’t think that’s been cracked.”

Though IUMA shuttered its doors, its shadow remains in more ways than one. For six years the massive trove of music that had existed on the site was presumed gone. But the fact that music is simply information is what ultimately saved that collection of tracks.

In IUMA’s final days, computing celebrity John Gilmore furiously scraped the tracks — imploring others to do the same — and stowed them away. In 2012 he worked with Jason Scott of Archive.org to put the “wreckage” of IUMA, as Scott calls it — 45,000 bands and over 680,000 tracks — back on the web, where it remains today, free for anyone to access.

“It’s what it was always meant to be: a big pile of music that people enjoy listening to,” Scott says. (Though about 100 artists have asked Scott to remove their music, many having shed punk guitar riffs for collared shirts.)

Casual browsing turns up all kinds of hidden gems. Adam Duritz was the lead singer of The Himalayans and would eventually bring the band’s song “Round Here” to the Counting Crows and the top of Billboard charts. Duritz ensured The Himalayans got songwriting credits for the iconic ’90s tune, and their version remains preserved on Archive.org.

Scott says listeners sometimes come across the IUMA music and review it, as if it were new, having no idea these tracks were first uploaded in the 1990s. “The music is timeless,” he says. “It just might be more angry at the first Bush than the second.”

For Patterson’s part, he still looks back on the IUMA days with fondness, and he appreciates the occasional free beer he gets from a dedicated fan of his efforts to lead music’s digital charge.

“For ten years IUMA defined me,” he says. “Every company I’ve done since then, we look back and try to think about having as much fun as we did back then.”
https://medium.com/backchannel/how-d...e-fab931566042





Warner Music Says It Loves Streaming Music — As Long as Listeners Are Paying for It
Peter Kafka

Like other music labels, Warner Music Group thinks the boom in streaming music services is a good thing. But like other music labels, Warner is really interested in the music services listeners pay for — and is growing less interested in the free ones.

Warner CEO Stephen Cooper spelled this out last week, during the company’s earnings call.* Like the rest of the music industry, streaming services are becoming increasingly important to Warner’s financials, because download sales are in free fall — which may well be at least partly due to the boom in streaming.

In Warner’s case, streaming revenue was up 74 percent over the last 12 months, while download sales dropped by 12 percent.

Here’s an extended chunk of Cooper’s scripted remarks from the beginning of the call, which are worth keeping in mind as Warner, along with Sony Music and Universal Music, start to engage in a new round of licensing talks with streaming services like Spotify. Read along, and we’ll discuss a little further down (emphasis added):

As we have said before, streaming – and particularly the subscription model – more fully captures the true demand for music. In the streaming universe, consumption drives the economics — so the more that people listen to music, the better it is for our artists and our business.

Much of the recent controversy has been around some on-demand digital services described as “freemium” because they have an ad-supported ‘free-to-the-consumer’ tier as well as a ‘premium’ subscription tier.

The primary reason we participate in the ad-supported tier is because it provides the means for consumers to discover the advantages of the premium offerings, and thus, leads them to become paying subscribers. There is also the fact that the ad-supported, ‘free-to-the-consumer’ tier – in conjunction with the attractive price-point of paid subscription services – makes streaming a great alternative to piracy.

We continue to believe that the long-term sustainability of the “freemium” model is predicated on high levels of conversion from ad-supported “free” to paid subscription. Of course, in order to achieve those levels, the benefits of paid subscriptions must be clearly differentiated from the ad-supported offerings.


A little later, Cooper got a little more pointed:

In our view, right now, enabling meaningful global growth in the number of paying subscribers is the best option for artists, for songwriters, for copyright owners and for the services themselves. Subscription streaming is not only a fantastic offering for music fans, it will propel the long-term health of the music industry. We look forward to continuing to work closely with our partners to turbo-charge the adoption rate for subscription streaming.

We were pleased that two of the biggest streaming services in the world have taken meaningful steps to convert segments of their massive customer bases into paying subscribers.“


So to be clear: The praise Cooper is offering is for YouTube, which used to be entirely free but has launched a subscription business, in part to satisfy the music labels, and SoundCloud, which is also free and and is also launching a subscription service, which is also being built with label demands in mind.

It is reasonable to assume that some of his comments are also directed at Spotify. Spotify has always had a free offering, designed to drive users to its paid offering. Now it says it has 12.5 million people paying some $10 a month. But there has always been grumbling from certain corners of the music industry that Spotify ought to be signing up more subscribers, and making more money for the industry.

And now, as Spotify begins to renegotiate contracts with the big music labels, you might view this as the beginning of a conversation about how that might happen.

Bear in mind that Apple, which got into the free streaming music business with iTunes Radio last year, got into the paid streaming music business this year by buying Beats Music.

And recently Apple has been telling the music labels that they could get more money in the long run by taking less money now, and lowering the prices they charge for streaming music subscriptions. Cooper’s comments don’t necessarily preclude a price cut for Apple (and the rest of the streaming services). But they do show that he’s not interested in any more giveaways.

* Warner went private in 2011, but still holds earnings calls to communicate to the large base of investors who own the company’s debt.
http://recode.net/2014/12/15/warner-...paying-for-it/





E-Book Legal Restrictions Are Screwing Over Blind People
Kyle Wiens

In late 2012, a 14-year-old high school student stood in front of a camera and began to read. Chris Nusbaum’s voice was calm and steady. And so were his hands, which ran smoothly over lines of braille as he made a personal appeal to Amazon—maker of the most widely-used e-reader in the world.

“My class has just been assigned a project for which we must use information in the class’s textbook. Every student has a Kindle, which has the textbook loaded on to it. All of the sighted students can easily read the material and complete the assignment independently,” Nusbaum read. “I, on the other hand, cannot read the book without the assistance of a sighted reader. Therefore, I am put at a severe disadvantage in completing the project when compared with my sighted classmates. … All of this because of a problem which can easily and inexpensively be solved by integrating text-to-speech software into your readers and making sure that your apps and information are accessible with that software.”

For the nearly 8 million people in the US with some degree of vision impairment, the advent of ebooks and e-readers has been both a blessing and a burden. A blessing, because a digital library—everything from academic textbooks, to venerated classics, to romance novels—is never further away than your fingertips. A burden, because the explosion of ebooks has served as a reminder of how inaccessible technology really can be.

For more than a decade, the visually-impaired have been locked in an excruciatingly slow and circuitous battle against US copyright laws. And it’s left the visually-impaired with few options but to hack their way around digital barriers—just for the simple pleasure of reading a book.

Books, Blindness, and Barriers to Content

There’s no Library of Alexandria out there for visually-impaired readers. Only 1 percent of published books are available in braille. And while audiobooks are widely available through online platforms like Audible, the selection is relatively narrow. Audible boasts more than 150,000 titles, but that’s only 4 percent of the estimated 3.4 million books that are available through Amazon. If you’re looking for an independent author, or the collected stories of a minor, long-dead novelist, or a biography on anyone less celebrated than a celebrity or a world leader—you’re probably out of luck.

Still, many popular books are available on venues like Audible, so we asked Blake Reid—head of the Samuelson Glushko Technology Law & Policy Clinic—whether that was enough. Reid’s team works on media and accessibility issues; they explained: “Yes, audiobooks are already on the market. But there are not very many of them, and virtually none for technical or academic subjects.”

That’s why ebooks and e-readers are especially promising for people with disabilities. There are well over a million ebooks in the Kindle’s Store alone—everything from cookbooks to magazines to how-to books. A lot of e-readers come prepackaged with a Text-to-Speech (TTS) feature, which converts the words on an e-reader’s screen into a synthesized, human voice. Essentially, TTS reads a purchased ebook aloud—and that’s been an incredible tool for making the collective digital library more accessible, and more inclusive.

That is, until the copyright hounds got out.

When the Kindle 2 was released in 2009, it came with TTS functions that could be used across all Kindle ebooks. Publishers balked. They argued that TTS would negatively impact the audiobook market, and that a computer reading an ebook aloud constituted a violation of copyright.

Amazon conceded, and it gave publishers the option to opt-out of TTS. Publishers took advantage of this and removed this feature from a huge swath of books. And so, the doors to the collective digital library slammed shut on the blind and print-impaired once again.

“Blind people, when we ask for accessibility, we’re not doing it because we want anyone’s charity,” Chris told us. “We want equal access to the same information that anyone else could have access to. We have the mental capacity to compete on equal terms in education and in the workforce and in any other areas of life with our sighted counterparts. In order to do that, we are just asking for a very simple request from developers and engineers and institutions of higher education: and that is make sure that we have access to information that we need. We’ll take care of the rest.”

The situation has improved since Chris made his appeal to Amazon two years ago. TTS features have gotten more prevalent—but there are still critical accessibility gaps that need filling.

“Among the three main ebook distributors—Apple, Amazon, and Barnes and Noble, text-to-speech support is limited. While Apple’s iPad has built-in text-to-speech functionality that works well with most formats of ebooks, including Apple’s own iBooks format, most Kindle devices do not,” Reid’s team explained. “Only the Kindle Fire has text-to-speech functionality, which can be (and often is) blocked by individual ebook publishers using DRM. Also, it is often difficult for readers who are visually impaired to determine which Kindle books have text-to-speech functionality disabled before purchase.”

DRM, or digital rights management, is a genteel term for digital handcuffs; it’s used to control access to copyrighted material. In ebooks, DRM stops pirates and profiteers from making thousands of copies of something like Tina Fey’s autobiography, and then selling them for cents on the dollar. Fair enough. But when it comes to accessibility, DRM becomes a barrier that can stop a reader with disabilities from listening to a good book.

Hacking for the Right to Read

That’s not to say that locks can’t be picked. Over the years, the print-impaired have found viable workarounds—hacks to pry open the doors to their digital library.

If a tablet doesn’t have a text-to-speech feature, you can modify it. Root the tablet and install a TTS app not sanctioned by the manufacturer. More commonly, though, people just strip the DRM off ebooks they buy. Then, the ebook can be uploaded to and read through an e-reader’s existing TTS feature. The problem is, both those workarounds are technically illegal under an esoteric clause in US copyright law.

Here’s why: The Digital Millennium Copyright Act (DMCA), a 1998 law designed to protect digital content from infringement. Under Section 1201, it’s illegal to break a technological lock that protects copyrighted content—like an encryption over a tablet or DRM over an ebook. So, it’s not just a voided warranty that would-be readers have to worry about: Web-connected e-readers are essentially tablets, and you can’t legally root or jailbreak a tablet. Even if you just want to trick it out with a cool app that extends the device’s accessibility or functionality.

Breaking the DRM on an ebook is also technically a violation—-but the Librarian of Congress granted an exemption for people who are visually-impaired or have a print impairment. But the ruling is interestingly idiosyncratic: it’s legal for someone with a disability to strip DRM from ebooks, but it’s not legal for developers to create programs or apps that strip DRM.

And the exemption isn’t permanent. Every three years, advocates have to request for the Librarian of Congress to extend his previous exemptions. Which means that people with disabilities are, essentially, legally mandated to ask for permission to read a book. Every three years. Which is what they’ve done for more than a decade.

And now it’s time to ask again. Reid’s team at the University of Colorado submitted, in conjunction with the American Foundation for the Blind and the American Council of the Blind, the petition to renew the current exemption.

“In a seemingly endless loop that calls to mind the dilemma of Bill Murray’s character in the movie Groundhog Day, we, our colleagues, and our pro bono counsel have poured hundreds of hours of work into a lengthy bureaucratic process that requires us to document and re-document the accessibility of copyrighted works,” said Mark Richert of the American Foundation for the Blind during a congressional hearing into the DMCA, “and argue and re-argue the rarely-disputed premise that making books and movies accessible to people with disabilities does not infringe or even remotely threaten the rights of copyright holders.”

Advocates narrowly procured the exemption for ebook DRM over the objection of the register of copyright when they applied in 2010. This year, it’s anyone’s guess—and that’s part of the problem.

Copyright law is taking away our rights. It means that developers are afraid of writing applications to help the blind. It means that consumers are afraid of repairing and tinkering with their things. And it means people with visual impairments, like Chris, don’t know if they’ll be able to keep listening to some of their books.

“For me, if I could describe Text-to-Speech in one word, it would be liberating,” said Chris, now 16 and a junior in high school. “It’s a kind of freedom. I, as a blind person, don’t have access always to most kinds of information that sighted people have access to. It’s a kind of freedom when I know that I have access to that information.”

Reading is a basic human right, and no one—not the Library of Congress and not corporate copyright lobbyists—should have the power to take that away.
http://www.wired.com/2014/12/e-books...ould-be-legal/





Sony Execs Argued Over Uploading ‘Fake Torrents’ to Fight Piracy
Adrianne Jeffries

One easy takeaway from perusing leaked emails from Sony’s TV and movie division is that the company, like the rest of the Hollywood establishment, absolutely loathes digital piracy and everything associated with it—so much so that a plan to circulate a fake version of a television show was praised for being “clever” but spiked because of a strict policy against using torrent sites.

“Personally, I love this… unfortunately the studio position is that we absolutely cannot post content (even promos) on torrent sites,” Pamela Parker, a senior executive in the division responsible for international television content, wrote in an email that was leaked to the public after hackers attacked Sony Pictures Entertainment.

“The studio spends millions of dollars fighting piracy and it doesn’t send a good message if we then start using those same pirate sites to promote our shows.”

Furthermore, the Sony legal department was concerned that official use of torrent sites would complicate any lawsuits the industry might want to bring against them in the future.

“The second piece has something to do with the coordinated efforts with the MPAA [Motion Picture Association of America] and some concern that doing anything could inhibit them in a future lawsuit going after the sites,” Paula Askanas, executive vice president of communications for international television, said in another leaked email.

The issue came up back in March, just after the second season of the thriller series “Hannibal”—which Sony says is one of its most-pirated shows in Europe—had premiered in the US and was starting to show up on illegal filesharing sites.

The plan, which was championed by Polish marketing employee Magda Mastalerz, was to upload a 60-second “Hannibal”-themed anti-piracy ad to popular torrent sites disguised as the first episode. The promo was aimed at convincing people in Central Europe to stop downloading and watch the show legally on the Sony-owned channel AXN.

In an email with the subject line “fake torrents - Hannibal,” Mastarlerz tried to convince her superiors to get over the stigma of using torrent sites:

From the legal point of view in many [Central European] countries the torrents sites itself are legal. Only sharing and downloading the illegal stuff there is not.

This project is to support anti-piracy strategy not against.

From my perspective this would be something really unconventional, something to be shared and presented in case studies presentations. Great story for be presented at the panel discussions.

Torrent sites are popular with pirates, but they are also used to circulate legal, non-pirated content. California-based BitTorrent, for example, has been working with artists like Diplo to get music released there.

Communications executive Askanas was among those supportive of the “fake torrents” plan. “If we could make this happen it would be a huge victory and one we could even replicate around the world,” Askanas wrote.

However, Sony’s lawyers and the executive vice president responsible for intellectual property quickly struck it down. The final decision: “no one is allowed to use these pirate sites as marketing tools,” as Askanas wrote.

The decision may have been a largely kneejerk reaction, but it’s hard to imagine the trick would have worked despite Mastarlerz’s note that “the success of this project is more than 100% sure.” A single TV episode in decent quality is going to be around 400 MB, while a 60-second promo is likely to be closer to 2 MB—something pirates are likely to pick up on right away.

Of course, Sony now has another reason to hate torrent sites: they’re where hackers have been circulating the company’s confidential data, pre-release films, and internal emails.
http://motherboard.vice.com/read/son...o-fight-piracy





Sony Hackers Offer to Withhold Stolen Data From Promised Leak
Arik Hesseldahl

A group claiming responsibility for the devastating hacking attack against Sony Pictures Entertainment on Sunday offered to selectively hold back on releasing email correspondence of its employees, provided that they write in and ask.

The offer, apparently from the Guardians of Peace, a group that says it has carried out the attacks, marks a new twist in its ongoing campaign of embarrassing leaks of data stolen from the studio’s computers studio, now entering its third week.

“Message to SPE Staffers,” reads the posting written in halting English. “We have a plan to release emails and privacy of the Sony Pictures employees. If you don’t want your privacy to be released, tell us your name and business title to take off your data.”

The message appeared on Pastebin and Friendpaste, two sites for sharing text files often favored for circulating information obtained in hacking attacks. It warned about a forthcoming disclosure that will contain more email correspondence of Sony Pictures employees.

The message then offers up links to several file-sharing sites for obtaining the latest trove, the eighth so far. The file appeared to a contain an email archive, nearly six gigabytes in size, belonging to Steve O’Dell, president of Sony Pictures Releasing International. A Sony spokesperson had no immediate comment.

The message refers to a forthcoming “Christmas gift” that was the subject of a message accompanying the seventh data dump circulated on Saturday. “The gift will be larger quantities of data. And it will be more interesting,” the message says.

Sony has been under a digital siege since Nov. 24 when it disclosed an attack that crippled its internal corporate network. The attack has steadily escalated over the course of three weeks. Unreleased Sony movies have been leaked to file-sharing sites, numerous embarrassing emails between Sony executives and other Hollywood power players have been disclosed, along with data about internal company deliberations, business plans, salaries and other confidential information.

The Guardians of Peace have referred to a “movie of terror,” and have demanded that it not be released. This is thought to be a reference to “The Interview,” a forthcoming comedy starring Seth Rogen and James Franco depicting a TV interview with North Korean leader Kim Jong-Un that turns into a CIA-sponsored assassination attempt. Re/code first reported that Sony was investigating a possible North Korean connection. North Korea has officially denied any connection to the attack, but has praised those who carried it out, calling it a “righteous deed.”
http://recode.net/2014/12/14/sony-ha...promised-leak/





Sony Pictures Demands That News Agencies Delete ‘Stolen’ Data
Michael Cieply and Brooks Barnes

Sony Pictures Entertainment warned media outlets on Sunday against using the mountains of corporate data revealed by hackers who raided the studio’s computer systems in an attack that became public last month.

In a sharply worded letter sent to news organizations, including The New York Times, David Boies, a prominent lawyer hired by Sony, characterized the documents as “stolen information” and demanded that they be avoided, and destroyed if they had already been downloaded or otherwise acquired.

The studio “does not consent to your possession, review, copying, dissemination, publication, uploading, downloading or making any use” of the information, Mr. Boies wrote in the three-page letter, which was distributed Sunday morning.

Sony’s action comes 20 days after hackers first infiltrated its computer systems and amid silence on the crisis from peer studios that Sony had hoped would publicly voice support. It comes after a flood of damaging media reports based on the hacked documents, which included information on Sony’s salaries, business negotiations, employee health records and private email conversations. One of the most volatile email exchanges, which included racially insensitive banter about President Obama’s imagined preference for black-themed movies, prompted public apologies by Amy Pascal, co-chairwoman of Sony Pictures, and by a prominent producer, Scott Rudin.

Over the weekend, the hackers, who have pressed Sony to withdraw its upcoming comedy “The Interview,” promised further data dumps by Christmas, when the film is scheduled to be released. The plot involves an attempt to assassinate the North Korean leader Kim Jong-un.

Until now, the data has provided a feast for traffic-hungry websites like Fusion and those owned by Gawker Media, along with some mainstream news organizations like Bloomberg, which last week posted an article — without citing names — revealing details of employee medical records that were made public by the hackers.

The New York Times has reported on some Sony emails and company-related data based on the accounts of other news organizations and on statements from Sony executives. Sony representatives have acknowledged the authenticity of the emails and data.

Heather L. Dietrick, general counsel for Gawker Media, said the organization was not yet aware of Mr. Boies’s letter. She said Gawker reports had been confined to “very newsworthy” and “revelatory” documents. A Bloomberg spokesman declined to comment.

As Sony has been battered, other major studios and the Motion Picture Association of America until now have offered virtually no public backing. Asked about the stance of Christopher Dodd, the association’s chief executive, a spokeswoman said he was not immediately available.

But the association issued a statement that read in part: “From the highest levels of our organization working with the highest levels of theirs, we are doing anything and everything that Sony believes could be helpful and will continue to do so.”

According to several people who were briefed on the matter, and who spoke on condition of anonymity because they were not authorized to comment, Mr. Dodd and Sony’s chairman, Michael Lynton, have sought, without success, to organize a letter of support from fellow studio chiefs. The letter did not materialize, according to one of those people, in part because rival studio chiefs felt it would be ineffective and might look like “a publicity stunt.”

Another person briefed on the discussions said Sony’s search for assistance was complicated by the studio’s Japanese ownership and a cultural reluctance by those in Japan to risk fanning the flames with public action. Some of Sony’s counterparts have also been reluctant to speak up because Sony itself has kept its public self-defense to a minimum.

Representatives for Walt Disney, Paramount Pictures, Universal Pictures, 20th Century Fox, Warner Bros. and Sony Pictures either declined to comment or did not respond to queries.

Privately, some Sony executives have expressed bewilderment and resentment at the public silence of the company’s peers. One of the studio’s executives used the following analogy: Imagine a cul-de-sac where, when one house erupts in flames, the neighbors never come outside to help.

A general reluctance to speak out against the free use of Sony’s stolen secrets is fueled, at least in part, by the fear that attention will swing to any vocal defender, either in the form of hacking or in unwanted media attention.

Indeed, there is a tacit acknowledgment that, so far, virtually nothing in Sony’s stolen emails looks different from what would likely surface if the hackers hit another studio.

At Warner, for instance, legal and administrative fights with the film magnate Harvey Weinstein have already provided a public glimpse of Hollywood’s bare-knuckle negotiating tactics, and a brawl over corporate succession aired severe tensions between top executives and the departed movie chief Jeff Robinov.

So the assumption is that almost every institution here has substantial dirty laundry — and some perhaps a great deal more than Sony, which has been relatively free of public scandal since the 1990s, when its executives and stars were tied to the Hollywood madame Heidi Fleiss.

When the industry came under scrutiny after mass shootings in Newtown, Conn., and in a Colorado movie theater that was playing Warner’s “The Dark Knight Rises,” Hollywood players and Mr. Dodd convened a White House summit to ease the situation with promises of fresh research into any connection between media and violence. Concerted action of that sort was more typical in the decades when Jack Valenti, a notably proactive leader, ran the motion picture association, and Lew Wasserman, as the chief of MCA Inc., which owned Universal, kept a careful watch over situations that were likely to damage the industry.

On Thursday, nearly three weeks after the attack on Sony’s systems, a Sony spokeswoman could point to only a handful of major public voices: Douglas Wick, a producer who was long based at Sony; Judd Apatow; and the directors Philip Lord and Seth Grahame-Smith, who directed Sony’s “22 Jump Street.” Writing in The Hollywood Reporter or on social media, the four men expressed allegiance to Amy Pascal, and Mr. Apatow lashed out at media outlets trafficking in stolen documents.

Aaron Sorkin, who has done business at Sony, added his support on Friday then increased it Sunday with an op-ed published on The New York Times website, in which he condemned the media’s use of the stolen material, calling it “morally treasonous and spectacularly dishonorable.” He also called for Hollywood’s studios, it’s unions and the motion picture association to join together to denounce the Sony attack “as an attack on all of us.”

Mr. Boies, for his part, had severe words for news organizations that continued to mine Sony’s data. “If you don’t comply with this request,” he wrote, Sony “will have no choice but to hold you responsible for any damage or loss arising from such use or dissemination by you.”

Kurt Opsahl, deputy general counsel for the Electronic Frontier Foundation, voiced doubt that the media could be forced to avoid such material, even if it was illegally obtained by a third party, given court precedent. “It is unfortunate that Sony got hacked, and lost control over its internal information,” Mr. Opsahl said in an email. “But the solution is not to muzzle the press.”

So far, the data files have been periodically loaded onto anonymous posting sites like Pastebin. Hackers have then notified reporters and others by email. Those who were curious could then download the files and sift through them to obtain information.

The combining of entertainment and media properties under one corporate roof appears to be playing a role in Hollywood’s reluctance to involve itself in the disclosures: Sony is the only entertainment company without some kind of news operation somewhere in the corporate mix.

Time Warner owns both Warner Bros. and TMZ.com, for instance. The Walt Disney Company owns ABC News and is a co-owner with Univision Communications of the more tabloid-oriented Fusion, which was among the first outlets to publish reports based on the hacked information. A Fusion spokesman said he was unaware of having received a letter and did not comment further.
http://www.nytimes.com/2014/12/15/bu...olen-data.html





Sony’s International Incident: Making Kim Jong-un’s Head Explode
Martin Fackler, Brooks Barnes and David E. Sanger

When Sony Pictures began casting last year for a new comedy to be called “The Interview,” early scripts included the assassination of a fictionalized North Korean ruler. It was not until auditions began that actors learned that the movie would portray something much more brazen: the violent killing of the actual leader of North Korea, Kim Jong-un.

Sony’s executives now say they knew that basing a film on the assassination of a living national leader — even a ruthless dictator — had inherent risks. But the studio seems to have gotten much more than it bargained for by bankrolling what it hoped would be an edgy comedy.

The still very-much-alive Mr. Kim, the leader of an isolated and unpredictable nuclear-armed nation, appears not to have been amused when the premise of the comedy became clear. North Korea branded the $40 million film, to be released on Dec. 25, “an act of war” and vowed a “resolute and merciless response.”

Then, last month, hackers unleashed one of the most punishing cyberattacks on a major corporation in recent memory, pilfering private emails, detailed summaries of executive salaries, and even digital copies of several unreleased Sony films that they posted online. It remains a mystery who was responsible.

Suspicion has fallen on Mr. Kim’s Bureau 121, an elite cyberunit, or patriotic hackers. But experts say pro-North Korea messages left behind could be a ruse to cover the hackers’ real tracks.

What is clear is that by deciding to go ahead with the film, Sony stumbled into a geopolitical mess complete with all the elements of a Hollywood thriller: international intrigue, once imperious, now humiliated, film executives, strong-willed leading men and highly sophisticated cyberattackers. The studio’s first miscalculation, film experts say, was in venturing beyond where big-budget moviemakers dared to go in the past.

“The gory killing of a sitting foreign leader is new territory for a big studio movie,” said Jeanine Basinger, a professor of film studies at Wesleyan University.

From early on, “The Interview” seemed to pit the sensibilities of filmmakers in the United States, where the portly North Korean leader with the cherubic looks has been a target of easy humor, against those of Sony executives in Japan, where he is reviled but taken deadly seriously.

While many Americans seem to see North Korea as too distant to keep them awake at night, many Japanese see it as a very visible threat. Until three decades ago, North Korean agents occasionally snatched people off beaches in neighboring Japan to serve as Japanese-language teachers, and long-range North Korean rockets on test runs still fly ominously over Japan’s main islands.

Disturbed by North Korean threats at a time when his company was already struggling, Sony’s Japanese chief executive, Kazuo Hirai, broke with what Sony executives say was a 25-year tradition. He intervened in the decision making of his company’s usually autonomous Hollywood studio, Sony Pictures Entertainment.

According to hacked emails published by other media and interviews with people briefed on the matter, he insisted over the summer that a scene in which Mr. Kim’s head explodes when hit by a tank shell be toned down to remove images of flaming hair and chunks of skull.

In the emails, he also asked that even the less bloody shot not be shown outside the United States. A final decision on how the assassination scene will be rendered in overseas release has not been made, a person briefed on the film’s international roll out said Sunday.

Hollywood films have mocked North Korea and its leaders before. In 2004, “Team America: World Police,” a feature film made with puppets, portrayed Kim Jong-il, the father of the current leader, as a lonely but sadistic despot who eventually turned into a cockroach.

But with “The Interview,” from the casting calls onward, Sony studio executives in the United States seemed aware that they were treading into a sensitive new area.

“In the original version of the script that I got, it wasn’t Kim Jong-un,” Randall Park, who was cast in the role, told bloggers invited to the Vancouver set last year. “But I was told right before my audition that it was going to be Kim Jong-un.”

Whether the switch reflected a possible alternate creative direction, or was the result of an effort to keep an incendiary element of the movie quiet, is unclear.

A Sony spokesman declined to comment. But some in the film industry said the film’s co-directors, Evan Goldberg and the actor Seth Rogen, were trying to push creative boundaries, and that Sony allowed them to do so in part to keep them from going to a rival studio.

“That was always the whole point,” said one agent familiar with “The Interview” from its earliest stages, speaking on the condition of anonymity to preserve ties to Sony. “Buried inside that comedy is a really sharp geopolitical satire.”

In the movie, two American journalists are recruited by the C.I.A. to kill the North Korean leader.

Experts on North Korean society said that it would not be much of a surprise if the country was behind the hacking, which it appeared to delight in even as it denied involvement.

“In Korean culture, there is a real need to protect your leader’s dignity,” said Toshimitsu Shigemura, an expert on North Korea at Waseda University in Tokyo who believes that North Korea probably had at least an indirect hand in Sony’s hacking woes. “The North Korean leader’s subordinates were probably desperate to make some sort of gesture, in order to both prove their loyalty and to save their own skins.”

(Mr. Kim, after all, had his own uncle executed in a struggle for power and is reported to maintain an extensive network of brutal gulags for those who displease him.)

The hacked emails that have been published paint a picture of a corporation torn between trying to be respectful of artistic license, while also trying to prevent the film from being too inflammatory.

After pressure from Mr. Hirai, the emails show, Amy Pascal, co-chairwoman of Sony Pictures, repeatedly pressed Mr. Rogen to soften “The Interview’s” climactic assassination scene.

“You have to appreciate the fact that we haven’t just dictated to you what it had to be,” Ms. Pascal wrote in September to Mr. Rogen. “Given that I have never gotten one note on anything from our parent company in the entire 25 years that I have worked for them.”

According to the emails and a person briefed on the matter, Mr. Hirai inserted himself into the film’s editing after North Korean officials, apparently having seen promotional materials last summer, called the film “an act of war.” In one email, Mr. Hirai approves a newly altered assassination shot that had “no face melting, less fire in the hair, fewer embers on the face and the head explosion has been considerably obscured by the fire.”

At one point in the tug of war over the script, Mr. Rogen weighed in with an angry email to Ms. Pascal. “This is now a story of Americans changing their movie to make North Koreans happy,” he wrote. “That is a very damning story.”

Other published emails and interviews show Michael Lynton, chief executive of Sony Pictures, stepping in to distance “The Interview” from its Japanese owner after North Korea’s initial blowback last June. In particular, Mr. Lynton pushed staff members to remove the word “Sony” from promotional materials, including billboards and trailers, and from the end credit crawl.

Sony also decided not to release the R-rated film in Asia, but executives at the studio said the decision had been made largely because crudely irreverent humor does not translate easily, particularly in the more culturally conservative societies in the region. Still, the studio was aware that the raw geopolitical content would make booking the film even more difficult, according to Sony executives interviewed in recent days who spoke on the condition of anonymity because of the nature of the discussion.

Some analysts speculated that Sony might have been pressured to tone down the film by the Japanese government, which is in delicate negotiations with the North to discover the fate of more than a dozen Japanese abducted by North Korean agents in the 1970s and 1980s. However, many say the Sony chief executive intervened because he was alarmed by the very public — and possibly private — threats being hurled by the Kim regime.

“Such threats against a specific company by a sovereign state were so shocking and unusual that it is natural for the top to want to get involved,” said Tomoichiro Kubota, an analyst at Matsui Securities in Tokyo who specializes in Sony.

In the end, the Sony edits might not have had the desired effect. Although they did not specifically mention “The Interview,” the hackers demand that Sony not release what they call “the movie of terrorism.”

__________________

Martin Fackler reported from Tokyo, Brooks Barnes from Los Angeles, and David E. Sanger from Washington. Reporting was contributed by Makiko Inoue and Hisako Ueno from Tokyo; Su-Hyun Lee and Choe Sang-Hun from Seoul, South Korea; Edward Wong from Beijing; and Michael Cieply from Los Angeles.
http://www.nytimes.com/2014/12/15/wo...d-explode.html





Quandary for Sony in Terror Threats Over ‘The Interview’
Michael Cieply and Brooks Barnes

Sony Pictures Entertainment, the F.B.I., theater owners and competing film studios scrambled on Tuesday to deal with a threat of terrorism against movie theaters that show Sony’s “The Interview,” a raunchy comedy about the assassination of the North Korean leader, Kim Jong-un.

The threat was made in rambling emails sent to various news outlets Tuesday morning. A version posted by The Hollywood Reporter said, in part: “Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time. (If your house is nearby, you’d better leave.)”

The email specifically aimed its threat at “the very times and places” at which “The Interview” is to be first shown. The film is set for release on Christmas Day.

On Tuesday night, Landmark’s Sunshine Cinema said it had canceled the film’s New York premiere scheduled for this week; its Los Angeles premiere was held Dec. 11 without incident.

That email warning turned a continuing attack on Sony by hackers from a matter of theft to one of terrorism. A spokeswoman for the F.B.I. said it “is aware of the threat and is continuing to investigate the attack on Sony.”

Late Tuesday, a person with knowledge of Sony’s dealings said that the theater chain Carmike Cinemas had canceled its showings of the movie. Carmike could not be reached for comment.

A Homeland Security official said the department was analyzing the threat but as yet had found no clear indication of an active plot against theaters. Sony had no comment.

Tuesday’s development posed an ugly dilemma for Sony and exhibitors: whether to pull “The Interview,” caving to hackers who have wreaked havoc with Sony’s digital systems for weeks in an attempt to block the release, or to forge ahead, risking possible violence and potential legal liability. In an already-fragile industry, studio executives privately voiced concern that any theater violence could swing the market further toward home viewing.

Several people briefed on Sony’s internal discussions on Tuesday said the studio was not withdrawing the film but had told theater owners that it would not object if they canceled or avoided booking “The Interview.” Those people spoke on condition of anonymity. Theater owners have been particularly pressed by the operators of malls and stores within them to avoid the film, two of those people said.

An executive for one of the theater chains, who also spoke on condition of anonymity, called the invocation of the 9/11 terror attacks by hackers “a game changer.” The executive last week dismissed the notion that theater owners might shy away from “The Interview” over earlier, more general threats by North Korean officials and pressure from the hackers, who have called themselves the Guardians of Peace. Nobody yet knows the hackers’ true identity.

Representatives of AMC Entertainment, Regal Entertainment and Cinemark, North America’s three largest theater chains, did not respond to queries. A spokesman for the National Association of Theater Owners, which represents exhibitors, declined to comment.
Pressure to pull the “The Interview,” which stars Seth Rogen and James Franco and is directed by Mr. Rogen and Evan Goldberg, has centered on its depiction of Mr. Kim’s assassination. To depict the killing of a sitting world leader, comically or otherwise, is virtually without precedent in major studio movies, film historians say. Mr. Rogen canceled planned publicity interviews on Tuesday.

But a broad threat of theater violence, following a sustained attack on Sony’s digital existence, is also without precedent, and opens a new range of worry for Hollywood.

As Sony and exhibitors spoke in a 2 p.m. conference call on Tuesday, they faced the concerns of competing studios, whose important holiday films will be playing side-by-side with “The Interview” in multiplexes nationwide.

A further complication is a general reluctance, even after the 2012 mass shooting at an Aurora, Colo., theater, to visibly increase security, which might create an impression that multiplexes in general are not safe and might complicate dealings with their own insurers.

It is not unusual for studios to face threats for planned releases. In 2012, Sony was peppered with less specific threats related to “Zero Dark Thirty,” about the killing of Osama bin Laden. It opened largely without incident. Universal Pictures in 1988 was besieged by angry protesters when it released Martin Scorsese’s “The Last Temptation of Christ,” with its depiction of an earthy Jesus; more than a dozen people were injured when Christian opponents of the film firebombed a Paris theater showing the movie.

But those actions stopped short of what hackers appear to have promised on Tuesday.

Separately, a lawsuit was filed late Monday on behalf of two former Sony Pictures employees whose personal information was stolen and published online. Lawyers for the plaintiffs noted that the hackers had “repeatedly followed through” on threats to disseminate the data. The complaint, filed in United States District Court for the Central District of California in Los Angeles, states that Sony ignored warnings that its computer systems were susceptible to attack.

Calling the publication of personal information “an epic nightmare” for current and former Sony Pictures employees, the lawsuit argues that the studio “failed to secure its computer systems, servers and databases, despite weaknesses that it has known about for years.” Hackers claim to have taken at least 100 terabytes of Sony data, or about 10 times the amount stored in the Library of Congress, according to the complaint.

At the same time, diverging views on what to do with “The Interview” have emerged inside the company. The studio’s powerful movie division has vigorously dug in around continued plans for a wide release, arguing that shelving the film would open the door to a cascade of threats by any determined group that dislikes a movie’s content. Sony’s movie executives also fear that pulling the movie would deeply injure its standing in Hollywood’s creative ranks, sending top filmmakers, writers and producers to rival studios.

Sony Pictures executives also say they believe that “The Interview” has a shot at being a major box-office hit in North America, particularly given the avalanche of publicity surrounding it. The film, which cost $44 million to make, could take in $30 million in its first four days alone, according to surveys that track audience interest.

That curiosity could evaporate if people feel threatened.

But support for “The Interview” is not anywhere near universal within Sony, where employees have suffered from the leak of medical, salary and other personal information and have faced threats from the hackers even before Tuesday’s email.

Outside of the studio’s movie core there are increasingly negative feelings about the movie. “Why are we all paying the price for a movie that isn’t even very good?” one Sony home entertainment official said on Tuesday. In early reviews, “The Interview” has received mixed-to-negative scores.
http://www.nytimes.com/2014/12/17/bu...interview.html





Alleged UK Hacking of Belgian Telecoms Firm was Far-Reaching - Reports

Hacking of computers at Belgian telecoms firm Belgacom, alleged to have been carried out by a British spy agency, was more far-reaching than previously thought and went undetected for more than two years, according to reports published on Saturday.

News of the intrusion into Belgacom's (BCOM.BR) networks first broke late last year when Belgium asked Britain, its NATO and European Union partner, to respond to allegations that its intelligence service was responsible.

Belgian newspaper De Standaard, Dutch paper NRC Handelsblad and The Intercept, a website that regularly reports on documents leaked by former U.S. security contractor Edward Snowden, published detailed accounts on Saturday of how the scheme is alleged to have worked.

"In its digital attack on Belgacom, the British secret service was able to intercept more communications than was previously realised," De Standaard said.

It said British surveillance agency GCHQ got into the network in 2011 by hacking three employees and was then able to "poke around undisturbed" in the network of Belgacom and subsidiary BICS for two-and-a-half years.

"The security service was thus able to intercept communications from Belgacom's individual clients, from NATO and the EU, as well as from clients of hundreds of international telecoms providers. It is an unprecedented violation of the privacy of anybody who used a mobile telephone," it said.

The Intercept, financed by eBay founder Pierre Omidyar, said its reporting was based on documents from Snowden, who is currently living in Russia, and interviews with sources familiar with the investigation at Belgacom.

It said the malicious software found on Belgacom's systems was one of the most advanced spy tools ever identified by security researchers, who called it "Regin".

Belgacom, Belgium's dominant telecoms provider, was seen as a top target by the British spy agency because it plays an important role in Europe and has partnerships with hundreds of telecommunications companies across the world, it said.

Citing a GCHQ document from 2011, the website said the British spy agency hacked into the computers of three Belgacom engineers, gaining access to the firm's networks for surveillance purposes. Later, GCHQ obtained data being sent between Belgacom and other operators, it said.

The hack was not detected until 2013, when Belgacom said it had improved security and removed an unknown virus from its systems and that there was no indication of any impact on customers. It did not respond to requests for comment on Saturday.

GCHQ has previously declined comment on the allegations.

(Reporting by Adrian Croft and Foo Yun Chee in Brussels, Thomas Escritt in Amsterdam; Editing by Stephen Powell)
http://uk.reuters.com/article/2014/1...0JR0JG20141213





Secret Surveillance Detected in Oslo

Norway’s prime minister and members of parliament may be subject to secret surveillance by means of fake mobile base stations in the centre of Oslo.
Andreas Bakke Foss , Per Anders Johansen , Fredrik Hager-Thoresen

Investigations made by Norwegian daily Aftenposten during the past weeks have revealed a number of fake base stations on several locations, in and around the Norwegian capital. They were detected around the parliament building Stortinget, near several ministries and the prime minister’s residence in Parkveien.

Conversations and data may be monitored

The fake mobile base stations, known as IMSI-catchers, may be used for listening in on conversations and monitoring all kinds of mobile activity in the areas affected. The person running the equipment may in principle register anyone entering parliament or the government offices. The operator can easily select certain persons for eavesdropping.

National Security Authority also found ''something''

After being alerted by Aftenposten the Norwegian National Security Authority (NSM) started their own investigation. On Friday they confirmed that they had found traces of ''something''.

- We have found something. All the data are not ready yet, but we have also found signals from IMSI-catchers in Oslo, says Hans Christian Pretorius, department head in NSM.

The perpetrators are not known

Who owns this equipment is not known, but none of the Norwegian government officials contacted by Aftenposten can confirm ownership. Norwegian law only permits the police, the Police Security Service (PST) and the Norwegian National Security Authority (NSM) to operate this kind of surveillance equipment. An official with the PST says ''a great number of players'' might be responsible for the fake base stations.

However, few sources are willing to speculate, whether private agencies, foreign intelligence or criminals have the resources necessary to run such a large-scale surveillance activity in Oslo’s mobile network.

Minister of justice orders investigation

The Norwegian minister of Justice, Anders Anundsen, Saturday told the Police Security Service (PST) and the Norwegian National Security Authority (NSM) to do what ever is possible to reveal who is behind the surveillance in Oslo.
http://www.aftenposten.no/nyheter/ir...o-7825278.html





Schmidt: NSA Revelations Forced Google to Lock Down Data
Grant Gross

Google has worked hard to lock down the personal data it collects since revelations in the last year and a half about mass surveillance programs at the U.S. National Security Agency, company Chairman Eric Schmidt said.

The news of surveillance by the NSA and intelligence agency counterparts at allied nations has damaged the U.S. tech industry on “many levels,” with many Europeans now distrusting U.S. tech companies to hold on to their personal data, Schmidt said Friday at a surveillance conference at the Cato Institute, a libertarian think tank.

Schmidt learned of efforts by U.K. intelligence agency GCHQ to intercept traffic between Google data centers through a newspaper article, he told the audience. “I was shocked,” Schmidt said.

Google had envisioned a complicated method to sniff traffic, but “the fact that it had been done so directly ... was really a shock to the company,” Schmidt said.

After reporters showed Google engineers a diagram of the intelligence agency’s methods to tap links between Google data centers, the engineers responded with a “fusillade of words that we could not print in our family newspaper,” Washington Post reporter Craig Timberg said.

Google responded to the revelations by former NSA contractor Edward Snowden by spending a lot of money to lock down its systems, including 2,048-bit encryption on its traffic, Schmidt said. “We massively encrypted our internal systems,” he said. “It’s generally viewed that this level of encryption is unbreakable in our lifetime by any sets of human beings in any way. We’ll see if that’s really true.”

Schmidt told the audience that the safest place to keep important information is in Google services. “Anywhere else” is not the safest place to keep data, he said.

Schmidt touted the incognito browsing feature in Google’s Chrome browser and Google’s Dashboard feature, which allows its users to set their privacy preferences. He noted that some security experts have questioned his claim that Android is the safest mobile operating system. Both Google and Apple are working “very, very hard” on security features in their mobile OSes, he said.

Timberg, along with some audience members, questioned Google’s own collection of personal data, however. Google itself collects huge amounts of user data, Timberg noted.

Google collects data to help deliver its services, and has, in some cases, killed projects that raised privacy concerns, Schmidt said. “I hear this perception that we’re somehow not playing by the rules of modern society,” he said. “I think that’s wrong. I think the evidence is that Google has been incredibly sensitive to privacy issues.”

Chrome’s incognito feature will “do nothing” to protect users from government surveillance, said Chris Soghoian, principal technologist with the American Civil Liberties Union. Soghoian also questioned Schmidt about past comments he made suggesting Google retains user information to comply with law enforcement surveillance requests.

Google complies with legal law enforcement requests, Schmidt said, and retains user data for a year because of government mandates.

Julian Sanchez, a senior fellow at Cato, asked if Google has incentives to lock down data when much of its business model is collecting user data.

People criticizing the company’s privacy efforts “don’t understand how Google works,” Schmidt said. “Google’s job is build stuff that delights customers. When governments illegally invade their privacy, that’s like a negative. It’s easy to understand why we’d make these systems stronger.”

Timberg asked Google about a recent push by the FBI and U.S. Department of Justice to build back doors in encrypted services as a way to fight crime. The recent requests came after announcements from Apple and Google of new encryption tools for mobile phones.

Back doors are a bad idea, Schmidt said. “It’d be great, if you’re the government, to have a trap door, but how do we at Google know that the other governments are not taking over the trap door from you?” he said.

Law enforcement officials have “so many ways” to investigate crime without requiring tech companies to build back doors into products, Schmidt said.

In an earlier panel at the Cato forum, Soghoian said the U.S. public should be as concerned about surveillance by local police as it is about surveillance by the NSA.

Big-data tools created for intelligence agencies, including metadata collection programs, are “trickling down to state and local law enforcement agencies,” he said. “It’s simply not appropriate for local law enforcement to have intelligence community-grade surveillance technology, because these devices do not respect the privacy of innocent Americans.”
http://www.itworld.com/article/28593...down-data.html





Insight - Amazon's Cloud Business a Harder Sell in Post-Snowden Era
Deepa Seetharaman and Bill Rigby

This spring, Taser International Inc (TASR.O) won a small but high-profile contract to supply body cameras to the London police. But the deal nearly collapsed over one issue: where the video footage would be stored.

In the end, the deal survived only after Taser dropped Amazon.com Inc (AMZN.O) as the data storage provider for the year-long project. The fact that Amazon did not have a data centre in Britain was a deal breaker for British officials, according to Taser.

The case is an example of the challenges that Amazon faces as it works to expand its cloud computing business, known as Amazon Web Services (AWS). In cloud computing, clients store and process data on remote servers accessed by the Internet, as opposed to storing information in local servers.

Since Edward Snowden exposed the vast reach of the U.S. National Security Agency's surveillance programs 18 months ago, government agencies and companies around the world have been evaluating where they keep their most sensitive data.

Some larger companies have grown wary of relying too heavily on Amazon's public cloud servers, preferring to store data on their own premises or work with cloud providers that can offer them the option of dedicated servers - the so-called "private cloud" model, technology consultants say.

That has opened a door for rivals such as Microsoft Corp (MSFT.O), which has won over some companies by giving them more direct oversight of their data in the cloud.

"Edward Snowden did more to create a future with many clouds in many locations than any tech company has done," said Steve Herrod, the former chief technology officer of VMware Inc (VMW.N), now a venture capitalist at General Catalyst Partners.

A web of new laws restricting how data can move across national borders creates another hurdle for Amazon, the largest U.S. online retailer.

Amazon "must be definitely more localized," said Gordon Muehl, chief technology officer of security for German business software maker SAP (SAPG.DE).

For now, Muehl said he does not expect SAP to work with Amazon on many upcoming projects due partly to data-location issues.

Amazon said demand for AWS, including in Europe and Asia, has never been stronger, and that any contracts lost to rivals are the extreme exception, not the rule.

The company plans to build data centres in every large country over time, according to AWS chief Andy Jassy. But doing so will take time and incur considerable expense, analysts said.

NARROWING ADVANTAGE

Amazon pioneered cloud computing in 2006 and quickly amassed a wide base of customers by hosting data in its own centres rather than clients' own. This spared many startups from the high cost of managing their own computer servers.

Executives have said they expect AWS to one day be more valuable than Amazon's $70 billion retail arm.

Since its launch, AWS has amassed five times the computing capacity of its next 14 rivals, including Microsoft, Google Inc (GOOG.O) and IBM (IBM.N), according to Gartner. Jefferies estimates that AWS revenue will more than double from 2014 levels to $10.5 billion in 2017, faster than the market overall.

But while Amazon remains dominant, its advantage is also narrowing. According to Synergy Research Group, AWS held a 27 percent market share in the third quarter of 2014, compared to 10 percent for Microsoft's Azure cloud business. Azure, however, grew 136 percent on a rolling annualised basis in the quarter, while AWS grew 56 percent, according to Synergy.

Microsoft is willing to work with third-party data centre managers, such as Fujitsu Ltd (6702.T) or Outsourcery Plc (OUT.L), when clients are required to keep data within a country's borders.

The software company is also willing to help companies add cloud capabilities to their existing data centres, a "hybrid" model that Amazon has only just started to offer.

"Having a hybrid cloud does provide an advantage over AWS," said Garth Fort, general manager of Microsoft's cloud and enterprise marketing. "Privacy, security and compliance are important areas that businesses consider when they make the move to the cloud."

About six months ago, a small team at the British bank Barclays Plc (BARC.L) selected Azure over AWS to power some development and testing work, two people familiar with the project said.

The team picked Azure because of its private-cloud option, along with Barclays' existing familiarity with Microsoft's data-centre software, the people said. A Barclays spokesman declined immediate comment.

Microsoft can draw on the corporate and government relationships it has cultivated over decades to peddle Azure, experts said. AWS has only just started to build such ties.

"The name Microsoft is helpful in dealing with large insurance companies," said Patricia Renzi, who runs the life technology solutions unit for Milliman, an actuarial firm which sells applications to insurance company clients.

Many of those insurance companies, which crunch data to produce financial risk models, are in Europe and already work with Microsoft. Amazon does not have that advantage, Renzi said.

Amazon Chief Technology Officer Werner Vogels said AWS's public cloud meets the security needs for most customers, including banks, drug companies and government institutions. Many of those companies can move large chunks of services to AWS while keeping control of core functions themselves, he said.

"It's not an all or nothing story," Vogels said in an interview last month.

(Additional reporting by Steve Slater in London; Editing by Sarah McBride, Peter Henderson and Tiffany Wu)
http://uk.reuters.com/article/2014/1...0JX0EC20141219





Over 700 Million People Taking Steps to Avoid NSA Surveillance
Bruce Schneier

There's a new international survey on Internet security and trust, of "23,376 Internet users in 24 countries," including "Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain, Hong Kong, India, Indonesia, Italy, Japan, Kenya, Mexico, Nigeria, Pakistan, Poland, South Africa, South Korea, Sweden, Tunisia, Turkey and the United States." Amongst the findings, 60% of Internet users have heard of Edward Snowden, and 39% of those "have taken steps to protect their online privacy and security as a result of his revelations."

The press is mostly spinning this as evidence that Snowden has not had an effect: "merely 39%," "only 39%," and so on. (Note that these articles are completely misunderstanding the data. It's not 39% of people who are taking steps to protect their privacy post-Snowden, it's 39% of the 60% of Internet users -- which is not everybody -- who have heard of him. So it's much less than 39%.)

Even so, I disagree with the "Edward Snowden Revelations Not Having Much Impact on Internet Users" headline. He's having an enormous impact. I ran the actual numbers country by country, combining data on Internet penetration with data from this survey. Multiplying everything out, I calculate that 706 million people have changed their behavior on the Internet because of what the NSA and GCHQ are doing. (For example, 17% of Indonesians use the Internet, 64% of them have heard of Snowden and 62% of them have taken steps to protect their privacy, which equals 17 million people out of its total 250-million population.)

Note that the countries in this survey only cover 4.7 billion out of a total 7 billion world population. Taking the conservative estimates that 20% of the remaining population uses the Internet, 40% of them have heard of Snowden, and 25% of those have done something about it, that's an additional 46 million people around the world.

It's probably true that most of those people took steps that didn't make any appreciable difference against an NSA level of surveillance, and probably not even against the even more pervasive corporate variety of surveillance. It's probably even true that some of those people didn't take steps at all, and just wish they did or wish they knew what to do. But it is absolutely extraordinary that 750 million people are disturbed enough about their online privacy that they will represent to a survey taker that they did something about it.

Name another news story that has caused over ten percent of the world's population to change their behavior in the past year? Cory Doctorow is right: we have reached "peak indifference to surveillance." From now on, this issue is going to matter more and more, and policymakers around the world need to start paying attention.
https://www.schneier.com/blog/archiv...00_millio.html





German Researchers Discover a Flaw that Could Let Anyone Listen to Your Cell Calls
Craig Timberg

German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.

The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.

Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.

These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.

“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers.

Engel, founder of Sternraute, and Karsten Nohl, chief scientist for Security Research Labs, separately discovered these security weaknesses as they studied SS7 networks in recent months, after The Washington Post reported the widespread marketing of surveillance systems that use SS7 networks to locate callers anywhere in the world. The Post reported that dozens of nations had bought such systems to track surveillance targets and that skilled hackers or criminals could do the same using functions built into SS7. (The term is short for Signaling System 7 and replaced previous networks called SS6, SS5, etc.)

The researchers did not find evidence that their latest discoveries, which allow for the interception of calls and texts, have been marketed to governments on a widespread basis. But vulnerabilities publicly reported by security researchers often turn out to be tools long used by secretive intelligence services, such as the National Security Agency or Britain’s GCHQ, but not revealed to the public.

“Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation,” said Christopher Soghoian, principal technologist for the ACLU and an expert on surveillance technology. “They’ve likely sat on these things and quietly exploited them.”

The GSMA, a global cellular industry group based in London, did not respond to queries seeking comment about the vulnerabilities that Nohl and Engel have found. For the Post’s article in August on location tracking systems that use SS7, GSMA officials acknowledged problems with the network and said it was due to be replaced over the next decade because of a growing list of security and technical issues.

The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function -- a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

Nohl on Wednesday demonstrated the ability to collect and decrypt a text message using the phone of a German senator, who cooperated in the experiment. But Nohl said the process could be automated to allow massive decryption of calls and texts collected across an entire city or a large section of a country, using multiple antennas.

“It’s all automated, at the push of a button,” Nohl said. “It would strike me as a perfect spying capability, to record and decrypt pretty much any network… Any network we have tested, it works.”

Those tests have included more than 20 networks worldwide, including T-Mobile in the United States. The other major U.S. carriers have not been tested, though Nohl and Engel said it’s likely at least some of them have similar vulnerabilities. (Several smartphone-based text messaging systems, such as Apple’s iMessage and Whatsapp, use end-to-end encryption methods that sidestep traditional cellular text systems and likely would defeat the technique described by Nohl and Engel.)

In a statement, T-Mobile said: “T-Mobile remains vigilant in our work with other mobile operators, vendors and standards bodies to promote measures that can detect and prevent these attacks."

The issue of cell phone interception is particularly sensitive in Germany because of news reports last year, based on documents provided by former NSA contractor Edward Snowden, that a phone belonging to Chancellor Angela Merkel was the subject of NSA surveillance. The techniques of that surveillance have not become public, though Nohl said that the SS7 hacking method that he and Engel discovered is one of several possibilities.

U.S. embassies and consulates in dozens of foreign cities, including Berlin, are outfitted with antennas for collecting cellular signals, according to reports by German magazine Der Spiegel, based on documents released by Snowden. Many cell phone conversations worldwide happen with either no encryption or weak encryption.

The move to 3G networks offers far better encryption and the prospect of private communications, but the hacking techniques revealed by Nohl and Engel undermine that possibility. Carriers can potentially guard their networks against efforts by hackers to collect encryption keys, but it’s unclear how many have done so. One network that operates in Germany, Vodafone, recently began blocking such requests after Nohl reported the problem to the company two weeks ago.

Nohl and Engel also have discovered new ways to track the locations of cell phone users through SS7. The Post story, in August, reported that several companies were offering governments worldwide the ability to find virtually any cell phone user, virtually anywhere in the world, by learning the location of their cell phones through an SS7 function called an “Any Time Interrogation” query.

Some carriers block such requests, and several began doing so after the Post’s report. But the researchers in recent months have found several other techniques that hackers could use to find the locations of callers by using different SS7 queries. All networks must track their customers in order to route calls to the nearest cellular towers, but they are not required to share that information with other networks or foreign governments.

Carriers everywhere must turn over location information and allow eavesdropping of calls when ordered to by government officials in whatever country they are operating in. But the techniques discovered by Nohl and Engel offer the possibility of much broader collection of caller locations and conversations, by anyone with access to SS7 and the required technical skills to send the appropriate queries.

“I doubt we are the first ones in the world who realize how open the SS7 network is,” Engel said.

Secretly eavesdropping on calls and texts would violate laws in many countries, including the United States, except when done with explicit court or other government authorization. Such restrictions likely do little to deter criminals or foreign spies, say surveillance experts, who say that embassies based in Washington likely collect cellular signals.

The researchers also found that it was possible to use SS7 to learn the phone numbers of people whose cellular signals are collected using surveillance devices. The calls transmit a temporary identification number which, by sending SS7 queries, can lead to the discovery of the phone number. That allows location tracking within a certain area, such as near government buildings.

The German senator who cooperated in Nohl’s demonstration of the technology, Thomas Jarzombek of Merkel’s Christian Democratic Union party, said that while many in that nation have been deeply angered by revelations about NSA spying, few are surprised that such intrusions are possible.

“After all the NSA and Snowden things we’ve heard, I guess nobody believes it’s possible to have a truly private conversation on a mobile phone,” he said. “When I really need a confidential conversation, I use a fixed-line” phone.
http://www.washingtonpost.com/blogs/...ad-your-texts/





BlackBerry Works with Boeing On Phone That Self-Destructs

BlackBerry Ltd is working with Boeing Co on Boeing's high-security Android-based smartphone, the Canadian mobile technology company's chief executive said on Friday.

The Boeing Black phone being developed by the Chicago-based aerospace and defense contractor, which is best known for jetliners and fighter planes, can self-destruct if it is tampered with.

The Boeing Black device encrypts calls and is aimed at government agencies and others that need to keep communications and data secure.

"We're pleased to announce that Boeing is collaborating with BlackBerry to provide a secure mobile solution for Android devices utilizing our BES 12 platform," BlackBerry CEO John Chen said on a conference call held to discuss its quarterly results.

"That, by the way, is all they allow me to say."

The BlackBerry Enterprise Service, or BES 12, will allow clients such as corporations and government agencies to manage and secure not just BlackBerry devices on internal networks, but those that run on rival operating systems such as Google's Android and Apple's iOS.

The Boeing phone uses dual SIM cards to enable it to access multiple cell networks and can be configured to connect with biometric sensors and satellites. Boeing has begun offering the phone to potential customers.

(Reporting by Alastair Sharp; Editing by Peter Galloway)
http://uk.reuters.com/article/2014/1...0JX2D820141219





The FBI Used the Web’s Favorite Hacking Tool to Unmask Tor Users
Kevin Poulsen

For more than a decade, a powerful app called Metasploit has been the most important tool in the hacking world: An open-source Swiss Army knife of hacks that puts the latest exploits in the hands of anyone who’s interested, from random criminals to the thousands of security professionals who rely on the app to scour client networks for holes.

Now Metasploit has a new and surprising fan: the FBI. WIRED has learned that FBI agents relied on Flash code from an abandoned Metasploit side project called the “Decloaking Engine” to stage its first known effort to successfully identify a multitude of suspects hiding behind the Tor anonymity network.

That attack, “Operation Torpedo,” was a 2012 sting operation targeting users of three Dark Net child porn sites. Now an attorney for one of the defendants ensnared by the code is challenging the reliability of the hackerware, arguing it may not meet Supreme Court standards for the admission of scientific evidence. “The judge decided that I would be entitled to retain an expert,” says Omaha defense attorney Joseph Gross. “That’s where I am on this—getting a programming expert involved to examine what the government has characterized as a Flash application attack of the Tor network.”

A hearing on the matter is set for February 23.

Tor, a free, open-source project originally funded by the US Navy, is sophisticated anonymity software that protects users by routing traffic through a labyrinthine of encrypted connections. Like any encryption or privacy system, Tor is popular with criminals. But it also is used by human rights workers, activists, journalists and whistleblowers worldwide. Indeed, much of the funding for Tor comes from grants issued by federal agencies like the State Department that have a vested interest in supporting safe, anonymous speech for dissidents living under oppressive regimes.

With so many legitimate users depending upon the system, any successful attack on Tor raises alarm and prompts questions, even when the attacker is a law enforcement agency operating under a court order. Did the FBI develop its own attack code, or outsource it to a contractor? Was the NSA involved? Were any innocent users ensnared?

Now, some of those questions have been answered: Metasploit’s role in Operation Torpedo reveals the FBI’s Tor-busting efforts as somewhat improvisational, at least at first, using open-source code available to anyone.

Created in 2003 by white hat hacker HD Moore, Metasploit is best known as a sophisticated open-source penetration testing tool that lets users assemble and deliver an attack from component parts—identify a target, pick an exploit, add a payload and let it fly. Supported by a vast community of contributors and researchers, Metasploit established a kind of lingua franca for attack code. When a new vulnerability emerges, like April’s Heartbleed bug, a Metasploit module to exploit it is usually not far behind.

Moore believes in transparency—or “full disclosure”—when it comes to security holes and fixes, and he’s applied that ethic in other projects under the Metasploit banner, like the Month of Browser Bugs, which demonstrated 30 browser security holes in as many days, and Critical.IO, Moore’s systematic scan of the entire Internet for vulnerable hosts. That project earned Moore a warning from law enforcement officials, who cautioned that he might be running afoul of federal computer crime law.

In 2006, Moore launched the “Metasploit Decloaking Engine,” a proof-of-concept that compiled five tricks for breaking through anonymization systems. If your Tor install was buttoned down, the site would fail to identify you. But if you’d made a mistake, your IP would appear on the screen, proving you weren’t as anonymous as you thought. “That was the whole point of Decloak,” says Moore, who is chief research officer at Austin-based Rapid7. “I had been aware of these techniques for years, but they weren’t widely known to others.”

One of those tricks was a lean 35-line Flash application. It worked because Adobe’s Flash plug-in can be used to initiate a direct connection over the Internet, bypassing Tor and giving away the user’s true IP address. It was a known issue even in 2006, and the Tor Project cautions users not to install Flash.

The decloaking demonstration eventually was rendered obsolete by a nearly idiot-proof version of the Tor client called the Tor Browser Bundle, which made security blunders more difficult. By 2011, Moore says virtually everyone visiting the Metasploit decloaking site was passing the anonymity test, so he retired the service. But when the bureau obtained its Operation Torpedo warrants the following year, it chose Moore’s Flash code as its “network investigative technique”—the FBI’s lingo for a court-approved spyware deployment.

Torpedo unfolded when the FBI seized control of a trio of Dark Net child porn sites based in Nebraska. Armed with a special search warrant crafted by Justice Department lawyers in Washington DC, the FBI used the sites to deliver the Flash application to visitors’ browsers, tricking some of them into identifying their real IP address to an FBI server. The operation identified 25 users in the US and an unknown number abroad.

Gross learned from prosecutors that the FBI used the Decloaking Engine for the attack — they even provided a link to the code on Archive.org. Compared to other FBI spyware deployments, the Decloaking Engine was pretty mild. In other cases, the FBI has, with court approval, used malware to covertly access a target’s files, location, web history and webcam. But Operation Torpedo is notable in one way. It’s the first time—that we know of—that the FBI deployed such code broadly against every visitor to a website, instead of targeting a particular suspect.

The tactic is a direct response to the growing popularity of Tor, and in particular an explosion in so-called “hidden services”—special websites, with addresses ending in .onion, that can be reached only over the Tor network.

Hidden services are a mainstay of the nefarious activities carried out on the so-called Dark Net, the home of drug markets, child porn, and other criminal activity. But they’re also used by organizations that want to evade surveillance or censorship for legitimate reasons, like human rights groups, journalists, and, as of October, even Facebook.

A big problem with hidden service, from a law enforcement perceptive, is that when the feds track down and seize the servers, they find that the web server logs are useless to them. With a conventional crime site, those logs typically provide a handy list of Internet IP addresses for everyone using the site – quickly leveraging one bust into a cascade of dozens, or even hundreds. But over Tor, every incoming connection traces back only as far as the nearest Tor node—a dead end.

Thus, the mass spyware deployment of Operation Torpedo. The Judicial Conference of the United States is currently considering a Justice Department petition to explicitly permit spyware deployments, based in part on the legal framework established by Operation Torpedo. Critics of the petition argue the Justice Department must explain in greater detail how its using spyware, allowing a public debate over the capability.

“One thing that’s frustrating for me right now, is it’s impossible to get DOJ to talk about this capability,” says Chris Soghoian, principal technologist at the ACLU. “People in government are going out of their way to keep this out of the discussion.”

For his part, Moore has no objection to the government using every available tool to bust pedophiles–he once publicly proposed a similar tactic himself. But he never expected his long-dead experiment to drag him into a federal case. Last month he started receiving inquiries from Gross’ technical expert, who had questions about the efficacy of the decloaking code. And last week Moore started getting questions directly from the accused pedophile in the case— a Rochester IT worker who claims he was falsely implicated by the software.

Moore finds that unlikely, but in the interest of transparency, he answered all the questions in detail. “It only seemed fair to reply to his questions,” Moore says. “Though I don’t believe my answers help his case at all.”

Using the outdated Decloaking Engine would not likely have resulted in false identifications, says Moore. In fact, the FBI was lucky to trace anyone using the code. Only suspects using extremely old versions of Tor, or who took great pains to install the Flash plug-in against all advice, would have been vulnerable. By choosing an open-source attack, the FBI essentially selected for the handful offenders with the worst op-sec, rather than the worst offenders.

Since Operation Torpedo, though, there’s evidence the FBI’s anti-Tor capabilities have been rapidly advancing. Torpedo was in November 2012. In late July 2013, computer security experts detected a similar attack through Dark Net websites hosted by a shady ISP called Freedom Hosting—court records have since confirmed it was another FBI operation. For this one, the bureau used custom attack code that exploited a relatively fresh Firefox vulnerability—the hacking equivalent of moving from a bow-and-arrow to a 9-mm pistol. In addition to the IP address, which identifies a household, this code collected the MAC address of the particular computer that infected by the malware.

“In the course of nine months they went from off the shelf Flash techniques that simply took advantage of the lack of proxy protection, to custom-built browser exploits,” says Soghoian. “That’s a pretty amazing growth … The arms race is going to get really nasty, really fast.”
http://www.wired.com/2014/12/fbi-metasploit-tor/





Federal Court Agrees with EFF, Throws Out Six Weeks of Warrantless Video Surveillance
EFF

The public got an early holiday gift today when a federal court agreed with us that six weeks of continually video recording the frontyard of someone's home without a search warrant violates the Fourth Amendment.

In United States v. Vargas local police in rural Washington suspected Vargas of drug trafficking. In April 2013, police installed a camera on top of a utility pole overlooking his home. Even though police did not have a warrant, they nonetheless pointed the camera at his front door and driveway and began watching every day. A month later, police observed Vargas shoot some beer bottles with a gun and because Vargas was an undocumented immigrant, they had probable cause to believe he was illegally possessing a firearm. They used the video surveillance to obtain a warrant to search his home, which uncovered drugs and guns, leading to a federal indictment against Vargas.

Vargas moved to suppress the evidence and Senior U.S. District Court Judge Edward Shea invited us to submit an amicus brief, which we filed late last year. After an evidentiary hearing, the judge wanted more information about the specific surveillance equipment the government was using, details the government was unsuccessful in keeping secret.

Today Judge Shea issued this brief minute order:

Law enforcement's warrantless and constant covert video surveillance of Defendant's rural front yard is contrary to the public's reasonable expectation of privacy and violates Defendant's Fourth Amendment right to be free from unreasonable search. The video evidence and fruit of the video evidence are suppressed.

Looking at these two sentences makes clear the court was convinced with our arguments that the invasiveness of constant video surveillance pointed continuously at one of the most sensitive and private places—the front of a person's home—triggers constitutional protection. Relying on cases decided almost 30 years ago, the government argued that it's unreasonable for people to expect privacy in an area visible to the public. But as we explained in our amicus brief, no one expects their house to be placed under invasive 24/7 video surveillance for a month. And as the U.S. Supreme Court recently reaffirmed in Riley v. California, the ability for technology to reveal a "broad array of private information" means courts must be particularly vigilant in protecting constitutional rights in the 21st Century.
https://www.eff.org/deeplinks/2014/1...o-surveillance





EFF in Court to Argue NSA Data Collection from Internet Backbone Is Unconstitutional

First Public Court Challenge to “Upstream” Internet Spying

Oakland - The Electronic Frontier Foundation (EFF) will argue on Friday before a federal court that the National Security Agency (NSA) is violating the Fourth Amendment by copying and searching data that it collects by tapping into the Internet backbone. The hearing on a motion for partial summary judgment in Jewel v. NSA will be at 9 am on Dec. 19 before Judge Jeffrey White at the federal courthouse in Oakland.

Jewel was filed in 2008 on behalf of San Francisco Bay Area resident Carolyn Jewel and other AT&T customers. EFF has amassed a mountain of evidence to support the case, including documents provided by former AT&T technician Mark Klein, which show that the company has routed copies of Internet traffic to a secret room in San Francisco controlled by the NSA. Other whistleblowers—including Thomas Drake, Bill Binney and Edward Snowden—have revealed more detail about how this technique feeds data into the NSA's massive databases of communications. Since June 2013, the government has confirmed that it searches much of the content it collects as part of its "upstream" collection without a warrant. The government claims the content searches are justified under Section 702 of the FISA Amendments Act and do not violate the Fourth Amendment.

Under the government's legal theory, it can copy virtually all Internet communications and then search them from top to bottom for specific "identifiers"—all without a warrant or individualized suspicion—as long as it does so quickly using only automated processes.

EFF Special Counsel Richard Wiebe will argue before the court that the Fourth Amendment definitively bars this type of dragnet. As EFF presented in its motion, enough information now exists on the record for the court to rule that the government's technique represents an unconstitutional search and seizure.

What: Motion for Partial Summary Judgment

Who: Richard Wiebe, EFF Special Counsel

Date: Friday, Dec. 19, 2014

Time: 9:00 am

Where: Oakland Federal Courthouse

Courtroom 5, 2nd Floor

1301 Clay St.

Oakland, CA

Wiebe and EFF staff attorneys will be available for comment immediately following the hearing.

For more on Jewel v. NSA: https://www.eff.org/cases/jewel

https://www.eff.org/press/releases/e...constitutional





Business, Media and Civil Society Speak Up in Key Privacy Case
Brad Smith

Today represents an important milestone in our litigation concerning the U.S. Government’s attempt to use a search warrant to compel Microsoft to obtain and turn over email of a customer stored in Ireland. That’s because 10 groups are filing their “friend of the court” briefs in New York today.

Seldom has a case below the Supreme Court attracted the breadth and depth of legal involvement we’re seeing today. Today’s ten briefs are signed by 28 leading technology and media companies, 35 leading computer scientists, and 23 trade associations and advocacy organizations that together represent millions of members on both sides of the Atlantic.

Key NumbersCollectively these briefs make one conclusion unmistakably clear. This case involves not a narrow legal question, but a broad policy issue that is fundamental to the future of global technology.

As we’ve said since this case began, tech companies such as Microsoft for good reason store private communications such as email, photos, and documents in datacenters that are located close to our customers. This is so consumers and companies can retrieve their personal information more quickly and securely. For example, we store email in our Irish datacenter for customers who live in Europe.

We believe that when one government wants to obtain email that is stored in another country, it needs to do so in a manner that respects existing domestic and international laws. In contrast, the U.S. Government’s unilateral use of a search warrant to reach email in another country puts both fundamental privacy rights and cordial international relations at risk. And as today’s briefs demonstrate, the impacts of this step are far-reaching.

Today’s briefs come from:

• Leading technology companies such as Verizon, Apple, Amazon, Cisco, Salesforce, HP, eBay, Infor, AT&T, and Rackspace. They’re joined by five major technology trade associations that collectively represent most of the country’s technology sector, including the BSA | The Software Alliance and the Application Developers Alliance. These groups raise a range of concerns about the significant impact this case could have both on the willingness of foreign customers to trust American technology and on the privacy rights of their customers, including U.S. customers if other governments adopt the approach to U.S. datacenters that the U.S. Government is advocating here.

• Two of the country’s largest business organizations, the U.S. Chamber of Commerce and the National Association of Manufacturers, that collectively represent millions of American companies. Their filing discusses the potential ramifications for the American economy at large and the ability of businesses in all sectors to take advantage of the efficiencies offered by cloud computing.

• Five of the country’s leading civil liberties organizations from across the political spectrum: the Center for Democracy & Technology, the American Civil Liberties Union, the Electronic Frontier Foundation, the Brennan Center for Justice at New York University School of Law, and the Berkman Center for Internet & Society at Harvard. Their brief focuses onthe significant implications for constitutional and privacy rights of the arguments advanced by the Government and endorsed by the District Court.

• Seventeen major and diverse news and media companies, including CNN, ABC, Fox News, Forbes, the Guardian, Gannett, McClatchy, the Washington Post, the New York Daily News, and The Seattle Times. They’re joined by ten news and media associations that collectively represent thousands of publications and journalists. These include the Newspaper Association of America, the National Press Club, the European Publishers Council, and the Reporters Committee for Freedom of the Press. These organizations are concerned that the lower court’s decision, if upheld, will erode the legal protections that have long restricted the government’s ability to search reporters’ email for information without the knowledge of news organizations.

• Thirty-five leading computer science professors from 20 of the country’s leading universities. Their brief seeks to help the court grasp the underlying technology so that it applies the law correctly.

• Digital Rights Ireland, an organization focused on the protection of privacy in Ireland and the European Union, joined by other European civil liberties groups. Their filing notes that the proper way for the U.S. to obtain the information is through use of the mutual legal assistance treaty agreed between the U.S. and Ireland, thereby ensuring fundamental privacy rights are respected.

You can see the entire list of signatories to today’s briefs here. On behalf of Microsoft, I want to convey our appreciation for each of these groups for their involvement.

Today’s filings also reflect the continuing growth in concerns about the issues raised in this case since the District Court’s decision just five months ago. At that time, five companies, one trade association, and one advocacy group filed briefs for that Court’s consideration.

As we said last week when Microsoft filed its own brief in this case, it doesn’t need to be this way. The U.S. has well-established treaties with countries around the world that allow them to seek the information they need while ensuring that citizens of other countries retain the privacy protections offered by their own laws and Courts. And there’s ample opportunity for work to modernize these agreements further.

Law enforcement plays a vital role in investigating crimes and keeping our communities safe. We are not trying to prevent them from playing this role, but we believe reforms are needed that ensure that they do their work in a way that promotes vital privacy protections and builds the trust and confidence of citizens in the U.S. and around the world. The challenges are not unique to the United States. But the U.S. government has the opportunity to help lead the way in devising and enacting much needed reforms. Even while the court case moves forward, it is time for the Administration and the U.S. Congress to engage in a holistic debate on the solutions to these issues and find a better way forward.
http://blogs.microsoft.com/blog/2014...-privacy-case/





Sowing Mayhem, One Click at a Time
David Carr

The Internet has given us many glorious things: streaming movies, multiplayer games, real-time information and videos of cats playing the piano. It has also offered up some less edifying creations: web-borne viruses, cybercrime and Charles C. Johnson.

His name came out of nowhere and now seems to be everywhere. When the consumer Internet first unfolded, there was much talk about millions of new voices blooming. Mr. Johnson is one of those flowers. His tactics may have as much in common with ultimate fighting as journalism, but that doesn’t mean he is not part of the conversation.

Mr. Johnson, a 26-year-old blogger based in California, has worked his way to the white-hot center of the controversy over a Rolling Stone article about rape accusations made by a student at the University of Virginia. His instinct that the report was deeply flawed was correct, but he proceeded to threaten on Twitter to expose the student and then later named her. And he serially printed her photo while going after her in personal and public ways.

In the frenzy to discredit her, he published a Facebook photo of someone he said was the same woman at a rally protesting an earlier rape. Oops. Different person. He did correct himself, but the damage, now to two different women, was done.

Before that, his targets were two reporters for The New York Times who, he said, revealed the address of the police officer in the Ferguson, Mo., shooting. (They didn’t. They published the name of a street he once lived on, which had already been published in The Washington Post and other media outlets.) Before that, he attacked the victim of the shooting, Michael Brown.

Before that, he attacked Senator Cory Booker, saying the lawmaker did not live in Newark when he was the city’s mayor; BuzzFeed wrote that Mr. Johnson not only was wrong, but had worked for a political action committee that opposed Mr. Booker. He also wrote a series of Twitter messages that suggested President Obama was gay. He offered money for photos of Senator Thad Cochran’s wife in her nursing home bed. Before that, well, it doesn’t really matter; you get the pattern.

He is not without some talent — he effectively ended the career of the rising foreign policy analyst Elizabeth O’Bagy after exposing her conflicts of interest and fudged academic credentials. In general, he has a knack for staking an outrageous, attacking position on a prominent news event, then pounding away until he is noticed. It is one way to go, one that says everything about the corrosive, underreported news era we are living through.

In a phone call, he made it clear that he sees himself as part of the vanguard of Internet news, although he did add that some of what he is up to is a response to a lifetime of slights.

“I’m basically one of those kids who was bullied all his life,” he said. He’s now extracting payback, one post at a time.

Much of what he publishes is either wrong or tasteless, but that matters little to Mr. Johnson or his audience, which responds by forming mobs on Twitter or using the personal information to put fake ads on Craigslist to chase after the targets he points to.

After watching him set off a series of small mushroom clouds, it struck me that he might be the ultimate expression of a certain kind of citizen journalism — one far more toxic than we’re accustomed to seeing. Once a promising young conservative voice who wrote for The Wall Street Journal, The Weekly Standard, The Daily Caller and The Blaze, Mr. Johnson has a loose-cannon approach that alienated many of his editors. There was a time when that would have been the end of it, but with Twitter as a promotional platform, he has been able to build his own site called GotNews.

His most vociferous critics are on the right because they think his outrageous tactics bring disrepute to the conservative cause. But many — like the studios in Hollywood who have stood by watching the cyberattack on Sony unfold without emitting a peep — do not want to speak on the record for fear they will end up in his gun sights. (One exception was a Daily Caller contributor, Matt K. Lewis, who called out The Washington Post for what he characterized as a “romanticizing” profile of Mr. Johnson.)

On Thursday, Mr. Johnson told me he was going to sue many of his media tormentors, but all considered, it has been a pretty good run of attention for the once obscure blogger. When I spoke to him, he was feeling a bit hunted and fighting off a cold, but cheerful in the main, saying his grandiose plans to become the next Matt Drudge — or Joseph Pulitzer or William Randolph Hearst, two others he mentioned — were humming along smoothly.

“I’m in talks with investors right now, and I think we’ve already got the deal set up,” he said. “Basically I’m building a crowd-sourced, crowd-funded media company that is going to take all the people like me — autistics, researchers, nerds, ex-law enforcement, whistle-blowers — and we’re going to give them an opportunity to make money on the information that they have.”

He can now push the button on almost anything that has heat, a scent of scandal or the ability to activate his base of angry, conspiratorial readers, who believe the republic is being overwhelmed by criminals, feminists and the politicians who enable them. And then the rest of the journalistic establishment — including me — points a crooked finger at the naughty young man who is using his mouse to sow mayhem.

In that sense, Mr. Johnson shares some common characteristics with the so-called mood slime in “Ghostbusters II,” which lived underneath New York City and gathered strength by feeding on the anger coursing through the streets above it. He would be just one more person hurling invective from a basement somewhere if not for all of us — his fans, his enabling social media platforms and his critics in the news media — who have created this troll on steroids.

Although he was temporarily suspended from Twitter for publishing the personal information of others, he’s back on that site preaching to anyone who will listen. I’d ignore him if I thought he would go away, but I get the feeling he won’t.

In conversation, Mr. Johnson is prone to narcissism, not uncommon in media types, but he has his own special brand of it. He sees himself as a major character in a great unfolding epoch, dwelling on his school-age accomplishments and his journalism awards and vaguely suggesting that he has strong ties to many levels of law enforcement. Like what, I asked?

“Have you ever read the book or heard of the book ‘Encyclopedia Brown’?” he asked, referring to a series about a boy detective. “That’s the capacity in which I help them. I don’t go out of my way to discuss the kind of, shall we say, clandestine work I do, because the nature of the work has to be clandestine in order for it be effective.”

O.K.

He intimated that he had experienced some blowback and that he now felt under threat. “People are trying to kill me and my family members,” he said.

In view of that, I asked him about publishing the home addresses of two Times journalists after erroneously claiming they had reported the address of the Ferguson policeman who shot Mr. Brown. “I didn’t say they published his address,” he said. Yes he did. He said that reporters “published the address of Darren Wilson in The New York Times so here are their addresses.” Moving on, he said that before releasing their personal information, he contacted some friends in law enforcement and told them, “We got to make sure these guys are protected in Chicago and elsewhere, but this is what I’m going to do.” Gee, thanks for that.

The reporters and their families were forced to vacate their homes after facing threats of robbery and rape. I asked what he thought about that.

“It doesn’t feel great, I’ll be honest with you, but I also don’t see it as fundamentally my fault,” he said.

“Look, a lot of people are upset with me,” he said, adding, “my batting average is very, very good. Have I got up to the plate and either hit the ball wrong or swung and missed? Yeah, absolutely, but I take risks that other people won’t take because I think the story requires it.”

Those are very noble words arrayed over some nasty handiwork.

My worry is that people who have made it this far in the column will click over to GotNews to see what all the fuss is about.

What they will find is a clear look into the molten core of a certain mind-set, a place where conspiracies are legion, victims are portrayed as perpetrators and so-called news is a fig leaf on a far darker art.
http://www.nytimes.com/2014/12/15/bu...at-a-time.html





Connecticut Takes First Steps to Reach Super-Fast Internet
Stephen Singer

Connecticut is taking a slow approach to super-fast Internet.

As of last week, 10 Connecticut municipalities were the first to commit to an initiative inviting telecommunications and other businesses for ideas to build and finance Internet service of up to 1,000 megabits — 1 gigabit — per second. That's more than 100 times faster than what home speed now delivers.

Comptroller Kevin Lembo and Consumer Counsel Elin Swanson Katz, who are helping to lead the state effort, compare high-speed broadband to a critical utility, no different than electricity or home heating. They also promote it as a form of economic development to lure and keep businesses in the state.

"It's the ultimate infrastructure development," Lembo said.

While many Internet users believe current speeds are sufficient, service is getting faster and leading businesses and individuals who rely on data and streaming to expect ever-faster downloads. In addition, businesses and state agencies that move tremendous amounts of data would require super-fast Internet.

Several U.S. cities are striking deals with AT&T, Google and smaller companies and utilities to expand high-speed service into what's called the gigasphere. Such speeds are common in parts of Asia and Northern Europe, but are rarer in the U.S., where some rural households still use slow dial-up services. In addition, Internet providers have been reluctant to spend the billions of dollars needed to extend fiber-optic cables into homes, relying on the slower, but still effective, cable TV lines.

The city of Louisville, which is further along in its broadband program, is getting estimates of between $150 million and $200 million to connect about 500,000 residents. The next question is who pays: taxpayers or Internet companies that recoup their investment from customers in the form of rates, charges or fees.

The biggest cost is the "last mile," connecting the Internet house-to-house, said Ted Smith, Louisville's chief of civic innovation.

Louisville changed regulations for the city to be more "fiber-friendly," expedited the process to get a franchise and made other changes, he said. "There's no way to wave a wand and attract fiber companies," Smith said.

Officials in the Connecticut municipalities of Fairfield, Madison, Manchester, Meriden, Middletown, Milford, New Haven, Norwalk, Stamford and West Hartford issued a request to companies to indicate an interest in working on gigabit Internet access. More than two dozen other municipalities have expressed an interest in joining the effort, Lembo and Katz said.

Among the goals are to create a gigabit-capable network for targeted businesses and residential areas with a "demonstrated demand" to drive job creation and stimulate economic growth. The call also seeks to provide free or heavily discounted Internet service of between 10 and 100 megabits to underserved and disadvantaged residential areas and deliver gigabit Internet service at prices comparable to other gigabit fiber networks in the United States.

No cost estimate has yet been calculated as officials investigate what's needed to establish super-fast Internet.

Paul Cianelli, president of the New England Cable and Telecommunications Association, said the industry is already moving with "lightning speed" to reach the gigasphere. The industry has spent $2 billion on the network over the last six years and he questions state involvement.

"This is a business that turns on a dime. Every week there's a new technology, a new customer," he said. "Government is ill-suited to get into that business."

Lembo said state involvement is limited to encouraging municipalities to show an interest to build a large pool of potential users.

"The only thing we're doing as a state is using the bully pulpit," he said.
http://www.newstimes.com/news/articl...st-5956350.php





A Domain Name Company Is Starting a 'Mini Google Fiber' to Compete With Comcast
Jason Koebler

What does a company that rose to prominence selling domain names know about offering gigabit fiber internet access? Well, it at least knows that customers can’t stand Comcast and other huge telecom companies, and are desperate for an alternative.

Today, Tucows Inc., an internet company that's been around since the early 90s—it’s generally known for being in the shareware business, registering and selling premium domain names, and hosting corporate emails accounts—announced that it's becoming an internet service provider.

Tucows plans on becoming an ISP in Charlottesville, Virginia, where it intends to offer ultra high-speed internet. It eventually wants to expand to other markets all over the country.

The company will go head-to-head with two of the country's largest ISPs: Comcast and CenturyLink, both of which have horrendous reviews in Charlottesville.

"At the simplest level, we'll be offering a lot more product for the same price, and a much better customer experience," Elliot Noss, the CEO of Tucows, said in an interview. "We want to become like a mini Google fiber."

The decision seems like it comes out of left field, but it's actually in line with some recent moves the company has made. In 2012, Tucows launched Ting, a wireless provider that operates on the Sprint network. Ting has won accolades for its customer service and transparent pricing, in which customers pay only for the data they use and the calls they make.

It seems like a minor development for a medium-sized city, but Tucows entry into the broadband world signals that small- and medium-sized companies are realizing that monolithic ISPs are vulnerable, either because they are offering poor connections or because they have poor customer service.

The development could breathe life into a broadband market that has been plagued by companies who are willing to divide up the country so as to not compete with each other (Time Warner rarely competes with Comcast, for instance). But small ISPs—such as MonkeyBrains in San Francisco, Sonic in the Pacific Northwest, and Brooklyn Fiber in New York City—that are dedicated to fast speeds and good customer service have thrived.

“Everyone who has built a well-run gigabit network has had demand exceeding their expectations," Noss said. "We think there's space in the market for businesses like us and smaller."

The Charlottesville service will operate under the Ting name, but the company's wired networks will eschew with the pay-for-what-you-use pricing scheme, and will instead be set up like a traditional internet service provider—albeit with better customer service, Noss said.

"From the outside, it seems odd, but we do email for 2-3 million email boxes. When your emails aren't working, people get angry. We're used to being in a business where things absolutely have to work," he said.

"When we got into mobile, we just took the same business processing and billing and applied them to mobile, which was suffering from incredibly high pricing and a low level of service," he added. "We thought, where else can we take these things we've gotten good and apply them to?"

So, wired internet it is.

In this first deal, Ting will take over Blue Ridge InternetWorks, which already has the fiber infrastructure laid in Charlottesville, a city of roughly 45,000 people and home to the University of Virginia. Ting is expected to start serving customers in the first quarter of 2015.

In the city, Comcast charges $90 per month for a 50 mbps service; CenturyLink charges $40 per month for 10 mbps connections.

Though pricing for Ting isn't set yet, Noss says that he's hoping to charge less than $100 per month for a gigabit connection. He said it won't be "out of touch" with gigabit connections offered by Google Fiber or municipal fiber connections offered in Chattanooga, Tennessee or Lafayette, Louisiana.

Noss wouldn't speculate about what Comcast or CenturyLink might do in response to the entry of a new competitor, and didn't want to take any shots at any of the big companies, other than to say that, in general, "people don't feel very warmly toward the incumbents in existing markets, so we think there's a real opportunity there."

Ting’s wireless service, meanwhile, was just rated among the best in the country by Consumer Reports.

In the past, when a competitor has entered the market (especially when it's been a municipally-run one) large ISPs have dropped prices and built out new infrastructure, a sign that competition is a boon for consumers.

Noss said that the company is dedicated to net neutrality as a "sensible business practice" and said "it's our responsibility to make sure content like Netflix is fast on our network. We're not looking for content providers to pay us in a double-sided fashion."

He said he doesn't have any particularly strong feelings on Title II (the reclassification of the internet as a utility, which large ISPs have said will cost them money and affect infrastructure investment), suggesting that "it'll have an impact," but that it will affect all ISPs, so it's simply a different set of rules the company will have to play by.

So, Ting's entry into the marketplace is likely to be good for the people of Charlottesville—but what about the rest of the country? Noss said the company is looking to either buy infrastructure or partner with local governments to lease fiber in a couple of other cities in 2015, with a big push expected in 2016 assuming all goes well with the initial cities. He said the company will consider building its own fiber networks (rather than using existing infrastructure) if it makes sense.

"The one thing we won't do is spend a lot of time convincing people of the need for a fiber network,” he said. “We think that's a waste of time, and I think people already see the value.”
http://motherboard.vice.com/read/a-d...e-with-comcast





One Group Dominates the Second Round of Net Neutrality Comments
Andrew Pendleton and Bob Lannon

A letter-writing campaign that appears to have been organized by a shadowy organization with ties to the Koch Brothers inundated the Federal Communications Commission with missives opposed to net neutrality (NN), an analysis by the Sunlight Foundation reveals.

Over the past several months, the Federal Communications Commission has been working towards a new set of rules around net neutrality, and a large part of that process has been accepting comments from the public. In September, we reported on our analysis of the comments from the first comment period of this rulemaking, and we’d now like to take a look at the comments from the second, which the FCC released in bulk in October. We again used natural language processing techniques to examine the approximately 1.6 million comments we successfully extracted from this batch of comments, helping to expose important topics discussed in the comments, and to group similar comments together.

Among our key findings from round two:

In marked contrast to the first round, anti-net neutrality commenters mobilized in force for this round, and comprised the majority of overall comments submitted, at 60%. We attribute this shift almost entirely to the form-letter initiatives of a single organization, American Commitment, who are single-handedly responsible for 56.5% of the comments in this round.

Who's behind the group that flooded the FCC with anti-net neutrality comments?
American Commitment, the group behind a majority of the recent anti-net neutrality comments, is affiliated with the Koch brothers’ network. Read more.

• In large part because of this campaign, the percentage of comments submitted that we believe to have been form letter submissions was significantly higher for this round than the last one, at 88%.

• Non-form-letter submissions had a similar sentiment distribution as comments in the first round, at less than 1% opposed to net neutrality.

• In general, many more comments were difficult to classify in this round than in the first round. Some of the new campaigns on the anti-net neutrality side appear to have been crafted to use similar language to the successful pro-neutrality campaigns of the first round, while supporting opposite conclusions, and many non-form-letter comments used talking points from both camps, making their ultimate intents unclear.

• As with the last round, the corpus also included submissions on behalf of telecommunications firms, advocacy organizations, etc., which were written using formal legal language that set them apart from the bulk of the comments. Again, these were a tiny fraction of a percent of overall comments.

• Combined with the first round comments, we characterize 41% of the total comments submitted as being anti-net neutrality (with the balance being a mix of pro-NN and comments with no clear opinion), and we estimate that 79% of submissions came as part of form letter campaigns.

http://sunlightfoundation.com/blog/2...lity-comments/





Censorship 2.0: Shadowy Forces Controlling Online Conversations
A. Asohan

• More insidious than straight-up censorship because it’s also a ‘mental hack’
• ‘You actually think you’re free, but you’re being manipulated behind the scenes’

IT was perhaps a bit unfortunate, but in October, about a hundred journalists, civil rights advocates and representatives from non-governmental organisations, Internet rights activists, academics and lawyers from across Asia were gathered in Kuala Lumpur to discuss Internet rights and freedoms.

But while the Regional Conference on Media and Internet Freedom was an important event in itself, across town, a group of technologists, security professionals and hackers was attending a talk at the Hack In The Box Security Conference (HITBSecConf 2014) that had a direct relevance on the issues being discussed at the first conference.

At the HITB event, Haroon Meer and his team from South African-based Thinkst, an applied research company that focuses on information security, spoke about how certain parties – whether individuals with mischief in mind, organisations with vested interests, or certain nation-states – have been using false identities to control online conversations.

Unknown forces are making sure their voices are the loudest in online discourse.

In his talk Weapons of Mass Distraction: Sock Puppetry for Fun and Profit, Haroon and his team demonstrated how they successfully gamed systems ranging from mailing lists, online polls, Twitter and Reddit, to major news sites and comment systems. More importantly, they also collected forensic evidence that such tampering has already been going on.

“It’s the concept of rent-a-crowd, brought to the Internet age using sock puppets – essentially accounts that are created online that don’t really represent real people, and are used to sway people’s opinions in forums and other online get-togethers,” he told a rapt audience at HITBSecConf.

“So we thought, if we were an evil corporation or an ‘Evil.Gov,’ what would we do with sock puppets to try and influence hearts and minds? We looked at how we could control the narrative, how we could either get more attention to things or distract people from things, using sock puppets – essentially how we could increase or decrease eyeballs on the things we want.

“We looked at what can be done; what we think will be done; and what we see is already being done,” he added.

Haroon, who has spoken at previous HITBSecConf events, said that Thinkst’s efforts in this research was made possible by a grant by the Washington-based Open Technology Fund, which support projects that develop open and accessible technologies promoting human rights and open societies.

“In 2010, there was a very nice book by Tim Wu (The Master Switch: The Rise and Fall of Information Empires) which spoke about how all new technologies promise freedom, but then get subverted by the powers-that-be and actually end up working against you.

"He went through examples like radio, TV, the telegraph, and so on … and we’re already seeing signs of this, in terms of Internet control,” he added.

Haroon noted that as the Arab Spring became a phenomenon, Egypt quickly shut down access to the Internet, which is also what countries like Libya and Myanmar have done when faced with an unhappy citizenry.

From sledgehammers to mind hacks

Such brute force tactics are common in this part of the world. Independent news portal Malaysiakini has constantly been the target of hacker attacks, and more recently, the US-based Environmental News Service accused hackers, whom it alleged were funded by the Malaysian Government, of bringing down its servers.

“But one of the things you start to figure out is that countries that cut access to the Internet are actually playing like amateurs – because what the professionals do is that they use the Internet to help them crack down on their people,” said Haroon (pic above).

“What Tunisia did was to let its people access Facebook so that it could spot who the dissidents were, and then went after them. London, interestingly, did something similar” to identify the 2011 rioters, he added.

Censorship on the Internet can get routed around. But much like how US authorities learned during the protests of the 1960s that brute force was not as effective as infiltration, today’s regimes are learning that the art of deception makes a more effective tool.

“How would censors behave in a world of freely available user-generated content? Aaron Swartz was way ahead of us when he said: ‘So it’s not only certain people have a licence to speak, now everyone has a licence to speak. It’s a question of who gets heard’,” said Haroon, referring to the hacktivist and Internet Hall of Fame inductee who committed suicide in 2013.

“How is censorship becoming Censorship 2.0? We have some theories on this, and we had some stuff we tested out.

“The main reason we care about this is because we think that this sort of censorship is going to be more insidious than straight-up censorship, because it kind of combines a technical hack, and a mental hack of sorts – you actually think you’re free, but you’re being manipulated behind the scenes,” he added.

Mailing list manipulation

Thinkst set out to investigate the phenomenon knowing that it had come out with good, scientific, and repeatable tests.

“One of the big challenges is that everyone kind of suspects that this kind of thing is already happening, but it’s kind of hard to measure,” Haroon acknowledged. “How do we determine if we were successful in changing people’s opinions?”

Thinkst first looked into mailing lists – which may sound like a very Web 1.0 thing to do, given today’s tweeting and instagramming online communities, where even blogging sounds quaint.

But as pointed out by Thinkst researcher Azhar Desai, people still use mailing lists or get email from them.

“So we looked at whether we could get more people to read an email on the mailing list, or get fewer people to read it. To measure how many people read an email, we used link clicks – we put links in the email that you have to click to read,” he said.

The team first sent out a control email with a link, waited 48 hours, then counted the number clicks. For the experimental email, it sent out email with a link, then used sock puppets to send several replies to make the discussion thread longer (this makes people curious to find out what’s going on), waited 48 hours, then counted the clicks.

And found that more people read the experimental email (see below).

To test how mailing lists could manipulated so that fewer people would read a particular item, the team took the same steps as above, but instead of the sock puppets being used to send replies to make the discussion thread longer, they were used to send several separate emails starting new threads to distract everyone.

And true enough, fewer people read the experimental email (see below).

One of the false email threads Thinkst planted, on a so-called vulnerability in the Mac OS X operating system, was actually picked up by a site dedicated to vulnerability reports.

“So you can use sock puppets to attract people’s attention to something you want them to read, or to distract them from something you don’t want them to read,” said Haroon. “It’s relatively simple, and all too-intuitive.”

Thinkst believes that certain parties can not only use such sock puppetry to manipulate people into paying attention to items, or to distract from reading others, but this technique can also be used to discredit opponents by doing a bad sock puppetry operation on their ‘behalf.’

Online polls

Online polls are a perennial favourite, easily gamed and very influential too, since major news sites use them.

“There is an ongoing tradition of gaming online polls, the most famous being TIME magazine’s Most Influential’ poll of 2009,” said Azhar, referring to the online poll that ‘moot’ (aka Christopher Poole) – the founder of the discussion board 4chan – won.

“You can go for the obvious landslide, or more subtle wins,” he added.

Malaysians may remember the TIME poll because the second most influential person in the world was apparently local opposition leader Anwar Ibrahim, but the poll had actually been manipulated to spell out a cryptic message ‘Marblecake Also the Game,’ noted Fox News.

Closer to home, in 2011, a poll on The Star Online on whether a proposed ‘Bersih’ pro-democracy rally should be cancelled was also manipulated. It received more than one million responses in less than a day, compared with the average of about 30,000 responses over several days, which led The Star Online to realise the poll was being manipulated.

“Furthermore, the total number of unique visitors to The Star Online is about 400,000 per day, lending further credence to suspicions that there was manipulation,” the news portal reported.

“We found it hard to find an online poll that wasn’t seriously gameable,” Haroon said at HITBSecConf.

UGC: Twitter and Reddit

On user-generated content (UGC), Thinkst explored Twitter and Reddit. For the former, Haroon referred to a study conducted by data scientist Gilad Lotan, who bought followers and then analysed the effects of buying Twitter followers – a practice that even politicians (or their even less scrupulous ‘social media consultants’) are guilty of.

“One thing’s crystal clear – on social media it is easy to mistake popularity for credibility,” Lotan had said.

“One of things he [Lotan] found was that ‘bought followers’ actually win you ‘organic followers,’ and that those real followers stay on even after your bought followers dropped off,” said Haroon.

“This is kind of intuitive, because if you use Twitter, you’d be more likely to follow someone with a high follower count than someone with a low count,” he added.

“Why does this matter? Because of the way we use Twitter – it’s not like an RSS feed. You don’t go in to catch up on all the day’s tweets, it’s a stream that you dip into.

“If I can convince a lot of people to follow me just by tweeting more, I get to dominate that person’s timeline, and essentially, what I get to do is crowd out other conversations. I can crowd out what I don’t want them to see,” Haroon said, referring to the practice of ‘timeline crowding.’

Meanwhile, Azhar said that Reddit is one of the best examples of UGC: It’s about people submitting links or stories, and the community voting on this content and policing it.

“You can use proxy accounts to ‘upvote’ articles you want to promote; or to ‘downvote’ articles you want to kill,” he said.

“Reddit expects people to try and game the system, so has many defences in place,” he added.

Still, Thinkst managed to breach those defences easily. It registered 50 proxy accounts and found that this was sufficient to upvote or downvote articles in subreddits – the various, more specialised sections on the platform.

Articles that are downvoted enough times are removed from the page for Reddit admins to investigate – but that act in itself is a victory, because, as noted, the article is knocked off the page.

“You can also try ‘trickle downvoting’ – only downvote as many times as new articles have upvotes. It keeps the score even, and while you do this, upvote the article you want people to see,” Azhar said.

When Thinkst did some mass downvoting on the WorldNews subreddit, downvoting all new articles as they appeared, the admins suspected something was up, but all they did was to put up a notice telling their users not to panic.

When Thinkst tried the same type of manipulation on the more specialised NetSec subreddit – devoted to news and matters about cyber-security – “the moderators responded with intelligent discussions and roped in official reddit admins to talk about the problem."

“But even then, they didn’t seem to have a handle of what was really going on. We had 50 bots operating, but they estimated only 20,” said Azhar.

“This shouldn’t have been so hard to spot at all,” added Haroon. “You have a bunch of users all voting on the same article, and you can isolate and detect things like voting in synch; signup times that are similar; common email domains; patterns in usernames; IP (Internet Protocol) addresses from known open proxies; and more, including users with low karma scores.”

‘Karma’ is how Reddit users are rated for their contributions to and engagement with the community.

“This stuff should be easy to spot once you’re looking at what you know is a compromised thread,” said Haroon. “This was as basic a bot attack as you could have.”

Read all about it

In this era of information and misinformation overload, news sites are regaining some of their cachet as credible sources of information. Because content is controlled by the editorial teams – comprising professional journalists, at least for the most part – the actual stories cannot be influenced.

“But there are sections on the front page that you can control – most news sites have a panel that lists the most-read or most popular articles,” said Azhar.

“The question then was, can we influence this panel? Can we get articles on it or keep articles off it?” he added.

Thinkst went into South Africa’s popular Mail & Guardian site, which has a panel that features recent articles with the most page views.

“Now, pageviews we can control, and we did it here to spell out ‘HITB’,” said Azhar

Then the Thinkst team looked at The Wall Street Journal’s ‘Popular Now’ panel, which was harder to game because those rankings use a combination of metrics: Page views (30%), Facebook and Twitter (20% each), email shares (20%) and comments (10%).

“Pageviews? We know how to do that. Twitter? We still had our sock puppet accounts,” said Azhar. “By combining them, we got to control 50% [of the factors].”

For Twitter, the team just made sure their tweets were not identical:

Thinkst also looked into the New York Times (NYT), whose default panel was ‘Most Emailed.’ To do so, it needed accounts with the NYT, but those were easy to create – as at HITBSecConf, the team had created 30,000 accounts with the newspaper, Thinkst claimed.

“What’s interesting to note is that the New York Times spends millions on its news-gathering apparatus,” said Haroon.

“Based on quick calculations on how much machine time we were spending on Amazon Web Services, the cost to register 30,000 accounts was about 12 cents; the cost to share 30,000 stories was about 18 cents.

“To trivially manipulate the NYT front page? That was priceless,” he said.

“So again, it as a relatively simple attack, but we managed to do what we had set out to do: We can influence what people are most likely to see, even on these news sites. Even if we don’t own them, we can own them,” added Haroon.

Discussing Disqus

Disqus is one of the most popular comments systems today, used in forums, blogs and news portals like CNN, Al Jazeera, Bloomberg, The Next Web, The Daily Telegraph and even Digital News Asia (DNA).

“To put it into context, Disqus has about 20 million comments a month, and says it has about 150 million users and about a billion pageviews a month,” said Thinkst lead researcher Marco Slaviero (pic above).

“They really are a big player in this space. They’ve really made it easy for users to upvote or downvote comments, rank them, and have a lot of slick tools for admins to moderate their pages.

“User profiles are visible across sites and your comments are gathered in your Disqus profile page, so you’re really establishing an online presence,” he added.

In the Web 2.0 and UGC era, a news story is not the entire story. Conversations and comments add value.

“The stories that these [news] organisations put out isn’t the entire narrative. If you come back to the notion of user-generated content, part of the page does not come from the editors of these sites, it comes from users of the site,” said Slaviero.

Just how much of the narrative comes from readers? Thinkst screen-captured an actual CNN page, flipped it on its side and separated the actual news story from the comments, which shows an approximate 30:70 split.

The team then coded a short Bash script for Disqus that allowed it to register 100 accounts, and do mass posting and voting. (Bash is a ‘shell’ for the Unix operating system that allows users to program commands).

“There are very little defences in Disqus. We pretty much got complete control of Disqus forums with a one-line Bash script,” said Slaviero.

“We could actually manipulate opinion on a bunch of news stories,” he added, then showed a video of how Thinkst upvoted comments that the team had planted on real-world events, and downvoted comments they ‘didn’t like’ – essentially taking over a CNN comments section.

“Disqus has some defence against sock puppetry, but it’s hopeless inadequate,” said Slaviero.

For instance, user registration isn’t limited by IP address; email verification isn’t a requirement; and while guest voting is IP-limited, open proxy lists can bypass this trivially.

The Thinkst team then tried the LiveFyre comments system, and the same techniques worked.

“The one difference is that by default, LifeFyre orders comments according to the newest rather than by votes, so it’s actually even easier – you don’t need to vote, just keep posting the same comment,” said Slaviero, playing another video to demonstrate.
“To remove a comment from the page, you can just keep flagging it as inappropriate and it will disappear until the admin has looked into it,” he added.

More worrying, his colleague Azhar then showed how you can download an actual user’s token from LifeFyre when he or she is logged into LiveFyre, and then impersonate that user on other sites and post comments on his or her behalf.

“We get to see your history, we get to vote for you, and we can do this with multiple accounts,” said Haroon. “Effectively, we get to do sock puppetry using real accounts.”

The puppet army

Having verified how easy it was to use manipulate online conversations, the Thinkst team then set out to explore whether such techniques were actually being used.

“It’s obvious they are – the most obvious recent example was Common Dreams, a website for news and views from the progressive community,” said Haroon.

“They were getting a lot of anti-Semitic comments on their pages, and were in fact in danger of losing their funding because their funders were not comfortable with such comments.

“After a little investigation, they found it was all linked to a college kid – what he did was post these sock puppet comments, then sent email to organisations to say ‘We’re being seriously oppressed here,’ etc.

“As Marco [Slaviero] has shown, you can effectively mute a voice by flagging it enough times, and we see this all the time, with appeals to others to downvote a comment you don’t agree with, which is what the IDF (Israeli Defence Forces) has done,” he added.

Thanks to leaks by former US National Security Agency (NSA) contractor Edward Snowden, the world now knows that the Joint Threat Research Intelligence Group (JTRIG), a unit of the UK-based Government Communications Headquarters (GCHQ), has been performing such acts.

In 2011, the JTRIG conducted a denial-of-service attack (DoS) on the activist network Anonymous, and its other targets have included the Government of Iran, and the Taliban in Afghanistan.

“Their mandate is to ‘Deny, Disrupt, Degrade, Deceive.’ They’ve been using many of the techniques we have outlined,” said Haroon.

Thinkst then went out to identify these sock puppet armies, using an array of tactics. First, it picked a controversial topic (like the Palestine conflict), then looked into news organisations that cover this topic (like Al Jazeera).

It then used the Disqus API (applications programming interface) to get a list of popular stories; and for each story, used the API to pull user information, then linked users to stories they commented on.

But it was still hard to discern the pattern. So the team decided to focus on the voting metrics. It pulled all the comments for a random story; and for each comment, pulled out information on the non-guest voters. For each voter, Thinkst then retrieved their registration time, then calculated the variation in voter age on each comment.

“What stood out was that accounts had been registered within minutes of each other, and that their usernames and profile names had a regular pattern: Username: <Firstname><Surname>; Profile name: <Firstname><Surname>,” said Slaviero.

“It is a signal, but not completely convincing,” he added. “So we thought, what about email addresses?”

One shouldn’t be able to retrieve a Disqus user’s email address, but Thinkst found an ‘unmask attack’ that returns an email address for a profile name. An unmask attack reveals what should be hidden information. Slaviero said that the attack has been been reported and Disqus has since fixed it, however.

The team found that the suspected puppets had similar email addresses, in the form of <Firstname><Surname>@gmail.com.

“We had our suspicions … so the next step was to enumerate,” he added.

Disqus users get a unique ID (identification) in the form of a counter, and there are unrestricted APIs to query user information which allowed the Thinkst team to look up email addresses for each enumerated user with its unmask attack.

When it had drilled down to 5,000 users, it pulled details on them, then filtered them according to the username, profile name and email address patterns above.

“Disqus lets us map usernames to forums where they’re active, and also lets us map usernames to comments (including private profiles),” said Slaviero.

And the team found accounts with patterned profile names; patterned usernames; patterned emails; had similar registration times; exhibited regular inter-registration delays; showed an alphabetical progression in usernames; were active on the same set of sites; shared duplicate comments across accounts; and which vote for each other’s comments to push them up.

These accounts had consistent multi-faceted views: They were generally pro-Palestine and anti-Israel; they wrote “We (USA)” to present themselves as Western; were aginst Syria and US President Barrack Obama, and attempted to project themselves as pro-Islam with derogatory comments against Christianity.

“Who is this sock puppet army? It’s difficult to speculate – it’s a simplistic attack, so we’re not sure if this is because they lack the skills set, or if they were intending to be found,” said Slaviero.

“You could shut down this puppet army, but they’ll just re-register. Disqus is thinking of limiting its API, but we think it’s a bad idea because puppetry is very likely happening in other places, and without the same amount of data, we can’t tell.

“In fact, Disqus’ open data approach is great for identifying these relationships and patterns, and we want to give them a shout-out for it,” he added.

Tools to fight puppets

“We want to be absolutely clear: We saw a super-simplistic attack on Reddit that even the Reddit admins couldn’t identify,” said Haroon.

“With just a few days’ worth of work, we managed to uncover, pretty comprehensively, a botnet army on CNN, Al Jazeera and the Jerusalem Post, and mainly because of good access to data, so it’s actually something we want to encourage.

“In summary, without exception, all user-generated content sites have been fairly easy to game, and fairly trivial to manipulate, so it’s pretty clear this abuse has already been going on in a whole bunch of places.

“What’s important for us is that we’re aware of it, and that we start building tools that can detect and counteract it. Our biggest tool is good access to open data,” he added.

Haroon later told DNA that part of OTF grant includes Thinkst building tools that would allow others to detect such sock puppetry on their sites, and to counteract it. The company is in the process of doing so.
http://www.digitalnewsasia.com/digit...-conversations





Detractors of Google Take Fight to the States
Nick Wingfield and Eric Lipton

They have lobbied state attorneys general. They have hired former state attorneys general. They have even helped draft a menacing letter for one state attorney general.

And they have given the target — Google — a code name: Goliath.

Google’s detractors complain about the search giant to everyone they can, from raising concerns about the company’s dominance with regulators in Brussels to antitrust officials in Washington. Now, they are taking the fight into states, often to push Google to censor illegal content and sites from search results.

The inner workings of those efforts are outlined in emails obtained by The New York Times through open records requests. Other details are contained in messages stolen from Sony Pictures Entertainment by hackers and obtained by The Times through an industry executive. Some of the emails from Sony have been reported by The Verge, a website.

Together, the emails show the extent of the efforts with state attorneys general. The messages detail how the Motion Picture Association of America — the Hollywood industry group — and an organization backed by Microsoft, Expedia and Oracle, among others, have aggressively lobbied attorneys general to build cases against Google in recent years, sometimes in complementary ways.

The movie association and its member companies, the messages show, have assigned a team of lawyers to prepare draft subpoenas and legal briefs for the attorneys general. And the groups have delivered campaign contributions — with several movie studios sending checks — to Jon Bruning, the Republican attorney general of Nebraska, who was helping push their cause, and who made an unsuccessful bid for governor this year.

State attorneys general have broad authority to investigate companies involved in practices that cause consumers harm. A year ago, Google paid a $17 million fine — a tiny amount for the giant company — spread among more than 30 states after an investigation related to an accusation that it had violated the privacy of certain Internet users.

Mr. Bruning and Jim Hood, Mississippi’s attorney general, who has become one of the most active officials against Google, say they are simply trying to enforce the laws in their states. They say Google, one of the most powerful companies of the Internet era, is dragging its feet on complying with their requests to filter illegal Internet pharmacies and other illicit content from its search results.

“These guys have profited from illegal activity that they promoted in their search engines for years,” Mr. Bruning said on Tuesday. “There is a culture at Google of sell anything to anyone. By no means do they wear the white hat in this debate.”

But as far as Google is concerned, the attorneys general, the film group and Microsoft have a similar interest: to interfere in Google’s business. Movie studios have long complained that Google does not do enough to get rid of links to pirated film and television shows online. Illegal copies of their content on YouTube, a Google property, are another complaint.

By pushing the attorneys general to block illegal sales of pharmaceuticals on Google, the movie industry has concluded, they could use the same powers to curb the distribution of pirated goods. For Microsoft, any limits imposed on Google might help it improve the fortunes of its struggling search engine, Bing.

“As a trade association, our primary objective is to protect our members and their creative works — employing voluntary initiatives, policy solutions and legal actions,” said Kate Bedingfield, an M.P.A.A. spokeswoman. “When wrongdoing is taking place online, we work with and support appropriate law enforcement officials, including the attorneys general, as do many other industries.”

Google insists that it has cooperated by removing some objectionable content. In a February letter that Kent Walker, general counsel of the company, sent to attorneys general, he said that it had spent over $250 million during the last three years on policy enforcement and systems that help it remove illegal content from its search index. But Google has said it does not believe it is appropriate for it to completely remove from its search results many of the sites to which the prosecutors object.

“It is our firm belief that Google should not be the arbiter of what is and is not legal on the web — that is for courts and government to decide,” he said in the email, which was obtained from open records requests.

Google’s foes have found a particularly receptive official in Mr. Hood, a folksy Democrat who grew up in northern Mississippi. In late October, Mr. Hood issued a 79-page subpoena to Google, asking for records related to its advertisements and search results for controlled substances, fake IDs and stolen credit card numbers.

For months before that, a steady flow of letters from Mr. Hood to Google indicated his distaste for the company. One letter came with digital fingerprints suggesting that it had originated at a law firm, Jenner & Block, that represents the M.P.A.A.

“In my 10 years as attorney general, I have dealt with a lot of large corporate wrongdoers,” one of his letters from November 2013 read. “I must say that yours is the first I have encountered to have no corporate conscience for the safety of its customers, the viability of its fellow corporates or the negative economic impact on the nation which has allowed your company to flourish.”

The movie industry, through a nonprofit group it funded called Digital Citizens Alliance, picked the perfect lobbyist to squeeze Mr. Hood: Mike Moore. Mr. Moore was Mr. Hood’s predecessor as Mississippi attorney general and helped start Mr. Hood’s political career. He remains a close friend of the attorney general and travels with him frequently; he has even played a role in helping Mr. Hood get elected as the president of the National Association of Attorneys General, emails obtained by The Times show.

Mr. Moore, in an interview, said he was working pro bono to advise Mr. Hood on how to combat the illegal sale of drugs online. He was then hired, for a fee he would not disclose, by the Digital Citizens Alliance in a similar post. Mr. Moore then became a critical source for the movie industry, according to one email, telling them how Mr. Hood’s inquiry was progressing and even alerting industry executives that Google had been sent a subpoena — before it said it had been told.

Peggy Lautenschlager, who served as attorney general in Wisconsin, said that the role that the movie industry had played in pushing Mr. Hood, through Mr. Moore and others, was inappropriate. “A private interest is influencing some attorneys general’s offices,” she said. “Tragically, that is how the world operates nowadays.”

Mr. Hood and Mr. Moore said their actions were motivated by wrongdoing by Google, not by any pressure from the movie industry or Microsoft. The Digital Citizens Alliance said it had been public about pushing Google to clean up its search results. Microsoft, which among other efforts has supported FairSearch, a group pushing attorneys general, declined to comment.

“I don’t think there is any secret that there is a group of interested industry people who have a problem and they are concerned about how Google is doing their business,” Mr. Moore said in an interview. “But frankly, Attorney General Hood, and seven or eight others, are concerned about drugs, about child pornography and illegal steroids.”

The groups have also done more than write letters to attorneys general. Executives from the M.P.A.A., for example, urged the group’s members to donate $1,000 each to Mr. Bruning’s campaign for governor in Nebraska.

The plea coincided with a fund-raising event for Mr. Bruning in March at Microsoft’s offices in Washington. Campaign finance records show that donations came in from Paramount Pictures, Sony, 21st Century Fox, as well as other movie industry players, each for exactly $1,000.

Mr. Bruning said that he did not solicit the donations, and that they did not influence him.

Mr. Hood’s office did not respond to specific questions about his use of a letter apparently prepared by a movie industry executive as a draft for a warning he sent to Google, or about the role Mr. Moore had played in lobbying his office. But Mr. Hood said in a statement that his office accepted help from outside companies as it investigated wrongdoing.

“If they have expertise to help us catch the bad guys, we gladly accept their help,” his office said. “Google has put their profits ahead of the safety of children and families and this office will continue to fight them with all the expertise at our disposal in an effort to protect the people of Mississippi.”
http://www.nytimes.com/2014/12/17/te...eir-fight.html





The MPAA’s Attempt to Revive SOPA Through A State Attorney General
Kent Walker

We are deeply concerned about recent reports that the Motion Picture Association of America (MPAA) led a secret, coordinated campaign to revive the failed SOPA legislation through other means, and helped manufacture legal arguments in connection with an investigation by Mississippi State Attorney General Jim Hood.

Almost three years ago, millions of Americans helped stop a piece of congressional legislation—supported by the MPAA—called the Stop Online Piracy Act (SOPA). If passed, SOPA would have led to censorship across the web. No wonder that 115,000 websites—including Google—participated in a protest, and over the course of a single day, Congress received more than 8 million phone calls and 4 million emails, as well as getting 10 million petition signatures.

Here is what recent press reports have revealed over the past few days about the MPAA’s campaign:

The MPAA conspired to achieve SOPA’s goals through non-legislative means

According to The Verge, “at the beginning of this year, the MPAA and six studios … joined together to begin a new campaign” to figure how it could secretly revive SOPA. It “joined together to begin a new campaign” to achieve wholesale site-blocking by “[convincing] state prosecutors to take up the fight against [Google].” The movie studios “budgeted $500,000 a year towards providing legal support”—and the MPAA later sought up to $1.175 million for this campaign.

The MPAA pointed its guns at Google

With that money, the MPAA then hired its long-time law firm Jenner & Block to go after Google while also funding an astroturf group—the Digital Citizens Alliance—with the same goal of attacking Google. (Source: The New York Times).

The MPAA did the legal legwork for the Mississippi State Attorney General

The MPAA then pitched Mississippi State Attorney General Jim Hood, an admitted SOPA supporter, and Attorney General Hood sent Google a letter making numerous accusations about the company. The letter was signed by General Hood but was actually drafted by an attorney at Jenner & Block—the MPAA’s law firm. As the New York Times has reported, the letter was only minimally edited by the state Attorney General before he signed it. Here is what the document showed about its true origin:

We've redacted the name of the attorney to protect her privacy

Even though Google takes industry-leading measures in dealing with problematic content on our services, Attorney General Hood proceeded to send Google a sweeping 79-page subpoena, covering a variety of topics over which he lacks jurisdiction. The Verge reported that the MPAA and its members discussed such subpoenas and certainly knew about this subpoena’s existence before it was even sent to Google.

Attorney General Hood told the Huffington Post earlier this week that the MPAA "has no major influence on my decision-making,” and that he “has never asked [the] MPAA a legal question” and “isn't sure which lawyers they employ.” And yet today the Huffington Post and the Verge revealed that Attorney General Hood had numerous conversations with both MPAA staff and Jenner & Block attorneys about this matter.

While we of course have serious legal concerns about all of this, one disappointing part of this story is what this all means for the MPAA itself, an organization founded in part “to promote and defend the First Amendment and artists' right to free expression.” Why, then, is it trying to secretly censor the Internet?
http://googlepublicpolicy.blogspot.c...vive-sopa.html





Goliath Strikes Back: Google Takes Legal Action Against Mississippi State Attorney General Jim Hood
Russell Brandom

Last Friday, The Verge published leaked documents revealing a secret legal campaign to discredit Google, coordinated by the MPAA on behalf of the major Hollywood studios. The documents show a continued focus on the power to blocking sites from the web — a central issue in the 2011 SOPA debates — and a concerted effort to enlist state attorney generals in that fight. Both Google and the MPAA have issued harsh statements over the news, but today the fight is growing into a full-fledged legal battle.

This morning, Google filed a lawsuit in Mississippi district court against State Attorney General Jim Hood, alleging Hood had singled the company out for a "burdensome, retaliatory" subpoena. (Hood has faced scrutiny for his role in the MPAA efforts.) "We regret having to take this matter to court," Google said in a statement, "and we are doing so only after years of efforts to explain both the merits of our position and the extensive steps we've taken on our platforms."

Alongside the lawsuit, Google has launched evidentiary actions against the MPAA and its retained counsel at Jenner & Block, asking them to retain documents for a possible future action. Alongside the legal campaign, Google has launched a public advocacy campaign against the MPAA's newly revealed site-blocking measures, asking users "kill off #ZombieSOPA" with a petition to the MPAA. Google has fought the legal actions before, but this is the first time the company has gone on the offense, and suggests a new dynamic in the ongoing struggle between Google and the MPAA. Google is striking back against the Goliath project, and it's doing so in court.

The lawsuit centers on a subpoena Hood delivered on October 27th, 2014, asserting that Google anti-piracy provisions were violating a Mississippi consumer protection law. Google says it's protected under federal law and the first amendment, and that the subpoena is an attempt to coerce them into blocking sites that infringe on copyright. "The Attorney General may prefer a pre-filtered Internet," the lawsuit reads, "but the Constitution and Congress have denied him the authority to mandate it." While the case is pending, Google's suit also asks that the court enjoin Hood from enforcing the subpoena or bringing any new charges against Google, which would stop Hood's crusade in its tracks.

According to Google's lawsuit, Hood's subpoena asked for far more data than necessary, so much that simply complying with the order became a penalty. The subpoena asked for 141 specific documents, 62 interviews, and a broad request for any information relating to "dangerous content" hosted on Google's network. If Google fails to include anything that fits that description, it could open the door for further lawsuits, creating a potentially staggering burden of evidence. "In order to respond to the Subpoena in full," today's lawsuit alleges, "Google would have to produce millions of documents, at great expense and disruption to its business."

The suit also emphasizes Google's own efforts to make it easier to report infringing or dangerous content. According to the lawsuit YouTube engineers created a custom reporting tool for Hood earlier this year, and trained his office on how to use it. Unfortunately, Hood seems to have been unimpressed by the tool. "To date, over half a year later, the Attorney General has used this tool to report only seven videos," the lawsuit reads. "Nor, to the best of Google’s knowledge, has the Attorney General filed any legal action against any of the actual creators of the specific underlying content to which he has objected."

Google's counteroffensive isn't limited to Attorney General Hood. The company has also issued a document preservation notice to both the MPAA and the law firm Jenner & Block, asking them to retain documents related to the Goliath campaign and hinting at further legal action in the future. The result is a major campaign against a program that, until a week ago, no one outside of Hollywood studios knew about. It's just the kind of counteroffensive MPAA executives worried about in the initial email leaks, when they raised concerns over "what Goliath could do if it went on the attack." Now that the plans are public, it looks as if we're going to find out.
http://www.theverge.com/2014/12/19/7...torney-general





Sued by Google, a State Attorney General Retreats
Eric Lipton and Conor Dougherty

Attorney General Jim Hood of Mississippi on Friday agreed to call a “time out” in his fight with Google after the Internet giant filed a lawsuit accusing him of conspiring with the movie industry.

The move by Mr. Hood, who has been one Google’s most outspoken critics, came only hours after the company asserted in its lawsuit that Mr. Hood had been improperly influenced by major Hollywood studios that are trying to crack down on the distribution of pirated movies on the Internet.

The lawsuit, filed in federal court in Mississippi, had also questioned the authority of state law enforcement officials to regulate Internet service providers.

In a statement, Mr. Hood said Google was using its deep pockets in an attempt to “stop the State of Mississippi for daring to ask some questions.” Nevertheless, he said he would call the company and try to work out a deal.

“In an attempt to resolve some of the problems the states’ chief law enforcement officers have raised, I am calling a time out, so that cooler heads may prevail,” he said. Mr. Hood added that he would contact Google’s board to “negotiate a peaceful resolution to the issues affecting consumers that we attorneys general have pointed out in a series of eight letters to Google.”

Mr. Hood issued a 79-page subpoena in October, asking that the company turn over information about its search engine and sales of illegal drugs, pornography and other materials. He suggested that the company was knowingly profiting from such sales and demanded a response from Google by early January.

For several years, Google has been involved in legal wrangling with Mr. Hood and other attorneys general as the states tried to use their consumer protection authorities to push the company to crack down on such transactions. The states argued that Google benefited because of the sellers advertised on the search engine.

Emails and other records obtained by The New York Times — and which were stolen from Sony by hackers — showed how the movie industry, through a nonprofit group it funded, had hired the former attorney general from Mississippi, whom Mr. Hood used to work for, to put pressure on Mr. Hood to go after the company.

The Sony emails also showed how the major movie studios, working through the Motion Picture Association of America, had created what they called Project Goliath, a carefully orchestrated lobbying campaign to press state attorneys general not only to question Google, but to subpoena and perhaps sue the company.

The lawsuit Google filed on Friday accused Mr. Hood of violating federal law and requested that he be prevented from enforcing his subpoena.

It also accused Mr. Hood of essentially acting as a pawn for the M.P.A.A., arguing that Mr. Hood “took these actions following a sustained lobbying effort from the Motion Picture Association of America.”

An M.P.A.A. spokeswoman belittled Google’s accusations.

“Google’s effort to position itself as a defender of free speech is shameful. Freedom of speech should never be used as a shield for unlawful activities and the Internet is not a license to steal,” said Kate Bedingfield, an M.P.A.A. spokeswoman, in an emailed statement.

The lawsuit also asserted that Congress “broadly immunized computer service providers from state regulation.” Mississippi, the complaint says, did not have the legal standing to investigate the company, noting that copyright infringement, for example, is within federal, not state, jurisdiction.
http://www.nytimes.com/2014/12/20/te...d-lawsuit.html





President Obama Slams Sony for Canceling “The Interview”
Dawn Chmielewski

President Obama, speaking at his year-end presser, said it was a mistake for Sony Pictures Entertainment to cancel screenings of “The Interview” after it received threats of violence, saying it could lead to an era of self censorship in Hollywood.

“We cannot have a society in which some dictator some place can start imposing censorship here in the United States,” the president said, while also acknowledging he was sympathetic to Sony’s circumstances.

In the long term, the move could have chilling effects on the country’s freedom of expression. “Imagine if producers and distributors and others start engaging in self-censorship because they don’t want to offend the sensibilities of somebody who’s sensibilities probably need to be offended,” he said.

Sony didn’t directly respond when asked for comment, but in remarks made to CNN’s Fareed Zakaria, studio chief executive Michael Lynton said the situation was out of their control.

“The President, the press, and the public are mistaken as to what actually happened,” he said in an interview with the network. “We do not own movie theaters. We cannot determine whether or not a movie will be played in movie theaters.”

Lynton added Sony still wants to find a way to distribute the film, but couldn’t find an online service that would be willing out of concerns it may also be attacked. “There has not been one major VOD distributor, one major e-commerce site step forward and say they would distribute this to us,” he said.

Sony does own its own streaming service called Crackle, which it acquired in 2006. It is also able to distribute the film on its PlayStation Store, which sells and rents movies on its game consoles and devices. It wasn’t clear from the CNN interview if Sony is considering using its own distribution platform.

The Federal Bureau of Investigation has determined the North Korean government ordered the malicious attack, resulting in the disclosure of personal information, private emails and confidential business documents that culminated in threats of violence.

The president said there’s “no indication that North Korea was working in conjunction with any other country,” in the attack, contradicting earlier reports the reclusive nation may have worked with China in the incursion.

Sony canceled its Christmas Day release of “The Interview,” a Seth Rogen/James Franco comedy about a fictional CIA plot to assassinate North Korean leader Kim Jong-un, after the nation’s largest theater owners elected not to show the film, citing concerns for the safety of employees and patrons.

“I wish they had spoken to me first,” he said of Sony. “I would have told them do not get into a pattern where you’ll be intimidated by these attacks.”

Lynton told CNN: “We definitely spoke to a senior advisor about the situation. Did we speak to the president himself…? The White House was definitely aware of the situation.”

The White House, which has closely monitored the incident, has been contemplating a “proportional response,” but the president declined to explain what that would involve.
http://recode.net/2014/12/19/preside...hack-response/





Sony Hack: Activists to Drop 'Interview' DVDs Over North Korea Via Balloon

"Comedies are hands down the most effective of counterrevolutionary devices," says activist Thor Halvorssen
Paul Bond

Whether or not North Korea is behind the Sony hack, Kim Jong Un better brace himself because The Interview is headed to his country. Human rights activists are planning to airlift DVDs of the Seth Rogen comedy into the country via hydrogen balloons.

Fighters for a Free North Korea, run by Park Sang Hak, a former government propagandist who escaped to South Korea, has for years used balloons to get transistor radios, DVDs and other items into North Korea — not to entertain the deprived masses, but to introduce them to the outside world.

In the past two years, the Human Rights Foundation in New York, created by Thor Halvorssen, has been helping bankroll the balloon drops, with the next one set for January. The Interview likely won't be out on DVD then, but Halvorssen says he'll add copies as soon as possible. Halvorssen, whose group also finances the smuggling of DVD players into North Korea, says that the past dozen or so drops have included copies of movies and TV shows like Braveheart, Battlestar Galactica and Desperate Housewives. Anything with Arnold Schwarzenegger and Sylvester Stallone is also popular.

"Viewing any one of these is a subversive act that could get you executed, and North Koreans know this, given the public nature of the punishments meted out to those who dare watch entertainment from abroad," Halvorssen says.

"Despite all of that there is a huge thirst for knowledge and information from the outside world," he says. "North Koreans risk their lives to watch Hollywood films ... and The Interview is tremendously threatening to the Kims. They cannot abide by anything that portrays them as anything other than a god. This movie destroys the narrative."

Halvorssen says Hollywood is largely unaware that its product is being used so effectively in this way. At the Oslo Freedom Forum in October, a 21-year-old North Korean escapee named Yeonmi Park, now an intern with Halvorssen's group, described how viewing a black-market copy of James Cameron's Titanic was a life-changing event.

"When I was growing up in North Korea, I never saw anything about love stories between men and women," she said. "Every story was to brainwash about the Kim dictators. A turning point in my life was when I saw the movie Titanic. … I was wondering if the director and the actors would be killed."

She said that as youngsters they are taught that dying for the Kim regime was the most honorable thing one could do, and she and other children were shown propaganda movies to that effect.

"I realized that Titanic showed me a human story about love, beauty, humanity … it gave me a taste of freedom," she said in Oslo. "A man willing to die for a woman — it changed my thinking. It changed the way I saw the regime and the endless propaganda. Titanic made me realize that I was controlled by the regime."

North Koreans are expected to live on salaries ranging from 50 cents a month to $8 a month, though a two-day ration of rice for a family of four can cost as much as $6, so a robust black-market economy has emerged that authorities are unable to fully monitor. It is through this black market that North Koreans often buy, for a few pennies apiece, the DVDs that Halvorssen, Sang Hak and others deliver.

Besides radios and DVDs, leaflets, books and other educational materials are delivered. The balloons are launched from South Korea at secret locations (because even on that side of the border authorities will try to prevent them), and they fly two miles high so that they cannot be shot down. Each is affixed with a small, acid-based timer that breaks open plastic bags and drops packages over the countryside where any black marketer is free to gather the bounty and sell it for a profit.

Beyond balloons, activists are using other methods to smuggle in material, says Jieun Baek of North Korea Intellectuals Solidarity. She says sometimes operatives simply stand on the South Korean side of a river and throw bins packed with contraband toward the North Korean side, where someone will wade into the river to retrieve the bins then quickly change clothes, because soldiers are trained to shoot anyone in the area with wet clothing because it is an indication they are engaging in illegal activity, such as trying to escape the Kim regime.

Some of the materials Baek's group has been delivering include USB drives containing a Korean-language Wikipedia and biographies of Martin Luther King and Mohandas Gandhi, but also seemingly more frivolous items, like posters of celebrities, including Brad Pitt, Angelina Jolie and the cast of the TV show Friends. They're even delivering style tips and makeup.

"Girls can try it out in private," says Baek. "It's getting more lenient in North Korea, depending on the local police. Skirts are definitely getting shorter. Girls are imitating the actors they see. It may seem insignificant, but it's indicative of the impact."

Statistics vary, but by some accounts 74 percent of North Koreans have access to a TV and 46 percent to a DVD player, neither of which are illegal assuming only preapproved TV shows and movies are played on them, which increasingly is not the case, thanks to the work of the pro-freedom activist groups. The Kim regime, suspected to be behind a devastating hack attack on Sony, will especially be on the lookout for copies of The Interview, a comedy that has the CIA recruiting a couple of hapless American journalists for a mission to kill Kim Jong Un.

"In a totalitarian country the state endeavors to control all citizens, and so every activity that is not government-sponsored is a subversive act," says Halvorssen. "Watching a film is a crime for which you can be executed. It happened to 80 people in 2014 as an example to what happens to those who defy the Kims. Yet millions of North Koreans are engaging in these peaceful acts of rebellion. And comedies are hands down the most effective of counterrevolutionary devices."
http://www.hollywoodreporter.com/new...terview-758529





Hustler Video Announces Porn Parody of ‘The Interview’

"If Kim Jong Un and his henchmen were upset before, wait till they see the movie we're going to make," Hustler founder and chairman Larry Flynt said as he announced plans to make a pornographic parody of The Interview.

The Interview has grabbed headlines because of threats from hackers believed to be backed by North Korea and the resulting cancellation of the movie’s nationwide premiere on Christmas Day.

The movie’s working title is This Ain’t the Interview XXX.

Flynt won a 1988 decision by the Supreme Court against Jerry Falwell in a case that addressed freedom of expression laws in the United States.

"I've spent a lifetime fighting for the First Amendment, and no foreign dictator is going to take away my right to free speech," Flynt said as he announced the porn project, which is set to go into production in early 2015.
http://www.wsbtv.com/news/entertainm...terview/njXbT/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

December 13th, December 6th, November 29th, November 22nd

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 03:31 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)