P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 13-09-17, 06:41 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - September 16th, ’17

Since 2002


































"We're going to have a lot of deaths here tonight." – Jefferson County Office of Emergency Management


"Honored to be 1st disinvited trans woman visiting @harvard fellow they chill marginalized voices under @cia." – Chelsea E. Manning






































September 16th, 2017




Users in Affluent Singapore Still Pirating Online Content

Despite knowing the potential security risks of doing so, 39 percent of Singaporeans admit they illegally stream or download content, with 14 percent tapping streaming devices to access pirated content.
Eileen Yu

Singapore's average household income may be higher than most, but 39 percent confess they still are streaming or download online content illegally--driven primarily by the notion of free access.

These online users said they currently accessed pirated movies, TV shows, or live sports channels, with 14 percent tapping streaming media devices to do so, revealed a survey by CASBAA. The findings were based on a survey of 1,000 respondents in Singapore as well as 300 users of streaming devices.

As I caught up with my relatives over our annual lunar new year gatherings earlier this week, I was asked a question that had popped up many times before: "How do I download music on iTunes?"And the answer has always been the same: "You can't if you're in Asia (outside of Japan).

CASBAA represents companies across the Asia-Pacific that provide digital multichannel TV, content, advertising, and video services, and its member network spans more than 500 million connections across the region including China, Japan, and Pakistan.

Noting that Singaporeans were among the world's top consumers of pirated online content, the association said 74 percent of respondents acknowledged that accessing pirated content carried security risks, potentially exposing them to viruses, spyware, and malware.

Some 40 percent said they stopped their pirating ways due to malware risks, while 37 percent did so because there now were more legal options available. Another 68 percent acknowledged that pirating content was akin to stealing or theft, but nearly three quarters considered piracy normal or typical behaviour, the study noted.

Amongst those that confessed to actively streaming or downloading pirated content, 63 percent said their actions were motivated by having free access to content. Almost a third of Singapore respondents said blocking illegal content sites was the most effective way to reduce online piracy.

CASBAA Chief Policy Officer John Medeiros said: "Admitted usage of TV boxes that provide illegal access to TV series, movies, and live sports events is much greater in Singapore than in other developed markets, such as the US and the UK. While these numbers are already concerning, they rely on the candour of respondents and, undoubtedly, underestimate the true scale of the problem."

On CASBAA's website, Medeiros also noted: "In the world of digital piracy, it's simply not possible to stop every scoundrel in every part of the world from stealing files, or streams, created by others and reselling them. The goal of fighting piracy has to be a mass-market focus: to raise the cost and hassle of obtaining pirate feeds to the point where the mass of people decide it's really easier and more cost-effective to subscribe for legal content supply... That's where we need to get to, in Asia."

Singapore boasted a median monthly household income of S$8,846 (US$6,580) last year, which grew 2.6 percent in real terms over 2015.
http://www.zdnet.com/article/users-i...nline-content/





EU Set to Demand Internet Firms Act Faster to Remove Illegal Content
Julia Fioretti

Companies including Google (GOOGL.O), Facebook (FB.O) and Twitter (TWTR.N) could face European Union laws forcing them to be more proactive in removing illegal content if they do not do more to police what is available on the Internet.

The European Union executive outlined in draft guidelines reviewed by Reuters how Internet firms should step up efforts with measures such as establishing trusted flaggers and taking voluntary measures to detect and remove illegal content.

Proliferating illegal content, whether because it infringes copyright or incites terrorism, has sparked heated debate in Europe between those who want online platforms to do more to tackle it and those who fear it could impinge on free speech.

The companies have significantly stepped up efforts to tackle the problem of late, agreeing to an EU code of conduct to remove hate speech within 24 hours and forming a global working group to combine their efforts remove terrorist content from their platforms.

Existing EU legislation shields online platforms from liability for the content that is posted on their websites, limiting how far policymakers can force companies, who are not required to actively monitor what goes online, to act.

“Online platforms need to significantly step up their actions to address this problem,” the draft EU guidelines say.

“They need to be proactive in weeding out illegal content, put effective notice-and-action procedures in place, and establish well-functioning interfaces with third parties (such as trusted flaggers) and give a particular priority to notifications from national law enforcement authorities.”

The guidelines, expected to be published at the end of the month, are non-binding but further legislation is not ruled out by Spring 2018, depending on progress made by the companies.

However, a Commission source said any legislation would not change the liability exemption for online platforms in EU law.

A spokesman for Twitter had no comment on the draft but pointed to the company’s latest data on its efforts to tackle abuse showing it was taking action on ten times the number of abusive accounts every day compared to the same time last year.

Facebook and Google declined to comment.

The Commission wants the companies to develop “trusted flaggers” - experienced bodies with expertise in identifying illegal content - whose notifications would be given high priority and could lead to the automatic removal of content.

It also encourages web companies to publish transparency reports with detailed information on the number and type of notices received and actions taken and says the Commission will explore options to standardise such transparency reports.

The guidelines also contain safeguards against excessive removal of content, such as giving its owners a right to contest such a decision.

The Commission wants companies to hone technology used to automatically detect illegal content so that the volume which needs to be reviewed by a human before being deemed illegal can be narrowed down.

Reporting by Julia Fioretti; editing by Alexander Smith and Toby Chopra
https://www.reuters.com/article/us-a...-idUSKCN1BO1ON





NSA Broke the Encryption on File-Sharing Apps Kazaa and eDonkey
Micah Lee

Before services like Spotify and Netflix proliferated, people who wanted to listen to music or watch movies online, on demand, had few legal options. Instead, they would download copies of pirated media using file-sharing technology. In early 2004, close to 8 million people in the U.S. alone were estimated to have downloaded music through so-called peer-to-peer apps like LimeWire, eDonkey, Kazaa, and BitTorrent. While it’s difficult to measure exactly how much of the world’s internet traffic consists of people swapping files, at the time some estimates said it was approaching 40 percent. (It was closer to 11 percent by 2016, according to another estimate.)

With this much file sharing occurring online, it’s no surprise that the National Security Agency took notice. According to documents provided by NSA whistleblower Edward Snowden, the spy agency formed a research group dedicated to studying peer-to-peer, or P2P, internet traffic. NSA didn’t care about violations of copyright law, according to a 2005 article on one of the agency’s internal news sites, SIDtoday. It was trying to determine if it could find valuable intelligence by monitoring such activity.

“By searching our collection databases, it is clear that many targets are using popular file sharing applications,” a researcher from NSA’s File-Sharing Analysis and Vulnerability Assessment Pod wrote in a SIDtoday article. “But if they are merely sharing the latest release of their favorite pop star, this traffic is of dubious value (no offense to Britney Spears intended).”

In order to monitor peer-to-peer networks, the NSA needed to both decode the protocols that various services used and, in some cases, break the encryption to see which files were being swapped. This last hurdle was cleared in at least two cases. “We have developed the capability to decrypt and decode both Kazaa and eDonkey traffic to determine which files are being shared, and what queries are being performed,” the researcher wrote.

The NSA developed ways to exploit Kazaa in order to extract information from registry entries stored on a computer, including “e-mail addresses, country codes, user names, location of the downloaded files, and a list of recent searches — encrypted of course,” according to the article. And, while the author doesn’t go into details, they claim that they “discovered that our targets are using P2P systems to search for and share files which are at the very least somewhat surprising — not simply harmless music and movie files.”

Kazaa is no longer in use and its website shut down in 2012.

The eDonkey network, however, is still active, although the system is not nearly as popular as it once was. EDonkey still uses the same vulnerable encryption it did in 2004. EMule, a popular program for connecting to the eDonkey network, hasn’t had an update in over seven years.

A representative of the eMule developer team told The Intercept that security was never a goal for eDonkey’s encryption. “EMule calls its protocol encryption ‘obfuscation’ rather than encryption,” the developer said. “It was a feature intended to stop ISPs and local routers from throttling the protocol by doing simple deep packet inspections, not one to mainly protect the communication against eavesdropping.”

“There is no doubt the NSA could spy on the traffic if they wanted to,” the developer added, “preventing this was not the aim of the protocol encryption (and not much of an issue back then in the old days when this feature was coded).”

Researchers from NSA’s FAVA Pod were not the only spooks interested in peer-to-peer technology. An NSA program called GRIMPLATE was developed to study how Department of Defense employees used BitTorrent, discover if this use was malicious, and potentially build a case for ending such use. According to a classified presentation from the 2012 iteration of the NSA’s annual SIGDEV conference, which aims to develop new sources of signals intelligence, “BitTorrent sessions are seen on a daily basis between NIPRnet hosts,” referring to computers on the DOD network for sensitive but unclassified information, “and [in] adversary space,” that is, outside networks run by U.S. targets like Russia and China.

By 2010, the British electronic eavesdropping agency Government Communications Headquarters was also interested in “active P2P exploitation research,” according to a page on an internal GCHQ wiki. The page describes DIRTY RAT, a GCHQ web application used by analysts that at the time had “the capability to identify users sharing/downloading files of interest on the eMule (Kademlia) and BitTorrent networks. … For example, we can report on who (IP address and user ID) is sharing files with ‘jihad’ in the filename on eMule. If there is a new publication of an extremist magazine then we can report who is sharing that unique file on the eMule and BitTorrent networks.”

The wiki article also hints at information sharing with law enforcement. “DIRTY RAT will soon be delivered to the [London] Metropolitan Police and we are in the early stages of relationships with [U.K. child protection agency] CEOP and the FBI,” it stated.

GCHQ also developed the technology to leverage its peer-to-peer monitoring for active attacks against users of file-sharing networks. A tool called PLAGUE RAT “has the capability to alter the search results of eMule and deliver tailored content to a target,” the wiki article states. “This capability has been tested successfully on the Internet against ourselves and testing against a real target is being pursued.”

NSA declined to comment. GCHQ did not address specific questions and sent a statement saying, “All of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorized, necessary, and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Investigatory Powers Commissioner’s Office (IPCO), and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position. In addition, the U.K.’s interception regime is entirely compatible with the European Convention on Human Rights.”

Other stories and NSA documents released today by The Intercept are available on our SIDtoday home page.
https://theintercept.com/2017/09/13/...a-and-edonkey/





‘It’ Breaks September Records, Supercharging the Box Office
Brooks Barnes

The horror movie “It” arrived as a cultural juggernaut over the weekend, smashing September box office records with an eye-popping $117.2 million in estimated North American ticket sales and ending an alarmingly slow period at multiplexes.

The R-rated movie, adapted from Stephen King’s 1986 novel about a demonic clown, Pennywise, who emerges from a sewer to prey on children, had been expected by box office analysts to take in roughly $70 million over its first three days — a total that seemed almost unbelievable in itself, given that the previous record-holder for a September release was the PG-rated “Hotel Transylvania 2,” which arrived to about $50 million in 2015.

“Paranormal Activity 3,” which had about $58 million in initial ticket sales in October 2011, after adjusting for inflation, was the previous record-holder for a horror movie released at any time of year, according to comScore.

Instead, “It” arrived like a superhero movie. Actually, bigger: With no stars and a modest production budget of about $35 million, “It” delivered a larger opening-weekend audience than “Wonder Woman.” The “It” turnout was particularly impressive given that cities in Florida and Texas were busy preparing for a major hurricane or recovering from one.

What clicked with “It” in such spectacular fashion?

Start with a well-made and expertly marketed movie. “It,” directed by Andy Muschietti (“Mama”), received mostly positive reviews. Mr. King, of course, has a huge fan base. Helping was the presence of a marquee villain in Pennywise, played by Bill Skarsgard. “It” also has parallels to “Stranger Things,” the hit Netflix series. Both involve a scary, supernatural mystery and have a “Stand by Me”-style group of misfit children at their center.

“Whenever a movie overperforms to this degree — becomes a tent pole — there is some kind of cultural accelerant at play,” said Toby Emmerich, president of Warner Bros. Pictures Group. “It,” which did particularly well in Imax theaters, collected an additional $62 million overseas. Mr. Emmerich already has a sequel in the works.

Horror movies have been a box office bright spot over the past year. As moviegoers have become more fickle — in no small part because they now have Netflix and large-screen televisions in their living rooms — the thrill of getting scared with a group of strangers in a theater has held its power, particularly for young audiences. New Line, the division of Warner that made “It,” recently found success with “Annabelle: Creation,” for instance.

But “It” is not a typical horror film. “The message of the movie is actually hope,” said Dan Lin, an “It” producer. “If we stick together and rely on one another’s strength, loyalty and goodness, we can — like the kids in the film — overcome our fears and the evil in the world.”

No movie opens itself, however, and part of the success of “It” can be attributed to Blair Rich, who oversees New Line releases as Warner’s president of worldwide marketing. Her teaser trailer for “It” received 197 million views online in its first 24 hours, the largest in Hollywood history. “It’s really a reflection of the whole Warner marketing team,” Ms. Rich said. “They are truly skilled at turning a film into an event. And New Line gave us an incredible film to work with.”

Horror movies (in particular one about killing kids) are tricky to sell to a wide audience; playing down the scary parts might make non-horror fans more interested, but that strategy risks driving away the core fan base. “You have to be very careful not to deteriorate the scare,” Ms. Rich said.

Another challenge involved building interest while avoiding overhype. “You never want to get to a point where the buzz doesn’t feel credible,” Ms. Rich said. So rather than relying on traditional (and expensive) methods of movie promotion, including carpet bombing television with ads, the “It” campaign focused on generating viral buzz. Efforts included a five-minute virtual reality experience that was available on YouTube and Facebook and in real life inside a school bus, which Warner sent to eight cities.

In Los Angeles, Warner built a two-story replica of the film’s haunted house that was free to tour. About 35,000 people visited over the course of a month — with studio staffers encouraging them to take photos and post them on Instagram — and lines stretched to five hours. The studio shut down an online wait-list after it reached 85,000 names.
https://www.nytimes.com/2017/09/10/m...ox-office.html





David v Goliath: Deezer Seeks Musical Edge On Spotify
Sophie Sassard

From Brazilian gospel to Puerto Rican reggaeton and Dutch hip-hop, music streaming company Deezer is scouring the globe for gaps in the market where it can survive and thrive against Spotify and Apple.

The French firm has little hope of success going toe-to-toe with its far bigger rivals in the mass-market realms inhabited by the likes of Taylor Swift and Ed Sheeran.

Instead it is focusing on local music genres in fast-growing, often non-English language markets, areas where it believes it can steal a march. It is targeting local listeners while also looking to position itself for a global audience as a “cool”, non-mainstream alternative.

As part of this strategy, launched this year and called Deezer Next, it is dispatching local teams of “editors” to identify talent in niche genres and create original content, Netflix-style.

The aim is not only to differentiate its catalog but also to reduce its reliance on the record labels that take the lion’s share of streaming services’ revenue. It has 40 editors globally, and is looking to recruit more.

Deezer Chief Executive Hans-Holger Albrecht said he would target selected markets in Latin America, Asia and Africa where Spotify was not already predominant. They include Guatemala, Bolivia, Paraguay, Colombia, Nigeria, Senegal and South Africa.

“I strongly believe in the localisation of content,” he told Reuters. “While Spotify is mainly playlist-focused, we are betting on local differentiation, and this has helped us become number one in gospel in Brazil.”

But finding a path to profit represents a formidable task for the loss-making company.

It has a similar "freemium" to market leader Spotify, whereby it attracts users by offering advert-supported free access and charges a monthly fee of about $10 for the full service. However it has only 12 million active users - about 9 million paying - compared with Spotify's 60 million paying subscribers, and brings in just a tenth of the Swedish firm's $3 billion annual revenue.

Deezer, controlled by billionaire investor Len Blavatnik, is nonetheless sinking tens of millions of euros into this local music drive. Its strategy is based on a bet that music streaming will continue to grow rapidly to eventually eclipse all other forms of music listening.

The paid streaming market is expected to grow 16 percent to $28 billion by 2030 in terms of annual revenue, according to Goldman Sachs

“Streaming is a very young market, with just about 10 percent penetration globally, so there is a lot of potential still,” said Albrecht.

Spotify is also loss-making but is nevertheless valued at $13 billion because of this market potential, as well as investor expectations that its fast-growing user base will allow it to negotiate increasingly lower royalty payments to labels.

The company, a millennial megabrand, is eying a stock market listing this year or next, and Albrecht said Deezer could also consider going public should that flotation prove successful.

ALGORITHM + EDITORS

Deezer users listen to an average of 30-60 hours of music per month, a seven-fold increase from two years ago, said Albrecht. This has allowed the company’s algorithm, assisted by the team of 40 editors specialized by genre, to recommend more accurately music people may want to listen whether they are at work, at the gym or at home, he added.

The unlisted company, which launched a decade ago, is the market leader in its home market of France where it has been profitable for nearly five years and has double-digit profit margins, said Albrecht, declining to give precise numbers.

Deezer has annual revenue of 300 million euros ($360 million), and losses of 60 million - a figure which equals its marketing budget.

It is the fourth-biggest music streaming company in the world, by paid users, after Spotify, Apple Music and Amazon. The latter two, as diversified tech giants, have the advantage of being able to rack up losses on streaming while the market grows and recoup the money from bumper sales of products like phones and tablets.

Independent music analyst Bob Lefsetz believes Deezer benefited from a “first-mover advantage” in France, making it hard to replicate its success elsewhere since Spotify and Apple already lead the pack in most other markets.

Some also question whether content differentiation will provide a long-term advantage.

“Over time, libraries are bound to become increasingly similar so banking on content to differentiate your services seems an ill-fated race. It would just give you a temporary edge,” said Gartner analyst Stephanie Pitter-Baghdassarian.

CHAMPETA CRIOLLA

An area where many industry experts believe Deezer is heading in the right direction is its investment in finding and promoting emerging artists in much the same way as a record label’s A&R division.

In the short term, analysts say, it could reduce their reliance on labels and in the long term - perhaps five to 10 years from now - they say top streaming companies could eventually replace the labels.

Deezer says artists discovered through Deezer Next include champeta criolla band Tribu Baharu and singer Martina la Peligrosa in Colombia; Sertanejo girl duo Day e Lara and gospel singer Isadora Pompeoa in Brazil; and pop trios MKN MAKENNA and Layl, and singer Jary, in Mexico.

The company says selection criteria include how closely Deezer can work with the artist and their team and whether the music will bring something “fresh” to appeal to its users.

ACQUISITION HUNT

Scale is increasingly vital to survive in an industry where the bigger fish can cut better deals with labels. This presents the biggest challenge to Deezer and fellow minnows Tidal, backed by rapper Jay-Z, and Berlin-based SoundCloud, which recently came close to bankruptcy.

Spotify’s market-leading subscriber base has allowed it to lower the total royalties it hands to labels from about 80 percent of its revenue to 52 percent. This trend means it can entertain hopes it will eventually become profitable, despite doubling its losses this year to $601 million.

Deezer still gives around 60 percent of its revenue to the major labels, but is aiming to negotiate only a few percentage points higher than Spotify in the coming few years, said Albrecht.

To do so, it needs to significantly increase its user numbers, said the CEO, without disclosing any targets.

Deezer is also scouting the market for acquisitions and would be keen to acquire SoundCloud “at the right price”, he said.

Such deals would provide a quick way to gain scale, but many industry players and analysts think Deezer will eventually sell to a larger rival, something Albrecht said was possible but depended on the company’s owners.

A spokesman for Blavatnik, who was born in the former Soviet Union and is now a U.S. and British citizen, said his policy was not to comment on existing investments.

Mark Mulligan, an analyst with technology research company MIDIA, said the fact the tycoon also controlled major music label Warner Music and other industry assets threw up interesting possibilities.”

“Blavatnik has a card to play,” he added. “An efficient way to compete against integrated tech giants like Apple and Amazon would be to combine Deezer, Warner Music and all the other concert and artists management firms he owns to build a full-stack music powerhouse.”

Reporting by Sophie Sassard; Editing by Pravin Char
https://uk.reuters.com/article/us-mu...-idUKKCN1BM19E





A Copyright Vote That Could Change the EU’s Internet

On October 10, EU lawmakers will vote on a dangerous proposal to change copyright law. Mozilla is urging EU citizens to demand better reforms.

The outcome could sabotage freedom and openness online. It could make filtering and blocking online content far more routine, affecting the hundreds of millions of EU citizens who use the internet everyday.

Dysfunctional copyright reform is threatening Europe’s internet

Why Copyright Reform Matters

The EU’s current copyright legal framework is woefully outdated. It’s a framework created when the postcard, and not the iPhone, was a reigning communication method.

But the EU’s proposal to reform this framework is in many ways a step backward. Titled “Directive on Copyright in the Digital Single Market,” this backward proposal is up for an initial vote on October 10 and a final vote in December.

“Many aspects of the proposal and some amendments put forward in the Parliament are dysfunctional and borderline absurd,” says Raegan MacDonald, Mozilla’s Senior EU Policy Manager. “The proposal would make filtering and blocking of online content the norm, effectively undermining innovation, competition and freedom of expression.”

Under the proposal:

• If the most dangerous amendments pass, everything you put on the internet will be filtered, and even blocked. It doesn’t even need to be commercial — some proposals are so broad that even photos you upload for friends and family would be included.

• Linking to and accessing information online is also at stake: extending copyright to cover news snippets will restrict our ability to learn from a diverse selection of sources. Sharing and accessing news online would become more difficult through the so-called “neighbouring right” for press publishers.

• The proposal would remove crucial protections for intermediaries, and would force most online platforms to monitor all content you post — like Wikipedia, eBay, software repositories on Github, or DeviantArt submissions.

• Only scientific research institutions would be allowed to mine text and datasets. This means countless other beneficiaries — including librarians, journalists, advocacy groups, and independent scientists — would not be able to make use of mining software to understand large data sets, putting Europe in a competitive disadvantage in the world.

Mozilla’s Role

In the weeks before the vote, Mozilla is urging EU citizens to phone their lawmakers and demand better reform. Our website and call tool — changecopyright.org — makes it simple to contact Members of European Parliament (MEPs).

This isn’t the first time Mozilla has demanded common-sense copyright reform for the internet age. Earlier this year, Mozilla and more than 100,000 EU citizens dropped tens of millions of digital flyers on European landmarks in protest. And in 2016, we collected more than 100,000 signatures calling for reform.

Well-balanced, flexible, and creativity-friendly copyright reform is essential to a healthy internet. Agree? Visit changecopyright.org and take a stand.
https://blog.mozilla.org/blog/2017/0...opes-internet/





The Rise of the Fidget Spinner and the Fall of the Well-Managed Fad
Charles Duhigg

Earlier this year, when Christine Osborne first realized that fidget spinners — those small devices that have, seemingly overnight, colonized playgrounds and classrooms — were going to become a huge hit, she felt a deep anxiety. This was surprising, because Osborne owns multiple toy stores in South Carolina. Twenty years ago, she would have greeted a new fad like fidget spinners with glee. But the economy has changed quite a bit in the last two decades, and so when Osborne began first noticing the spinner craze, all she could think was: This seems like trouble.

A fad changed Osborne’s life, much for the better, shortly after she opened her original toy store, named Wonder Works, in the 1990s. In those early days, Osborne tried selling board games and science kits, but she was struggling to find customers. Then, in 1994, a family visiting from Chicago walked through her doors and asked if she had any Beanie Babies.

Osborne had never even heard of them. But almost immediately, she started hearing about nothing else. Later that week, someone called asking if she had Quackers the Duck. The next day someone inquired about Happy the Hippo. Osborne quickly learned that Beanie Babies were stuffed animals that, truth be told, weren’t all that distinguishable from other stuffed animals. But for some reason, they had become playground must-haves. ‘‘And that’s when I knew,’’ Osborne told me, ‘‘if we could just get our hands on Beanies, it would be our ticket.’’

Talking to her suppliers, Osborne eventually figured out that Beanie Babies were made by Ty, a company in Westmont, Ill. Ty didn’t actually manufacture Beanie Babies — that was outsourced to China — but it did everything else. The previous year, Ty’s executives began an extensive campaign to identify the nation’s most influential specialty gift and toy stores. Then, rather than advertise Beanie Babies to the public, executives quietly distributed small numbers of them to these retailers, often extracting a promise they would not sell more than a few Beanies to any single customer.

Ty fiercely controlled retailers’ inventory of Beanies based on a complicated formula that was updated with each day’s sales and trends. If a store degraded the Beanie brand by discounting the toy or employing unfriendly salespeople, Ty would cut them off. As particular animals — like Peanut the Elephant — became popular, Ty ceased manufacturing them altogether. When Wal-Mart and Toys ‘‘R’’ Us asked to carry Beanie Babies, Ty refused.

Osborne was accustomed to toy manufacturers begging her to carry their products in her store. With Beanie Babies, everything was reversed. Osborne tracked down a Ty sales rep named Joyce and pleaded with her. ‘‘I started in with the charm,’’ Osborne told me. ‘‘I would telephone nearly every afternoon and tell her we would do anything to get some stock.’’ Eventually, Joyce relented, and Wonder Works began earning thousands of dollars a week from Beanie Baby sales.

But as the months passed and the women continued talking, Joyce began asking for favors of her own. Ty’s executives wanted to know Osborne’s opinion on her customers’ tastes. Did they respond to primary colors? To sparkly bows? Why was Manny the Manatee so popular, but Darling the Dog a bust? Based on such conversations with Osborne and countless other toy-store owners, Ty’s executives made hundreds of tiny shifts in their manufacturing, marketing and distribution over the years, turning what began as a fad into a perennial best-seller, one that earned hundreds of millions of dollars each year and helped Ty employ thousands of people. As for Osborne, she used her Beanie profits to expand Wonder Works to four locations. Today, more than two decades later, Beanie Boos, one of Ty’s latest iterations, are still among her top-grossing items.

This spring, when Osborne started getting phone calls about a new playground must-have — the fidget spinner — she was apprehensive instead of excited. ‘‘Everything is different now,’’ Osborne told me. ‘‘My goal was to get in and get out as fast as I could.’’

Fidget spinners had been around for years, marketed as aids for kids with attention problems (a claim that has little scientific backing). But they were never particularly popular. That changed last year, after a rash of videos appeared on YouTube featuring teenagers performing fidget-spinner tricks. That caught the attention of Chinese factories, many of which have begun to employ squadrons of workers to monitor social media and Google Trends, allowing them to jump on the next big consumer-product craze as soon as it starts materializing. By the time Osborne became aware of the fad, all she had to do was go to DHgate.com, a chaotic online marketplace where overseas factories offer everything from fake eyelashes ($1.27 a pair, shipping within four days) to automobile engines (minimum order $50,000, full delivery in six weeks). There were dozens of manu#facturers offering fidget spinners in whatever quantity a buyer desired. With help from a colleague, Osborne ordered her stock from a factory where, as far as she could tell, no one spoke English, and five days later, the boxes started arriving. Soon she was selling tens of thousands of dollars’ worth of spinners each month. Her biggest competitors were gas stations and people selling from collapsible tables in a nearby park. Most of them also got their spinners through sites like DHgate.com.

For fidget spinners, as Osborne well knew, no one was going to manage the buzz, strategize about inventory and plan marketing the way Ty had for Beanie Babies. ‘‘Now, in less than half a year, spinners are done,’’ Osborne says. ‘‘I’m moving on to squishies’’ — squishable toys that are also (questionably) marketed as attention aids. ‘‘I think they’ll last at least a few months.’’

Within economics, this transition to direct selling — of cutting out sales reps like Joyce in lieu of websites like DHgate.com — is known as disintermediation, and it’s one of the defining characteristics of the internet age. Companies like Uber, Amazon and Priceline have succeeded by disintermediating enormous industries (taxi dispatchers, brick-and-mortar retailers, travel agents). The logic of disintermediation seems self-evident: By putting factories directly in contact with stores, by helping customers order directly from manufacturers, by letting riders coordinate with drivers, you cut out a needless source of waste and inefficiency. Middlemen (and middlewomen), so this theory goes, have simply been gobbling a slice of the pie they never really deserved.

In reality, though, all these middlemen were often crucial to ensuring that the pie was baked at all. As Osborne learned when she started selling Beanie Babies, middlemen like Joyce are often the ones who turn a fad into a sustainable business that creates jobs. You might think a company’s main function is to make stuff. But that’s usually wrong. Making stuff is often the easiest part of what a company does. It’s everything else — marketing and defending intellectual property, coming up with distribution strategies and knowing when to stop manufacturing Peanut the Elephant — that’s the hard part. That’s what middlemen do.

Or, at least, it’s what they did, before the digital economy made their jobs disappear. Take, for instance, the travel industry: As Youcheng Wang of the University of Central Florida notes, the industry as we know it was built, over decades, by hundreds of thousands of middlemen at travel agencies, tour operators, hotels and airline bucket shops. ‘‘There were layers of jobs and experts,’’ Wang says. ‘‘They convinced people to visit new places and helped resorts find new customers.’’ Today, however, many of those jobs and experts are gone, replaced by disintermediators like Trip#Advisor (3,000 employees) and Priceline (18,500 employees), which are built on what middlemen created, but which employ far fewer people. And the impact of losing all those jobs will have ripple effects that we can’t even predict. Who, in the absence of those middlemen, is today persuading travelers to dream bigger about their vacations, to open their wallets to support off-the-beaten-track destinations, to help new hotels find their clienteles? ‘‘Without intermediaries,’’ Wang points out, ‘‘it can be difficult to get discovered.’’

Around the same time Osborne was first hearing about fidget spinners, she visited a big toy fair in New York and stopped by the booth of Zing, a toy manufacturer that jumped on the craze early. At the fair, Zing executives were testing out an idea: What did retailers like Osborne think about a fidget spinner with LED lights that kids could program from their iPhone, so that it would spell out words as it spun?

It was a fun idea, retailers said. It could probably help fidget spinners make the transition from a fad into a sustainable product. If it worked, it would create jobs and help toy stores prosper. But Osborne and others cautioned Zing against making the investment. It would take at least six months to design and manufacture the new item, and by then, the fidget spinner craze would most likely be over. So Zing shelved the idea — and the new hiring it would have triggered.

‘‘Now a fad is just a fad,’’ Osborne says. ‘‘And that makes things harder for all of us.’’
https://www.nytimes.com/2017/08/15/m...naged-fad.html





Floridians Say Online Retailers Let Them Down Ahead of Irma
Adriana Gomez Licon

Maya Kogul was in California when Hurricane Irma began twirling toward Florida. She knew stores would run out of key supplies before she got back to her downtown Miami home earlier this week, so she placed an order for three cases of water through a Nestle water delivery company. She waited and waited, but the order didn't come.

More than 50 Floridians told The Associated Press that they did not receive flashlights, battery-operated radios, boxed milk, water bottles and first-aid kits after placing orders on Amazon.com and Nestle's ReadyRefresh.

Amazon spokeswoman Amanda Ip said that deliveries were experiencing delays because of the weather conditions. ReadyRefresh posted an apology Friday on Twitter for service disruptions and delivery delays.

"It was frustrating having to run around last minute," said Kogul, a 31-year-old mother of a 2-year-old girl. "By delivery date it was already evacuation time. By the time I realized I wasn't getting the delivery, it was almost Thursday evening. I didn't know they were not going to come."

Several customers said that online retailers let them down at the worst possible moment and even before weather deteriorated. They said on Saturday that they received cancellation notifications only after evacuations had begun in their neighborhoods and markets' shelves had emptied. Some had placed orders as early as Monday.

Others said their packages had arrived in Miami but were either stuck at a sorting facility for a few days or delayed because of problems with couriers.

Many of the customers who spoke to the AP said Amazon had directed them to UPS for complaints. The courier said in a statement that their facilities suspended operations as officials rolled out announcements of evacuations, delaying orders that were out for delivery on Thursday and Friday. UPS spokeswoman Jennifer Cook said the company is offering to waive any fees to send their packages to another address that is not under evacuation order.

Mar Enriquez, 41, placed an order on Amazon for what seemed to him like an innovative bag that expands when it comes in contact with water to use as a barrier, like a sandbag. He had heard it worked for friends who braved Hurricane Harvey in Houston, so he bought it on Monday using his Prime membership that offers speedier deliveries. Enriquez was set to leave for New York City on Friday after his suburb was evacuated because of the risk of storm surge.

"On Thursday, they told me everything was fine," he said. But his package got stuck at a sorting facility in the Miami suburb of Doral, probably because couriers were swamped with orders and not able to deliver them all. "You put your confidence on this. You pay for the extra Prime membership, but they failed us in the worst and most-needed moment."

The office of Florida's attorney general was not able to identify whether package delays were widespread. The office said it has received more than 8,000 complaints about alleged price gouging ahead of the storm.

Loyal Amazon customers say they understand the large volume of orders placed this week may have made deliveries impossible, especially as millions were told to evacuate their neighborhood and likely abandon work commitments.

But Christine Huyn, a 38-year-old fitness instructor, said the companies should have been upfront. She ordered a portable air conditioner from Amazon for a room where she will be hunkering with her two children.

"I lost my chance because they guaranteed it would be here. They gave us a false sense of security," she said.

What she remembers the most from Hurricane Andrew in 1992 as a child is how hot it was, and the fact her family had no electricity for weeks.

"I really was crying when they told me it wouldn't be here, because I was thinking of my kids," she said. "The heat is going to be horrendous."
http://www.newstimes.com/business/te...n-12185470.php





I Downloaded an App. And Suddenly, was Part of the Cajun Navy.

After two minutes of training, I was talking to people desperate for help
Holly Hartman

After watching nonstop coverage of the hurricane and the incredible rescues that were taking place, I got in bed at 10:30 on Tuesday night. I had been glued to the TV for days. Every time I would change the channel in an attempt to get my mind on something else for a few minutes, I was drawn right back in.

I finally turned off the TV and picked up my phone to do a quick check of email and Facebook. I read an article about the Cajun Navy and the thousands of selfless volunteers who have shown up to this city en masse. The article explained they were using a walkie-talkie-type app called Zello to communicate with each other, locate victims, get directions, etc. I downloaded the app, found the Cajun Navy channel and started listening.

I was completely enthralled. Voice after voice after voice coming though my phone in the dark, some asking for help, some saying they were on their way. Most of the transmissions I was hearing when I first tuned in were from Houston, but within 30 minutes or so, calls started coming in from Port Arthur and Orange. Harvey had moved east from Houston and was pummeling East Texas.

Call after call from citizens saying they were trapped in their houses and needed boat rescue. None of the volunteer rescuers had made it to that area from Houston, but as soon as the calls started coming in, they were moving out, driving as fast as they could into the middle of Harvey.

Holly Hartman, at the dining room table where she helped the Cajun Navy rescue Houstonians after Tropical Storm Harvey.

As I was listening, I quickly figured out that there were a few moderators on the app that were in charge and very experienced in using this method of communication during emergencies. One in particular, Brittney, was giving directions, taking rescue requests, and prioritizing calls and rescues. At one point, she said something that made me realize she's a nurse, so I immediately understood why she was so effective in this situation.

A couple of other women (who were working from other parts of the country, not Houston) who had been taking calls from victims and logging in the information came on the line around 12:30 and said they had to sign off so they could get to bed. They asked if there was anyone who could work through the night to keep taking rescue requests and log them.

I sat up and turned on my light. I timidly pushed the "talk" button and said, "I can."

I GOT a two-minute "training" session and a "good luck!" One of the key suggestions of the training session was that when I received a rescue request, I needed to try to call the person making the request if possible to get more details and to ensure that it was a legitimate request. Unfortunately, there had been reports of people calling in fake rescue requests and then robbing the volunteers when they arrived. Despicable.

After I received each request and had called the person making the request, I was to log their information on a designated website, let the requester know the ID number they'd been assigned and move on to the next call.

Within minutes, I was on the phone with Karen. Karen was in a house in Port Arthur, sitting on her kitchen cabinet with seven other adults, two teenagers and a newborn. The water was almost to the counter tops. I assured here we would get someone to her as soon as we could and told her to stay safe.

It was 1:15 a.m..

By this time, Cajun Navy rescuers had begun arriving in Port Arthur. They were begging to be let in the water, but the Coast Guard understandably wouldn't grant them permission because the storm was just too strong.

It was gut-wrenching to hear so many calls coming in and having to tell them there was nothing we could do until the storm calmed down a little. The local authorities were doing the best they could, but they were far outnumbered and also unable to get to everyone in the treacherous conditions.

I took several more calls and quickly realized there was no way I could call to verify every request. They were coming in faster than I could type them into the website data bank. I would listen to the request, write down their info and start typing it in. In the time I could enter one request, three more would come in.

I was originally just sitting up in bed with my laptop on my lap, phone in hand and a notepad on my nightstand. Pretty quickly, I moved to my dining room table, plugged in my computer and phone and poured a huge glass of iced tea.

I started out taking notes nice and neat on printer paper. That quickly turned into chaotic scribbles. I was having trouble reading my own handwriting at times.

I got a request from Chad. I had enough time to call him. Trapped in their house, he and his wife had water up to their chests. He told me they were about to go to their attic. I begged him not to do that and told him he had to go to his roof instead. He said there was no way for them to do that. I told him he didn't have a choice. I asked him to keep calling 911, over and over. When we hung up, I texted him other numbers to try — the Coast Guard, the Jefferson County Office of Emergency Management, the Air Force.

It was 2:20 a.m..

I spoke to another woman whose name I can't even remember. I didn't call her directly but we had a few exchanges through the app. She told me she and her kids were sitting on their kitchen counter and needed rescuing, but she was scared to get off the counter when boats arrived because there were snakes in the water in their house.

I took request after request after request. Name...phone number...address...number of adults...number of children...number of elderly...medical conditions. I would then type this information in as fast I could so the dispatchers could send the rescuers out. After submitting the information, I received an ID number that I was supposed to relay to the person requesting the rescue. We asked them to remember the number so they could give it to their rescuers when they were finally picked up. We could then mark them safe in the system, avoiding the dilemma of rescuers looking for people who had already been saved by someone else.

It was around this time that I heard one of the dispatchers who goes by Goose ping in to our channel to let us know that the Cajun Navy still had no boats on the water. Conditions were still too dangerous. I had mistakenly assumed we had boats in the water by then.

No wonder we had so many people desperately begging for rescue. No one was coming for them.

All night long I had been telling them to "hang on, we'll be there soon." I didn't know I had been lying to them.

AROUND 3 a.m., I got a request from a teenage boy in Orange who was screaming so hysterically I couldn't even understand him. I got his phone number and told him I'd call him directly. The second he answered, he was screaming that his brother and cousin were laying in the backyard, unresponsive, possibly electrocuted.

I'm sad to say that I don't even remember this boy's name. I know I asked, but in the conversation that ensued, I forgot it. He told me that his brother and cousin had been near a shed in the backyard for over an hour, but they couldn't get to them because of the rising water and the storm.

I told him they needed to try to get to them and that I was getting help to them as soon as I could. I think he thought I was an official 911 dispatcher, as he kept asking me why the police weren't there. He said he'd called 911 "at least 100 times" and they never answered. He then told me he and another cousin were going to go outside to check on the young men in the yard. I told him I'd wait. He put the phone down. I listened. And waited.

I could hear panicked conversation and rain and sloshing water. After a very long seven or eight minutes, I suddenly heard the most blood-curdling, gut-wrenching screaming I've ever heard.

I heard a little girl screaming at the top of her lungs.

I heard a boy's voice screaming "no, no, no, noooooo" over and over.

I felt nauseated. And completely helpless. I started screaming into the phone..."Hello! Hello!"

He picked up the phone.

"Miss, I think my brother is dead! He's not breathing! Should we do CPR? What do we do?"

"Do you know CPR? Yes, try CPR!"

"What do I do?" he screamed.

Before I could answer, he dropped the phone again. More chaos. More screaming. Guttural. Desperate. He came back to the phone.

"He's not moving! I don't know what to do! I have to go get my cousin!"

I asked him to put his mom on the phone.

A woman's voice. Much calmer than I expected.

"Hello?"

"Hello, I'm Holly. I'm trying to get some help to you. Tell me what's going on. What's your name?"

"Margaret. My boy is gone! His lips are purple. He's gone."

I desperately searched for words.

"Margaret, I'm so very sorry. Where is your nephew?"

"He's in the yard. They're trying to get him now."

"Who else is with you?"

Margaret told me she was with her other kids — four or five people total, if I remember correctly — and that they were up to their waists in water.

"My boy is on the table." Her voice cracked. "They're out there trying to get my nephew now. Please get someone here, please," she begged.

I assured her we would. But I knew there were still no boats in the water.

I hung up and called the Coast Guard number we'd been given. They answered immediately, but the person I was talking to was actually in Houston. I quickly explained who I was and what I had just experienced and gave them Margaret's address. He assured me he would let the Coast Guard in Orange know about the Davis family.

I hung up and called the Jefferson County Office of Emergency Management. Shockingly, he answered on the second ring.

"Address!" he barked.

"Hi, my name is Holly Har-"

"I know why you're calling! Where are you?"

"I don't need help. I'm working with the Cajun Navy dispatchers and need someone to get to a family I just spoke with."

I explained the situation and gave them the Davises' address

"Jesus Christ," he sighed. He sounded completely defeated.

"I know you're doing the best you can. Just please get to this family."

"We will. We're going to have a lot of deaths here tonight."

I got up from my table to take a break and try to process what had just happened. I had just interjected myself into a family's most horrible moment. As quickly as I had crossed paths with them, they were gone. A 15-minute interaction that will stay with me for a lifetime.

I went to the bathroom, refilled my tea, walked around a bit, thinking to myself, "What are you doing?? You're not qualified to do this!"

Then I sat back down and went back to it.

AROUND 4:30, I got a request from a young woman in Beaumont who was trying to get her 87-year-old grandfather, Chester, rescued in Port Arthur. He lived alone and had water to his shins. I couldn't hear her well through the app, so I called her directly. She told me her grandfather couldn't get through to 911 and she was really scared for him. I assured her someone would get to him and that he would be okay.

There were still no Cajun Navy boats in the water.

At some point, I'd heard another volunteer mention that a woman who lived on Sassine Street and her three kids had retreated to their attic to escape rising waters. I pinged in and told the volunteer that she had to call the woman back and tell her to get out of the attic and go to her roof.

The volunteer came back on the line and said that she'd talked to the woman, but she refused to move because her kids couldn't swim. I asked if she had anything they could use to break through the attic roof. No.

We got word around 7:30 a.m. Wednesday — seven hours after the first calls stared coming in from Port Arthur — that the Cajun Navy had finally been let in the water. Reports of rescues started coming in. I was finally able to mark one of my cases "safe."

I kept taking calls all day Wednesday. Throughout the night and into Wednesday, I was texting with Chad and Shaundra, the young woman calling for her grandfather.

Chad told me the water was almost to their necks and they still hadn't gone to the roof.

Shaundra texted me repeatedly, asking why no one had gotten to her grandfather. The water had risen to his chest. I promised her someone would get there.

The rescues and the "safe" status reports were increasing by the hour. I turned on the TV at some point and started seeing scenes of the same people and situations I was listening to on the app.

Around 10:00, I heard one of the rescuers who uses the handle Cowboy ask about "the woman in the attic on Sassine Street." I immediately pinged in, and Cowboy asked me to call him. He wanted the address again and wanted to know when we had last heard from the lady in the attic. I told him I had no idea because the volunteer who originally took that call had signed off.

Cowboy said he was a few minutes away from Sassine St. and didn't know if he should request another boat with "breaching equipment" or a helicopter. I suggested helicopter, hoping the family had somehow made it to the roof.

The calls for rescue were slowing down but continued to come in at a steady pace. Every 20 to 30 minutes, I'd remind the rescuers that Chester, Shaundra's grandfather, still needed a rescue from 19th Street. And I kept telling Shaundra that they would get there.

She finally said she was just going to get in the car and drive from Beaumont to Port Arthur to get him herself. I told her to be careful and let me know she made it. 20 minutes later she texted me to say that they'd been stopped by flood waters and couldn't get there. She told she was afraid he was going to die.

Around 11:30, I realized I hadn't heard Cowboy on the line with a report about Sassine Street. I asked on the app if we had had any update.

My phone rang. It was Cowboy.

"We got to Sassine. It's confirmed."

"Confirmed?" I frantically asked. "Confirmed what? What does that mean? Does that mean they're dead?"

"Yes. Water past the roof. They never left the attic. We sent divers in."

I thanked him for letting me know and off he went to the next rescue.

My texts with Shaundra.

AT 3:02 p.m., I got a text from Shaundra that said "[Mam], I thank you so much. He is on his way to the bowling alley." A few minutes later: "Thank you [mam]. He was on a boat at first now he is on a truck."

I let out a huge sigh of relief. I think I may have actually said "Thank you, God" out loud.

I texted Chad at 5:30 p.m. to see if he was safe. I didn't hear back from him until 7:30 Thursday morning: "We are safe now."

I pinged Goose to ask him if he knew if Margaret, the mother who lost her son and her nephew, and her other kids had been rescued. He said they had.

I have texted Margaret to ask her how she was doing. I still haven't heard from her. I've been scanning reports from Orange to see if her family has been mentioned. I need to know the names of the two boys who died.

At 6 p.m. Wednesday, I closed my laptop. I'd been awake 34 hours and wasn't even tired. I was emotionally drained, but there was no way I could've slept right then. I thought back on the last day and half and couldn't believe what I had just heard and experienced.

Even as I type this, it seems surreal. I don't know how police officers and firefighters and 911 dispatchers and EMTs do this every day.

What I do know: I am grateful beyond measure that they do it.

And thank God for the Cajun Navy. How many more people would be dead today if not for our first responders and the thousands of volunteers here? What if a flood of this magnitude had happened 20 years ago, before cell phones and social media? The deaths would be in the hundreds.

I saw a meme on Facebook today that said, "Someone needs to erect a statue honoring the regular dude with a bass boat." It was meant to be funny, but it's actually spot-on.

On Thursday, I got another text from Shaundra. It was a picture of her and her grandfather. I sent a selfie back to her and told her I was going to find a way to meet them in person someday. I really hope I get to do that.
http://www.houstonchronicle.com/loca...g-12172506.php





Turks Detained for Using Encrypted App 'had Human Rights Breached'

Legal opinion published in UK argues that the arrest of 75,000 suspects, primarily for downloading ByLock app, is illegal
Owen Bowcott

Tens of thousands of Turkish citizens detained or dismissed from their jobs on the basis of downloading an encrypted messaging app have had their human rights breached, a legal opinion published in London has found.

The study, commissioned by opponents of the Turkish president, Recep Tayyip Erdoğan, argues that the arrest of 75,000 suspects primarily because they downloaded the ByLock app is arbitrary and illegal.

It reflects growing concern about the legality of the Turkish government’s crackdown in the aftermath of last year’s failed coup.

The government says those detained or dismissed have links to a movement led by the preacher Fethullah Gülen, who lives in the US and has been accused of orchestrating the attempted uprising. Gülen has denied any involvement.

The legal opinion was commissioned by a pro-Gülen organisation based in Europe. The two British lawyers involved, William Clegg QC and Simon Baker, are experienced barristers.

The report examines transcripts of recent trials of alleged Gülenists in Turkey as well as Turkish intelligence reports on ByLock. It concludes that the cases presented so far breach the European convention on human rights, which Turkey is signed up to.

“The evidence that the [ByLock] app was used exclusively by those who were members or supporters of the Gülen movement [is] utterly unconvincing and unsupported by any evidence,” the two barristers say. “There is a great deal of evidence ... which demonstrates that the app was widely available and used in many different countries, some of which had no links to Turkey.”

The detention of people on this basis is “arbitrary and in breach of article 5” of the European convention on human rights, which guarantees the right to liberty, the report says.

The opinion says ByLock was available to everyone, it had been downloaded around the world and was in the top 500 apps in 41 separate countries. Other “compelling evidence” is required to justify the mass arrests, it said.

In a separate commissioned report, Thomas Moore, a British computer forensics expert, says ByLock was available to download free of charge on Apple’s App Store and Google Play.

“It was downloaded over 600,000 times between April 2014 and April 2016 by users all over the world,” Moore says. “It is, in my opinion, therefore nonsensical to suggest that its availability was restricted to a particular group of people.”

Moore draws attention to a report by MIT, the Turkish intelligence service that had gained access to ByLock communications. “There is no suggestion in the MIT report that downloads were restricted to a territory or jurisdiction.”

Other secure communication services, such as Telegram, have been exploited because of their secure encryptions. “There is compelling evidence to show that Telegram has been used by Isis as a secure communication tool and yet there is no move by law enforcement authorities to detain every user of the service,” Moore says.

None of the cases tried in Turkey have yet been appealed to the European court of human rights, but some are expected to reach Strasbourg eventually.

Those detained have included lawyers, civil servants, judges, army officers, journalists and authors.

Taner Kiliç, the head of Amnesty International in Turkey, was charged in June with membership of a terrorist organisation and remanded in custody.

Amnesty said of his detention: “The only claim presented by the authorities purportedly linking Taner Kiliç to the Gülen movement is that Bylock, a secure mobile messaging application that the authorities say was used by members of the ‘Fethullahist terrorist organisation’, was discovered to have been on his phone in August 2014.

“No evidence has been presented to substantiate this claim, and Taner Kiliç denies ever having downloaded or used Bylock, or even having heard of it, until its alleged use was widely publicised in connection with recent detentions and prosecutions.”

The Turkish embassy in London did not give a response to requests for comment on the legal opinion.
https://www.theguardian.com/world/20...ights-breached





Equifax Lobbied To Kill Rule Protecting Victims Of Data Breaches
Alex Kotch

If you want to know if you were one of the 143 million people whose data was breached in a hack of Equifax’s data, the company has a website you can use to find out — but there appears to be a catch: To check, you have to agree to give up your legal right to sue the company for damages. The outrage that clause has now generated could complicate the company’s efforts — backed by Republican lawmakers — to block an imminent rule that would ban companies from forcing customers to agree to such provisions.

On Friday, social media users spotlighted fine print on Equifax’s website that appears to force users to agree to waive their class action rights if they use the company’s website to see if their personal data was exposed by the recent hack. It is precisely the kind of arbitration clause that a pending Consumer Financial Protection Bureau (CFPB) rule is designed to outlaw — if Republicans and the Trump administration allow it to go into effect as scheduled later this month.

Federal documents reviewed by International Business Times show that in response to that 2016 rule, the Consumer Data Industry Association (CDIA) — which says it is “the trade association which represents Equifax” — pressed regulators to back off the proposed prohibitions, saying the regulations would subject data companies to tough penalties if during a class action suit they were found to have broken the law.

In one section of the letter, CDIA declares that federal regulators “should exempt from its arbitration rule class action claims against providers of credit monitoring products.” The letter asserted that allowing customers to sue companies “would not serve the public interest or the public good” because it could subject the companies to “extraordinary and draconian civil liability provisions” under current law. In another section of the letter, Equifax’s lobbying group says that a rule blocking companies from forcing their customers to waive class action rights would expose credit agencies “to unmanageable class action liability that could result in full disgorgement of revenues” if companies are found to have illegally harmed their customers.

Equifax’s lobbying group argued against the prohibition even as it acknowledged that a 2015 government study found “that credit reporting constituted one of the four largest product areas for class action relief” for consumers. Consumer groups countered the claims of CDIA and other rule opponents by saying the ability to file suit is necessary to protect Americans’ legal rights.

“The use of forced arbitration clauses has created a closed system where corporations allow court access only when it’s in their interest, where it is functionally impossible for consumers to recover small dollar amounts they are due under law, and where the deterrent effect of class actions has been lost,” wrote the Consumer Federation of America in a 2016 letter to the CFPB.

As written, the rule may not prevent Equifax from restricting customers’ legal rights as they seek to find out whether they have been harmed by this week’s data breach: The legal language says the arbitration provisions would apply only to contracts and terms of service six months after the rule goes into effect. However, the massive data breach and backlash against the company’s arbitration clause may impede Republicans’ efforts to repeal the rule.

“Equifax is doubling down on this data breach with a breach of that trust,” said Karl Frisch, executive director of consumer watchdog Allied Progress, in a press release. “This is nothing more than an underhanded attempt to deny the victims of this cyber attack their day in court... There couldn’t be a clearer example of why this new rule from the Consumer Financial Protection Bureau is so essential.”

With frustration about the breach and the website language simmering, Equifax issued a statement Friday evening. “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,” said the company.

Equifax has delivered more than $500,000 of campaign cash to Republican lawmakers since the creation of the CFPB in 2010. During that time, congressional Republicans have waged a campaign to weaken the CFPB, culminating in this year’s Republican legislative proposals to repeal the rule and fully eliminate the agency. A top Trump-appointed regulator — former bank lawyer turned Acting Comptroller of the Currency Keith Norieka — has also previously pushed for the rule to be delayed.

According to government watchdog Public Citizen, 24 Republican senators co-sponsoring a bill to kill the arbitration rule have, over the course of their political careers, collectively received over $11 million in campaign contributions from commercial banks and over $100 million from the financial sector overall.

Equifax itself has directly lobbied the CFPB on the arbitration rule. Federal records show that since the second quarter of 2015, a team of lobbyists from Equifax’s own government relations shop lobbied the Bureau on the “Use of arbitration agreements involving consumer financial products and services.” This year, the company was still lobbying the CFPB; during the most recent period for which lobbying information is available, the second quarter of 2017, Equifax had five lobbyists personally pushing the CFPB to revise the rule.

The company and CDIA are also both lobbying Congress on a Republican-sponsored House bill, pointed out by journalist David Dayen on Twitter on Friday, that would cap class action damages at $500,000 and eliminate punitive damages altogether. The bill's sponsor, Barry Loudermilk (R-GA), announced CDIA's support.

A long-time CDIA lobbyist and former top staff member from the Senate Banking Committee, Geoffrey P. Gray, is now lobbying Congress on a Republican bill to repeal post-2008 financial regulations. Federal records show that Gray has been working specifically to influence “provisions related to the structure, powers, and funding of the CFPB.”
http://www.ibtimes.com/political-cap...eaches-2587929





Equifax Blames Open-Source Software for its Record-Breaking Security Breach: Report

The credit rating giant claims an Apache Struts security hole was the real cause of its security breach of 143 million records. ZDNet examines the claim.
Steven J. Vaughan-Nichols

If you're an American with a credit history -- and at least 143 million are -- you probably already know your Equifax data, including at least your name, social security number, birthdate, and home address, may have been stolen.

Who's to blame?

According to an unsubstantiated report by equity research firm Baird, citing no evidence, the blame falls on the open-source server framework, Apache Struts. The firm's source, per one report, is believed to be Equifax.

Apache Struts is a popular open-source software programming Model-View-Controller (MVC) framework for Java. It is not, as some headlines have had it, a vendor software program.

It's also not proven that Struts was the source of the hole the hackers drove through.

In fact, several headlines -- some of which have since been retracted -- all source a single quote by a non-technical analyst from an Equifax source.

Not only is that troubling journalistically, it's problematic from a technical point of view. In case you haven't noticed, Equifax appears to be utterly and completely clueless about their own technology. Equifax's own data breach detector isn't just useless: it's untrustworthy.

Adding insult to injury, the credit agency's advice and support site looks, at first glance, to be a bogus, phishing-type site: "equifaxsecurity2017.com." That domain name screams fake. And what does it ask for if you go there? The last six figures of your social security number and last name. In other words, exactly the kind of information a hacker might ask for.

Equifax's technical expertise, it has been shown, is less than acceptable.

Could the root cause of the hack be a Struts security hole?

A new and significant Struts security problem was uncovered on September 5. But, while some jumped on this as the security hole immediately, there was one little problem with that theory. Equifax admitted hackers had broken in between mid-May through July, long before the most recent Struts flaw was revealed.

It's possible that the hackers found the hole on their own, but zero-day exploits aren't that common. To quote the renowned security expert SwiftOnSecurity: "Pretty much 99.99 percent of computer security incidents are oversights of solved problems."

It's far more likely that -- if the problem was indeed with Struts -- it was with a separate but equally serious security problem in Struts, first patched in March.

If that's the case, is it the fault of Struts developers or Equifax's developers, system admins, and their management?

Ding, ding, ding! The people who ran code with a known "total compromise of system integrity" should get the blame.

The Apache Struts Project Management Committee said in a statement that while they're sorry Equifax "suffered from a security breach," they're not ready to take on the burden for this all-time security fiasco. Instead, the attackers "either used an earlier announced vulnerability on an unpatched Equifax server or exploited a vulnerability not known at this point in time -- a so-called zero-day exploit," said the statement.

It read: "If the breach was caused by exploiting [September's] CVE-2017-9805, it would have been a zero-day exploit by that time."

Yes -- it's possible that the hackers used a zero-day. But, since Equifax hasn't revealed any details, we don't know. Indeed, Equifax, which had known about the problem for six weeks, hasn't told the Apache Struts Project -- or anyone else -- exactly what went wrong.

The Struts developers also make it clear that:

“The development team puts enormous efforts in securing and hardening the software we produce, and fixing problems whenever they come to our attention. In alignment with the Apache security policies, once we get notified of a possible security issue, we privately work with the reporting entity to reproduce and fix the problem and roll out a new release hardened against the found vulnerability. We then publicly announce the problem description and how to fix it. Even if exploit code is known to us, we try to hold back this information for several weeks to give Struts Framework users as much time as possible to patch their software products before exploits will pop up in the wild. However, since vulnerability detection and exploitation has become a professional business, it is and always will be likely that attacks will occur even before we fully disclose the attack vectors, by reverse engineering the code that fixes the vulnerability in question or by scanning for yet unknown vulnerabilities.”

While it's possible the company was hit by a zero-day attack, what's more likely is that Equifax's long list of mistakes shows just how technically challenged, if not entirely inept, it has been.
http://www.zdnet.com/article/equifax...curity-breach/





Federal Trade Commission Probes Equifax Hack, Shares Tumble

The Federal Trade Commission said on Thursday it has opened an investigation into the massive data breach at Equifax Inc (EFX.N), in a rare public disclosure that sent shares tumbling to their lowest in more than two years.

“The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach,” spokesman Peter Kaplan said in a brief email statement.

Equifax shares fell 5 percent to $94.19 in heavy trading after earlier touching $89.59, their lowest since February 2015.

In the first 15 minutes of trading, more than 4.7 million shares had crossed, nearly 10 times the stock’s daily average volume dating to 1980. The activity came on the heels of a record 17.5 million shares traded on Wednesday.

Equifax representatives did not immediately respond to requests for comment on the FTC probe.

Equifax disclosed the breach on Sept, 7, saying thieves may have stolen the personal information of 143 million Americans in one of the largest hackings ever. It learned of the hacking on July 29.

Nearly 40 states have joined a probe of its handling of the breach. Equifax Chief Executive Officer Richard Smith, is expected to testify on Oct. 3 before a U.S. House of Representatives panel.

Reporting by Diane Bartz and Dan Burns; Editing by Chizu Nomiyama and Jeffrey Benkoe
https://www.reuters.com/article/us-e...-idUSKCN1BP1VX





Consumers, but Not Executives, May Pay for Equifax Failings
Gretchen Morgenson

The stunning data breach recently disclosed by Equifax, one of the nation’s top three credit reporting agencies, has imperiled millions of consumers, opening them up to identity theft, monetary losses and colossal headaches.

Equifax investors are also shouldering the burden associated with the company’s apparently lax security practices. Since disclosing the breach, Equifax’s stock has fallen more than 20 percent, losing its shareholders nearly $4 billion in market capitalization.

It remains unclear, though, whether the company’s executives will take a financial hit for the failures that allowed thieves to steal Social Security numbers, driver’s license numbers and other sensitive data. Indeed, Equifax’s top managers may not feel any financial ill effects, given the company’s past compensation practices.

Over the last three years, when Equifax determined its top executives’ incentive compensation, it has used a performance measure that excluded the costs of legal settlements made by the company. If it follows this practice after dealing with the costs of settling legal claims arising from the security breach, Equifax’s top managers will essentially escape financial accountability for the blunder.

This troubles Charles M. Elson, a professor of finance at the University of Delaware and the director of its John L. Weinberg Center for Corporate Governance. “To the investors in the company, the legal settlement does impact earnings and stock price,” Mr. Elson said in an interview. “If the shareholders suffer because of this breach, why should management be excluded? These folks take home all of the upside and want none of the down.”

I asked Equifax whether its board would stop excluding legal settlement costs from executive compensation calculations so that management would be required to absorb some of the pain.

An Equifax spokeswoman supplied this statement: “The board is actively engaged in a comprehensive review of every aspect of this cybersecurity incident.”

Equifax is not alone in excluding certain costs of doing business from the financial factors it uses to determine executive pay. Such practices have become prevalent among large United States companies.

Equifax uses two main performance measures to decide incentive pay. One, called corporate adjusted earnings per share from continuing operations, is not calculated using generally accepted accounting principles, or GAAP. It is figured by excluding certain costs — such as those related to acquisitions — that normally flow through a company’s profit-and-loss statement. This has the effect of making Equifax’s earnings per share look better in this measure than they actually do under accounting rules.

Equifax says in regulatory filings that it uses the adjusted earnings figure because it best represents the company’s profit growth. Top managers at the company get a larger or smaller annual incentive award based on increases in this measure over the course of a year.

Hackers broke into Equifax, accessing data for 143 million Americans. Here’s what happened, how it’s being handled and what you can do to protect your information:

• Equifax disclosed the breach nearly six weeks after discovering it.
• The breach was met with outrage, prompting multiple inquiries from lawmakers and regulators.
• It turns out that oversight for credit monitoring agencies is extremely lax.
• But experts said that consumers “don't control the rules of engagement.” These people shared their stories of being hacking victims.
• Freezing your credit files might be a better bet. And be sure to strengthen your PIN.

Acquisition expenses make up the bulk of the costs Equifax has excluded from its profit calculation in recent years. But Equifax has also excluded costs associated with impaired investments and legal settlements from the figure.

In regulatory filings, Equifax said its exclusion of legal charges from certain financial results “provides meaningful supplemental information regarding our financial results” and is consistent with the way management reviews and assesses the company’s historical performance.

This approach is not unusual. Roughly one-fifth of the companies in the Standard & Poor’s 500-stock index excluded legal settlements and fees in their non-GAAP earnings measures in 2016, according to Jack Ciesielski, publisher of The Analyst’s Accounting Observer and a close follower of companies’ financial reporting.

When settlements are small, of course, excluding the legal costs associated with them is a nonevent. And in recent years that has been the case at Equifax, with settlements equaling around 1 percent of net income.

In the fourth quarter of 2016, for example, Equifax recorded a $6.5 million charge for a settlement with the Consumer Financial Protection Bureau. Under that settlement, which involved deceptive marketing of credit scores to consumers according to the bureau, Equifax paid $3.8 million in restitution to customers, a fine of $2.5 million and $200,000 in legal costs.

But the scope of Equifax’s recent security breach is so far-reaching that legal settlements arising from it will most likely be enormous. And this brings up another question: whether Equifax executives should return past pay because of the security failure. Certainly, last year’s proxy filings indicate that the pay received by the company’s top three executives was based in part on their accomplishments in keeping consumers’ data secure.

Consider Richard F. Smith, the chief executive and chairman of the Equifax board, who received $15 million in total compensation in 2016, up from $13 million in 2015. One rationale for his pay package, the proxy said, was Mr. Smith’s “distinguished” work in meeting his individual management objectives for 2016. Among those objectives was “employing advanced analytics and technology to help drive client growth, security, efficiency and profitability.”

Or take John Gamble, Equifax’s chief financial officer. He also received a rating of “distinguished” on his individual objectives, the proxy said, because he continued “to advance and execute global enterprise risk management processes, including directing increased investment in data security, disaster recovery and regulatory compliance capabilities.” Mr. Gamble received $3.1 million in 2016.

John J. Kelley III, the company’s chief legal officer, also achieved a “distinguished” rating from the Equifax board last year. One reason: He continued “to refine and build out the company’s global security organization.” Mr. Kelley received $2.8 million in compensation last year.

Will these executives be asked to return any of this pay given that their ratings on security are now looking a little less distinguished?

Equifax declined to answer this question.

What the Equifax mess seems to show, yet again, is the heads-I-win, tails-you-lose deal between executives and shareholders that is so prevalent at major corporations today.

As for Equifax’s exclusion of litigation costs in its profit measure, Mr. Ciesielski, the accounting expert, said that should only be allowed for events that are outside of management’s control. “A hurricane, an earthquake, falling space debris — all those things are exogenous, outside of management’s control and ultimately more forgivable,” Mr. Ciesielski said. “Bad management leading to customer harm is exogenous and forgivable? That’s a lot harder to accept.”
https://www.nytimes.com/2017/09/13/b...utive-pay.html





BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices
Catalin Cimpanu

Security researchers have discovered eight vulnerabilities — codenamed collectively as BlueBorne — in the Bluetooth implementations used by over 5.3 billion devices.

Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device.

BlueBorne affects all Bluetooth enabled devices

They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars.

Three of these eight security flaws are rated critical and according to researchers at Armis — the IoT security company that discovered BlueBorne — they allow attackers to take over devices and execute malicious code, or to run Man-in-the-Middle attacks and intercept Bluetooth communications.

Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company's network or even across the world.

Most serious Bluetooth vulnerabilities identified to date

"These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email.

"Previously identified flaws found in Bluetooth were primarily at the protocol level," he added. "These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device."

Armis warns of attacks that combine physical presence with the BlueBorne flaws. For example, a delivery person dropping a package at a bank could carry weaponized code on a BlueTooth-enabled device. Once he enters the bank, his device infects others and grants attackers a foothold on a previously secured network.

Not all devices will receive patches

Armis reported the vulnerabilities to major hardware and software vendors, such as Apple, Google, Microsoft, and the Linux community. Some patches are being developed and will be released today and in the coming days and weeks.

Nonetheless, some devices will never receive a BlueBorne patch as the devices have reached End-Of-Life and are not being supported. Armis estimates this number at around 40% of all Bluetooth-enabled devices, which is over two billion devices.

BlueBorne vulnerabilities are tracked under the following identifiers: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785 for Android devices; CVE-2017-1000251 and CVE-2017-1000250 for Linux; CVE-2017-14315 for iOS, and CVE-2017-8628 on Windows.

Who is affected

All Android phones, tablets, and wearables of all versions are affected by the four above mentioned vulnerabilities. Android devices using Bluetooth Low Energy only are not affected. Google patched the flaws in its September Android Security Bulletin.

Windows versions since Windows Vista are all affected. Microsoft said Windows phones are not impacted by BlueBorne. Microsoft secretly released patches in July for CVE-2017-8628, but only today included details about the fixed vulnerability in September's Patch Tuesday.

All Linux devices running BlueZ are affected by an information leak, while all Linux devices from version 3.3-rc1 (released in October 2011) are affected by a remote code execution flaw that can be exploited via Bluetooth. Samsung's Tizen OS, based on Linux, is also affected.

All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected, but the issue was patched in iOS 10.

What Consumers Should Do:

✯ Disable Bluetooth unless you need to use it, but then turn it off immediately. When a patch or update is issued and installed on your device, you should be able to turn Bluetooth back on and leave it on safely.
✯ Users of Android devices can determine if their device is vulnerable by downloading the BlueBorne Android App on the Google Play Store and use it to run a simple and quick check.

A technical report on the BlueBorne flaws is available here. Below is a video describing the BlueBorne attack, and demos for BlueBorne attacks on Android, Windows, and Linux devices.

If the BlueBorne flaws were weaponized in a Bluetooth worm, it would not be the first. Bluetooth worms have existed in the past and have caused many problems, especially for mobile carriers. One such example is Cabir.
https://www.bleepingcomputer.com/new...abled-devices/





New Bluetooth Vulnerability Can Hack a Phone in 10 Seconds
John Biggs

Security company Armis has found a collection of eight exploits, collectively called BlueBorne, that can allow an attacker access to your phone without touching it. The attack can allow access to computers and phones, as well as IoT devices.

“Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.

“BlueBorne affects pretty much every device we use. Turns that Bluetooth into a rotten black one. Don’t be surprised if you have to go see your security dentist on this one,” said Ralph Echemendia, CEO of Seguru.

As you can see from this video, the vector allows the hacker to identify a device, connect to it via Bluetooth, and then begin controlling the screen and apps. It’s not completely secretive, however, because in activating the exploits you “wake up” the device.

The complex vector begins by finding a device to hack. This includes forcing the device to give up information about itself and then, ultimately, release keys and passwords “in an attack that very much resembles heartbleed,” the exploit that forced many web servers to display passwords and other keys remotely.

The next step is a set of code executions that allows for full control of the device. “This vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering). Due to a flaw in the BNEP service, a hacker can trigger a surgical memory corruption, which is easy to exploit and enables him to run code on the device, effectively granting him complete control,” write the researchers.

Finally, when the hacker has access they are able to begin streaming data from the device in a “man-in-the-middle” attack. “The vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim’s device, re-configure IP routing and force the device to transmit all communication through the malicious network interface. This attack does not require any user interaction, authentication or pairing, making it practically invisible.”

Windows and iOS phones are protected and Google users are receiving a patch today. Other devices running older versions of Android and Linux could be vulnerable.

How do you stay safe? Keep all of your devices updated regularly and be wary of older IoT devices. In most cases the problems associated with BlueBorne vectors should be patched by major players in the electronics space but less popular devices could still be vulnerable to attack.

“New solutions are needed to address the new airborne attack vector, especially those that make air gapping irrelevant. Additionally, there will need to be more attention and research as new protocols are using for consumers and businesses alike. With the large number of desktop, mobile, and IoT devices only increasing, it is critical we can ensure these types of vulnerabilities are not exploited,” wrote Armis.
https://techcrunch.com/2017/09/12/ne...n-ten-seconds/





Demon-Haunted World
Cory Doctorow

Cheating is a given.

Inspectors certify that gas-station pumps are pumping unadulter#ated fuel and accurately reporting the count, and they put tamper-evident seals on the pumps that will alert them to attempts by station owners to fiddle the pumps in their favor. Same for voting machines, cash registers, and the scales at your grocery store.

The basic theory of cheating is to assume that the cheater is ‘‘rational’’ and won’t spend more to cheat than they could make from the scam: the cost of cheating is the risk of getting caught, multiplied by the cost of the punishment (fines, reputational dam#age), added to the technical expense associated with breaking the anti-cheat mechanisms.

Software changes the theory. Software – whose basic underlying mechanism is ‘‘If this happens, then do this, otherwise do that’’ – allows cheaters to be a lot more subtle, and thus harder to catch. Software can say, ‘‘If there’s a chance I’m undergoing inspection, then be totally honest – but cheat the rest of the time.’’

This presents profound challenges to our current regulatory model: Vegas slot machines could detect their location and if they believe that they are any#where near the Nevada Gaming Commission’s testing labs, run an honest payout. The rest of the time, they could get up to all sorts of penny-shaving shenanigans that add up to millions at scale for the casino owners or the slot-machine vendors (or both).

Even when these systems don’t overtly cheat, software lets them tilt the balance away from humans and towards corporations. The Nevada Gaming Commission sets the payout schedule for slot machines, but it doesn’t regulate the losses. This allows slot machine vendors to tune their machines so that a losing spin is much more likely to look like a ‘‘near miss’’ (lemon and two cherries, paying zero; three cherries pays a jackpot). The machine looks like it’s doing the same thing with a win or a loss, but losses are actually fine-tuned performances of near-win designed to confound your intuition about how close victory might be.

Software makes for a much more dangerous set of cheats, though. It’s one thing to be cheated by a merchant’s equipment: there are only so many merchants, and to operate a business, they have to submit themselves to spot inspections and undercover audits by secret shoppers.

But what happens when the things you own start to cheat you? The most famous version of this is Volkswagen’s Dieselgate scandal, which has cost the company billions (and counting): Volkswagen engineered several models of its diesel vehicles to detect when the engine was undergoing emissions testing and to tilt the engines’ performance in favor of low emis#sions (which also meant more fuel consumption). The rest of the time, the engines defaulted to a much more polluting mode that also yielded better gas mileage. Thus the cars were able to be certified as low-emissions by regulators and as high efficiency by reviewers and owners – having their cake and eating it too.

Dieselgate killed people, but the cheating in the Dieselgate scandal was still aimed at government inspectors. The next level of cheating comes when systems try to fool independent researchers.

A celebrated recent example of this came with the Wannacry ransomware epidemic. Wannacry is an old piece of malicious software, and it uses a variety of vectors to find and infect vulnerable hosts; once it takes root, Wannacry encrypts all its victims’ files, and demands a Bitcoin ransom in exchange for the decryption key. In early summer 2017, Wannacry had a resurgence after it was harnessed to a leaked NSA cyberweapon that made it much more virulent.

But within days of that resurgence, Wannacry was stopped dead in its tracks, thanks to the discovery and deployment of a ‘‘killswitch’’ built into the software. When Wannacry took over a new computer, the first thing it did is check to see whether it could get an answer when it tried to open a web-session to . If there was a web-server at that address, Wannacry ceased all operations. By registering this domain and standing up a web-server that answered to it, a security researcher was able to turn off Wannacry, everywhere in the world, all at once.

A casual observer may be puzzled by this kill switch. Why would a crimi#nal put such a thing in their software? The answer is: to cheat.

The greatest risk to a program like Wannacry is that a security researcher will be able to trick it into infecting a computer under the researcher’s control, a ‘‘honey pot’’ system that is actually a virtual machine – a computer program pretending to be a computer. Virtual machines are under their owners’ perfect control: everything the malicious software does within them can be inspected. Researchers use virtual machines like cyberpunk villains use VR: to trap their prey in a virtual world that is subjec#tively indistinguishable from objective reality, an Inception-style ruse that puts the malware under the researcher’s omnipotent microscope.

These head-in-a-jar virtual machines are often configured to pretend to be the entire internet as well. When the malware caught within them tries to reach a distant web-server, the researcher answers on that server’s behalf, to see if they can trick the malware into attempting to communicate with its master and so reveal its secrets.

Wannacry’s author tried to give their software the ability to distinguish a honey-pot from the real world. If the software’s attempt to contact the nonexistent domain was successful, then the software knew that it was trapped in a re#searcher’s lab where all queries were duly answered in an attempt to draw it out. If Wannacry got an answer from , it folded into a protective, encrypted foetal position and refused to uncurl. Registering the domain and standing up a web-server there tricked every new Wannacry infection in the world into thinking that it was running on a honey-pot system, so they all stopped working.

Wannacry was a precursor to a new kind of cheating: cheating the in#dependent investigator, rather than the government. Imagine that the next Dieselgate doesn’t attempt to trick the almighty pollution regulator (who has the power to visit billions in fines upon the cheater): instead, it tries to trick the reviewers, attempting to determine if it’s landed on a Car and Driver test-lot, and then switching into a high-pollution, high-fuel-efficiency mode. The rest of the time, it switches back to its default state: polluting less, burning more diesel.

This is already happening. MSI and Asus – two prominent vendors of computer graphics cards – have been repeatedly caught shipping hardware to reviewers whose software had been sped way, way up (‘‘overclocked’’) over the safe operating speed. These cards will run blazingly fast for the duration of the review process and a little while longer, before burning out and being rendered useless – but that will be long after the reviewers return them to the manufacturer. The reviewers advise their readers that these are much faster than competing cards, and readers shell out top dollar and wonder why they can’t match the performance they’ve read about in the reviews.

The cheating can be closer to home than that.

You’ve probably heard stories of inkjet cartridges that under-report their fill-levels, demanding that you throw them away and replace them while there’s still plenty of (precious and overpriced) ink inside of them. But that’s just for starters. In 2015, HP pushed a fake security update to millions of Officejet owners, which showed up as a routine, ‘‘You must update your soft#ware’’ notification on their printers’ screens. Running that update installed a new, secret feature in your printer, with a long fuse. After six months’ wait, the infected printers all checked to see whether their ink cartridges had been refilled, or manufactured by third parties, and to refuse to print with any ink that HP hadn’t given its corporate blessing to.

HP is an egregious cheater, and this kind of cheating is in the DNA of any company that makes its living selling consumables or service at extremely high markups – they do their business at war with their customers. The better the deal their customers get, the worse the deal is for the manufacturer, and so these products treat customers as enemies, untrusted parties who must be tricked or coerced into installing new versions of the manufacturer’s software (like the iTunes and Kindle ‘‘updates’’ that have removed features the products were sold with) and using only the manufacturer’s chosen consumables.

The mobile phone industry has long been at war with its customers. When phones were controlled primarily by carriers, they were designed to prevent customers from changing networks without buying a new phone, raising the cost on taking your busi#ness elsewhere. Apple wrested control back to itself, producing a phone that was locked primarily to its app store, so that the only way to sell software to an iPhone user was to give up 30% of the lifetime revenue that customer generated through the app. Carriers adapted custom versions of Android to lock customers to their networks with shovelware apps that couldn’t be removed from the home-screen and app store lock-in that forced customers to buy apps through their phone company.

What began with printers and spread to phones is coming to everything: this kind of technology has proliferated to smart thermostats (no apps that let you turn your AC cooler when the power company dials it up a couple degrees), tractors (no buying your parts from third-party companies), cars (no taking your GM to an independent mechanic), and many categories besides.

All these forms of cheating treat the owner of the device as an enemy of the company that made or sold it, to be thwarted, tricked, or forced into con#ducting their affairs in the best interest of the com#pany’s shareholders. To do this, they run programs and processes that attempt to hide themselves and their nature from their owners, and proxies for their owners (like reviewers and researchers).

Increasingly, cheating devices behave differ#ently depending on who is looking at them. When they believe themselves to be under close scrutiny, their behavior reverts to a more respectable, less egregious standard.

This is a shocking and ghastly turn of affairs, one that takes us back to the dark ages. Before the Englightenment, before the scientific method and its peer review, science was done by alchemists, who worked in secret.

Alchemists – like all humans – are mediocre lab-technicians. Without peer reviewers around to point out the flaws in their experiments, alchemists compounded their human frailty with bad experi#mental design. As a result, an alchemist might find that the same experiment would produce a ‘‘differ#ent outcome’’ every time.

In reality, the experiments lacked sufficient con#trols. But again, in the absence of a peer reviewer, alchemists were doomed to think up their own explanations for this mysterious variability in the natural world, and doomed again to have the self-serving logic of hubris infect these explanations.

That’s how alchemists came to believe that the world was haunted, that God, or the Devil, didn’t want them to understand the world. That the world actually rearranged itself when they weren’t looking to hide its workings from them. Angels punished them for trying to fly to the Sun. Devils tricked them when they tried to know the glory of God – indeed, Marcelo Rinesi from The Institute for Ethics and Emerging Technologies called modern computer science ‘‘applied demonology.’’

In the 21st century, we have come full circle. Non-human life forms – limited liability corpo#rations – are infecting the underpinnings of our ‘‘smart’’ homes and cities with devices that obey a different physics depending on who is using them and what they believe to be true about their surroundings.

What’s worse, 20th century law puts its thumb on the scales for these 21st century demons. The Computer Fraud and Abuse Act (1986) makes it a crime, with jail-time, to violate a company’s terms of service. Logging into a website under a fake ID to see if it behaves differently depending on who it is talking to is thus a potential felony, provided that doing so is banned in the small-print clickthrough agreement when you sign up.

Then there’s section 1201 of the Digital Millen#nium Copyright Act (1998), which makes it a felony to bypass the software controls access to a copy#righted work. Since all software is copyrightable, and since every smart gadget contains software, this allows manufacturers to threaten jail-terms for anyone who modifies their tractors to accept third-party carburetors (just add a software-based check to ensure that the part came from John Deere and not a rival), or changes their phone to accept an independent app store, or downloads some code to let them choose generic insulin for their implanted insulin pump.

The software in gadgets makes it very tempting indeed to fill them with pernicious demons, but these laws criminalize trying to exorcise those demons.

There’s some movement on this. A suit brought by the ACLU attempts to carve some legal exemp#tions for researchers out of the Computer Fraud and Abuse Act. Another suit brought by the Electronic Frontier Foundation seeks to invalidate Section 1201 of the Digital Millennium Copyright Act.

Getting rid of these laws is the first step towards restoring the order in which things you own treat you as their master, but it’s just the start. There must be anti-trust enforcement with the death penalty – corporate dissolution – for companies that are caught cheating. When the risk of getting caught is low, then increasing penalties are the best hedge against bad action. The alternative is toasters that won’t accept third-party bread and dishwashers that won’t wash unauthorized dishes.

Making better computers won’t solve the world’s problems, but none of the world’s problems are ours to solve for so long as the computers we rely on are sneaking around behind our backs, treating us as their enemies.
http://www.locusmag.com/Perspectives...haunted-world/





Trump Administration Orders Purge of Kaspersky Products from U.S. Government
Dustin Volz

The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.

The decision represents a sharp response to what U.S. intelligence agencies have described as a national security threat posed by Russia in cyberspace, following an election year marred by allegations that Moscow weaponized the internet in an attempt to influence its outcome.

In a statement, Kaspersky Lab rejected the allegations, as it has done repeatedly in recent months, and said its critics were misinterpreting Russian data-sharing laws that only applied to communications services.

“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions,” the company said.

The Department of Homeland Security (DHS) issued a directive to federal agencies ordering them to identify Kaspersky products on their information systems within 30 days and begin to discontinue their use within 90 days.

The order applies only to civilian government agencies and not the Pentagon, but U.S. intelligence leaders said earlier this year that Kaspersky was already generally not allowed on military networks.

In a statement accompanying its directive, DHS said it was “concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”

It continued: “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

The department said it would provide Kaspersky with the opportunity to submit a written response to address the allegations. The agency said other entities claiming commercial interests affected by the directive could also submit information

Kaspersky Lab has repeatedly denied that it has ties to any government and said it would not help a government with cyber espionage.

However, the company has not been able to shake off the allegations. Last week, Best Buy Co (BBY.N), the No.1 U.S. electronics retailer, said it was pulling Kaspersky Lab’s cyber security products from its shelves and website.

‘TOUGH DECISION’

Rob Joyce, the White House cyber security coordinator, said Wednesday at the Billington CyberSecurity Summit that the Trump administration made a “risk-based decision” to order Kaspersky Lab’s products removed from federal agencies.

Asked by Reuters whether there was a smoking gun showing Kaspersky Lab had provided intelligence to the Russian government, Joyce replied: ”As we evaluated the technology, we decided it was a risk we couldn’t accept.”

Some cyber security experts have warned that blacklisting Kaspersky Lab could prompt a retaliation from Russian President Vladimir Putin. Joyce said those concerns were a factor but that a “tough decision” ultimately had to be made to protect government systems.

The direct financial impact of the decision will likely be minimal for Kaspersky Lab, one of the world’s leading anti-virus software companies, which was founded in 1997 and now counts over 400 million global customers.

Federal contracting databases reviewed by Reuters show only a few hundred thousand dollars in purchases from Kaspersky, and an employee told Reuters in July the company’s federal government revenue was “miniscule.”

But Kaspersky also sells to federal contractors and third-party software companies that incorporate its technology in their products, so its technology may be more widely used in government than it appears from the contracting databases, U.S. officials say.

The decision by the Trump administration came as the U.S. Senate was planning to vote as soon as this week on a defense policy spending bill that includes language that would ban Kaspersky Lab products from being used by U.S. government agencies.

Democratic U.S. Senator Jeanne Shaheen, who had led efforts in Congress to crack down on Kaspersky Lab, applauded the Trump administration’s announcement.

“The strong ties between Kaspersky Lab and the Kremlin are alarming and well-documented,” Shaheen said, adding that she expected Congress to act soon to reinforce the decision by passing legislation.

Also on Wednesday, Democratic Senator Amy Klobuchar wrote to DHS asking whether the agency used Kaspersky products in relation to any critical infrastructure, such as election equipment, banks or energy suppliers, and if it knew whether any voting systems used the company’s software.

Eugene Kaspersky, the company’s co-founder and chief executive, attended a KGB school, and the company has acknowledged doing work for the Russian intelligence agency known as the FSB. But he has adamantly denied charges his company conducts espionage on behalf of the Russian government.

Reporting by Dustin Volz, additional reporting by Doina Chiacu and Jim Finkle; Editing by Jonathan Oatis and Cynthia Osterman
https://www.reuters.com/article/us-u...-idUSKCN1BO2CH





The Government Has Dropped Its Demand That Facebook Not Tell Users About Search Warrants

Federal prosecutors said that nondisclosure orders stopping Facebook from telling customers about search warrants for their account information "are no longer needed."
Zoe Tillman

Federal prosecutors are dropping their demand that Facebook be barred from alerting users about search warrants for information about their accounts, according to a new court filing on Wednesday.

In making the decision, prosecutors did not concede the legal arguments raised by Facebook and civil liberties and electronic privacy groups against the nondisclosure orders attached to the search warrants. According to court papers filed jointly by Facebook and the US attorney's office in Washington on Wednesday, prosecutors determined that the underlying investigation that prompted the search warrants — the details of which are under seal — had "progressed ... to the point where the [nondisclosure orders] are no longer needed."

The announcement came less than 24 hours before an appeals court in Washington, DC, was set to hear arguments in the case. According to the joint filing, a lower court judge vacated the nondisclosure orders at the government's request, making Facebook's appeal of those orders moot. The lawyers asked the District of Columbia Court of Appeals to dismiss the case, and the court granted that request on Wednesday afternoon.

Nate Cardozo, a lawyer for the digital rights group Electronic Frontier Foundation, told BuzzFeed News that although the organization was pleased with the outcome, he expected there would be other cases in the future that would ultimately lead to definitive court rulings on the issue of when the government can block tech companies from notifying customers about demands for their information. EFF was one of several advocacy groups that filed briefs in the case arguing that the gag orders were unlawful.

"We've won the battle but the war is not over," Cardozo said.

There’s already another case pending in federal court in Seattle that touches on some of the same concerns raised in the Facebook case. Microsoft is suing the Justice Department over a section of federal law that the government relies on to seek court orders that block tech companies from notifying subscribers when prosecutors request information. The judge ruled in February that part of Microsoft’s constitutional challenges could go forward. A trial is scheduled for June 2018.

Although most information about the case is sealed, EFF speculated in its court papers that the case relates to the mass arrests during protests in Washington on President Trump's inauguration day. More than 200 people were arrested in the hours around the inauguration, and felony charges for rioting and property destruction are pending against the majority of those defendants.

According to information about the case that is public, federal prosecutors served Facebook with search warrants for three account records over a three-month period. A District of Columbia Superior Court judge signed off on nondisclosure orders that prevented Facebook from telling users about the warrants until Facebook complied with the government's request.

Facebook unsuccessfully challenged the nondisclosure orders before the Superior Court judge, and appealed to the DC Court of Appeals. The appeals court issued a public order in June saying that it would accept input from any outside groups that Facebook or the government wanted to weigh in, although those groups wouldn't be privy to details about the investigation.

Several civil liberties and electronic privacy groups filed briefs in late June opposing the nondisclosure orders, arguing that users should have the right to challenge demands for their information, particularly if they involved First Amendment–protected speech activity. Facebook's interests may not always be the same as its customers, they said.

The DC Court of Appeals had scheduled public arguments for Sept. 14.

Arthur Spitzer, legal director of the American Civil Liberties Union of the District of Columbia, said in an email to BuzzFeed News that although the fight over the gag orders was over, it was still possible that the individuals whose Facebook accounts were at issue could go to court to challenge the government's requests for their information.

"Now that Facebook is free to notify these three users that their accounts are subject to a search warrant, we hope the users will contact us or other lawyers to challenge the government's attempt to conduct a fishing expedition through their Facebook accounts," Spitzer said.

A spokesman for the US attorney's office did not immediately return a request for comment. Facebook's lawyer, John Roche of the law firm Perkins Coie in Washington, referred a request for comment to the company, which did not immediately respond.
https://www.buzzfeed.com/zoetillman/...t-facebook-not





Spain Fines Facebook Over Tracking Users Without Consent
Lucian Armasu

Spain’s Data Protection Authority—the Agencia Española de Protección de Datos (AEPD)—issued a 1.2 million euro fine against Facebook after it found three instances when the company collected data without informing users, as required by European Union privacy laws.

AEPD Findings

The AEPD found multiple issues with how Facebook gathered data on Spanish users.

One of the issues was that Facebook collects data on ideology, sex, and religious beliefs, as well as personal tastes and web surfing habits without informing the users about how that data will be used.

A second issue was that Facebook wasn’t obtaining specific and informed consent from the users because the data it was offering them about the collection was not sufficiently clear.

The company has been tracking both users and non-users of the service through the Like button across the web without informing them about this sort of tracking, nor about what it plans to do with the data. The company has said that the collection is done for advertising purposes before, but some purposes remain secret, according to the Spanish Data Protection Authority. The AEPD said this sort of collection doesn’t comply with the EU’s data protection regulations.

The Spanish agency also complained that Facebook’s privacy policy contains language that wouldn’t be easy for an “average user” to understand. The AEPD concluded that neither users nor non-users have sufficient knowledge about how Facebook collects and uses their data.

Finally, the AEPD also noticed that Facebook has not been completely purging the data about users who had already deleted their accounts and that Facebook was making use of accounts’ data that have been deleted for more than 17 months. Considering the data that has remained behind is no longer useful for the purpose for which it was collected, the agency considered this another serious infringement of EU privacy laws.

Déjà Vu

Facebook was also previously ordered to pay a fine by a Belgium court over similar infringements. However, the ruling was overturned by an appeals court because Facebook operates from Ireland, and Belgium had no jurisdiction over the company. It remains to be seen if this case will end the same way.
http://www.tomshardware.com/news/spa...nts,35425.html





ISPs Claim a Privacy Law Would Weaken Online Security and Increase Pop-Ups

California to vote on privacy law opposed by AT&T, Comcast, Charter, and Verizon.
Jon Brodkin

The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers.

AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

"This bill will create a cumbersome, uncertain, and vague regulation of Internet providers in California," Tuesday's letter to California senators said. "This single-state approach is antithetical to the forward-looking policies that have made California a world leader in the Internet Age."

Despite criticizing the "single-state approach," the ISPs also opposed the now-repealed Federal Communications Commission rule that the California bill is based on and which would have implemented the regulations nationwide.

The letter was also signed by advertiser groups such as the Association of National Advertisers and the Data & Marketing Association, as well as the Internet Association, which represents Internet companies such as Facebook and Google. The bill imposes requirements only on broadband providers, but website operators might be worried that it will be followed by new requirements on other industry members. Websites currently follow a less-strict regime in which they let visitors opt out of personalized advertising based on browsing history but don't have to get consumers' permission before using their browsing histories.

EFF picks apart security claims

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service."

The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer’s personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

The bill would also let ISPs continue to work with other Internet providers to prevent attacks by sharing information, "so long as they de-identify the data first by making sure it’s not linkable to an individual or device," he wrote.

Moreover, the bill could cause Internet providers to collect less information about its customers' Web browsing habits, he wrote. That, in turn, would mean there's less information for hackers to expose if they breach Internet providers' storage systems.

The prediction of "recurring pop-ups" is also false because if anything, the bill would "likely result in fewer pop-ups, not to mention fewer intrusive ads during your everyday browser experience," Gillula wrote. "That’s because A.B. 375 will prevent Internet providers from using your data to sell ads they target to you without your consent—which means they’ll be less likely to insert ads into your Web browsing, like some Internet providers have done in the past.."

The opt-in requirements would only lead to more pop-ups if Internet providers constantly annoy customers with pop-ups in an effort to "wear people down until they give their consent" to have their browsing histories used for advertising, he wrote.

"If that’s really what Comcast and Verizon are implying, then lawmakers should understand the claim for what it really is: a threat to hold consumers hostage in the fight for online privacy," Gillula wrote.
Legislative session about to end

ISPs and their allies also claimed that recent amendments to the bill prove that the legislation is "deficient." But the bill could be voted on Friday, the last day of the California legislature's session. The EFF urged California residents to "call your state Assemblymember and state Senator and tell them to vote AYE for A.B. 375 this Friday."

The California bill, introduced by Assembly member Ed Chau (D-Monterey Park), has the support of former FCC Chairman Tom Wheeler. Wheeler led the FCC vote that implemented the now-repealed federal rule that Chau's legislation is based on.

"It is my hope that the legislature will act decisively and quickly to restore Californians' privacy protections with respect to data gathered by cable companies and telephone companies in the course of providing Internet access service," Wheeler wrote in a letter to Chau on Wednesday. "If California leads on consumer privacy, undoubtedly other states will follow."
https://arstechnica.com/tech-policy/...rease-pop-ups/





Verizon has Moved on from Plans to Acquire Cable Companies: CEO

Verizon Communications Inc (VZ.N) said on Thursday that it has moved on from plans to acquire cable companies and instead will focus on building out its own fiber infrastructure.

Speculation over a tie-up with Charter Communications Inc (CHTR.O) was building up after Chief Executive Lowell McAdam told Wall Street analysts last year that such a deal would make “industrial sense”.

McAdam said on Thursday at the Goldman Sachs Communacopia Conference that Verizon is more interested in building up its fiber infrastructure.

“We did, I guess, about a year ago, go through a process of taking a look at cable companies. But the fiber infrastructure isn’t there,” McAdam said.

In April, Verizon agreed to buy optical fiber from Corning Inc (GLW.N) for at least $1.05 billion over the next three years to improve its network infrastructure.

McAdam said at the conference on Thursday the company would be acquiring content for its Oath business and a content deal is expected by the end of September.

Verizon bought Yahoo’s core business for $4.48 billion in 2016. It then combined Yahoo with AOL to form a venture called Oath.

McAdam said the company expects cost savings of $10 billion over four years from operating expenses and capital expenses, which would fund their dividends in 2022.

Shares of the company were marginally down at $47.06 in morning trading.

Reporting by Laharee Chatterjee in Bengaluru; Editing by Shounak Dasgupta
https://www.reuters.com/article/us-b...-idUSKCN1BP2D7





8,500 Verizon Customers Disconnected Because of “Substantial” Data Use

Roaming data use makes customers unprofitable, so Verizon will cut them off.
Jon Brodkin

Verizon is disconnecting another 8,500 rural customers from its wireless network, saying that roaming charges have made certain customer accounts unprofitable for the carrier.

The 8,500 customers have 19,000 lines and live in 13 states (Alaska, Idaho, Iowa, Indiana, Kentucky, Maine, Michigan, Missouri, Montana, North Carolina, Oklahoma, Utah, and Wisconsin), a Verizon Wireless spokesperson told Ars today. They received notices of disconnection this month and will lose access to Verizon service on October 17.

"These customers live outside of areas where Verizon operates our own network," Verizon said. "Many of the affected consumer lines use a substantial amount of data while roaming on other providers’ networks and the roaming costs generated by these lines exceed what these consumers pay us each month."

"We sent these notices in advance so customers have plenty of time to choose another wireless provider," Verizon also said.

We wrote about an earlier wave of disconnections in June. The affected customers are supported by Verizon’s LTE in Rural America (LRA) program, which relies on a partnership between Verizon and small rural carriers who lease Verizon spectrum in order to build their own networks.
One customer says family only used 50GB across four lines

Verizon said in June that it was only disconnecting "a small group of customers" who were "using vast amounts of data—some as much as a terabyte or more a month—outside of our network footprint."

But one customer, who contacted Ars this week about being disconnected, said her family never used more than 50GB of data across four lines despite having an "unlimited" data plan.

"Now we are left with very few choices, none of them with good service," the customer told us. "I guess small-town America means nothing to these people. It's OK—though I live in a small town, I know a lot of people, and I'm telling every one of them to steer clear of Verizon."

We asked Verizon whether 50GB a month is a normal cut-off point in its disconnections of rural customers, but the company did not provide a specific answer. "Many current customers in these areas have lines which do not rack up roaming charges that are higher than what they pay us each month and are not impacted," Verizon said. "People who live within the area where Verizon operates its own network are not impacted."

Verizon's letters to customers begin with the following statement: "During a recent review of customer accounts, we discovered you are using a significant amount of data while roaming off the Verizon Wireless network. While we appreciate you choosing Verizon, after October 17, 2017, we will no longer offer service for the numbers listed above since your primary place of use is outside the Verizon service area."

The letters do not provide any options for customers to stick with Verizon, even if they reduce their data use. Verizon also warns customers that if they don't act by the October 17 disconnection date, "you will no longer be able to transfer your phone numbers to a different provider."

One of the letters can be seen in this Stop the Cap article.

Small carrier plans to hold Verizon accountable

A Bangor Daily News article provides some more background on Verizon's rural LTE program that is now being scaled back:

Three years ago, Wireless Partners, a Portland-based company operating in Maine and New Hampshire, was one of 20 firms around the country selected to work with Verizon Wireless to expand service in rural areas. Wireless Partners constructed 13 new towers in Washington County to provide better coverage along routes 1 and 9.

Verizon then started offering cellphone plans with no data limitations to entice new customers. But Maine Public Advocate Barry Hobbins says the company then found out the roaming price tag for the incentive was higher than anticipated.

Now, Hobbins says, Verizon Wireless is pulling out of rural service agreements in areas of several states—including Washington County.


"It appears that Verizon induced these companies to build out in the rural areas around the country and then significantly promoted it by saying that they’re covering the rural areas," Hobbins said.

But now that they are cutting the program back, a Wireless Partners spokesperson said the small company "plans to exhaust every effort to cause Verizon Wireless to rethink this decision and to honor the promise of its LRA program under which the network was constructed."

Hobbins plans to meet with Maine Attorney General Janet Mills "to determine how the state should respond," the article said.

The Bangor Daily News article said that Verizon sent the disconnection letters to 2,000 customers in Washington County in Maine, but Verizon told Ars that it was just 213 customers in Maine.

Further details can be found in the Stop the Cap article.

"Customers have no recourse and if they don’t port their number to another service provider by the termination date, their number will be disconnected and lost for good," the article said. "The only good news? Verizon wants to disconnect customers so badly, they are willing to forgive the remaining owed balances for any devices financed through Verizon."
https://arstechnica.com/information-...-roaming-data/





A Clever Way to Transmit Data On the Cheap

A long-range, frugal new chip could be just what a smart city needs

THE word “smart” is ubiquitous these days. If you believe the hype, smart farms will all employ sensors to report soil conditions, crop growth or the health of livestock. Smart cities will monitor the levels of pollution and noise on every street corner. And goods in smart warehouses will tell robots where to store them, and how. Getting this to work, however, requires figuring out how to get thousands of sensors to transmit data reliably across hundreds of metres. On September 15th, at a computing conference held in Miami, Shyam Gollakota and his colleagues at the University of Washington are due to unveil a gadget that can do exactly that—and with only a fraction of the power required by the best devices currently available.

Dr Gollakota’s invention uses a technology called LoRa. Like Wi-Fi, this allows computers to talk to each other with radio waves. Unlike Wi-Fi, though, LoRa is not easily blocked by walls, furniture and other obstacles. That is partly because LoRa uses lower-frequency radio waves than Wi-Fi (900MHz rather than 2.4GHz). Such waves pass through objects more easily. More importantly, LoRa devices make use of a technique called “chirp spread modulation”. That means the frequency of the carrier wave—the basic radio wave, which is then deliberately deformed in order to carry data—rises and falls in a sawtooth pattern. That makes even faint LoRa signals easy to distinguish from background noise, which fluctuates randomly.

Generating that carrier wave requires a lot of power. But modulating it, in order to impress data upon it, can be done by a chip that consumes almost no power at all. Conventional LoRa transmitters do both jobs. Dr Gollakota proposes to separate them.

In his take on the system, a central transmitter, hooked up to a big battery or to the mains, broadcasts the carrier wave, while the task of impregnating it with data is done by a chip on the sensor. It accomplishes that by choosing to earth its tiny aerial, or not, millions of times every second. When the aerial is earthed, part of the carrier wave will be absorbed. When it is not, it will be reflected. If one of those cases is deemed to stand for “1” while the other represents “0”, the chip can relay data to a receiver with the whole process controlled by three tiny, and thus very frugal, electronic switches.

Dr Gollakota reckons that such chips can be made for less than 20 cents apiece. The signals they generate can be detected at ranges of hundreds of metres. Yet with a power consumption of just 20 millionths of a watt, a standard watch battery should keep them going a decade or more. In fact, it might be possible to power them from ambient energy: Dr Gollakota and his colleagues have experimented with running the chips from the electricity generated when light strikes a small photodiode. Like other LoRa devices, the chips are slow, transmitting data at about the speed of an old-fashioned dial-up modem. But most smart sensors will produce just a trickle of data in any case.

The researchers are keeping quiet, for the time being, about the orders they have received. But early applications could be medical. The team have incorporated the chips into contact lenses and a skin patch. In hospitals, the chips could help track everything from patient gurneys to syringes and stethoscopes. Last year, Dr Gollakota unveiled variants of the chips that use ordinary Wi-Fi, too. These, he says, are in the process of making their way into disposable drug-delivery devices that notifies patients via their phones when their medication is running low. That seems like a smart start.
https://www.economist.com/news/scien...eds-clever-way





Report: There Will be 22.6 Million Cord Cutters By 2018
Karl Bode

A new report indicates that the rate of cord cutting is occurring at a faster rate than previously believed. A new report by eMarketer notes that ad investment will expand just 0.5% to $71.65 billion this year, down notably from the $72.72 billion predicted in the company's original first quarter forecast for 2017. That sinking ad spending is thanks to the growing rate of cord cutting in the United States, as more and more streaming alternatives arrive on the market. It's a trend the overall industry spent years either ignoring or downplaying in the hopes it would simply go away.

It's not. At this rate, the report predicts that 22.2 million U.S. adults will have cut the cord on cable, satellite or telco TV service by the end 2017 -- up 33% over 2016.

"eMarketer expected a slowdown this year in TV ad sales, after 2016 benefited from both the Olympics and US presidential election,” said Monica Peart, eMarketer’s senior forecasting director. “However, traditional TV advertising is slowing even more than expected, as viewers switch their time and attention to the growing list of live streaming and over-the-top [OTT] platforms."

This year, there will be 22.2 million cord-cutters ages 18 and older, a figure up 33.2% over 2016. That's notably higher than the 15.4 million eMarketer previously estimated. The total number of US adult cord-nevers (users that have never signed up for a traditional cable TV connection) will grow 5.8% this year to 34.4 million.

“Younger audiences continue to switch to either exclusively watching OTT video or watching them in combination with free TV options,” said Chris Bendtsen, senior forecasting analyst at eMarketer. “Last year, even the Olympics and presidential elections could not prevent younger audiences from abandoning pay TV.”

Note that eMarketer's numbers don't include streaming options from the likes of Dish (Sling TV) or AT&T (DirecTV Now), though so far gains in subscribers for these services haven't offset the decline in traditional cable TV subscribers anyway.
https://www.dslreports.com/shownews/...By-2018-140314





Controversial AI ‘Gaydar’ Study Spawns Backlash, Ethical Debate
John Paul Brammer

Following a backlash from academics, technology experts and LGBTQ advocates, a controversial study suggesting artificial intelligence can predict a person's sexual orientation by analyzing a photo of his or her face is now facing additional scrutiny.

The study — which was conducted by Stanford University researchers, peer reviewed and accepted for publication by the American Psychological Association's "Journal of Personality and Social Psychology" — came under fire soon after The Economist first reported on it last week. A spokesperson from the American Psychological Association confirmed to NBC News on Wednesday that the organization is taking a "closer look" at the research given its "sensitive nature."

"“At a time where minority groups are being targeted, these reckless findings could serve as [a] weapon to harm both heterosexuals who are inaccurately outed, as well as gay and lesbian people.”"

The study, titled “Deep neural networks are more accurate than humans at detecting sexual orientation from facial images,” involved training a computer model to recognize what the researchers refer to as the "gender-atypical" traits of gay men and lesbians.

"We show that faces contain much more information about sexual orientation than can be perceived and interpreted by the human brain," says the abstract of the paper, written by researchers Yilun Wang and Michal Kosinski. "Given a single facial image, a classifier could correctly distinguish between gay and heterosexual men in 81% of cases, and in 74% of cases for women. Human judges achieved much lower accuracy: 61% for men and 54% for women."

"Consistent with the prenatal hormone theory of sexual orientation, gay men and women tended to have gender-atypical facial morphology, expression, and grooming styles," the paper's abstract continued.

Among those taking issue with the research are LGBTQ advocacy groups GLAAD and the Human Rights Campaign. The organizations released a joint statement slamming the study and how its findings could potentially be used.

“Technology cannot identify someone’s sexual orientation. What their technology can recognize is a pattern that found a small subset of out white gay and lesbian people on dating sites who look similar," GLAAD Chief Digital Officer Jim Halloran stated, referring to the method the researchers used to obtain the images used in their study.

“At a time where minority groups are being targeted, these reckless findings could serve as [a] weapon to harm both heterosexuals who are inaccurately outed, as well as gay and lesbian people who are in situations where coming out is dangerous," Halloran continued.

"Blaming the technology deflects attention from the real threat which is prejudice, intolerance and the other demons of human nature."

Jae Bearhat, who identifies as gay and nonbinary, expressed personal fears about the possibility of this type of technology, saying it could be dangerous for LGBTQ people.

"At the very least, it resurrects discussions over 'gay genes' and the concept of homosexuality and queerness as physically identifiable traits," Bearhat said. "Setting it within that sort of strictly biological framework can easily lead to perpetuation of ideas around curing, preventing and natal identification of homosexuality, which can backslide into precedents around it as a physiological deviation or mental illness that needs 'treatment.'"

Also sounding the alarm are academics like Sherry Turkle, a professor at the Massachusetts Institute of Technology and author of the book “Reclaiming Conversation.”

"First of all, who owns this technology, and who has the results?" Turkle said in a phone interview. "The issue now is that 'technology' is a catchphrase that really means 'commodity.'

"What it means is, your technology can tell my sexuality from looking at my face, and you can buy and sell this information with purposes of social control."

Turkle also speculated that such technology could be used to prevent LGBTQ people from employment and could make institutional discrimination more efficient.

"If it turns out the military doesn't want anyone like me, they or any other organization can just buy the data," she said. "And what about facial recognition that could tell if you have Jewish ancestry? How would that be used? I am very, very not a fan.''

Alex London, director of the Center for Ethics and Policy at Carnegie Mellon University, said the research out of Stanford underscores the urgency of promoting human rights and strengthening antidiscrimination law and policy within the U.S. and around the globe.

"I think it is important to emphasize that this research was carried out with tools and techniques that are widely available and relatively easy to use," London said. "If the reported findings are accurate, it is another stunning example of the extent to which AI techniques can reveal deeply personal information from the accumulation of otherwise mundane items that we willingly share online."

He added, "I can’t imagine how anyone could put the genie of big data and AI back into the bottle and blaming the technology deflects attention from the real threat which is prejudice, intolerance and the other demons of human nature."

For his part, Kosinski has defended his research, saying on Twitter that he's glad his and Wang's work has "inspired debate."

Glad to see that our work inspired debate. Your opinion would be stronger, have you read the paper and our notes: https://t.co/dmXFuk6LU6 pic.twitter.com/0O0e2jZWMn
— Michal Kosinski (@michalkosinski) September 8, 2017

The two also pushed back in a statement, in which they characterized criticism of their findings as coming from lawyers and communication officers lacking in scientific training.

"If our findings are wrong, we merely raised a false alarm," the statement reads. "However, if our results are correct, GLAAD and HRC representatives’ knee-jerk dismissal of the scientific findings puts at risk the very people for whom their organizations strive to advocate."
https://www.nbcnews.com/feature/nbc-...debate-n801026





Teen Sends Dick Pic to 22-Year-Old Woman, Now He’s a Child Pornographer

Washington Supreme Court: Child porn laws apply even if perp, victim are the same.
Cyrus Farivar

The Washington Supreme Court has upheld the conviction under state child porn laws of a 17-year-old boy who sent a picture of his own erect penis to a 22-year-old woman. The case illustrates a bizarre situation in which Eric Gray is both the perpetrator and the victim of the crime. Under state law, Gray could face up to 10 years in prison for the conviction.

On appeal, Gray's attorneys had argued that the language of the law was ambiguous—lawmakers did not anticipate a situation like this—and that the law was potentially in violation of the state and the federal constitutions. The court, in a 7-1 ruling, disagreed.

The majority opinion issued Thursday drew a distinction between this case and situations where teens are busted for consensually sexting one another—as Ars reported in 2015. (A Drexel University survey from 2014 found that, while the majority of teens sext with each other, an even higher percentage were unaware that engaging in such behavior could be prosecuted as child pornography.)

"We also understand the worry caused by a well-meaning law failing to adapt to changing technology," the court wrote.

"But our duty is to interpret the law as written and, if unambiguous, apply its plain meaning to the facts before us. Gray's actions fall within the statute's plain meaning. Because he was not a minor sending sexually explicit images to another consenting minor, we decline to analyze such a situation. The statute here is unambiguous. A 'person' is any person, including a minor. Images of a 'minor' are images of any minor. Nothing in the statute indicates that the 'person' and the 'minor' are necessarily different entities."

In a dissent, Justice Sheryl Gordon McCloud noted that Gray—who had already been registered as a sex offender for a separate crime and had been diagnosed with Asperger's Syndrome—would be better served not through incarceration but with proper medical and therapeutic treatment.

"The majority, however, holds that the statute takes the punitive approach to the depicted, vulnerable victim child," she wrote. "I can't believe the legislature intended that absurdity, either."

Tamar Birckhead, a Connecticut-based lawyer who has worked on numerous sexting-related cases, agreed. She e-mailed Ars that the court's ruling "does stretch credulity to claim that criminal prosecution of kids for sexting photos of their own bodies is a rational response."
https://arstechnica.com/tech-policy/...-pornographer/





EFF, ACLU Sue Over Warrantless Phone, Laptop Searches at U.S. Border
Press Release

Lawsuit on Behalf of 11 Travelers Challenges Unconstitutional Searches of Electronic Devices

Boston, Massachusetts—The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) sued the Department of Homeland Security (DHS) today on behalf of 11 travelers whose smartphones and laptops were searched without warrants at the U.S. border.

The plaintiffs in the case are 10 U.S. citizens and one lawful permanent resident who hail from seven states and come from a variety of backgrounds. The lawsuit challenges the government’s fast-growing practice of searching travelers’ electronic devices without a warrant. It seeks to establish that the government must have a warrant based on probable cause to suspect a violation of immigration or customs laws before conducting such searches.

The plaintiffs include a military veteran, journalists, students, an artist, a NASA engineer, and a business owner. Several are Muslims or people of color. All were reentering the country from business or personal travel when border officers searched their devices. None were subsequently accused of any wrongdoing. Officers also confiscated and kept the devices of several plaintiffs for weeks or months—DHS has held one plaintiff’s device since January. EFF, ACLU, and the ACLU of Massachusetts are representing the 11 travelers.

“People now store their whole lives, including extremely sensitive personal and business matters, on their phones, tablets, and laptops, and it’s reasonable for them to carry these with them when they travel. It’s high time that the courts require the government to stop treating the border as a place where they can end-run the Constitution,” said EFF Staff Attorney Sophia Cope.

Plaintiff Diane Maye, a college professor and former U.S. Air Force officer, was detained for two hours at Miami International Airport when coming home from a vacation in Europe in June. “I felt humiliated and violated. I worried that border officers would read my email messages and texts, and look at my photos,” she said. “This was my life, and a border officer held it in the palm of his hand. I joined this lawsuit because I strongly believe the government shouldn’t have the unfettered power to invade your privacy.”

Plaintiff Sidd Bikkannavar, an engineer for NASA’s Jet Propulsion Laboratory in California, was detained at the Houston airport on the way home from vacation in Chile. A U.S. Customs and Border Protection (CPB) officer demanded that he reveal the password for his phone. The officer returned the phone a half-hour later, saying that it had been searched using “algorithms.”

Another plaintiff was subjected to violence. Akram Shibly, an independent filmmaker who lives in upstate New York, was crossing the U.S.-Canada border after a social outing in the Toronto area in January when a CBP officer ordered him to hand over his phone. CBP had just searched his phone three days earlier when he was returning from a work trip in Toronto, so Shibly declined. Officers then physically restrained him, with one choking him and another holding his legs, and took his phone from his pocket. They kept the phone, which was already unlocked, for over an hour before giving it back.

“I joined this lawsuit so other people don’t have to have to go through what happened to me,” Shibly said. “Border agents should not be able to coerce people into providing access to their phones, physically or otherwise.”

The number of electronic device searches at the border began increasing in 2016 and has grown even more under the Trump administration. CBP officers conducted nearly 15,000 electronic device searches in the first half of fiscal year 2017, putting CBP on track to conduct more than three times the number of searches than in fiscal year 2015 (8,503) and some 50 percent more than in fiscal year 2016 (19,033).

“The government cannot use the border as a dragnet to search through our private data,” said ACLU attorney Esha Bhandari. “Our electronic devices contain massive amounts of information that can paint a detailed picture of our personal lives, including emails, texts, contact lists, photos, work documents, and medical or financial records. The Fourth Amendment requires that the government get a warrant before it can search the contents of smartphones and laptops at the border.”

Below is a full list of the plaintiffs:

• Ghassan and Nadia Alasaad are a married couple who live in Massachusetts, where he is a limousine driver and she is a nursing student.

• Suhaib Allababidi, who lives in Texas, owns and operates a business that sells security technology, including to federal government clients.

• Sidd Bikkannavar is an optical engineer for NASA’s Jet Propulsion Laboratory in California.

• Jeremy Dupin is a journalist living in Boston.

• Aaron Gach is an artist living in California.

• Isma’il Kushkush is a journalist living in Virginia.

• Diane Maye is a college professor and former captain in the U. S. Air Force living in Florida.

• Zainab Merchant, from Florida, is a writer and a graduate student at Harvard University.

• Akram Shibly is a filmmaker living in New York.

• Matthew Wright is a computer programmer in Colorado.

The case, Alasaad v. Duke, was filed in the U.S. District Court for the District of Massachusetts.

For the complaint:
https://www.eff.org/document/alasaad-v-duke-complaint

For more on this case and plaintiff profiles:
https://www.eff.org/cases/alasaad-v-duke

For more on digital security at the border:
https://www.eff.org/wp/digital-privacy-us-border-2017

https://www.eff.org/press/releases/e...less-phone-and





Lawmaker Tried Negotiating Deal with Trump to Help WikiLeaks Founder Julian Assange
David Choi

Rep. Dana Rohrabacher of California called White House Chief of Staff John Kelly this week to negotiate a deal to help WikiLeaks founder Julian Assange, The Wall Street Journal reported Friday.

The report claims that Rohrabacher, who chairs the House Foreign Affairs Subcommittee on Europe, Eurasia, and Emerging Threats, would have submitted evidence that Russia was not the source of the thousands of hacked emails published by WikiLeaks during the contentious 2016 US presidential election.

According to the plan, Rohrabacher would have presented a computer drive or other data-storage device that would supposedly contain evidence that would end speculation Russia was the perpetrator of the hacks.

"He would get nothing, obviously, if what he gave us was not proof," Rohrabacher said, in reference to Assange, The Journal reported.

A White House official confirmed that Rohrabacher talked to Kelly about his plan; however, Kelly reportedly turned him down and said that the plan "was best directed to the intelligence community." President Donald Trump was unaware of the details of Rohrabacher's plan, The Journal said.

Michael Tomasky writer for the Daily Beast wants Americans to consider what the outcry would be if Hillary Clinton had been elected and behaving like president elect Donald Trump has been. For one Trump is engaged in compromises and conflicts due to his business dealings, that seemingly have him in violation of the Constitution from his first day in office. Trump has also expressed that he views on his power as president similar to that of Richard

Kelly, who was named White House chief of staff after Reince Priebus' ouster, has become a sort of gate-keeper in the West Wing, stemming the flow of visitors and moderating the information that reaches Trump.

Assange is currently living out of an Ecuadorian embassy in London in order to dodge extradition to the US for leaking documents and was visited by Rohrabacher in August. Assange reportedly told him that "Russia was not behind" the Democratic National Committee's leaked emails, contrary to the conclusion reached by various US intelligence agencies.

Rohrabacher has been viewed as "Putin's favorite congressman" after making pro-Russian statements and holding meetings with Russian officials in Moscow. Prior to meeting with Assange in Ecuador, he was also accused of violating US sanctions against Russia.
http://www.newstimes.com/technology/...u-10799670.php





Sean Spicer and Chelsea Manning Join Harvard as Visiting Fellows
Liam Stack

Sean Spicer and Chelsea Manning are headed back to school. Sort of.

Spicer, President Donald Trump’s former White House press secretary, and Manning, a former U.S. soldier who served seven years in prison for leaking classified information, were named visiting fellows at the Institute of Politics at Harvard Kennedy School on Wednesday.

Needless to say, their politics differ considerably.

Spicer, a former spokesman for the Republican National Committee, objected when President Barack Obama commuted Manning’s 35-year prison sentence in January. He called it “disappointing” and said “it sends a very troubling message when it comes to the handling of classified information.”

Manning does not appear to be too fond of Spicer, either. Her appointment drew criticism Wednesday, and when Bill Kristol, the Weekly Standard editor, said, “I think I’ll forego IOP events this fall,” Manning replied: “Awesome! Can you ask Sean Spicer to do the same?”

These two unlikely classmates can take comfort from the fact that being a visiting fellow at the Institute of Politics is nothing like high school. They may not even come face to face. Visiting fellows travel to Harvard for what the school describes as “a limited yet comprehensive number of events” that “provide short-term engagement with the student community.”

They do not need to worry about the tyranny of gym class or the complicated politics of cafeteria seating. That may be for the best because the list of fellows for the 2017-18 academic year reads like a who’s who of the flashing cable news chyrons and distressing tweet storms that have dominated America’s polarized politics in recent years.

The other two fellows announced Wednesday alongside Spicer and Manning were Mayor Sylvester James Jr. of Kansas City, Missouri, a Democrat, and Robby Mook, Hillary Clinton’s 2016 campaign manager. The rest of the visiting fellows class, which was announced earlier this year, is packed with boldfaced names.

There are the cable morning show hosts and the outspoken Trump critics Mika Brzezinski and Joe Scarborough, who have been the targets of the president’s pre-dawn Twitter rage and used their show to question his fitness for office. Scarborough, a former Republican congressman from Florida, publicly left the party in July.

Karen Finney, a former spokeswoman for Clinton’s presidential campaign, will serve as a fellow alongside Jason Chaffetz. He is a former Republican congressman who investigated Clinton, was criticized for not doing the same with Trump and abruptly resigned from Congress in June. He is now a contributor on Fox News.

And then there is Corey Lewandowski, the former Trump campaign manager who resigned from that position after he was caught on video manhandling a protester in Tucson, Arizona, one month after the police in Florida charged him with simple battery for manhandling a reporter for Breitbart News.

Bill Delahunt, the acting director of the Institute of Politics, said in a statement that bringing together divergent voices like these was the point of the fellowship program, which was founded in 1966.

“Broadening the range and depth of opportunity for students to hear from and engage with experts, leaders and policy-shapers is a cornerstone of the Institute of Politics,” he said. “We welcome the breadth of thought-provoking viewpoints on race, gender, politics and the media.”

Spicer, who did not immediately respond to an email seeking comment Wednesday, will speak at events on the topic of White House communications, Delahunt said. Events featuring Manning, who came out as transgender while she was in prison, will look at lesbian, gay, bisexual and transgender issues.

An email seeking comment sent to her Wednesday was met with an automated reply: “Over the next few months, I’m focusing on settling in and do not plan to take any media interviews.”
https://www.boston.com/news/local-ne...siting-fellows





Ex-CIA Director Resigns From Harvard Over Chelsea Manning Hire
John Paul Brammer

Former CIA Acting Director Michael Morell announced his resignation Thursday as a senior fellow at the Harvard Kennedy School of Government over its hiring of Chelsea Manning as a visiting fellow.

"Unfortunately, I cannot be part of an organization — the Kennedy School — that honors a convicted felon and leaker of classified information, Ms. Chelsea Manning, by inviting her to be a Visiting Fellow at the Kennedy School's Institute of Politics," Morell wrote in a letter to the school's dean, Douglas Elmendorf.

"Ms. Manning was found guilty of 17 serious crimes, including six counts of espionage, for leaking hundreds of thousands of classified documents to Wikileaks, an entity that CIA Director Mike Pompeo says operates like an adversarial foreign intelligence service," Morell wrote.

Pompeo said in a letter to Harvard on Thursday that he backed Morell's decision, adding that he was withdrawing from a Harvard public forum later Thursday night.

While I have served my country as a soldier in the United States Army and will continue to defend Ms. Manning's right to offer a defense of why she chose this path, I believe it is shameful for Harvard to place its stamp of approval upon her treasonous actions," Pompeo wrote.

Like Pompeo, Morell stressed that he didn't take issue with Manning's gender identity.

"It is important to note that I fully support Ms. Manning's rights as a transgender American, including the right to serve our country in the U.S. military," Morell wrote, adding that he opposes President Donald Trump's ban on transgender service members.

"But it is my right, indeed my duty, to argue that the School's decision is wholly inappropriate and to protest it by resigning from the Kennedy School," he wrote.

Manning wasn't the only person announced as a visiting fellow this week. Harvard said former White House spokesman Sean Spicer also had been appointed.

"Broadening the range and depth of opportunity for students to hear from and engage with experts, leaders and policy-shapers is a cornerstone of the Institute of Politics," Bill Delhunt, acting director of the institute, said. "We welcome the breadth of thought-provoking viewpoints on race, gender, politics and the media."

Manning, a former Army intelligence analyst, was convicted of leaking a trove of military intelligence records and spent seven years in prison before President Barack Obama commuted her sentence in January.

Manning is appealing her conviction, and the lawyer handling her appeal, Nancy Hollander, disputed Morell's claims that Manning's actions had put the nation in danger.

"There's a quote from Secretary of Defense Gates about how people don't work with the U.S. because they like us or because they trust us, but because they fear us and respect us," she said in a phone interview, referring to Robert Gates, who led the Pentagon under Presidents George W. Bush and Barack Obama. "So maybe at most, the U.S. was embarrassed. They never identified a single person who was harmed."

Hollander said Manning's appointment at Harvard was "terrific for Chelsea and for Harvard and for the students."

"Of course she's not posing harm to anybody anywhere," Hollander said. "She did a public service."

The Harvard Kennedy School did not immed
https://www.nbcnews.com/feature/nbc-...g-hire-n801341





Chelsea Manning’s Fellowship Withdrawn by Harvard After Criticism
Matthew Haag

Facing harsh criticism, a Harvard dean said early Friday morning that he was revoking his invitation to Chelsea Manning, a former United States soldier convicted of leaking classified information, to be a visiting fellow at the university.

The sudden turnabout by the Harvard Kennedy School came after a day of intense backlash over the university’s announcement on Wednesday that Ms. Manning would become a visiting fellow at the Institute of Politics this school year. Douglas W. Elmendorf, the dean of the Harvard Kennedy School, said that while the university encourages a diversity of opinions and does not shy from controversy, naming Ms. Manning a fellow was a mistake for which he accepted responsibility.

“I see more clearly now that many people view a visiting fellow title as an honorific, so we should weigh that consideration when offering invitations,” Mr. Elmendorf wrote in a letter posted on the Harvard Kennedy School website early Friday morning. “I apologize to her and to the many concerned people from whom I have heard today for not recognizing upfront the full implications of our original invitation.”

Statement from Dean Elmendorf regarding the invitation to Chelsea Manning to be a Visiting Fellow https://t.co/nB1V05YmGt
— HarvardKennedySchool (@Kennedy_School) Sept. 15, 2017

Ms. Manning was among a group, including Sean Spicer, the former White House press secretary, named on Wednesday as visiting fellows at the Kennedy School. Fellows travel to Harvard to meet with students and discuss politics and other topics.

Mr. Elmendorf said the university had extended the fellowship to Ms. Manning, who was sentenced to 35 years in prison for providing classified information to WikiLeaks, because she fit the Kennedy School’s tradition of asking influential people to address students.

While the school is revoking the title of visiting fellow for Ms. Manning, she is still invited to spend a day at the school and speak at a forum, the dean said.

Ms. Manning commented on the development in a set of early morning tweets, writing that she was “honored” to be disinvited and that the institution was chilling “marginalized voices under C.I.A. pressure.”

honored to be 1st disinvited trans woman visiting @harvard fellow they chill marginalized voices under @cia pressure #WeGotThis https://t.co/7ViF3GaSec
— Chelsea E. Manning (@xychelsea) Sept. 15, 2017

In another tweet, she contrasted herself with former Trump staffers like Mr. Spicer and Corey Lewandowski, the president’s former campaign manager, who was also named a visiting fellow.

so @harvard says @seanspicer & @Clewandowski_ bring “something to the table and add something to the conversation” and not me #WeGotThis
— Chelsea E. Manning (@xychelsea) Sept. 15, 2017

Chase Strangio, a lawyer for Ms. Manning, wrote in a statement that the decision to withdraw the invitation “in the middle of the night without coherent explanation is disgraceful even for Harvard” and also accused the school of being beholden to the C.I.A.

The decision by the Kennedy School followed forceful denunciations by a former top official at the C.I.A. and the current director at the agency.

Michael J. Morell, a deputy director at the intelligence agency under President Barack Obama, resigned as a fellow on Thursday, calling the invitation to Ms. Manning “wholly inappropriate.” He said it “honors a convicted felon and leaker of classified information.”

“It is my right, indeed my duty, to argue that the school’s decision is wholly inappropriate and to protest it by resigning from the Kennedy School,” Mr. Morell wrote to Mr. Elmendorf. The letter was obtained and reported on by CBS News, where Mr. Morell is a national security contributor.

Mr. Morell did not respond to an email Thursday night, and the Kennedy School did not respond to a request for comment.

Later on Thursday, the director of the C.I.A., Mike Pompeo, withdrew from a Harvard forum he was scheduled to participate in that night, citing Ms. Manning’s fellowship as the reason.

“Ms. Manning betrayed her country,” Mr. Pompeo, who graduated from Harvard Law School, wrote in a letter to a Kennedy School official, adding that he commended Mr. Morell’s decision to resign.

He added, “It has everything to do with her identity as a traitor to the United States of America and my loyalty to the officers of the C.I.A.”

Ms. Manning was convicted in 2010 for giving WikiLeaks hundreds of thousands of classified diplomatic cables and military reports from the wars in Afghanistan and Iraq. Mr. Obama commuted her sentence in January as one of his final acts as president, and she was released in May.

Since 2013, Mr. Morell had served as a nonresident senior fellow at the Belfer Center for Science and International Affairs, which is also part of the Kennedy School. In his letter, Mr. Morell said he worried that Ms. Manning’s actions would “encourage others to leak classified information as well.”

“I have an obligation to my conscience,” he wrote.

Jonah Engel Bromwich and Matthew Rosenberg contributed reporting.
https://www.nytimes.com/2017/09/14/u...ellow-cia.html





Murdochs' Sky Takeover Bid to be Referred to Competition Watchdog

Culture secretary says she is minded to refer £11.7bn deal to regulator over media plurality and broadcasting standards
Graham Ruddick

The Murdochs face the biggest investigation into their record as media owners since the Leveson inquiry after the culture secretary said their proposed £11.7bn takeover of Sky should face a further six-month inquiry.

Karen Bradley surprised MPs by announcing that she was minded to refer 21st Century Fox’s planned takeover of Sky to the Competition and Markets Authority on the grounds of their commitment to broadcasting standards, as well as on the expected grounds of media plurality.

It means the Murdochs face an investigation not only into their media power in Britain but into their track record as broadcasters and publishers and their commitment to high editorial standards in both the UK and the US.

Fox is controlled by Rupert Murdoch and his sons Lachlan and James. If the Fox bid is successful and it owns all of Sky then the satellite broadcaster will join the Sun, the Times and talkRadio in the Murdochs’ wider British media empire, giving the family a bigger reach than any news provider apart from the BBC.

Audience reach of news providers in the UK

It had been expected that Bradley would order an inquiry by the competition regulator on the grounds of media plurality. But the minister effectively overruled Ofcom, the media regulator, in also calling for a broadcasting standards investigation after misconduct allegations at Fox News in the US.

Correspondence between Bradley and Ofcom revealed that the minister raised concerns about both a string of sexual harassment allegations at Fox News and claims that the broadcaster colluded with the White House on a discredited story that the murdered Democrat aide Seth Rich was the source of leaked emails.

Bradley told parliament that the existence of “non-fanciful concerns” about compliance procedures at Fox News and corporate governance at the Murdochs’ companies meant the legal threshold for widening the investigation of the deal to broadcasting standards had been met.

“The fact that Fox belatedly established such [compliance] procedures does not ease my concerns, nor does Fox’s compliance history,” Bradley said.

“Third parties also raised concerns about what they termed the ‘Foxification’ of Fox-owned news outlets internationally. On the evidence before me, I am not able to conclude that this raises non-fanciful concerns.

“However, I consider it important that entities which adopt controversial or partisan approaches to news and current affairs in other jurisdictions should, at the same time, have a genuine commitment to broadcasting standards here. These are matters the CMA may wish to consider in the event of a referral.”

Ofcom had said in a report published in June that the evidence available did not justify a broadcasting standards investigation and that Fox and Sky had a record of compliance in line with other major broadcasters.

Shares in Sky closed down almost 2% after Bradley’s announcement as concerns increased among investors about delays to the takeover and whether it would go ahead. There will be a 10-day consultation before Bradley makes her final decision. During this time, Sky and the Murdochs can make submissions to the government.

An investigation into the Murdochs’ commitment to broadcasting standards would be unprecedented for the CMA, which typically focuses on market share and consumer rights.

Wilton Fry, a media analyst at Royal Bank of Canada, said: “The CMA is likely to look at the relationship between Fox, the Murdoch family and control of the organisation. We believe the issues raised – such as potential undue influence, corporate governance etc - should all be able to be resolved via either behavioral and/or structural remedies.

“The real question in our mind, is where is the point of pain, at which point Fox would not be willing to accept the remedies - very tough remedies could include, for example, a prohibition on James Murdoch’s executive powers given his prior relationship with News Corp at the time of the phone-hacking scandal.”

Fox said it was disappointed that Bradley had not followed the advice of Ofcom. “As the correspondence between DCMS and Ofcom makes clear, we do not believe that there are grounds for the secretary of state to change her previous position.”

However, Labour welcomed the prospect of an investigation on the grounds of broadcasting standards.

Tom Watson, the deputy leader, said: “I think it’s the first time a minister in the current government has ever stood in the way of what the Murdochs want, and frankly not before time, so, well done,” he said. “As they say in the Black Country, she’s [Bradley] a good ‘un.”

Ed Miliband, the former Labour leader, criticised Ofcom’s handling of the Sky deal as well as comments made by the regulator in a letter to Bradley that recent complaints about Fox News – including programmes covering its Seth Rich story – were not a breach of the broadcasting code because the shows in question were not news programmes.

“Ofcom is less alert about the danger of the Murdochs than the Conservative secretary of state,” he said. “They are far too credulous and gullible about the Murdochs.”

Ofcom said: “As an independent regulator we act without fear or favour, free from political or commercial influence. We provided independent and evidence-based advice, and it is then right for the secretary of state to use her statutory discretion to reach a decision.”

Fox News has become increasingly troublesome for the Murdochs as they attempt to buy Sky and it was announced last month that it would no longer be broadcast in the UK for “commercial reasons”.

A sexual harassment scandal at Fox News has led to a string of high-profile figures leaving, including the chairman Roger Ailes, who has since died, and leading presenter Bill O’Reilly. Critics of the Murdochs have also compared the Rich story with the News of the World hacking the phone of murdered schoolgirl Milly Dowler because of the distress it caused the victim’s family. Fox News denies colluding with the White House on the story.
https://www.theguardian.com/business...ition-watchdog





Beijing Crypto-Currency Exchanges Told to Announce Trading Stop by Friday: Securities Times

Chinese authorities have ordered Beijing-based crypto-currency exchanges to cease trading and to tell users by Friday about when trading will end, the Securities Times newspaper reported citing industry sources and a government notice.

The newspaper said the Beijing city regulator held talks with crypto-currency exchanges in the city on Friday.

It also cited another notice issued by a Beijing city group in charge of overseeing internet finance risks as saying exchanges must announce an immediate stop to new user registrations by Friday.

A source familiar with the notice told Reuters that the government order was authentic.

Reporting by Brenda Goh; Additional Reporting by Bi Xiaowen
https://uk.reuters.com/article/us-bi...-idUKKCN1BQ17T





Malvertising Campaign Mines Cryptocurrency Right in Your Browser
Catalin Cimpanu

Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers, without their knowledge.

Crooks are currently deploying this technique on Russian and Ukrainian websites, but expect this trend to spread to other regions of the globe.

Malicious ads delivered on gaming and streaming sites

The way crooks pulled this off was by using an online advertising company that allows them to deploy ads with custom JavaScript code.

The JavaScript code is a modified version of MineCrunch (also known as Web Miner), a script released in 2014 that can mine cryptocurrencies using JavaScript code executed inside the browser.

Cryptocurrency mining operations are notoriously resource-intensive and tend to slow down a user's computer. To avoid raising suspicion, crooks delivered malicious ads mainly on video streaming and browser-based gaming sites.

Both types of sites use lots of resources, and users wouldn't get suspicious when their computer slowed down while accessing the site. Furthermore, users tend to linger more on browser games and video streaming services, allowing the mining script to do its job and generate profits for the crooks.

Crooks mined Monero, Zcash, others

ESET, the security firm that discovered the malvertising campaign, says the JavaScript mining scripts were capable of mining for Monero, Feathercoin, and Litecoin.

Crooks appear to have used only the Monero mining feature. The Litecoin miner configuration was left blank, while the Feathercoin miner was left in its default config, using the same Feathercoin address from this demo page hosted on GitHub.

Furthermore, researchers also spotted a campaign that mined for Zcash. This campaign appears to have been managed by a different group, and they didn't use malicious ads but instead hosted the JavaScript mining code on the site itself. It is unclear if the site was hacked or the site's admins were knowingly hosting the Zcash miner on their domain.

Based on the number of DNS lookups for domains associated with the campaign mining Monero, ESET says the malvertising domains received as much DNS lookup traffic as Github's Gist service.

Ad blockers twarth some JavaScript mining operations

The good news is that users can protect themselves against surreptitious JS-based cryptocurrency miners hidden in ad code by using an ad blocker.

The mining operation also stops once users leave the site, and no extra clean-up is needed to remove malware from computers.

Ad blockers won't help if the JavaScript mining code loads from outside of designated ad slots/domains — the case when website owners host and load the script from their own domains.

Not the first time it happened

Browser-based miners aren't anything new. The Bitp.it service experimented with something like this in 2011, but the service eventually shut down.

In 2015, the New Jersey Attorney General’s office shut down a company called Tidbit that was offering website owners a way to mine cryptocurrency on the computers of site visitors. Authorities argued that this was illegal, on the same level as hacking, because Tidbit or website owners didn't ask for specific permission to carry out such intrusive operations.

Cryptocurrency mining is a lucrative business for malware authors. According to a recent report, at least 1.65 million computers have been infected with cryptocurrency mining malware this year so far.

Security researchers can find a breakdown of the malvertising infection chain, along with indicators of compromise, in ESET reports available here.
https://www.bleepingcomputer.com/new...-your-browser/





Wisconsin Senate Approves $3 Billion for Foxconn
Scott Bauer

The Wisconsin Senate approved nearly $3 billion in cash payments for Foxconn Technology Group on Tuesday, while also giving the Taiwanese company a slightly less expedited path to the state Supreme Court for certain legal challenges related to a planned massive electronics manufacturing factory.

Foxconn plans to invest up to $10 billion to build a flat-screen production factory in Wisconsin that would initially employ 3,000 but the company said could grow to 13,000. The proposed subsidy — which now heads to the state Assembly for a final vote Thursday — would be the largest ever from a U.S. state to a foreign company and 10 times bigger than anything Wisconsin has extended to a private business.

The Republican-controlled Senate discounted Democratic concerns that there weren't enough protections for taxpayers under the unprecedented incentive package. It would take 25 years for taxpayers to see a return on the investment, the nonpartisan Legislative Fiscal Bureau said.

"Taxpayers know it's going to cost them $3 billion but they have no idea what they're buying," said Sen. Jon Erpenbach, a Democrat from Middleton, during debate. "There are no guarantees in this legislation and we don't even know what we're buying."

Republican Sen. Alberta Darling, co-chair of the Legislature's budget committee, urged Democrats to get on board with a project she said was both a good deal for taxpayers and would be transformational for the state by making it a leader in the advanced manufacturing world.

"Passing this up would be a huge mistake," she said.

The Senate passed it on a 20-13 vote with 19 Republicans in support along with Democratic Sen. Bob Wirch, of Pleasant Prairie, which is near where the plant plans to locate. Twelve Democrats and Republican Sen. Rob Cowles, of Allouez, voted against it.

Republicans changed the bill to give the Wisconsin Supreme Court the option to take appeals related to the Foxconn project directly from the circuit court and speed up filing requirements for attorneys. The bill as amended by committee last week required the Supreme Court to take all appeals directly from the circuit court, skipping the state appeals court. Legal experts had questioned the constitutionality of such a move.

Madison attorney Lester Pines said the new approach still raises constitutional questions about separation of powers. The lower court decision would be automatically suspended during the appeal.

It would apply to appeals of circuit court rulings related to decisions made by a state or local official or entity related to the Foxconn project.

"This is bad for democracy, bad for our government, bad for the whole process," Democratic Sen. Fred Risser said.

A dozen Democratic changes pushed Tuesday and rejected by Republicans sought to prioritize Wisconsin workers and businesses, protect taxpayers from overpayments to Foxconn and increase environmental oversight.

Under the bill, Foxconn would receive $2.85 billion in cash payments over 15 years if it invests $10 billion in the state and employs 13,000 people. It could also qualify for $150 million in sales tax exemptions for construction equipment.

Republican Gov. Scott Walker, who led negotiations on the deal, faces a deadline under terms of the agreement to sign a bill by the end of the month.

Walker and other supporters say Foxconn is giving the state a once-in-a-lifetime opportunity to get a foothold in the world electronics market. Foxconn is the largest contract maker of electronics, best known for making iPhones, but with a long list of customers including Sony Corp., Dell Inc. and BlackBerry Ltd.

The Wisconsin plant would be the first outside of Asia to construct liquid crystal display panels for televisions, computers and other uses. Foxconn wants to open the factory by 2020 and initially employ 3,000 people.

Environmental groups and others concerned with waiving certain state regulations to speed construction of the plant have been threatening to file lawsuits. Foxconn would be allowed to build in wetland and waterways and construct its 20-million-square-foot (1.86-million -square-meter) campus without first doing an environmental impact statement.

Foxconn was eyeing locations in southeastern Wisconsin, in between Milwaukee and Chicago. On Monday, the mayor of Kenosha sent a letter to Walker saying the bill didn't do enough to make it possible for the city to support the project, leaving Racine County as the likely home to the factory, although no exact location has been announced.

___

Follow Scott Bauer on Twitter at https://twitter.com/sbauerAP
http://www.newstimes.com/news/crime/...n-12190271.php

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

September 9th, September 2nd, August 26th, August 19th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - November 24th, '12 JackSpratts Peer to Peer 0 21-11-12 09:20 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 03:40 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)