P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 11-03-15, 07:17 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - March 14th, '15

Since 2002


































"Telecom lawyers in Washington popped the corks on the champagne. It will be at a least a hundred million in billable hours for them. This will go on for a while." – Roger Entner


"It doesn’t matter if you exploit the possibility or not, the fact that the possibility exists is already reason enough to conclude that the current [privacy] safeguards are unsatisfactory." – District Court of The Hague


"I don't want to roll a truck to you every two years if you keep going back and forth to another provider … So we're getting rid of that lower quality, lower profitability base of subscriber." – Cablevision vice chairman Gregg Seibert






































March 14th, 2015




PIPCU Shuts Down File-Sharing Karaoke Site
Chris Cooke

The City Of London Police’s IP Crime Unit (PIPCU to its closest friends) shut down a copyright infringing karaoke website earlier this week following a complaint by PRS For Music.

KaraokeWorld was a BitTorrent site with a specific focus on accessing unlicensed karaoke tunes, because who doesn’t like a copyright infringing sing song from time to time? The service had a commercial element, with VIP memberships on offer from £5 to £90, which will have heightened the case for taking criminal rather than civil action against the operation. A 46 year old man believed to be the operator of the website was arrested as part of the shutdown.

Confirming the action, PIPCU Detective Chief Inspector Danny Medlycott told reporters: “The public needs to be aware that by accessing sites like this, they are putting money directly in the hands of criminals, which often then funds other serious organised crime, as well as putting their own financial and personal details at risk of being compromised and used for other fraudulent scams. These websites are stealing from the creative industries that employ thousands of people and PIPCU will continue to work closely with our partners to tackle the criminals behind these sites and bring them to justice”.

Meanwhile PRS’s piracy man Simon Bourn welcomed PIPCU’s action, saying: “The livelihoods of songwriters represented by PRS For Music, both within the UK and internationally, and of all those who contribute to our rich and diverse creative community, are underpinned by fair licensing and the protection of copyright”.

He went on: “PRS For Music’s Anti-Piracy Unit is committed to actively pursuing those who use our songwriters and composers’ repertoire without permission, particularly the operation of online music services without the necessary licensing. The unit’s dedication in this case, involving careful investigative support which it provided to the police, ensured that an unlicensed UK-based BitTorrent music service for karaoke was located and closed down”.
http://www.completemusicupdate.com/a...-karaoke-site/





‘Blurred Lines’ Infringed on Marvin Gaye Copyright, Jury Rules
Ben Sisario and Noah Smith

For the last year and a half, the music industry has been gripped by a lawsuit over whether Robin Thicke’s 2013 hit “Blurred Lines” was merely reminiscent of a song by Marvin Gaye, or had crossed the line into plagiarism.

A federal jury in Los Angeles on Tuesday agreed that “Blurred Lines” had gone too far, and copied elements of Gaye’s 1977 song “Got to Give It Up” without permission. The jury found that Mr. Thicke, with Pharrell Williams, who shares a songwriting credit on the track, had committed copyright infringement, and it awarded more than $7.3 million to Mr. Gaye’s family.

Nona and Frankie Gaye, two of Marvin Gaye’s children, are to receive $4 million in damages plus about $3.3 million of the profits earned by Mr. Thicke and Mr. Williams, as well as about $9,000 in statutory damages. The decision is believed to be one of the largest damages awards in a music copyright case. In one of the few comparable cases, in 1994, Michael Bolton and Sony were ordered to pay $5.4 million for infringing on a 1960s song by the soul group the Isley Brothers.

Rulings by the judge in the case limited the scope of the case to the sheet-music versions of both songs, and not on the sound of the songs’ commercial recordings. Nonetheless, during testimony by record executives and music experts, the jury heard fragments of both “Blurred Lines” and “Got to Give It Up” in various combinations.

Since the “Blurred Lines” suit was filed in August 2013, while the song was still No. 1, the case has prompted debate in music and copyright circles about the difference between plagiarism and homage, as well as what impact the verdict would have on how musicians create work in the future.

Mr. Thicke’s lawyers had argued that the similarity between the songs — both are upbeat dance tunes featuring lots of partylike atmospherics — was slight, and had more to do with the evocation of an era and a feeling than the mimicking of specific musical themes that are protected by copyright.

But speaking to reporters after the verdict was announced, Richard S. Busch, a lawyer for the Gaye family, portrayed the ruling as a refutation of that view.

“Throughout this case they made comments about how this was about a groove, and how this was about an era,” Mr. Busch said. “It wasn’t. It was about the copyright of ‘Got to Give It Up.’ It was about copyright infringement.”

Neither Mr. Thicke nor Mr. Williams was in court on Tuesday. But in a joint statement, they said that “we are extremely disappointed in the ruling made today, which sets a horrible precedent for music and creativity going forward.”

Howard E. King, a lawyer for Mr. Thicke and Mr. Williams, said that his clients were considering their legal options but he declined to be more specific. (Noting the fame and fortune of Mr. Thicke and Mr. Williams, however, Mr. King — a wry voice inside and outside of the court — said that the verdict “is not going to bankrupt my clients.”)

The jury decided that while “Blurred Lines” infringed on the copyright of “Got to Give It Up,” Mr. Thicke and Mr. Williams had not done so willfully. Clifford Harris Jr., better known as T. I., who contributed a rap in the song, was found not liable. According to an accounting statement read in court and attested to by both sides, “Blurred Lines” has earned more than $16 million in profit.

The case was unusual not only for its large damages award but for the fact that it reached the level of a jury verdict at all. Music executives and legal experts said that while accusations of plagiarism — and accompanying demands for credit and royalties — are common in the music industry, it is rare for a case to progress so far.

“Music infringement claims tend to be settled early on, with financially successful defendants doling out basically extorted payoffs to potential plaintiffs rather than facing expensive, protracted and embarrassing litigation,” said Charles Cronin, a lecturer at the Gould School of Law at the University of Southern California, who specializes in music copyright.

The eight jurors in the case were instructed by the judge, John A. Kronstadt of United States District Court, to compare “Blurred Lines” and “Got to Give It Up” only on the basis of their “sheet music” versions — meaning their fundamental chords, melodies and lyrics, and not the sounds of their commercial recordings.

That led to several days of esoteric analysis by musicologists for both sides, whose testimony was often vociferously objected to by the lawyers. The disputes involved passages as short as four notes, as well as mash-ups pairing the bass line of one song with the vocals from the other.

Yet the case also had plenty of star power and revelations about some of the more unseemly practices of the music business. As part of his testimony, Mr. Thicke performed a piano medley of “Blurred Lines” and tracks by U2, Michael Jackson and the Beatles in an effort to show how easily one song could be shown to sound like another.

He also said that he had been high on drugs and alcohol throughout the recording and promotion of “Blurred Lines,” and that while he claimed a songwriting credit on the track, it was Mr. Williams who had created most of it.

“The biggest hit of my career was written by somebody else, and I was jealous and wanted credit,” Mr. Thicke testified.

As news of the ruling spread Tuesday afternoon, some legal experts expressed worry about the precedent it set. Lawrence Iser, an intellectual property lawyer in Los Angeles who was not involved in the case, called it “a bad result.”

“It will cause people who want to want to evoke the past to perhaps refrain from doing so,” Mr. Iser said. “Rather than helping to progress the arts, it is a step backward.”

For the family of Marvin Gaye — who died in 1984 — the jury’s verdict was welcome. In one of the twists of the often complicated case, Mr. Thicke and Mr. Williams sued first, seeking a declaration from a judge to protect them against infringement claims that they said had been made privately by the Gaye family. Nona and Frankie Gaye quickly countersued.

When the verdict was read on Tuesday, members of the Gaye family — who were present at court throughout the trial — exulted and shed tears of joy.

“I’m really grateful,” said Janis Gaye, Marvin’s former wife and the mother of Nona and Frankie Gaye. “I hope people understand that this means Marvin deserves credit for what he did back in 1977.”

________

Ben Sisario reported from New York and Noah Smith from Los Angeles.
http://www.nytimes.com/2015/03/11/bu...ury-rules.html





The White House Has Gone Full Doublespeak on Fast Track and the TPP
Maira Sutton

Sen. Ron Wyden and Sen. Orrin Hatch are now in a stand-off over a bill that would put secretive trade deals like the Trans-Pacific Partnership (TPP) agreement on the Fast Track to passage through Congress. The White House meanwhile, has intensified their propaganda campaign, going so far as to mislead the public about how trade deals—like the TPP and its counterpart, the Transatlantic Trade and Investment Partnership (TTIP)—will effect the Internet and users' rights. They are creating videos, writing several blog posts, and then this week, even sent out a letter from an "online small business owner" to everyone on the White House's massive email list, to further misinform the public about Fast Track.

In a blog post published this week, the White House flat out uses doublespeak to tout the benefits of the TPP, even going so far as to claim that without these new trade agreements, "there would be no rules protecting American invention, artistic creativity, and research". That is pure bogus, much like the other lies the White House has been recently saying about its trade policies. Let's look at the four main myths they have been saying to sell lawmakers and the public on Fast Track for the TPP.

Myth #1: TPP Is Good for the Internet

First, there are the claims that this agreement will create "stronger protections of a free and open Internet". As we know from previous leaks of the TPP's Intellectual Property chapter, the complete opposite is true. Most of all, the TPP's ISP liability provisions could create greater incentives for Internet and content providers to block and filter content, or even monitor their users in the name of copyright enforcement. What they believe are efforts toward protecting the future of the Internet are provisions they're advocating for in this and other secret agreements on the "free flow of information". In short, these are policies aimed at subverting data localization laws.

Such an obligation could be a good or a bad thing, depending on what kind of impact it could have on national censorship, or consumer protections for personal data. It's a complicated issue without an easy solution—which is exactly why this should not be decided through secretive trade negotiations. These "free flow of information" rules have likely been lobbied for by major tech companies, which do not want laws to restrict them on how they deal with users' data. It is dishonest to say that what these tech companies can do with people's data is good for all users and the Internet at large.

Myth #2: Fast Track Would Strengthen Congressional Oversight

The second, oft-repeated claim is that Fast Track would strengthen congressional oversight—which is again not true. The U.S. Trade Representative has made this claim throughout the past couple months, including at a Senate Finance Committee hearing in January when he said:

“TPA puts Congress in the driver’s seat to define our negotiating objectives and strengthens Congressional oversight by requiring consultations and transparency throughout the negotiating process.”

Maybe we could believe this if the White House had fought for Fast Track before delegates began negotiating the TPP and TTIP. Maybe it could also have been true if that bill had ensured that Congress members had easy access to the text and kept a close leash on the White House throughout the process to ensure that the negotiating objectives they outlined were in fact being met in the deal. However, we know from the past several years of TPP negotiations, that Congress has largely been shut out of the process. Many members of Congress have spoken out about the White House's strict rules that have made it exceedingly difficult to influence or even see the terms of these trade deals.

The only way Fast Track could really put "Congress in the driver's seat" over trade policy would be if it fully addressed the lack of congressional oversight over the TPP and TTIP thus far. Lawmakers should be able to hold unlimited debate over the policies being proposed in these deals, and if it comes to it, to amend their provisions. It would be meaningless if the new Fast Track bill enabled more congressional oversight, but if it did not apply to agreements that are ongoing or almost completed.

Myth #3: Small Online Businesses Would Benefit from Fast Track

Then the third misleading claim is that Fast Track would help small businesses. Their repetition of this has become louder amid increasing public awareness that the TPP has primarily been driven by major corporations. What may be good for established multinational companies could also benefit certain small online businesses as well. The White House says that tariffs are hindering small online businesses from selling their products abroad, but research has shown that the kinds of traditional trade barriers, like tariffs, that past trade agreements were negotiated to address are already close to non-existent. Therefore it is unclear what other kind of benefits online businesses would see from the TPP.

Even if there were some benefits, there are many more ways that the TPP could harm small Internet-based companies. The TPP's copyright provisions could lead to policies where ISPs would be forced to implement costly systems to oversee all users' activities and process each takedown notice they receive. They could also discourage investment in new innovative start-ups, even those that plan to "play by the rules", due to the risk that companies would have to sink significant resources into legal defenses against copyright holders, or face heavy deterrent penalties for infringement established by the TPP.

Myth #4: TPP and Other Secret Trade Deals Are a National Security Issue

The last, and most confounding of the White House's assertions is that the TPP and TTIP are an "integral part" of the United States' national security strategy, because its "global strategic interests are intimately linked with [its] broader economic interests." As we have seen with the U.S. government's expansive surveillance regime, "national security" is often invoked for policies even if they directly undermine our civil liberties. It is hard to argue with the administration whether the TPP and TTIP are in fact in the United States' economic or strategic interests, since only they are allowed to see the entire contents of these agreements. Either way, it seems like a huge stretch to say that we can trust the White House and major corporate representatives to determine, in secret, what is in fact good digital policy for the country and the world. We may be hearing this line more and more in the coming weeks as the White House becomes more desperate to legitimize the need for Fast Track to pass the TPP and TTIP.
Conclusion

The fact that the White House has resorted to distorting the truth about its trade policies is enough to demonstrate how little the administration values honesty and transparency in policy making, and how much the public stands to lose from these agreements negotiated in secret. The more they try and espouse the potential gains from Fast Track—while the trade agreements this legislation would advance remain secret—the more reason we ought to be skeptical. If the TPP is so great and if Fast Track would in fact enable more democratic oversight, why are the contents of either of them still not public?

~

If you're in the United States, take action to stop TPP and other anti-user trade deals from getting fast-tracked through Congress by contacting your lawmaker about trade promotion authority:
https://www.eff.org/deeplinks/2015/0...-track-and-tpp





Sky Turns Customer Data Over in Piracy Case
Matt Kamen

Sky is the UK's second-biggest broadband provider, meaning it has a huge amount of customer data that it's responsible for. That data could now be turned over to companies claiming copyright infringement, after the ISP has been forced to bow to pressure from an American media company.

The rights holder at the centre of the storm is the little-known TCYK LLC. Widely regarded as a "copyright troll", pursuing hundreds of claims against hundreds of file sharers, TCYK has successfully applied for and been awarded a court order, mandating Sky turns over names and addresses of those accused of sharing the 2012 movie The Company You Keep.

By all accounts unexceptional at best, the Robert Redford/Shia Lebouf film is both the source of the company's name, and its sole reason for existence. A search for "TCYK LLC" doesn't bring up a company site or portfolio of titles, but instead a stream of reports of it chasing down people it thinks may have downloaded the movie.

TCYK has argued it identified specific IP addresses from torrent swarms, prompting it to seek the court order. The case has been running since September 2014, though the order to supply details has only recently been obtained. Sky customers can now expect to receive letters from TCYK, which will likely demand recompense for loss of earnings. Traditionally, the company threatens hefty legal action if its targets do not comply.

"We need to let you know about a court order made against Sky earlier this year that requires us to provide your name and address to another company," Sky says in a letter sent to customers, as reported by TorrentFreak.

It continues, "a company called TCYK LLC, which owns the rights to several copyrighted films, has claimed that a number of Sky Broadband customers engaged in unlawful file-sharing of some of its films. In support of this claim, TCYK LLC says it has gathered evidence of individual broadband accounts (identified online by unique numbers called IP addresses) from which it claims the file sharing took place."

While TCYK is absolutely entitled to protect its copyright, its approach amounts to little more than scare tactics -- it knows many will meet its demands at the mere threat of legal action. Sky has not commented on what, if any, efforts it took to protect customer data or to fight the court order, though it is laudable that it has advised its customers of the situation.
http://www.wired.co.uk/news/archive/...-customer-data





U.K. Parliament Says Banning Tor is Unacceptable and Impossible
Patrick Howell O'Neill

Just months after U.K. Prime Minister David Cameron said he wants to ban encryption and online anonymity, the country's parliament today released a briefing saying that the such an act is neither acceptable nor technically feasible.

The briefing, issued by the Parliamentary Office of Science and Technology, specifically referenced the Tor anonymity network and its notorious ability to slide right around such censorship schemes.

It's important to note that briefings from the Parliamentary Office of Science and Technology are not legally binding nor are they necessarily indicative of parliament's attitudes as a whole. However, the office is an important part of parliament and serves to give independent analysis of public policy issues for politicians. Crucially, this briefing does explicitly state that there is "widespread agreement" banning Tor is not acceptable policy nor is it feasible technologically.

Tor has about 100,000 users at any given moment within the United Kingdom.

"There is widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the U.K.," the briefing explained. "Even if it were, there would be technical challenges."

The briefing cites Tor's ongoing battle with Chinese censorship and describes "secret entrance nodes to the Tor Network, called ‘bridges’, which are very difficult to block."

In 2012, U.K. police said the Tor anonymity service was used by "many" pedophiles in order to trade child abuse images. In the same parliamentary briefing, those police have changed their tunes significantly.

Tor "plays only a minor role in the online viewing and distribution of indecent images of children," according to the briefing, quoting the Child Exploitation and Online Protection Command (CEOP) of the U.K. National Crime Agency.

They drove home the assertion by saying that while 1,624 domains were found to have child abuse material on the open Web, just 36 were found on the Dark Net—about 2 percent.

"Tor is less popular among offenders because it decreases the speed at which images can be downloaded," according to British police.

The briefing also considers modifying Tor to better fit their needs.

"Some argue for a Tor without hidden services, because of the criminal content on some THS [Tor Hidden Services]," it reads. "However, [Tor Hidden Services] also benefit non-criminal Tor users because they may add a further layer of user security. If a user accesses a THS the communication never leaves the Tor Network and the communication is encrypted from origin to destination. Therefore, sites requiring strong security, like whistleblowing platforms are offered as THS. Also, computer experts argue that any legislative attempt to preclude THS from being available in the UK would be technologically infeasible."

The briefing, which aims to introduce the concept of the Dark Net to politicians who may be unfamiliar, discusses both legal and illegal uses of Tor as well as similar anonymity programs like I2P and FreeNet.

While criminal use of Tor is discussed at length, the briefing also cautions readers to look skeptically at claims that Tor is used mostly for child abuse. Good thing, too—that claim is false.

You can read the full briefing below.
http://www.dailydot.com/politics/uk-...se-minor-role/





You Can Already Buy a Fake Apple Watch in China

The Apple Watch doesn't go on sale officially for more than a month, but China is already awash with clones.
Charles Riley

Knockoff versions of the Apple Watch can be found at Huaqiangbei electronics market in the southern city of Shenzhen, and others are being sold nationwide via popular e-commerce websites.

The fakes mimic the design and style of Apple's (AAPL, Tech30) new offering, right down to the digital crown. With names like "Ai Watch" and "D-Watch," they cost between 250 yuan and 500 yuan ($40 to $80).

Most run an Android operating system that has been made to look like an Apple interface. They even have snazzy Apple-like icons on the home screen.

Yet it is unlikely that buyers will mistake the clones for the real thing. The price tag alone is a dead giveaway -- the Apple Watch costs from $349 in the U.S.

The early availability of knockoffs underscores the speed at which Chinese "shanzhai," or counterfeiters, are able to design and bring fakes to market. In this case, their products are on the street even before Apple's.

"These guys are specialists," said Laurent Le Pen, the founder and CEO of smartwatch maker Omate, which is based in Shenzhen. "The speed at which they can bring copies on the market is amazing."

Le Pen, who has waged his own battle against the shanzhai, said the Apple Watch is a prime target. The first few copycat watches will be rough imitations, he said, but as counterfeiters hone their design, they will get closer and closer to the real thing.

"The hardware is not the big challenge -- the hard part is on the software and the application side," he said. "In the end, you sometimes need to be an expert to tell the difference between real and fake."

The online sale of counterfeits is particularly hard to combat. Le Pen said he constantly finds sellers on Chinese e-commerce sites, including Alibaba's Taobao, that are using his company's logo and design, and claiming to be official distributors.

Even when Alibaba removes the listings, Le Pen said that new sellers quickly replace them.

An Alibaba spokesman, in a statement to CNNMoney, said the company is "dedicated to the fight against counterfeits."

"We work closely with our government partners, brands and industry associations to tackle this issue at its source," the spokesman said.

In Apple's case, there are likely to be plenty of buyers who insist on getting their new watch straight from the source -- no knockoffs accepted.

Nick Hui, who was walking past an Apple store Tuesday in Hong Kong, said he would consider buying the "sport" version of the Apple Watch -- but never a fake.

"I've seen a ton of [the fakes]," Hui said. "I've seen the Android versions, but they're not the same."

-- CNN's Shen Lu, Felicia Wong and Vivian Kam contributed reporting.
http://money.cnn.com/2015/03/10/tech...tch/index.html





ICANN, Copyright Infringement, and “the Public Interest”
David Post

Last month, the Motion Picture Association of America (MPAA) issued a carefully-worded statement urging ICANN – the overseer of much of the Internet’s fundamental naming and numbering infrastructure – to take more vigorous action against the “use of domain names for illegal and abusive activities, including those related to IP infringement” (i.e., motion picture piracy).

And just a few days ago, the recording industry joined in; a letter from the Recording Industry Association of America (RIAA) to ICANN, while expressing the industry’s “disappointment with . . . ICANN’s treatment of copyright abuse complaints filed to date,” similarly urged ICANN to move more vigorously to ensure that domain name registries and registrars “investigate copyright abuse complaints and respond appropriately.”

Could ICANN really be getting into the business of policing the world’s domains for copyright infringement? Might it exercise its powers over those entities (the domain name registries and registrars) who maintain the critical databases that determine who is on, and who is off, the Internet in order to enforce some kind of global copyright law against infringers? Who authorized them to do that? What does that have to do with ICANN’s fundamental mission (as stated in its own Charter): to “coordinate . . . the global Internet’s system of unique identifiers . . . to ensure the stable and secure operation” of that system?

Here’s what’s going on. In 2013, as part of its program of opening up the top-level domain space to hundreds of new top-level domains (TLDs – like .app, .blog, .pharmacy, .attorney, .brussels, and many more joining the more familiar .com, .edu, .org, and the rest – see the complete list here), ICANN put a new provision in its contract with the operators of these new top-level domains (the “registries”) containing various “Public Interest Commitents” (PICs) the registries had to undertake: in particular, registries had to promise that they would only deal with domain name “registrars” (who are the entities that sell domain names to the public) who had included, in their contracts with end-users like you and me, a provision prohibiting those end-users

“. . . from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name.”

And the registries had to promise to “implement and adhere to any remedies ICANN imposes” should they not live up to these Public Interest Commitents, including termination of their ICANN “accreditation” as a registry (and a sudden end to their business operations).

In a sense, it looks harmless enough; if you want to register frabulous.app, or washingtonpost.blog, or dewey-cheatem-and-howe.attorney, or any other 2d-level domain in these TLDs, what’s wrong with making you promise not to engage in “piracy” or “fraud,” or any activity “contrary to applicable law”? Who wouldn’t promise such a thing?

It is, however, anything but harmless – and the RIAA/MPAA letters show why. Registries and registrars will henceforth have to satisfy ICANN that they are taking appropriate steps to suspend end-users who engage in “piracy” or any activity “contrary to applicable law”; if they do not, they risk losing their place in the DNS. Is it “appropriate” – in ICANN’s view - to revoke domain names if, for instance, they receive a letter from the London Police Department, containing a list of websites the LPD thinks (based on information provided by copyright owners) are infringing? Or a letter from the RIAA? Is it “appropriate” to take down all of those sites? Does the operator of the domain name get an opportunity to defend itself? Does the registrar have to examine those sites to see if they are indeed infringing copyright? Consult its lawyers about fair use or other possible defenses? Hold a hearing?

And most importantly of all: why should ICANN, which is constituted for the purpose of assuring uniformity and stability of the DNS – ie., making sure that the Internet’s system for resolving names into IP Adresses continues to function smoothly — be making these determinations?

Letting ICANN (or anyone else, for that matter) leverage its control over fundamental Internet technical infrastructure so as to regulate the content of Internet communications — and please notice, it’s not just infringement of copyright on that list, it’s fraud, and deceptive practices, and any activity contrary to applicable law (child pornography? hate speech? defamation?) — is a dreadful idea, for any number of reasons. We fought (and won) this battle once before – when the US Congress’ SOPA and PIPA legislation in 2011 sought to enforce US copyright law through the manipulation of the global DNS; the wider Internet community rose up to fight it off then, and it needs to do so again. Registries and registrars, in order to preserve their business operations, will over-deter, given that the risk that ICANN finds them not to be acting with sufficient vigor is much greater (because it involves their disappearance from the entire DNS ecosystem) than the risk of acting too vigorously; for end-users, this will look a lot more like a “complaint & annihilation” scheme than “notice and takedown.” Due process for alleged infringers will undoubtedly be short-circuited, because due process costs time and money and domain name registrars are not in a position to provide it. Mistaken identification, as we have seen time and time again, will be made, and the hierarchical nature of the DNS means that an action to revoke one domain name – example.blog – affects all of that domains subdomains (first.example.blog, second.example.blog), even though those domains may be used for perfectly lawful purposes.

Simply stated, ICANN has not been set up, and is not the appropriate vehicle, to make global copyright (or consumer protection, or fraud, or pornography, or defamation) law – and yet that is precisely the position they will be taking on in the name of “contractual compliance.”

Lest you think that all of this is a figment of my overheated imagination, I would note that ICANN has already set up a a complex dispute resolution apparatus – the “Public Interest Commitment Dispute Resolution Procedure” or “PICDRP” – whose job it is to hear claims (if ICANN, in its sole discretion, thinks that it “requires input from the Standing panel” to make its decision) by “any person harmed” by a Registry’s failure to comply with its Public Interest Commitments; ICANN retains “sole discretion” to decide whether the Operator is or is not compliant, and to decide on the appropriate remedy, “(which may include any reasonable remedy, including for the avoidance of doubt, the termination of the Registry Agreement pursuant to Section 4.3(e) of the Agreement.”).

It’s pretty chilling; just knowing that ICANN has asserted this power, and is gearing up to exercise it, is surely going to make Registries take these PICs seriously, to avoid the risk that their business could be closed down because ICANN doesn’t think they’re doing enough for “the public interest.”

And to further complicate matters, this is all taking place against the background of the so-called “IANA Transition” – the US government’s stated intention to terminate its remaining oversight and control over ICANN’s activities. The Transition has been much in the news of late, and a great deal of the public discussion about it – most of the recent Senate hearings on the matter, for instance – have focused on a single question: once US government oversight is removed, how can we be certain that foreign governments, and in particular the various authoritarian regimes who would like nothing better than to shut down, or at least clamp down on, the Internet’s global free expression machine, don’t get control over the Internet infrastructure?

It’s a really important question, to be sure, and it certainly needs to be addressed as part of any Transition plan. But I fear that this subtler, and more insidious, threat to free expression on the Internet is not getting the attention it deserves. It’s not just the Russians and the Chinese we need to keep out of the global content regulation business, but also RIAA, MPAA, and any other private stakeholders or governments that want to leverage ICANN for their own purposes.
http://www.washingtonpost.com/news/v...blic-interest/





Global Movie Ticket Sales Rise 1% as China Surges
Michael Cieply

The world movie box office was up 1 percent last year from 2013, but ticket sales in the United States and Canada fell about 5 percent as growth became concentrated in China, the Motion Picture Association of America said on Wednesday.

The group’s annual statistical survey found that ticket sales rose to $36.4 billion in 2014, with $10.4 billion of that from the United States and Canada and sales in China reaching $4.8 billion, a 34 percent increase from the year before.

The report brought few surprises, as the pattern of decline at home and growth abroad was clear through much of the year. But the survey spotted trends in ticket-buying habits that, should they continue, could provoke change in films or their marketing and distribution.

In one notable shift, domestic per capita ticket sales rose last year to 3.1 tickets annually among viewers ages 50 to 59, higher than any year in the last five, and viewing rose slightly among those 40 to 49.

Per-capita sales among those younger than 40 fell. The sharpest year-to-year drop, almost 20 percent, was among those 25 to 39.

Over all, per-capita domestic ticket sales fell to 3.7, about 16 percent lower than recent peaks of 4.4 achieved in 2005, 2006 and 2007, the report said.

While the number of 3-D screens in the United States and Canada reached a high of 16,146, up 364 from 2013, box-office sales for 3-D films fell 21 percent, to $1.4 billion from $1.8 billion in 2013. The 2014 sales were down more than 36 percent from their peak of $2.2 billion in 2010.

In one sign of industry growth, the number of films released last year by major studios and their subsidiaries rose for the first time since 2006, to 136 from 114 in 2013.

The total number of films released in the domestic market grew 7 percent, to 707, from 659, continuing a long-term expansion that has been fed by smaller independent movies that are often released in only a few theaters before moving to on-demand services.
http://www.nytimes.com/2015/03/12/bu...na-surges.html





Netflix Continues To Crush Cable TV
Alexis Kleinman

Netflix is a train that can't be stopped, and it's starting to flatten cable.

Forty percent of all U.S. households with TV and/or broadband Internet use a subscription video on-demand service like Netflix, Amazon Prime or Hulu Plus, according to new data released by Nielsen on Wednesday. This is up from 36 percent of households that reported having on-demand subscription video over the same period of time in 2013. Among the households subscribing to these services, 36 percent have Netflix, 13 percent have Amazon Prime and 6.5 percent have Hulu Plus, Nielsen reports.

As the number of homes with streaming video subscriptions rises, an increasing number of American homes are Internet-only, subscribing to broadband Internet and not TV.

The number of U.S. households that have broadband Internet but don’t subscribe to TV grew to more than 10.5 million in the third quarter of 2014, up 16 percent over the same period in 2012, research firm SNL Kagan told The Huffington Post earlier this year.

By comparison, there are 95.2 million people in the U.S. who subscribe to the top 13 pay-TV providers, according to Leichtman Research Group. The number of video subscriptions to the top nine cable companies fell around 1.2 million over the course of 2014.

TV ratings are also falling as streaming subscriptions climb, and there's probably a connection.

Around 40 percent of the decline in TV ratings during the third and fourth quarters of 2014 is due to people are spending more time watching streaming TV online, sources who attended a talk by the Cabletelevision Advertising Bureau last week told the Wall Street Journal. The “biggest contributor to the drop is SVOD [streaming video on demand],” Jon Steinlauf, president of national ad sales and marketing for media company Scripps, told WSJ.

Since streaming is potentially eating into TV viewership, TV networks are getting into the streaming game. CBS has a streaming service for a subscription of $5.99 a month; NBC is working on one; Showtime will release a streaming service "in the not-too-distant future,” CBS CEO Les Moonves said at the Deutsche Bank Securities 2015 Media, Internet & Telecom Conference on Wednesday.

HBO's new streaming service, HBO Now, premieres on Apple devices in April. This will be the first time HBO will be available for those without a cable subscription.
http://www.huffingtonpost.com/2015/0...n_6846942.html





Cable Proudly Declares Smart Shoppers A 'Lower Quality' Of Customer They Have No Interest In
Karl Bode

If you live in a broadband and TV market with anything even closely resembling competition, you've probably learned that the only way to get the best rates is to pit ISP retention departments against one another. Often only by seriously threatening to cancel can users force ISPs to bring out their best promotional offers, something you'll have to repeat every few years if you don't want to get socked with higher rates. The ideal consumer then, from the broadband and cable industry's perspective, is one that grumbles a little bit but can't be bothered to do a little extra legwork to secure better rates (read: the vast majority of users).

Of course pitting ISPs against one another assumes you even have the choice of more than one decent broadband provider, something that's certainly not a given. Even in markets we tend to think of as competitive, we're increasingly seeing non-price competition (what I affectionately refer to as "wink wink, nod nod" competition), wherein duopolies quietly work together to slowly edge prices upward -- because there's simply no repercussion for doing so. The New York City tri-state area, where Cablevision and Verizon FiOS engage in a customer tug-of-war, is a perfect example of this kind of not-really-competition.

While Verizon and Cablevision did compete intensely for a short while in New York, the two sides have in recent years declared what can only be called a competitive cease fire. Both have dramatically scaled back or stopped promotions entirely and raised rates whenever possible. In fact, a study last year noted that while all cable rates are increasing much higher than the rate of inflation, Cablevision customers see some of the highest rates in the nation.

Cablevision executives meanwhile have made their disdain for the smart consumer abundantly clear over the last few years, calling smart shoppers a "dead end" that the company has no interest in pursuing. Speaking at a recent investor conference, Cablevision vice chairman Gregg Seibert took this rhetoric one step further, declaring that customers that follow the best promo offer are a "low quality" subscriber that the company is happy to get rid of:

"We found out that we were pushing subscribers back and forth on a highly promoted basis," said Cablevision vice chairman Gregg Seibert, speaking Monday at the Deutsche Bank 2015 Media, Internet & Telecom Conference in Palm Beach, Fla. "I don't want to roll a truck to you every two years if you keep going back and forth to another provider … So we're getting rid of that lower quality, lower profitability base of subscriber."

Except "pushing subscribers back and forth" is what competition is. Fighting to offer a better value than the other guy is how competition works. That Cablevision and FiOS can just choose when they'd like to seriously compete illustrates perfectly how even in U.S. markets we consider to be more competitive, what we're usually witnessing is just coordinated competition theater. When consumers only have one or two real options for service, and both of those options quietly agree on an unwritten competitive cease fire, there's simply no longer any reason to even try. It's then a lovely layer of hubris to publicly express disdain for customers looking for something better.
https://www.techdirt.com/blog/netneu...interest.shtml





DirecTV has Been Tricking Consumers Into Paying More for TV, the FTC Says
Andrea Peterson

Ever seen a DirecTV advertisement that seemed too good to be true? Government consumer watchdogs say you were right to be wary.

The Federal Trade Commission announced Wednesday that it is charging DirecTV, the nation's largest satellite television provider, with deceptive advertising -- alleging the television provider tried to trick consumers into deals that would leave them paying more than expected for television service.

“DirecTV misled consumers about the cost of its satellite television services and cancellation fees,” FTC Chairwoman Edith Ramirez said in a press release. “DirecTV sought to lock customers into longer and more expensive contracts and premium packages that were not adequately disclosed. It’s a bedrock principle that the key terms of an offer to a consumer must be clear and conspicuous, not hidden in fine print.”

According to the FTC, the company advertised a discounted 12-month package without clearly disclosing that it required a two- year contract in which the prices increased up to $45 more per month after the first year and that cancellation fees of up to $480 would apply if the consumer tried to cancel service early. DirecTV also failed to disclose that offers of free premium channels for three months required consumers to actively cancel the channels after an introductory period to avoid being automatically charged for them, the FTC alleges.

The agency is seeking a court order permanently barring DirecTV from similar activity going forward and a financial judgment that could be used for refunds to affected customers.

DirecTV denies the agency's claims. “The FTC’s decision is flat-out wrong and we will vigorously defend ourselves, for as long as it takes," a company spokesperson told the Post in an e-mailed statement. "We go above and beyond to ensure that every new customer receives all the information they need, multiple times, to make informed and intelligent decisions. For us to do anything less just doesn’t make sense.”

AT&T announced last May it was acquiring DirecTV in a $49 billion deal -- a mega-merger aimed at creating a telecom and television giant that could challenge cable rivals. The merger would boost the chunk of the pay-TV market controlled by AT&T significantly, bolstering its existing U-Verse TV base with 20 million some DirecTV subscribers in the United States. But the deal is still pending before federal regulators, who are also considering other significant consolidation schemes in the television space, like the Comcast Time Warner proposal.

DirecTV has been in trouble with the FTC before -- paying settlements when facing charges that it violated the Do Not Call provisions of telemarketing rules. AT&T has also had run-ins with the enforcement agency. Last year the company agreed to pay $80 million to the FTC for consumer refunds as part of a settlement over bogus charges attached to wireless bills. The agency is also pursuing charges against AT&T related to alleged throttling of data on so-called unlimited plans.
http://www.washingtonpost.com/blogs/...s/?tid=rssfeed





TiVO Study: 1.5 Million Consumers Plan to Cancel Cable
Karl Bode

A new study by TiVO-owned research firm DigitalSmiths suggests that cord cutting is very real, and very much a growing phenomenon. According to the study's data, roughly 1.5 million pay TV subscribers plan to cancel cable sometime in the near future. Another 2.4 million subscribers plan to down grade their service. While still modest numbers compared to overall cable viewers, the data shows cord cutting isn't the phantom many cable industry execs portray it as.

The study notes that a whopping 78.7% of survey respondents watch only between one and ten of the channels they pay an average of $100 or more each month for.

"According to Q4 2014 survey respondents, 8.9% switched Pay-TV providers in the prior three months," notes DigitalSmiths. "Based on a year-over-year analysis this represents a 2.1% increase. Additionally, in the next six months 4.2% of respondents plan to “cut” service, 7.9% plan to “change” service, and 2.6% plan to “switch” to an online app or rental service."

"While some of these numbers seem minimal, they should still raise concern for Pay-TV Providers," states the firm, "since multiplied by millions of subscribers, the revenue threat alone is apparent."
http://www.dslreports.com/shownews/T...l-Cable-132936





AT&T Still Throttles Unlimited Data, and FCC Isn’t Promising to Stop It

FCC's anti-throttling rules seem to ban the practice, but loopholes remain.
Jon Brodkin

How long will AT&T continue to get away with throttling unlimited data plans? Even after the Federal Communications Commission's recent net neutrality ruling banned throttling, the FCC isn't saying whether it will put a stop to it.

All major US cellular carriers impose some form of throttling on unlimited data plans, but AT&T's throttling seems most likely to fall afoul of the FCC's rules. The big carriers generally reserve the right to slow down data speeds for customers with unlimited data plans after they hit a certain usage threshold each month, but they only do the actual throttling when the user is connected to a congested tower. AT&T, on the other hand, slows its unlimited LTE users down for the rest of the month once they've hit a 5GB threshold, and the throttling happens at all hours of the day and in all locations regardless of whether the user is connected to a congested tower.

More than any other throttling policy enforced by a major carrier, this one seems designed to push customers with grandfathered unlimited data plans onto newer, more expensive plans that charge automatic overage fees when customers go over their caps.

AT&T claims it will change its system sometime in 2015 so that it will throttle unlimited LTE plans only in times and places of congestion, but it's fighting against government attempts to make it stop right away. AT&T is facing a Federal Trade Commission lawsuit over the practice but claims the FTC lacks jurisdiction. The FTC argued in a new court filing this week that AT&T is wrong.

The FTC actually could lose its jurisdiction over Internet providers because of the FCC's decision to treat broadband as a common carrier service. But the FTC says it can still go after AT&T for illegal conduct that occurred before that decision.

The FCC's new rules should prevent throttling once they go into effect, which will happen 60 days after they are published in the Federal Register. But there is an exception that could allow carriers to keep throttling.

The FCC rule banning throttling says, "A person engaged in the provision of broadband Internet access service, insofar as such person is so engaged, shall not impair or degrade lawful Internet traffic on the basis of Internet content, application, or service, or use of a non-harmful device, subject to reasonable network management."

Carriers can try to argue that "reasonable network management" includes throttling the heaviest users of unlimited data in order to make the network run more smoothly for everyone, but there is some evidence the FCC will reject this argument. Last year, FCC Chairman Tom Wheeler pressured Verizon into giving up a plan to throttle unlimited 4G data. Wheeler argued the throttling was not "reasonable network management" even though Verizon planned to implement it only in congested areas. But Verizon faces special non-discrimination obligations because of rules that apply to a specific block of spectrum it purchased. While the net neutrality rules put Verizon and rival carriers on a more equal playing field, they don't entirely replicate the obligations Verizon faces.

Some hints, but no specific ban

The net neutrality order talks about the negative impacts of carriers throttling unlimited data plans, but doesn't explicitly ban it.

"[S]ignificant concern has arisen when mobile providers have attempted to justify certain practices as reasonable network management practices, such as applying speed reductions to customers using 'unlimited data plans' in ways that effectively force them to switch to price plans with less generous data allowances," the FCC's order says.

A summary of the rules released by the FCC last month takes a more forceful stand: "a provider can’t cite reasonable network management to justify reneging on its promise to supply a customer with 'unlimited' data," it says. But that leaves open the question of whether merely throttling data instead of cutting it off entirely would constitute reneging on a promise of unlimited data.

We've tried to get a definitive answer from the FCC over the past week, without success. The FCC told Ars that throttling of unlimited data would be judged against the new standards on a case-by-case basis and that new transparency rules would require carriers to clearly disclose throttling policies to consumers.

FCC officials answered reporters' questions on a phone call today and were similarly non-committal. They said the "reasonable network management" exception can only be used to justify technical needs rather than practices undertaken to achieve a business objective. They went on to say that throttling unlimited data "sounds" more like a business decision than a network management one. But they did not go so far as to say that the practice would be banned. It's still up to someone to file a complaint to the commission, and then the throttling would be analyzed on a case-by-case basis.

The new transparency rules broadband providers have to follow require them to disclose "any data caps or allowances that are a part of the plan the consumer is purchasing, as well as the consequences of exceeding the cap or allowance (e.g., additional charges, loss of service for the remainder of the billing cycle)." The transparency rule also requires disclosure of network performance metrics including packet loss, speed, and latency.

Given the 60-day waiting period before rules go into effect, the time it will take the FCC to evaluate complaints, and uncertainty over how rules will apply, AT&T can keep throttling unlimited data without fear for a good while. By the time AT&T is forced to stop, if indeed that happens, many customers will have already given up their old unlimited data plans and switched to subscriptions that charge them extra every time they exceed their cap. That's what AT&T was after all along, and for now it's still getting what it wants.
http://arstechnica.com/business/2015...ng-to-stop-it/





Jeb Bush Believes Net Neutrality Rules Are the 'Craziest Ideas'
Jon Fingas

Presidential hopeful Jeb Bush isn't about to break with the party line on net neutrality. The former Florida Governor told those at an Iowa question-and-answer session this weekend that the FCC's decision to classify broadband as a utility was "one of the craziest ideas I've ever heard." It doesn't make sense to use a 1934-era law to govern the "most dynamic part of life" in the US, he claimed. He also contended that President Obama had unduly pressured the FCC, and that there was "no support" from the companies that once wanted the agency to take a tougher stance (which isn't true: Netflix, for example, is still a fan).

Bush is hopeful that Congress will force the FCC to reverse course in the short term. However, his opinion could matter more in the long run. If he does become President, he can appoint an FCC head that's more likely to back his views and overturn those net neutrality rules before they've had much of an effect on the industry. Telecom companies would be thrilled, but it wouldn't be good news for the millions of people who believe that regulation is necessary to keep the internet fair and open.
http://www.engadget.com/2015/03/09/j...lity-is-crazy/





F.C.C. Releases Net Neutrality Rules
Rebecca R. Ruiz

Two weeks after voting to regulate broadband Internet service as a public utility, the Federal Communications Commission on Thursday released a 313-page document detailing what would be allowed.

The release of the rules had been eagerly anticipated by advocates and lawmakers, as well as broadband and technology companies. The publication on Thursday resulted in few surprises, with the F.C.C. set to decide what is acceptable on a case-by-case basis. The regulations include a subjective catchall provision, requiring “just and reasonable” conduct.

The rules reclassify high-speed Internet as a telecommunications service rather than an information one, subjecting providers to stricter regulation under Title II of the Communications Act of 1934. Their aim is to protect the open Internet, advancing principles of so-called net neutrality by prohibiting broadband providers from elevating one kind of content over another.

With the F.C.C. set to decide on matters individually, the agency moves into a new position of prominence and a more active controlling role, one that is widely expected to be challenged in court by broadband providers like Verizon.

The debate about how to preserve the open Internet has persisted for more than a decade, and the F.C.C.’s new rules are not its first attempt to protect it. But the issue picked up steam over the last year, with President Obama taking the unusual action of publicly urging the independent agency to take the specific action of subjecting high-speed Internet service providers to Title II regulation.

As the federal regulator shaped the initial draft of its new rules last year, a record number of people wrote in. The agency received more than four million public comments, or nearly three times the previous record, reached in response to Janet Jackson’s performance at the 2004 Super Bowl.

”Five years ago, who would have heard much of the F.C.C.?” asked Roger Entner, telecommunications expert and lead analyst and founder of Recon Analytics in Boston. Now, the agency’s elevated profile “shows what an integral part Internet communication has become in our lives, and how protective people feel about this issue.”

The new rules could produce tension between the F.C.C. and the Federal Trade Commission, which has historically been charged with protecting consumers’ privacy online. The order released on Thursday gives the F.C.C. new authority to police Internet privacy issues.

Some question whether the F.C.C., which has not requested an increase to its legal budget for next year, has the capacity to manage and adjudicate one-off petitions. Last week, Representative Marsha Blackburn, Republican of Tennessee, introduced a bill in the House, with 19 original co-sponsors, to limit the F.C.C.’s authority and undo its new rules.

But Tom Wheeler, the commission chairman, has expressed confidence in the agency’s ability to handle the unexpected. Asked at the F.C.C.’s open meeting last month about the broad provisions of the so-called general conduct rule and to clarify what its vague mandates meant, Mr. Wheeler conceded that the future was uncertain.

“We don’t really know. We don’t know where things go next,” he said. “We have created a playing field where there are known rules, and the F.C.C. will sit there as a referee and will throw the flag.”

Along with the F.C.C., telecommunications lawyers have a new place in the limelight with the release of the new rules, which are expected to take effect within a few months.

“Telecom lawyers in Washington popped the corks on the champagne,” Mr. Entner, the analyst, said. “It will be at a least a hundred million in billable hours for them. This will go on for a while.”
http://www.nytimes.com/2015/03/13/te...ity-rules.html





Reporters Without Borders Unblocks Access to Censored Websites
Mark Wilson

Online censorship is rife. In many countries, notably China, citizens are prevented from accessing certain websites at the behest of their government. To help provide access to information and unbiased news, freedom of information organization Reporters Without Borders has set up mirrors to nine censored websites so they can be accessed from 11 countries that blocked them.

As part of Operation Collateral Freedom, Reporters Without Borders is mirroring the likes of The Tibet Post International which is blocked in China, and Gooya News which is blocked in Iran. Mirrored sites are hosted on Amazon, Microsoft and Google servers which are unlikely to be blocked by a censoring country.

While it would still be possible to block access to the mirrored sites, the fact that they are hosted on such popular servers means that there would be massive knock-on effects for other much-used services. Encryption is also in use to help prevent the risk of blocking by keyword.

Reporters Without Borders is waging war on the "Enemies of the Internet" which includes Russia, Kazakhstan, Uzbekistan, Turkmenistan, China, Cuba, Iran, United Arab Emirates, Bahrain and Saudi Arabia. The full list of sites that make up Operation Collateral Freedom are:

• Grani.ru, blocked in Russia

• Fergananews.com blocked in Kazakhstan, Uzbekistan and Turkmenistan

• The Tibet Post, blocked in China

• Dan Lam Bao, blocked in Vietnam

• Mingjing News, blocked in China

• Hablemos Press, blocked in Cuba

• Gooya News, blocked in Iran

• Gulf Centre for Human Rights, blocked in United Arab Emirates

• Bahrain Mirror, blocked in Bahrain and Saudi Arabia

Explaining how access has been opened up, Reporters Without Borders says:

Quote:
To prevent this blocking, Operation Collateral Freedom is using techniques similar to those developed by GreatFire, an NGO that has carried out several operations of this kind designed to circumvent Chinese censorship.

Access to blocked sites can be restored by using a "website copier" (which copies the content of the censored site to an uncensored server and then keeps updating this "mirror") or by using a proxy.

In Operation Collateral Freedom, we are using both methods, with the mirror site being placed on a strategic server run by a major service provider such as Amazon, Microsoft and Google. The censoring country would be unlikely to block one of these servers because the collateral disruption and damage would outweigh the benefits to be gained from restoring censorship.
The organization is currently renting bandwidth to host the mirrored sites, and is calling for people to spread the word through social media using the hashtag #CollateralFreedom. Donations are being sought to keep the operation running for as long as possible.
http://betanews.com/2015/03/12/repor...ored-websites/





Plans to Censor SA Internet Called Out as Unconstitutional
Adam Oxford

The South Africa Film & Publication Board last week released a draft policy which outlines its recently mooted plans to regulate online publications.

The full document – available here – claims responsibility for online publishing as the prerogative of the FPB, which typically classifies movies, due to “media convergence” which has “fundamentally transformed the way media content is distributed and consumed”. It applies to “online distributors of digital films, games, and certain publications, whether locally or internationally”.

Online publications covered by the rules will be obliged to pay a fee to the FPB, which will then vet material published: “Where it is convenient and practical to do so, the Board may dispatch classifiers to the distributors’ premises for the purposes of classifying digital content.”

That seems to apply to anyone who publishes videogame source code, a YouTube video (YouTube is specifically mentioned in the regulations) or a blog.

Publishers will also be able to self-classify their work under certain terms. User generated content will also be governed by the rules, with publishers liable for offensive or illegal material uploaded by readers/users.

One major problem – besides criminalising YouTube – is that “certain publications” aren’t actually defined in the regulations, so they could apply to any news or website – so while it may be that the regulations are aimed at bringing streaming TV services inline with traditional broadcast TV, the wording could include any blog, news site or Facebook page run out of South Africa.

The proposals have already drawn the ire of campaigning group Right2Know, which has put out a statement damning the “vague language and open-ended statements, would [would] leave authorities with far too much room to infringe on the public’s right to freely receive and impart information as enshrined in chapter two of the Constitution.”

The speed and accessibility of internet publishing is vital for increasing the diversity of voices with access to media in the country, R2K argues, on top of which the regulations are completely impracticable.

“The FPB’s plan to police the internet is totally impracticable. New content is posted online via various platforms every second, which the FPB cannot practically prevent. It is likely that the majority of online users will not apply to the FPB for pre-classification of content, nor pay the subscription fee prior to publication, but under these regulations online users stand to be criminalised for doing something as simple as posting content online.”

And finally, according to R2K, the FPB has no authority to issue legislation like this, and is only mandated to produce guidelines.

“Prescreening” of material published in South Africa has already been judged unconstitutional in a 2012 judgement relating to Jacob Zuma’s attempt to have images of The Spear – a painting which portrayed him naked from the waist down – removed from websites.

The hashtag #handsoffourinternet has already appeared. The draft regulations have been submitted to the department of communications. Members of the public have until 2nd June to voice their opinion on the draft, by emailing policy.submissions@fpb.org.za.

At the same time, the Interactive Advertising Bureau (IAB), South African National Editors Forum and the Press Council are all working on a voluntary code of conduct for online publishers. According to a statement by the IAB, the FPB has so far failed to respond to requests for a meeting to discuss its plans.
http://www.htxt.co.za/2015/03/10/pla...onstitutional/





UK Surveillance Laws Not Transparent, Should be Overhauled Says Report
Blathnaid Healy

The legal framework surrounding intelligence-gathering practices by UK agencies is "unnecessarily complicated" and must be overhauled, according to a new landmark report published Thursday morning.

The report from the Intelligence and Security Committee is the first review of the UK's surveillance programme in such detail. It was prompted by revelations made in June 2013 by former NSA contractor Edward Snowden about U.S. and UK surveillance programmes.

The inquiry heard evidence in public and private with transcripts of public evidence made available on its website. The heads of MI5, GCHQ and SIS were interviewed in November 2013, while others such as Foreign Secretary Philip Hammond and Home Secretary Theresa May also gave evidence.

The committee says it has "serious concerns" about the "lack of transparency," that arises from a complicated legal framework. However the report finds that practices do not circumvent the law.

The report recommends that current laws be replaced by a new Act of Parliament, which would govern the intelligence and security agencies such as GCHQ.

It found that spies intercept Britons' online communications in bulk and keep personal data on large numbers of British citizens, but not enough to amount to blanket surveillance or "reading everyone's emails".

Don’t worry, says #ISC report: GCHQ only doing mass surveillance on “small percentage” of world’s fibre optic cables pic.twitter.com/LDE7fQjgx3

— Carly Nyst (@carlynyst) March 12, 2015

GCHQ accesses "a very small percentage" of Internet traffic through the fiber-optic cables that carry communications, it finds, adding that a small portion of that data is collected and even less is read — though even that amounts to thousands of items a day.

The report said that only the communications of "suspected criminals or national security targets" are selected for examination.

"It is clear to us that GCHQ do not conduct blanket surveillance," committee member Hazel Blears said. "It's not blanket and it's not indiscriminate."

Blears said that bulk interception of Internet data "has exposed previously unknown threats or plots" — but the report, portions of which are redacted, did not give details.

The report revealed that spies have "bulk datasets" containing "significant quantities of personal information about British citizens." It said some staff have been disciplined or dismissed for "inappropriately accessing personal information in these datasets in recent years."

Blears said such cases were "extremely rare."

The report concludes that agencies do not seek to break the law, but that the complex rules governing their activities should be simplified. They also said there should be additional safeguards for sensitive professions including lawyers, doctors and journalists.
http://mashable.com/2015/03/12/uk-surveillance-report/





Dutch Data Retention Law Struck Down – for Now
Rejo Zenger

And then everything went BANG: from our Twitter-timeline to the champagne bottle at our office. This morning the court annulled the data retention law. Effective immediately. But what exactly did the judge say and what will happen now?

The data-retention law requires telecom providers to save communication- and location data from everyone in the Netherlands for as long as a year. The law, and the judges agreed, heavily impacts our freedom.

An infringement of this magnitude requires proper safeguards

The District court of The Hague decided we no longer have to blindly trust the Dutch government. The law’s underlying European directive was meant as a tool in the fight against serious crimes. The Dutch law, however, is much more expansive, including everything from terrorism to bike theft. During the hearing, the state’s attorneys avowed that the Public Prosecution does not take the law lightly, and would not call on the law to request data in case of a bicycle theft. The judge’s response: it doesn’t matter if you exploit the possibility or not, the fact that the possibility exists is already reason enough to conclude that the current safeguards are unsatisfactory.

Additionally, the court determined that insufficient thought has gone into how data is requested. Saving personal information for a lengthy amount of time is a huge infringement on privacy. Therefore, proper safeguards and guarantees are needed when it comes to acquiring access to this data. The judge deems it reasonable that before a request for information is granted, it is reviewed by a juridical entity or an independent administrative entity. During the hearing, a state’s attorney claimed that a district attorney counts as an independent entity. That claim was met with a wave of chuckles throughout the crowd, and now it turns out the court agrees that this is baloney – but you won’t catch a judge using smileys.

Furthermore, the court considered the substantiation of the necessity of the law. The State claims that the data retention law is necessary. This claim was illustrated during the hearing using a number of shocking criminal cases — but they failed to substantiate necessity. Regretfully, the court took this on board as a valid point, but mainly because during the preliminary injunction, this particular argument was not rebutted. Nonetheless, it is important to realize that necessity has not been proven: not in evaluations, not in the Parliament, and not during the preliminary injunction. The fact that no rebuttal was offered, doesn’t change that.

The question is: now what?

First of all, we have to wait for a response from the Ministry of Security and Justice. It is hard to predict what they’ll say. With the former Justice Minister Ivo Opstelten temporarly replaced by Stef Blok, all we can do is hope for the best, and prepare for the worst. We hope the ministry is finally convinced that the law, now and in the future, must be dissolved. And as far as the providers are concerned, they must part with the data they’ve been saving under the data retention law that has now been struck down.

What will happen on the long term is unclear. That is up to Parliament and Opstelten’s successor. As the law has already been struck down, it seems self-evident that the law in its entirety should be revoked. The political party GroenLinks has already submitted a proposal along these lines to Parliament. But one thing is clear: this is not a done deal.

Today the data retention law has been struck down. The government won’t leave it with that. Do you want us to continue to fight against the undirected and lengthy storage of our communication data? Support our cause!

Update: KPN, Vodafone, Hi, XS4ALL, Telfort, BIT and Tweak have announced that they will cease to execute the data retention law.
https://www.bof.nl/2015/03/11/data-r...-down-for-now/





Obama Administration Seeks More Legal Power to Disrupt Botnets
Dennis Fisher

The federal government is seeking more legal power to step in and shut down botnets through an amendment to the existing criminal law, which would allow the Department of Justice to obtain injunctions to disrupt these malicious networks.

The Obama administration has proposed an amendment to existing United Stated federal law that would give it a more powerful tool to go after botnets such as GameOver Zeus, Asprox and others. In recent years, Justice, along with private security firms and law enforcement agencies in Europe, have taken down various incarnations of a number of major botnets, including GameOver Zeus and Coreflood. These actions have had varying levels of success, with the GOZ takedown being perhaps the most effective, as it also had the effect of disrupting the infrastructure used by the CryptoLocker ransomware.

As part of those takedown operations, the Department of Justice files civil lawsuits against alleged operators of the botnets, and sometimes their hosting providers, and also obtains injunctions that enable the government to sinkhole C2 servers or take physical control of those machines. Now, the administration would like to expand those powers.

“One powerful tool that the department has used to disrupt botnets and free victim computers from criminal malware is the civil injunction process. Current law gives federal courts the authority to issue injunctions to stop the ongoing commission of specified fraud crimes or illegal wiretapping, by authorizing actions that prevent a continuing and substantial injury. This authority played a crucial role in the department’s successful disruption of the Coreflood botnet in 2011 and the Gameover Zeus botnet in 2014,” Leslie R. Caldwell, assistant attorney general in the criminal division at the Department of Justice, wrote in a blog post explaining the administration’s position.

“The problem is that current law only permits courts to consider injunctions for limited crimes, including certain frauds and illegal wiretapping. Botnets, however, can be used for many different types of illegal activity. They can be used to steal sensitive corporate information, to harvest email account addresses, to hack other computers, or to execute DDoS attacks against web sites or other computers. Yet — depending on the facts of any given case — these crimes may not constitute fraud or illegal wiretapping. In those cases, courts may lack the statutory authority to consider an application by prosecutors for an injunction to disrupt the botnets in the same way that injunctions were successfully used to incapacitate the Coreflood and Gameover Zeus botnets.”

In order to obtain an injunction in these cases, the government would need to sue the defendants in civil court and show that its suit is likely to succeed on its merits.

“The Administration’s proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief. Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked. This numerical threshold focuses the injunctive authority on enjoining the creation, maintenance, operation, or use of a botnet, as well as other widespread attacks on computers using malicious software (such as “ransomware” ),” Caldwell wrote.

One hundred machines is a low number for a botnet, and indeed would barely even qualify as a botnet in today’s environment, which includes many networks comprising hundreds of thousands or millions of compromised PCs.

Mark Jaycox, a legislative analyst for the EFF, said that the proposal from the Obama administration may be overreaching.

“The blog post posits that IP/trade secret concerns are reasons that are not already covered to take down botnets. That’s a civil/private context and we’ve seen private companies use the Lanham Act to handle that angle. Seems like the DOJ is pushing for a more expansive law. As of now, we’ve seen DOJ been able to handle takedowns with the resources and laws that are already provided to them,” Jaycox said.

“We’d like to see a particular use case where they couldn’t use their already aggressive interpretation of the current law to take down botnets. If anything, we should be narrowing the current anti-hacking statute and computer laws because of their excessive breadth.”
https://threatpost.com/obama-adminis...botnets/111596





US Senate Committee Advances Cybersecurity Bill in Secret Session
Alan Yuhas and Spencer Ackerman

The Senate intelligence committee advanced a priority bill for the National Security Agency on Thursday afternoon, approving long-stalled cybersecurity legislation that civil libertarians consider the latest pathway for surveillance abuse.

The vote on the Cybersecurity Information Sharing Act, 14 to 1, occurred in a secret session inside the Hart Senate office building. Democrat Ron Wyden was the dissenter, calling the measure “a surveillance bill by another name”.

Senator Richard Burr, the committee chairman, said the bill would create avenues for private-to-private, private-to-government and government-to-private information sharing.

The bill’s bipartisan advocates consider it a prophylactic measure against catastrophic data theft, particularly in light of recent large-scale hacking of Sony, Target, Home Depot and other companies.

Private companies could share customer data “in a voluntary capacity” with the government, Burr said, “so that we bring the full strength of the federal government to identifying and recommending what anybody else in the United States should adopt”.

“The sharing has to be voluntary, not coercive, and it’s got to be protected,” said Senator Dianne Feinstein, the committee’s vice-chair, adding that the information would pass through the Department of Homeland Security – and “transferred in real time to other departments where it’s applicable”.

Feinstein said the bill’s provisions would “only be used for counterterrorism purposes and certain immediate crimes”.

Several iterations of the cybersecurity bill have failed in recent years, including a post-Edward Snowden effort that the committee, then under Democratic leadership, approved last year. President Obama, renewing the push earlier this year, has called for a bill to enhance information sharing between businesses particularly banks and others in the financial sector and the federal government surrounding indications of malicious network intrusions.

Both the administration and Congress intend the legislation to join a panoply of recent moves to bolster cybersecurity, including February’s announced creation of a consolidated center within the intelligence agencies for analysis of internet-borne threats.

“This bill will not eliminate [breaches] happening,” Burr said. “This bill will hopefully minimize the impact of a penetration because of the real-time response.”

Feinstein said that companies, “reluctant to share with the government because they are subject to suit” would be protected from lawsuits “for cybersecurity purposes” under the bill.

But the bill faces strong opposition inside and outside Congress. Beyond expanding government’s reach into private data outside warrant requirements, it mandates real-time access to that data for intelligence agencies and the military.

‘Significantly undermine privacy and civil liberties’

Privacy advocates consider the bill to provide a new avenue for the NSA to access consumer and financial data, once laundered through the Department of Homeland Security (DHS), the initial public repository for the desired private-sector information. Campaigners consider the emphasis placed by the bill’s backers on DHS’s role to be a misleading way of downplaying NSA access to win congressional support.

A coalition of nearly 50 technologists, privacy groups and campaigners wrote to the committee earlier this month urging rejection of a bill that would “significantly undermine privacy and civil liberties” and potentially permit corporations to “hack back” at perceived network intrusions.

The bill “does not effectively require private entities to strip out information that identifies a specific person prior to sharing cyber-threat indicators with the government, a fundamental and important privacy protection,” the 2 March letter reads. Its changes to federal law “would permit companies to retaliate against a perceived threat in a manner that may cause significant harm, and undermine cybersecurity”, particularly given the misattributions of responsibility frequently seen in hacking cases.

Companies can only take “defensive measures” and not “countermeasures against another company”, Feinstein said.

Burr said that language in the bill would require companies to “remove all personal information before that data is transferred to the federal government”, and that the Department of Homeland Security would scrub any data not cleaned by companies. “We’ve tried to minimize in that any personal, identifying data that could be captured,” he said.

But Burr admitted the bill would still allow companies to share directly with the NSA, and could potentially receive liability protections if information is shared “not electronically”. “Our preference is the electronic transfer through the DHS portal,” he said.

While the NSA has labored to convince the public to move on from international condemnation of its digital dragnets – though Congress has passed no legislation to curtail them – acrimony within the tech sector at the surveillance giant persists.

At a Washington forum last month, Yahoo’s chief security officer confronted the NSA’s chief, Admiral Mike Rogers, over a recent push by US security agencies to undermine encryption for government benefit, a revival of the so-called “Crypto Wars” of the 1990s.

Alex Stamos of Yahoo challenged Rogers to explain why his company should not do the same thing on behalf of US adversaries or competitors to facilitate their spying on the United States. Rogers, in what was seen as a heated exchange, resisted the comparison.

Against that backdrop of suspicion, it is uncertain if the new cybersecurity bill can garner the votes in the broader Senate and House that its predecessors could not. The digital-rights group Access on Thursday was already seeking to mobilize its membership to call legislators in objection to the bill.

Wyden declined to comment to reporters, saying as he left the meeting: “You guys know I like talking about this stuff but I can’t say anything.”

He later articulated his dissent in a statement: “The most effective way to protect cybersecurity is by ensuring network owners take responsibility for security. Strong cybersecurity legislation should make clear that government agencies cannot order US hardware and software companies to build weaker products, as senior FBI officials have proposed.”
http://www.theguardian.com/us-news/2...urity-bill-nsa





Wikimedia v. NSA: Wikimedia Foundation Files Suit Against NSA to Challenge Upstream Mass Surveillance
Michelle Paulson and Geoff Brigham

Today, the Wikimedia Foundation is filing suit against the National Security Agency (NSA) and the Department of Justice (DOJ) of the United States [1]. The lawsuit challenges the NSA’s mass surveillance program, and specifically its large-scale search and seizure of internet communications — frequently referred to as “upstream” surveillance. Our aim in filing this suit is to end this mass surveillance program in order to protect the rights of our users around the world. We are joined by eight other organizations [2] and represented by the American Civil Liberties Union (ACLU). The full complaint can be found here.

“We’re filing suit today on behalf of our readers and editors everywhere,” said Jimmy Wales, founder of Wikipedia. “Surveillance erodes the original promise of the internet: an open space for collaboration and experimentation, and a place free from fear.”

Privacy is the bedrock of individual freedom. It is a universal right that sustains the freedoms of expression and association. These principles enable inquiry, dialogue, and creation and are central to Wikimedia’s vision of empowering everyone to share in the sum of all human knowledge. When they are endangered, our mission is threatened. If people look over their shoulders before searching, pause before contributing to controversial articles, or refrain from sharing verifiable but unpopular information, Wikimedia and the world are poorer for it.

When the 2013 public disclosures about the NSA’s activities revealed the vast scope of their programs, the Wikimedia community was rightfully alarmed. In 2014, the Wikimedia Foundation began conversations with the ACLU about the possibility of filing suit against the NSA and other defendants on behalf of the Foundation, its staff, and its users.

Our case today challenges the NSA’s use of upstream surveillance conducted under the authority of the 2008 Foreign Intelligence Surveillance Act Amendments Act (FAA). Upstream surveillance taps the internet’s “backbone” to capture communications with “non-U.S. persons.” The FAA authorizes the collection of these communications if they fall into the broad category of “foreign intelligence information” that includes nearly any information that could be construed as relating to national security or foreign affairs. The program casts a vast net, and as a result, captures communications that are not connected to any “target,” or may be entirely domestic. This includes communications by our users and staff.

“By tapping the backbone of the internet, the NSA is straining the backbone of democracy,” said Lila Tretikov, executive director of the Wikimedia Foundation. “Wikipedia is founded on the freedoms of expression, inquiry, and information. By violating our users’ privacy, the NSA is threatening the intellectual freedom that is central to people’s ability to create and understand knowledge.”

The NSA has interpreted the FAA as offering free rein to define threats, identify targets, and monitor people, platforms, and infrastructure with little regard for probable cause or proportionality. We believe that the NSA’s current practices far exceed the already broad authority granted by the U.S. Congress through the FAA. Furthermore, we believe that these practices violate the U.S. Constitution’s First Amendment, which protects freedom of speech and association, and the Fourth Amendment, which protects against unreasonable search and seizure.

Additionally, we believe that the NSA’s practices and limited judicial review of those practices violate Article III of the U.S. Constitution. A specialized court, the Foreign Intelligence Surveillance Court (FISC), hears issues related to foreign intelligence requests, including surveillance. Under U.S. law, the role of the courts is to resolve “cases” or “controversies” — not to issue advisory opinions or interpret theoretical situations. In the context of upstream surveillance, FISC proceedings are not “cases.” There are no opposing parties and no actual “controversy” at stake. FISC merely reviews the legality of the government’s proposed procedures — the kind of advisory opinion that Article III was intended to restrict.

In 2013, the U.S. Supreme Court dismissed a previous challenge to the FAA, Amnesty v. Clapper, because the parties in that case were found to lack “standing.” Standing is an important legal concept that requires a party to show that they’ve suffered some kind of harm in order to file a lawsuit. The 2013 mass surveillance disclosures included a slide from a classified NSA presentation that made explicit reference to Wikipedia, using our global trademark. Because these disclosures revealed that the government specifically targeted Wikipedia and its users, we believe we have more than sufficient evidence to establish standing.

Wikipedia is the largest collaborative free knowledge resource in human history. It represents what we can achieve when we are open to possibility and unburdened by fear. Over the past fourteen years, Wikimedians have written more than 34 million articles in 288 different languages. Every month, this knowledge is accessed by nearly half a billion people from almost every country on earth. This dedicated global community of users is united by their passion for knowledge, their commitment to inquiry, and their dedication to the privacy and expression that makes Wikipedia possible. We file today on their behalf.
https://blog.wikimedia.org/2015/03/10/wikimedia-v-nsa/





New Smoking Gun Further Ties NSA to Omnipotent “Equation Group” Hackers

What are the chances unrelated state-sponsored projects were both named "BACKSNARF"?
Dan Goodin

Researchers from Moscow-based Kaspersky Lab have uncovered more evidence tying the US National Security Agency to a nearly omnipotent group of hackers who operated undetected for at least 14 years.

The Kaspersky researchers once again stopped short of saying the hacking collective they dubbed Equation Group was the handiwork of the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project. Still, they heaped new findings on top of a mountain of existing evidence that already strongly implicated the spy agency. The strongest new tie to the NSA was the string "BACKSNARF_AB25" discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed "EquationDrug." "BACKSNARF," according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA's Tailored Access Operations.

"BACKSNARF" joins a host of other programming "artifacts" that tied Equation Group malware to the NSA. They include "Grok," "STRAITACID," and "STRAITSHOOTER." Just as jewel thieves take pains to prevent their fingerprints from being found at their crime scenes, malware developers endeavor to scrub usernames, computer IDs, and other text clues from the code they produce. While the presence of the "BACKSNARF" artifact isn't conclusive proof it was part of the NSA project by that name, the chances that there were two unrelated projects with nation-state funding seems infinitesimally small.

The code word is included in a report Kaspersky published Wednesday detailing new technical details uncovered about Equation Group. Among other new data included in the report, the timestamps stored inside the Equation Group malware showed that members overwhelmingly worked Monday through Friday and almost never on Saturdays or Sundays. The hours in the timestamps appeared to show members working regular work days, an indication they were part of an organized software development team. Assuming they worked a regular 8 to 5 workday, the timestamps show the employees were likely in the UTC-3 or UTC-4 time zone, a finding that would be consistent with people working in the Eastern part of the US. The Kaspersky report discounted the possibility the timestamps were intentionally manipulated, since the years listed in various executable files appeared to match the availability of computer platforms the files ran on.

Previously found evidence suggesting a possible connection to the NSA included the Equation Group's aptitude for conducting interdictions that in 2009 placed highly advanced malware on a CD-ROM sent to a prestigious researcher who attended a scientific conference. That interdiction was similar to an NSA-sponsored one detailed in documents leaked by former NSA subcontractor Edward Snowden that installed covert implant firmware on a Cisco Systems router as it was being shipped to its unwitting customer. Still other ties included zero-day vulnerabilities shared between Equation Group malware and the NSA-led Stuxnet worm that sabotaged Iranian uranium enrichment efforts in 2009 or so. The countries that were and were not targeted are also consistent with Equation Group being a US-sponsored project.

Most of the new details included in Tuesday's report will be of interest only to hard-core researchers. Still, they only bolster previous findings that Equation Group was hands down the world's most advanced hacking operation ever to come to light. Whereas before the sprawling Equation Drug platform was known to support 35 different modules, Kaspersky has recently unearthed evidence there are 115 separate plugins. The architecture resembles a mini operating system with kernel- and user-mode components alike. Readers can expect more revelations to come as researchers continue to analyze new samples and further examine the malware that has already come to light.
http://arstechnica.com/security/2015...group-hackers/





CIA Sought to Hack Apple iPhones from Earliest Days - The Intercept
Eric Auchard

CIA researchers have worked for nearly a decade to break the security protecting Apple phones and tablets, investigative news site The Intercept reported on Tuesday, citing documents obtained from NSA whistleblower Edward Snowden.

The report cites top-secret U.S. documents that suggest U.S. government researchers had created a version of XCode, Apple's software application development tool, to create surveillance backdoors into programs distributed on Apple's App Store.

The Intercept has in the past published a number of reports from documents released by whistleblower Snowden. The site's editors include Glenn Greenwald, who won a Pulitzer Prize for his work in reporting on Snowden's revelations, and by Oscar-winning documentary maker Laura Poitras.

It said the latest documents, which covered a period from 2006 to 2013, stop short of proving whether U.S. intelligence researchers had succeeded in breaking Apple's encryption coding, which secures user data and communications.

Efforts to break into Apple products by government security researchers started as early as 2006, a year before Apple introduced its first iPhone and continued through the launch of the iPad in 2010 and beyond, The Intercept said.

Breeching Apple security was part of a top-secret programme by the U.S. government, aided by British intelligence researchers, to hack "secure communications products, both foreign and domestic" including Google Android phones, it said.

Silicon Valley technology companies have in recent months sought to restore trust among consumers around the world that their products have not become tools for widespread government surveillance of citizens.

Last September, Apple strengthened encryption methods for data stored on iPhones, saying the changes meant the company no longer had any way to extract customer data on the devices, even if a government ordered it to with a search warrant. Silicon Valley rival Google Inc said shortly afterward that it also planned to increase the use of stronger encryption tools.

Both companies said the moves were aimed at protecting the privacy of users of their products and that this was partly a response to widescale U.S. government spying on Internet users revealed by Snowden in 2013.

An Apple spokesman pointed to public statements by Chief Executive Tim Cook on privacy, but declined to comment further.

"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services," Cook wrote in a statement on privacy and security published last year. "We have also never allowed access to our servers. And we never will."

Leaders including U.S. President Barack Obama and British Prime Minister David Cameron have expressed concern that turning such privacy-enhancing tools into mass market features could prevent governments from tracking militants planning attacks. The CIA did not immediately reply to a request for comment.

(Editing by Jeremy Gaunt)
http://uk.reuters.com/article/2015/0...0M610X20150310





Insight - Politics Intrude as Cybersecurity Firms Hunt Foreign Spies
Joseph Menn

The $71 billion (47.56 billion pounds) cybersecurity industry is fragmenting along geopolitical lines as firms chase after government contracts, share information with spy agencies, and market themselves as protectors against attacks by other nations.

Moscow-based cybersecurity firm Kaspersky Lab has become a leading authority on American computer espionage campaigns, but sources within the company say it has hesitated at least twice before exposing hacking activities attributed to mother Russia.

Meanwhile, U.S. cybersecurity firms CrowdStrike Inc and FireEye Inc have won fame by uncovering sophisticated spying by Russia and China - but have yet to point a finger at any American espionage.

The balkanisation of the security industry reflects broader rifts in the technology markets that have been exacerbated by disclosures about government-sponsored cyberattacks and surveillance programs, especially those leaked by former U.S. intelligence agency contractor Edward Snowden.

"Some companies think we should be stopping all hackers. Others think we should stop only the other guy's hackers - they think we can win the war," said Dan Kaminsky, chief scientist at security firm White Ops Inc, putting himself in the former camp.

Kaspersky Lab has faced questions about its connections to Russian intelligence before: Chief Executive Eugene Kaspersky had attended a KGB school, Chief Operating Officer Andrey Tikhonov was a lieutenant colonel in the military, and Chief Legal Officer Igor Chekunov had served in the KGB's border service.

Eugene Kaspersky said the firm has never been asked by a government agency to back away from investigating a cyberattack, and said that its international team of researchers would not be swayed by any one country's national interests.

Still, several current and former Kaspersky Lab employees said the firm has dithered over whether to publish research on at least two Russian hacking strikes.

Last year, Kaspersky Lab officials privately gave some paying customers a report about a sophisticated computer spying campaign that it had uncovered. But the company did not publish the report more widely until five months after British defense contractor BAE Systems Plc exposed the campaign, linking it to another suspected Russian government operation and noting that most infected computers were found were in Ukraine.

"We were late," Eugene Kaspersky said about the report, but he denied that political considerations were at play. "It is not possible to be the champion in every game."

In 2013, Kaspersky Lab researchers uncovered another spying operation, dubbed Red October, that was written by Russian-speaking programmers and targeted governmental and diplomatic organizations in Europe, Central Asia and North America.

It was only after a heated internal debate that the firm decided to publish a report on that operation, which it believed to be the work of the Russian military's GRU foreign intelligence branch, according to several current and former Kaspersky Lab employees who did not want to be identified.

WHERE TO DO BUSINESS

Kaspersky Lab has been the first to expose a series of major U.S. cyberattacks, including, most recently, the tools that may have been used to spread the Stuxnet worm that sabotaged Iran's nuclear program.

Like its U.S. competitors Symantec Corp and Intel Corp, Kaspersky Lab drops hints about who it thinks are behind the attacks but does not publicly name the country.

Kaspersky's success in uncovering U.S. campaigns is in part because its anti-virus software and security products are sold in countries of high interest to American spies, such as Iran and Russia. Much of its research is based on data from customer computers that use Kaspersky software.

CrowdStrike, a privately held cybersecurity firm based in Irvine, California, will not sell its services in either Russia or China because it does not want to face pressure to suppress information about the activities of those governments. That also means the firm is less likely to stumble across the United States' most ambitious intelligence-gathering efforts.

"We're selective about our customers," said CrowdStrike Co-founder Dmitri Alperovitch. "You can't play both sides."

CrowdStrike's customers include major global banks and tech companies.

FireEye avoids selling its services in China and Afghanistan, but does have clients in Russia. Last year, it acquired computer forensics firm Mandiant Corp, founded by a former U.S. Air Force officer, Kevin Mandia.

As many of Mandiant's first large customers were U.S. Defense Department suppliers, it came across spying campaigns launched by Chinese hackers. That started a cycle in which Mandiant was hired by other companies worried about China, enhancing the firm's knowledge and reputation in dealing with that type of threat.

If companies specialize too much in one region, however, they could miss attacks elsewhere, security experts said.

As governments spend more to protect their networks from hackers, they draw closer to the cybersecurity companies. Senior U.S. intelligence officials, notably from the National Security Agency, have also joined private security companies after leaving their posts, drawn by surging demand for cyber expertise.

Greater information sharing, as proposed by a bill backed by U.S. President Barack Obama, would push the public and private sectors still closer.

"I would not be surprised if the NSA went to Symantec and McAfee and asked them not to detect something," said cryptography expert Bruce Schneier, chief technology officer at Resilient Systems Inc, a security firm.

Spokespeople for Symantec and Intel, which bought McAfee in 2011, said that has not happened.

To be sure, Symantec has played a critical role, along with Kaspersky Lab, in exposing the U.S.-led Stuxnet, and it has backed up other Kaspersky findings since then.

"We are being completely agnostic to who the malware author may be," said Symantec Principal Security Response Manager Vikram Thakur.

Asked if Mandiant would ever expose a U.S. spying program, the firm's technical director, Ryan Kazanciyan, said: "I honestly don't know."

Vitor De Souza, spokesman for parent company FireEye said: "We would do a report on a U.S. group if they broke the law."

The ties between governments and homegrown security firms could yet break apart, especially if intelligence agencies start corrupting anti-virus software to spy on target machines.

"Security products might become one of the main vectors of getting access," said Mikko Hypponen, chief research officer at Finland's F-Secure Oyj.

White Ops' Kaminsky, whose company identifies networks of compromised computers being used for fraud, said some security companies' own attitudes could end up making things worse faster.

"The global economy depends on a secure Internet, and that means no back doors for anybody," he said. "Nobody wants to live in a war zone."

(Additional reporting by Jim Finkle in Boston; Editing by Tiffany Wu)
http://uk.reuters.com/article/2015/0...0M809I20150312





CIA Secretly Helped Build Phone Scanning Tech for US Operations
Zack Whittaker

Summary:The new report furthers allegations that US law enforcement are increasingly relying on intelligence agencies for help, despite rules protecting domestic intelligence operations.

The US Central Intelligence Agency (CIA) is said to have played a "crucial role" in helping federal agents collect data from thousands of Americans' cellphones.

A new report by the Wall Street Journal detailed how the intelligence agency and the US Marshals Service, an agency from the Justice Department, worked together to develop "dirtboxes," a device that can vacuum up vast amounts of cellphone data by mimicking cell towers.

The newspaper reported last year on how the Justice Department flew low-flying light aircraft over US towns and cities in an effort to hunt suspected criminals. In the process, a significant number of Americans' data was scooped up.

The CIA, which is said to have provided most of the resources in the early days of the relationship, is barred from conducting most of its operations on US soil. Officials at the CIA and the Justice Dept. told the newspaper that they didn't violate those rules.

The co-operative effort, described as a "marriage" by people familiar with the programs, shows (not for the first time) how criminal investigations are relying more and more on US intelligence agencies for technical and operational support, the report said.

Amid the first reports from the Edward Snowden cache of leaked classified documents, the Justice Dept. was forced to investigate whether its drug enforcement division collaborated with the National Security Agency (NSA).

The Drug Enforcement Agency (DEA) was said to have used intelligence gathered by the NSA. The tipped-off information was allegedly later "masked" and "recreated" in the courts to prevent the source of the information being revealed.

The NSA has repeatedly said it does not conduct surveillance on US citizens in line with the Fourth Amendment, despite leaks and reports suggesting otherwise.

The dirtbox program is now subject to a Senate Judiciary Committee inquiry, which will report its findings later this year.
http://www.zdnet.com/article/cia-sec...py-operations/





Meet Canary Watch, A Way To Disclose Gag Orders Without Disclosing Them

It's asymmetric information warfare against the surveillance state.
Yael Grauer

It’s bad enough that the government can order up user data from services like Google and Twitter without any judicial oversight—even on people not suspected of a crime. To make matters worse, federal agencies can also forbid these companies from ever mentioning the request in public.

But some unhappy tech companies have been waging a form of asymmetric warfare on these gag orders, and now a motley crew of privacy activists is escalating that fight. Their tool of choice is the "warrant canary," a workaround by which organizations can let outsiders track gag orders indirectly—in effect, by the shadows they cast. (The name derives from the canaries coal miners used to detect deadly carbon monoxide.)

Needless to say, controversy over this tactic is just beginning.

Opening Up The Coal Mine

To create a warrant canary, a company starts making a regular disclosure—on its website, say, or in a regularly published transparency report—that it has not received a particular data request from national-security or law-enforcement agencies. If the company modifies or fails to publish that particular disclosure, the canary effectively "dies," allowing observant readers to infer that the company has been served with an order for data and forbidden to discuss it.

By their nature, warrant canaries are difficult to track unless you pay close attention; they're also easy to misinterpret. So to clarify and amplify these canary signals, a group of activists recently launched the website Canary Watch, which tracks those disappearances and changes. (Its backers include the privacy-focused Calyx Institute, Harvard's Berkman Center, the Electronic Frontier Foundation and NYU’s Technology Law and Policy Clinic.)

Warrant canaries, of course, aren't a perfect solution. They may be illegal, since their intent is pretty plainly to subvert gag orders. They may also be ineffective, since no one knows whether the government can legally require companies to lie about requests they've received. If so, these canaries may be dead before they ever really lived.

In addition, canaries are vulnerable to accident, inattention, and misunderstanding—unavoidable hazards of trying to communicate about something when you can't talk about it directly.

How Canary Watch Works

Canary Watch currently features warrant canaries from several Internet companies, most of which have a strong interest in free speech or privacy. Although many of them are on the obscure side, the site's roster also includes well-known names such as Reddit, Tumblr, Pinterest, the Internet Archive and Spider Oak.

In it current incarnation, however, Canary Watch isn't exactly user friendly—and that's a distinct impediment to its mission of making warrant canaries easier to understand.

For each company, it lists the type of warrant canary, the date it was added to the database or last checked, and a link to a "more details" page that adds a link to the original document. But the "type" field is cryptically worded, at least to those not steeped in the legal distinctions of national-security data requests.

You might not, for instance, immediately grasp the differences between canary types "Inline, Requests for govt. information," "Warrants, Backdoors, Standalone" and "Transparency Report, Section 215." Canary Watch itself doesn't define those terms, even in its FAQ.

While Canary Watch links to the relevant disclosure documents, users are on their own if they want to find the specific canary language within those documents. There's also no obvious cue on the site to let readers know that a canary has changed. And the site misses a great opportunity to improve canary transparency by archiving those disclosure documents itself to highlight any changes in canary language.

The Calyx Institute, which runs and hosts Canary Watch, has considered ways to improve the site, but doesn't yet have a timetable in mind. Calyx founder Nicholas Merrill—one of the first Americans to legally resist a gag order related to a national-security data request—said he's looking for a funding partner so Calyx can add additional features.

Merrill is currently working on a how-to guide to teach organizations how to create canaries and the commitments involved in keeping them up-to-date.

Where Canaries Hatched

This is a personal issue for Merrill, who spent a decade in court challenging the legality of a Patriot Act provision that allows "national security letters." These are administrative subpoenas the FBI can use to request electronic "metadata," such as your contacts and the specific times you communicated with them, and other information about your communications—everything except their content, basically. Such letters can forbid the recipient—typically an Internet provider or online communication service—from disclosing the FBI request, even to its target.

The FBI dropped its records request to Calyx several years ago, and a partial settlement seven years into the lawsuit allows Merrill to discuss the circumstances of the national-security letter he received. But Merrill, who ran an ISP at the time received the request, still can't discuss the type of information the FBI sought.

"When service providers, email hosts, and website hosts are unable to talk about what’s going on because they’re placed under gag orders, it really does limit the amount of free and open public discussion that can happen,” Merrill says.

Canaries In The Courtroom

Theoretically, routinely published warrant canaries could help undermine the legal status of national-security gag orders. For instance, the government frequently argues that its restrictions aren't burdensome because they only prevent disclosure of information the government itself provided. Suppressing a warrant canary, however, is a more overt form of censorship that might give judges pause.

Some experts think warrant canaries might also deter some information requests in the first place. “The purpose of this is to say, ‘If you come to us with an order that compels us to hand over our data, we’re going to tell our customers’,” says Christopher Soghoian, a principal technologist with the ACLU. “The hope is that the presence of that clear canary is going to cause some agencies to say, ‘Hang on, do we really want to do this?’”

On the other hand, the legal status of canaries remains untested. Since letting a canary die might be considered a violation of a gag order, Canary Watch encourages companies to get a judge’s opinion should they reach that juncture.

That would effectively force a court to rule on whether the government can legally compel false speech—in this case, by requiring a company to put out a statement saying that it has not received a particular information request even when it has. While courts have sometimes compelled true speech—think of those Surgeon General's warnings on cigarettes, for instance—none appear to have upheld compelled false speech.

But Canaries Don't Exactly Sing

Canaries remain fraught with other problems as well—not least the fact that they remain inherently ambiguous. As Soghoian puts it:

“The problem with the canary is that you don’t actually get a lot of information, so you’re left sort of guessing, and it’s very easy for a company that’s not paying attention to accidentally kill the canary.”

In one notorious example, Apple published a warrant canary stating that it had received no surveillance orders under Section 215 of the USA Patriot Act. The next time it published its transparency report in September 2014, the canary language had changed. Many people inferred that Apple had received a 215 order, but it's likely that it just tightened up the language.

The same thing happened with encrypted communications firm Silent Circle, in which its warrant canary missed an expected update over the holidays, apparently due to human error. Its warrant canary again went without update this past Friday; the company's attorney Matt Neiderman told ZDnet that the warrant canary was "working properly," but that Silent Circle "just missed adding the statement with the update [Friday]."

Canaries could fail in several other ways. Companies for instance, could purposely lie about the requests they've received. Or the person or team responsible for a canary might be kept in the dark about government data requests.

Warrant canaries are only one part of the battle against largely unaccountable government surveillance. Twitter, for instance, is suing the Justice Department and the FBI over limits on disclosing surveillance orders, while the EFF is also challenging the constitutionality of secret warrantless surveillance.

But while warrant canaries are almost as small and vulnerable as their namesake, their supporters consider them better than nothing. If imperfect tools are all you have, sometimes it's still best to build what you can with them, especially if your only other choice is to stand idly by.
http://readwrite.com/2015/03/09/cana...ecurity-letter

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

March 7th, February 28th, February 21st, February 14th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 02:23 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)