P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 11-02-15, 09:17 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - February 14th, '15

Since 2002


































"The easiest way for leaders to manage public outcry is to put on an elaborate performance of mock reform." – Bill Blunden


"The tricky thing with information-sharing is that it is about trust. Information-sharing becomes pretty hard to do once trust is lost." – Eric Grosse


"What has struck me is the enormous degree of hostility between Silicon Valley and the government. The relationship has been poisoned, and it’s not going to recover anytime soon." – Herb Lin


"Key to security is to minimize data collection and adopt robust security measures. If they can’t protect it, they shouldn’t collect it." – Marc Rotenberg






































February 14th, 2015




Go to Prison for Sharing Files? That's What Hollywood Wants in the Secret TPP Deal
Maira Sutton

The Trans-Pacific Partnership agreement (TPP) poses massive threats to users in a dizzying number of ways. It will force other TPP signatories to accept the United States' excessive copyright terms of a minimum of life of the author plus 70 years, while locking the US to the same lengths so it will be harder to shorten them in the future. It contains extreme DRM anti-circumvention provisions that will make it a crime to tinker with, hack, re-sell, preserve, and otherwise control any number of digital files and devices that you own. The TPP will encourage ISPs to monitor and police their users, likely leading to more censorship measures such as the blockage and filtering of content online in the name of copyright enforcement. And in the most recent leak of the TPP's Intellectual Property chapter, we found an even more alarming provision on trade secrets that could be used to crackdown on journalists and whistleblowers who report on corporate wrongdoing.

Here, we'd like to explore yet another set of rules in TPP that will chill users' rights. Those are the criminal enforcement provisions, which based upon the latest leak from May 2014 is still a contested and unresolved issue. It's about whether users could be jailed or hit with debilitating fines over allegations of copyright infringement.

Dangerously Low Threshold of Criminality

The US is pushing for a dangerously broad definition of a criminal violation of copyright, where even noncommercial activities could get people convicted of a crime. The leak also shows that Canada has opposed this definition. Canada supports language in which criminal remedies would only apply to cases where someone infringed explicitly for commercial purposes.

This distinction is crucial. Commercial infringement, where an infringer sells unauthorized copies of content for financial gain, is and should be a crime. But that's not what the US is pushing for—it's trying to get language passed in TPP that would make a criminal out of anyone who simply shares or otherwise makes available copyrighted works on a “commercial scale.”

As anyone who has ever had a meme go viral knows, it is very easy to distribute content on a commercial scale online, even without it being a money-making operation. That means fans who distribute subtitles to foreign movies or anime, or archivists and librarians who preserve and upload old books, videos, games, or music, could go to jail or face huge fines for their work. Someone who makes a remix film and puts it online could be under threat. Such a broad definition is ripe for abuse, and we've seen such abuse happen many times before.

Fair use, and other copyright exceptions and limitations frameworks like fair dealing, have been under constant attack by rightsholder groups who try to undermine and chip away at our rights as users to do things with copyrighted content. Given this reality, these criminal enforcement rules could go further to intimidate and discourage users from exercising their rights to use and share content for purposes such as parody, education, and access for the disabled.

Penalties That Must be "Sufficiently High"

The penalties themselves could be enough to intimidate and punish users in a way that is grossly disproportionate to the crime. Based upon the leak, which showed no opposition in key sections, it seems TPP negotiators have already agreed to more vague provisions that would oblige countries to enact prison sentences and monetary fines that are "sufficiently high" to deter people from infringing again. Here is the text:

penalties that include sentences of imprisonment as well as monetary fines sufficiently high to provide a deterrent to future acts of infringement, consistently with the level of penalties applied for crimes of a corresponding gravity;

Already in many countries, criminal punishments for copyright grossly outweigh penalties for acts that are comparatively more harmful to others. So the question as to what crimes copyright infringement corresponds to in "gravity" is obscure. What's more alarming is that countries without existing criminal penalties or whose penalties are not "sufficiently high" to satisfy the US government, may be forced to enact harsher rules. The US Trade Representative (USTR) could use the certification process, at the behest of rightsholder groups, to arm-twist nations into passing more severe penalties, even after the TPP is signed and ratified. The USTR has had a long history of pressuring other nations into enacting extreme IP policies, so it would not be out of the realm of possibility.

Property Seizure and Asset Forfeiture

The TPP's copyright provisions even require countries to enable judges to unilaterally order the seizure, destruction, or forfeiture of anything that can be "traceable to infringing activity", has been used in the "creation of pirated copyright goods", or is "documentary evidence relevant to the alleged offense". Under such obligations, law enforcement could become ever more empowered to seize laptops, servers, or even domain names.

Domain name seizure in the name of copyright enforcement is not new to us in the US, nor to people running websites from abroad. But these provisions open the door to the passage of ever more oppressive measures to enable governments to get an order from a judge to seize websites and devices. The provision also says that the government can act even without a formal complaint from the copyright holder. So in places where the government chooses to use the force of copyright to censor its critics, this could be even more disastrous.

Criminalization of Getting Around DRM

We've continued to raise this issue, but it's always worth mentioning—the TPP exports the United States' criminal laws on digital rights management, or DRM. The TPP could lead to policies where users will be charged with crimes for circumventing, or sharing knowledge or tools on how to circumvent DRM for financial gain as long as they have "reasonable ground to know" that it's illegal to do so. Chile, however, opposes this vague language because it could lead to criminal penalties for innocent users.

The most recent leak of the Intellectual Property chapter revealed new exceptions that would let public interest organizations—such as libraries and educational institutions—get around DRM to access copyrighted content for uses protected by fair use or fair dealing, or content that may simply be in the public domain. But even if it's legal, it would be difficult for them to get around DRM since they may not be equipped with the knowledge to do it on their own. If someone else tries to do a public service for them by creating these tools for legally-protected purposes, they could still be put in jail or face huge fines.

Conclusion

Like the various other digital copyright enforcement provisions in TPP, the criminal enforcement language loosely reflects the United States' DMCA but is abstracted enough that the US can pressure other nations to enact rules that are much worse for users. It's therefore far from comforting when the White House claims that the TPP's copyright rules would not "change US law"—we're still exporting bad rules to other nations, while binding ourselves to obligations that may prevent US lawmakers from reforming it for the better. These rules were passed in the US through cycles of corrupt policy laundering. Now, the TPP is the latest step in this trend of increasingly draconian copyright rules passing through opaque, corporate-captured processes.

These excessive criminal copyright rules are what we get when Big Content has access to powerful, secretive rule-making institutions. We get rules that would send users to prison, force them to pay debilitating fines, or have their property seized or destroyed in the name of copyright enforcement. This is yet another reason why we need to stop the TPP—to put an end to this seemingly endless progression towards ever more chilling copyright restrictions and enforcement.

If you're in the US, please call on your representatives to oppose Fast Track for TPP and other undemocratic trade deals with harmful digital policies.
https://www.eff.org/deeplinks/2015/0...ecret-tpp-deal





Megaupload Programmer Pleads Guilty, Sentenced to a Year in Prison

Andrus Nõmm "was aware that copyright-infringing content was stored" on-site.
Cyrus Farivar

Federal prosecutors have achieved their first guilty plea and prison sentence in the Megaupload criminal case that has dragged on for over three years.

Andrus Nõmm—who was arrested this week in Virginia after years of fighting extradition in the Netherlands—pleaded guilty to felony copyright infringement. He was sentenced to a year and a day in federal prison, according to a press release issued by the Department of Justice on Friday.

“This conviction is a significant step forward in the largest criminal copyright case in U.S. history,” Assistant Attorney General Caldwell said in the statement. “The Mega conspirators are charged with massive worldwide online piracy of movies, music and other copyrighted U.S. works. We intend to see to it that all those responsible are held accountable for illegally enriching themselves by stealing the creative work of U.S. artists and creators.”

American criminal charges against the six co-defendants related to Megaupload, including Kim Dotcom, still remain pending. All of the Megaupload defendants (most notably founder Kim Dotcom) have been battling extradition and fighting the government's case from outside US borders. (Ars profiled Dotcom’s extradition efforts last month.)

On Twitter, Dotcom wrote:

The US Justice system: An innocent coder pleads guilty after 3 years of DOJ abuse, with no end in sight, in order to move on with his life.

— Kim Dotcom (@KimDotcom) February 13, 2015

I have nothing but compassion and understanding for Andrus Nomm and I hope he will soon be reunited with his son.

— Kim Dotcom (@KimDotcom) February 13, 2015


Prosecutors also added that Nõmm “agreed to waive his extradition hearing in the Netherlands, where he was arrested in January 2012, and plead guilty in the United States.”

The statement continued:

In court papers, Nomm agreed that the harm caused to copyright holders by the Mega Conspiracy’s criminal conduct exceeded $400 million. He further acknowledged that the group obtained at least $175 million in proceeds through their conduct. Megaupload.com had claimed that, at one time, it accounted for four percent of total Internet traffic, having more than one billion total visits, 150 million registered users and 50 million daily visitors.

In a statement of facts filed with his plea agreement, Nomm admitted that he was a computer programmer who worked for the Mega Conspiracy from 2007 until his arrest in January 2012. Nomm further admitted that, through his work as a computer programmer, he was aware that copyright-infringing content was stored on the websites, including copyright protected motion pictures and television programs, some of which contained the “FBI Anti-Piracy” warning. Nomm also admitted that he personally downloaded copyright-infringing files from the Mega websites. Despite his knowledge in this regard, Nomm continued to participate in the Mega Conspiracy.


Nõmm's attorney, Alan Yamamoto, did not immediately respond to Ars' request for comment.

In a comment sent to Ars by text message, Ira Rothken, Dotcom's chief global counsel, wrote:

The [Department of Justice] apparently used Andrus Nomm's weak financial condition and inability to fight back to manufacture a hollywood style publicity stunt in the form of a scripted guilty plea in court. The facts mentioned in court, like a lack of cloud filtering of copyrighted works, are civil secondary copyright issues, not criminal issues. The facts read off in court sound like the civil allegations against YouTube made by Viacom, and YouTube won. The plea deal appears to allow the [Department of Justice] to obtain testimony from Andrus Nomm under threats of an increased sentence if they take issue with his level of cooperation. If Andrus Nomm testifies truthfully including about the copyright neutral software code and robust notice and takedown system such testimony will help the defense.
http://arstechnica.com/tech-policy/2...ear-in-prison/





Torrent Site Kickass Seized
Matt Kamen

In the world of online piracy, it seems like it's one in, one out at the moment. While The Pirate Bay returned last week, Kickass Torrents has now been taken down via a domain name seizure.

The site, which was already blocked from direct UK access as a result of high court blocking orders, now turns up an error message when users attempt to access its Somali .so domain. A look at its Whois record shows the site listed as banned.

The Somali registry was seen as a safe haven for the site, away from copyright holders and their lawyers, but it appears the takedown was a result of a claim. Several other sites with a .so domain, including the unaffiliated scam site kickasstorrents.so, have also been taken down, which indicates a far-reaching block on any URL with "kickass" in it that is based in the country.

During the seven weeks and change that The Pirate Bay was offline, Kickass surged in popularity, becoming the number one torrent site on the internet. This higher profile may have inadvertently led to its takedown, with the higher traffic drawing attention from the authorities. However, Kickass Torrents has moved domains several times since its creation in 2008 and there's no reason to suspect the site owners won't do so again.

In the interim, it is actually something of a victory for the copyright industry, creating possibly the first significant hurdle for users looking to download content. The Pirate Bay isn't what it once was since its return -- fake torrents, a lack of new uploads, and no moderation has caused concern for users -- and with Kickass similarly out of commission, there's no comparable "all you can eat" torrent site easily accessible on a global basis.
http://www.wired.co.uk/news/archive/...-torrents-down


Note: Working Kickass Torrents can be found at https://kickass.to/ – Jack





RapidShare Calls it Quits: Veteran File-Sharing Site to Close in March 2015

For over 13 years, Switzerland-based site has fought hard to be seen as legitimate.
Cyrus Farivar

RapidShare, one of the longest-running file-sharing websites, has finally decided to close its doors.

On Tuesday, the Switzerland-based site abruptly announced that it will “stop the active service" on March 31. Neither the site nor its Germany-based lawyer, Daniel Raimer, immediately responded to Ars’ request for comment.

The site, which was founded in 2002, faced scrutiny from German courts, attempted to combat piracy, and even hired a Washington, DC-based lobbying firm in 2010. Back in 2008, a German deep packet inspection firm found that RapidShare "generates half of the [direct download link] traffic and therefore up to 5 percent of all Web traffic in some regions."

In a statement to Ars in the wake of the 2012 Megaupload raid, RapidShare's then-CEO Alexandra Zwingli argued that her firm was a wholesome, legal business. "RapidShare AG was founded in Switzerland and in fact, it was always located at the address given in the company details and was always run under real names without any anonymous intermediate businesses,” she wrote. “The radical measures against Megaupload were apparently required since the situation there had been totally different."

"We act rigidly against copyright infringement," Zwingli asserted. She added that the company has "established a constructive dialogue with politics and society in the United States and in other countries."

Just last month, it came out that the Communications Security Establishment—Canada's equivalent to the National Security Agency—targeted RapidShare users.

The Swiss tech news site PCTipp.ch reported (Google Translate) in February 2014 that RapidShare presented 23 of its 24 employees with an ultimatum: quit or be fired.
http://arstechnica.com/tech-policy/2...in-march-2015/





Startup Infinit Promises Faster File-Sharing for Windows Users
Mikael Ricknäs

French startup Infinit has released a Windows application for free file-sharing that uses peer-to-peer technology to improve transmission speeds.

The release of the Windows client on Thursday comes after the company’s launch of a Mac version in 2013. The two clients offer the same performance.

Infinit’s peer-to-peer technology, which does not require users to wait for files and folders to upload to the cloud before sharing them, makes the process of sharing all types of content between two people faster and easier than using services from the likes of Dropbox.

Transfers are between five and 30 times faster than cloud-based solutions, and there is no limitation on the file sizes, Baptiste Fradin, co-founder and chief operating officer at Infinit, said in an interview last year when the company was still beta testing the Windows version.

Transfers are especially fast when a file is sent between users on the same local network. A 2GB file can be transferred between two users in the same Wi-Fi network in about 10 minutes. The more bandwidth users have, the faster the transfers will be.

Privacy is improved because there are no central servers and the files are encrypted end to end.

While the app is used by a wide range of people, the startup’s growth has largely been fueled by graphic designers, filmmakers and sound producers, Infinit said. The company doesn’t want to reveal how many users it has; it says only that the Mac and Windows apps both have tens of thousands users.
http://www.pcworld.com/article/28838...ows-users.html





Confide 3.0 App Offers Leak-Proof File Sharing
Frederick Lane

One app that is attracting increased interest in the wake of the Sony hack is Confide, an app that developers say is specifically designed to "allow people to digitally communicate what they had historically only been comfortable saying on the phone or in-person."

In November, Sony Pictures Entertainment suffered a hack of confidential data from its servers so massive and headline-grabbing that it quickly merited its own Wikipedia entry. Much of the earlier coverage focused on the disclosure of high-level e-mails containing derogatory comments about various Hollywood stars (most notably Angelina Jolie).

Given the fallout from those revelations (including most recently the resignation of Amy Pascal, Sony's top film executive and one of the most quoted of the hacked e-mailers), it's not surprising that there is rising interest in communication tools that minimize or eliminate the risk of hacking.

Is Confide Truly Screenshot Proof?

In its first iteration, the Confide app was essentially like Snapchat for messages -- Snapchat being the popular app for sending a photo that then immediately disappears after being viewed. When one Confide user sent a message to another Confide user, the encrypted text would appear with a series of orange rectangles covering each word. To read the message, the recipient would drag a finger across the orange blocks, revealing the words underneath. Once the user read the message, it would self-destruct.

The Confide developers said that if someone tried to take a screenshot of the message, only a single line of text would be visible. Moreover, the instant someone took a screenshot, the app notified the sender and the message automatically self-destructed.
Earlier this week, Confide 3.0 was released, enabling users to attach a variety of documents and photos to the encrypted messages. The documents can only be opened a single time, and are viewed by dragging a finger across the attachment (much like dragging a finger across a fogged shower door). "After it has been read once, it is gone forever --  no copies, no forwarding, no screenshots -- no nothing," according to the developers.

However, it remains to be seen if Confide will fall prey to some of the same types of third-party data capture techniques that have plagued Snapchat.

Confide Plans for Enterprise Mode

In the meantime, Confide developers are looking to expand the app's functionality to include business-friendly features like integration with address books, distribution lists, and more expansive cloud storage integration.

We reached out to John Brod, Confide's co-founder and president, who told us that "Confide for Business" is expected to be available for enterprises in the next 60-90 days.

Greg Sterling, VP Strategy and Insights at Local Search Association, told us he's not surprised at the growing business interest in Confide.

"In this era of perpetual hacking and security breaches and corporate espionage, the appeal of this kind of thing gains momentum. It seems extreme but not quite as extreme as it did when it initially launched," Sterling said.

The ability to share information without creating a digital trail could backfire in some settings. It could prove highly valuable, for instance, to corporate spies or disgruntled employees who want to share information without being caught -- and offer greater deniability if they are. And the use of Confide by government officials would immediately raise serious concerns about public records acts or open meeting violations.

However, Brod does not believe those will be significant issues. "In terms of corporate or shareholder accountability, we do not see this as a replacement for e-mail but a complement," he said. "We see Confide disrupting or supplementing the business phone call. When people need to have sensitive discussions, they would have made phone calls or met in person, but as the Sony hack shows, sometimes they shoot off an e-mail. Confide is a safe replacement for that."
http://www.sci-tech-today.com/news/C...d=013001L7JPLB





VLC 2.2 Has Many Features Coming, But VLC 3.0 Will Be Even More Exciting
Michael Larabel

For those not closely following the development of the VLC open-source, cross-platform media player, the VLC 2.2.0 release is coming soon while further out is VLC 3.0 and it will be even more magical.

Two weekends ago an update on VLC was shared during a presentation in Brussels at FOSDEM. Jean-Baptiste Kempf covered VLC's continued vibrant development and features that are coming for VLC 2.2 along with VLC 3.0.

VLC 2.2.0 will feature automatic, GPU-accelerated video rotation support, extension improvements, resume handling, support for new codecs/formats and rewrites to some of the existing formats, VDPAU GPU zero-copy support, x265 encoder support, etc. Back on 31 January it was said VLC 2.2.0 would come "next week", but that didn't pan out. In VLC 2.2 Git the latest version was 2.2-rc2 from two months ago, though it does look like VLC 2.2.0 will be officially released quite soon.

Further out is VLC 3.0.0 and it will have Wayland support, GPU zero-copy support for OpenMAX IL, ARIB subtitle support, HEVC / VP9 hardware decoding on Android, a rework of the MP4 and TS demuxers, and browsing improvements. The VLC FOSDEM 2015 presentation can be viewed in PDF form.

Via this Git page is also a more extensive list of the VLC 2.2 and VLC 3.0 changes right now. Some of the other listed VLC 2.2 changes include more modules being licensed now under LGPLv2.1+ rather than GPLv2+, Blu-ray improvements, Digital Cinema Package support, support for Core Audio Format files, a 3D OpenGL spectrum visualization, and security fixes. Other VLC 3.0 Git improvements include the work on Wayland support, support for HTTP Dynamic Streaming (HDS) from Adobe, a screen capture plug-in for Wayland, support for Daala video, a Daala in Ogg muxer, batch covert support in the Qt interface, libVLC improvements, and support for the systemd journal.
http://www.phoronix.com/scan.php?pag...0-Media-Player





A Few Global Cultural Treasures We Will Lose For 20 Years Under the TPP
Jeremy Malcolm

What do Japan's Blue Sky Library, Malaysia's answer to John Wayne, and the first recorded composer from New Zealand, all have in common? They could all disappear from their countries' public domain for the next 20 years, if the current agreement on copyright term extension in the Trans-Pacific Partnership (TPP) holds.

You may have read in the news over the past year about how the public domain has recently been enriched with some exciting new additions, such as Sherlock Holmes and—in countries with shorter copyright terms, such as Canada—James Bond, passing out of copyright, freeing them for reissue, adaptation, and remix.

But what you probably haven't heard before is that six of the countries presently negotiating the TPP, and who have reportedly caved in and agreed on copyright term extension, would have been about to contribute cultural icons of their own to the public domain, enriching their own countries and the world with home-grown art, music, and film that is otherwise at risk of being forgotten.

These countries are Brunei, Canada, New Zealand, Malaysia, Japan, and Vietnam. Each of these fascinating countries has such a depth of creative talent that an entire article could easily be devoted to each of them, exploring the public domain works that the world can look forward to—or that we will miss out on for another 20 years, if the TPP passes. But for now, a little taste from each country will have to do.

Canada

The Group of Seven were an art movement of the early 20th century whose distinctively Canadian landscape paintings are collected in galleries around Canada and the world. In the United States only one of the members of the group died long enough ago that his works have reached the public domain, but in Canada it is a different story—within a decade, the entire artistic output of the Group of Seven will be freely available to the public, allowing anyone to restore, reproduce and share these timeless masterpieces.

That is, unless the TPP is passed and the term of copyright in Canada is extended. In that case, you can hold your breath for another twenty years.

New Zealand

Since 2010, New Zealanders have finally been able to perform and reuse the works of their most important yet under-appreciated early composer, Alfred Hill, without asking for permission from his estate. Hill was the very first antipodean composer to have a chamber work committed to record, and some of those same precious early recordings have been preserved by the National Archive of Australia, and brought to the world free of copyright restrictions.

Although these crackly old recordings may not seem to be of wide interest in themselves, imagine the potential for these works to be brought back to life in another medium such as film, as the songs of Annette Hanshaw were in Nina Paley's masterful Sita Sings the Blues.

Malaysia and Brunei

Actor, director, writer and composer P. Ramlee is truly a Malaysian superstar, who starred in over 60 movies during Malay filmmaking's golden age in the 1950s and 1960s. He remains a cult figure in Malaysia, Brunei and Singapore—John Wayne may have a star on Hollywood's Walk of Fame, but Ramlee has an entire street in central Kuala Lumpur. Although he died in 1973, many of his films have already come out of copyright in Malaysia and Brunei, and others continue to do so. An example is Seniman Bujang Lapok (The Three Worn Out Actor Bachelors), a metafictional comedy from 1961 that Ramlee also wrote, directed, and composed for.

A point of note is that in most of the TPP countries (Canada a notable exception), films are protected from the date of publication, not from the death of the author. That makes an enormous difference, when the “author” of a film can include whoever is the longest-lived of the the principal director, the author of the screenplay, the author of the dialogue, and the composer of its soundtrack. This is why so few European films have ever reached the public domain, and why Malaysian and Bruneian film lovers are far more fortunate—for now.

Japan

Just as the United States has its well-known Project Gutenburg that digitizes and distributes public domain literature, so too other TPP countries such as Australia, Canada and New Zealand have sister projects that focus on works from local authors, as well as those that can legally be made available sooner to residents of those countries that have shorter copyright terms. Japan has such an archive also; the Aozora Bunko, which translates as Blue Sky Library.

Over the last three years, Aozora Bunko has celebrated the release of classic works from authors such as historical novelist Eiji Yoshikawa, philosopher Kiyoshi Miki, and poet Tatsuji Miyoshi. But the curators of the archive are worried about its future, with the shadow of copyright term extension under the TPP, noting that of 572 authors whose works they have published, about half would have to be taken offline if the copyright term is extended retroactively. (Even if not retroactive, the extension of copyright would mean no new Aozora Bunko releases until 2036.)

Vietnam

Under a regime in which copyright in film lasts for 50 rather than 70 years from publication, films made in 1965 are now coming out of copyright. In the case of Vietnam, this of course falls in the middle of the Vietnam War, and for this reason the Vietnamese films of that period, which include both documentaries and dramas, are of immense historical and cultural interest.

Such a film, due to return to the public domain next year, is Nổi gió (Rising Wind), directed by Huy Thành, which jointly won the Golden Lotus award for best feature film at the inaugural Vietnam Film Festival in 1970. Considered as the first movie of Vietnam's revolutionary cinema, and adapted from a play of the same name, it tells the tragic story of a family torn apart by war, from a very different perspective than shown in American films from that period or since.

Why Should Americans Care?

It might be assumed that an extension of the copyright term in the TPP wouldn't affect the United States, because our law already provides for that same copyright term. But although the impact might not be so immediate, the United States would still lose; for one thing, it would lose the flexibility to reduce its own copyright term back to the Berne Convention minimum term of life plus 50 years.

This isn't such an unlikely prospect as you might think. Maria Pallante, Register of Copyrights, wrote in 2013 about her vision of the Next Great Copyright Act, including the suggestion that:

perhaps the law could shift the burden of the last twenty years from the user to the copyright owner, so that at least in some instances, copyright owners would have to assert their continued interest in exploiting the work by registering with the Copyright Office in a timely manner. And if they did not, the works would enter the public domain.

In her draft report for the European Parliament, Julia Reda went further, suggesting that the European Commission “harmonise the term of protection of copyright to a duration that does not exceed the current international standards set out in the Berne Convention” (ie. 50 years from death). So our lawmakers should not be too hasty in ruling out the future reform of the copyright term, by cementing current law into a multilateral trade agreement.

It is true that the US already has trade deals with other countries that do require a life plus 70 year minimum—but these are largely with countries (such as Jordan, Australia, and Singapore) who were forced into changing their own law as a cost of entry into that agreement, even against the recommendations of their own domestic advisers. Those countries would hardly be likely to put up much of a fight if the US acceded to a joint relaxation of the copyright term obligation.

But if the US locks the same obligation into the TPP and TTIP (Trans-Atlantic Trade and Investment Partnership), that dynamic changes, and it will become much more difficult for the United States to reconsider later down the road, without the much more complicated task of coordinating this with both the copyright-maximalist European Commission as well as eleven other countries of the Pacific rim.1

The Good News

So that's the bad news. But there's also some very good news: any of the six countries above can stop this deal! If even one of the countries—Brunei, Canada, Japan, Malaysia, New Zealand or Vietnam— is brave enough to stand up to the United States and block the extension of the copyright term, then that ill-advised deal could still fall through. If you are from one of those countries, you can call your Member of Parliament, or your trade ministry,2 and demand that they save the public domain, by retaining the life plus 50 year copyright term that is your right under the Berne Convention. If you are in the US, your best avenue to stop term extension, and the TPP's other anti-user threats, is to support our Fast Track action.
https://www.eff.org/deeplinks/2015/0...ears-under-tpp





Rep. Nadler to Music Industry: Get It Together on Copyright Issues
Ben Sisario

The events leading up to the Grammy Awards have plenty of glamour and glitz. But there are also industry gatherings over important but decidedly unglamorous topics like online royalty rates and legislation.

On Friday, Representative Jerrold Nadler, a New York Democrat who has been a longtime friend to the entertainment industry, spoke at a Grammy-related lunch for lawyers and executives about some of the challenges facing music interests in Washington. He was encouraging, but had a stern message for an industry that has its share of internecine squabbles: get yourself on the same page if you want to accomplish anything.

“I implore you,” Mr. Nadler said at the event, the annual Entertainment Law Initiative luncheon. “When it comes to legislation, the issues are too important and the opposition too powerful for you to win as a divided community.”

He added: “If the industry is not united it will not be well represented or able to participate adequately in the discussions going on in the halls of Congress. These discussions are going to happen with or without you.”

Mr. Nadler is the ranking Democrat on the House Judiciary’s subcommittee on courts, intellectual property and the Internet, the subcommittee that last year held hearings on music licensing issues.

The issues Mr. Nadler is referring to are an array of lawsuits, rate-setting trials, regulatory reviews and lobbying discussions going on now, a result of the complex way that federal music copyright has developed over the last century. The problems in this system have become more apparent with the rise of digital technologies, and various players in media technology now say that the system is broken, even if they often disagree fiercely over how to fix it.

Case in point: the vagaries surrounding who gets paid what, depending upon which service sends a given song through your car stereo. If that song is played through traditional AM/FM radio, only the songwriters collect royalties, a longstanding policy that has riled record labels for decades. (Mr. Nadler made a particular pitch for changing this to the cheers of the lawyers in the crowd, many of whom represent recording artists.) If that song is played on Sirius XM or on Pandora, both the songwriters and the performers are paid, but at significantly different rates that are set through different legal processes. And if the song is played on Spotify through a smartphone, there are still different royalty rates, reached through different means.

“From the development of player pianos and phonograph records to the advent of radio and the Internet,” Mr. Nadler said, “the law is a patchwork of reactions to changing technologies.”

There is a growing push for changes to the system, but various sides of the music industry have clashed with one another over how to make those changes. Neil Portnow, the chief executive of the National Academy of Recording Arts and Sciences, the organization behind the Grammys, has called for a single omnibus bill in Congress to fix music copyright, but so far no clear consensus has emerged.

Mr. Nadler’s comments came a day after the United States Copyright Office made a long-awaited set of proposals for changes to music copyright. Among its changes are royalties for performing artists on the radio, and extending federal copyright protection to recordings made before 1972 — another sore point in the industry that recently led to a series of lawsuits by the 1960s band the Turtles against Sirius XM and Pandora.

But some of the Copyright Office’s recommendations are likely to deepen existing divisions within the music industry. For example, the 245-page report suggests putting recordings and songwriting — covered by two separate copyrights, and often controlled by different companies — “on more equal footing.” That would please music publishers but upset record companies, who — thanks to the patchwork of existing regulation — currently earn far more money from online services like Pandora than the publishers do.

Leaders in the music world made diplomatic statements in response to the Copyright Office’s study, echoing the need for change but avoiding much direct criticism. The technology world, however, came out shooting.

Lee Knife, the director of the Digital Media Association, whose members include Pandora, YouTube and Apple, said that the Copyright Office had “missed a significant opportunity,” and added: “The suggestions proposed would continue to fragment the already complex licensing structure and put at risk those platforms that deliver music legally and compensate music creators.”

In his speech, Mr. Nadler offered some good news about navigating these waters in Washington. Music and intellectual property issues, he said, are “largely free” of Washington’s typical partisanship.

“This area is one of the few where the divisions do not go along party lines,” he said. “You cannot simply by knowing if someone is a Democrat or Republican predict where he or she is going to stand on most of these issues.”

“That,” he added, “means that real progress is possible.”
http://artsbeat.blogs.nytimes.com/20...yright-issues/





Some Sharp Notes Amid the Performances at Hottest Pre-Grammy Party
Ben Sisario

Clive Davis’s annual pre-Grammy party here is always the most star-chocked event connected to the awards, and this year’s gathering on Saturday night was no exception.

If you looked around the ballroom of the Beverly Hilton Hotel, you would have seen Al Gore and Tim Cook over on the left, Joan Collins and Jane Fonda on the right, and in the middle Taylor Swift dancing, arms aloft, with two-thirds of the Haim sisters. But this year the growing tension over the economics behind online music spilled over into the festivities.

The National Academy of Recording Arts and Sciences, the organization behind the Grammys, presented its president’s merit award at the party to Martin N. Bandier, chairman of Sony/ATV Music Publishing, whose catalog of millions of songs has Motown and Beatles classics as well as current hits by Lady Gaga and Iggy Azalea.

And while Mr. Bandier is usually one of the industry’s most colorful and boastful characters — there’s no shortage of photographs of him grinning with a cigar in his mouth — he came out with sharp words in defense of music publishing, the side of the business that deals with copyrights for songwriting.

“A songwriter doesn’t share lucrative touring revenue and they don’t do brand deals,” Mr. Bandier said. “Their entire livelihood is reliant on the income from the song and that proposition is now under threat in a way that it has never been before.”

He spoke after some of the night’s performances by Smokey Robinson, Sam Smith, Mary J. Blige, Pharrell Williams, Carole King and Johnny Mathis, who sang a medley including “Chances Are” and “Misty,” to roars of applause from the assembled stars and music executives in tuxedos and sparkly gowns. The party, as always, was hosted by Mr. Davis, the 82-year-old music executive who has worked with artists ranging from Janis Joplin and Whitney Houston to Jennifer Hudson.

Mr. Bandier — universally known in the business as Marty — has been one of the most vocal opponents of the way that services like Pandora pay songwriters, a topic that at the industry parties and meetings leading up to this year’s awards show on Sunday was constantly in the air.

On Friday, Representative Jerrold Nadler of New York told a room full of music industry lawyers to get united on copyright issues, just a day after the United States Copyright Office made a series of recommendations for changes to copyright law as it relates to music. And on Tuesday, Pandora will square off against the licensing agency BMI in a federal trial in New York.

Mr. Bandier was diplomatic enough in his speech not to mention any digital services by name, or cite minuscule royalty figures to make his point, as he and others have done plenty of times. But the musicians and executives in the room seemed to know exactly what he was talking about.

“The music industry is changing in ways that I could never have imagined even just a decade ago,” Mr. Bandier said. “But it is also the case that songwriters are not being adequately compensated for their creations in today’s digital world. Their songs are the very reason these services exist; their songs are why we are all here tonight. As the saying goes, it all starts with the song.”

When he finished his speech and sat down, Ms. Swift walked over to his table and quickly paid her respects. She is signed to Sony/ATV.
http://artsbeat.blogs.nytimes.com/20...-grammy-party/





Samsung Smart TVs Forcing Ads Into Video Streaming Apps

Just days after its TV voice recognition software came under fire for invading privacy, Samsung users are reporting unwanted Pepsi ads appearing while they watch their Smart TVs.
Claire Reilly

Unwanted advertising is par for the course when you're watching broadcast TV, but do you expect it to be pushed into your lounge room by the TV itself?

Reports are emerging that Samsung smart TVs have begun inserting short advertisements directly into video streaming apps, with no influence from the third-party app providers.

The news comes just days after Samsung made headlines for another incursion into user's lounge rooms, when it was revealed that its TV voice recognition software is capable of capturing personal information and transmitting it to third parties. The issue was discovered in the fine print of Samsung's voice recognition privacy policy, but the company says it has since changed the policy to "better explain what actually occurs" during this voice capture process.

The latest complaints directed at the South Korean electronics giant relate to a Pepsi advertisement that has reportedly started to appear during content streamed through Smart TV apps from personal media libraries and video streaming services.

The issue has been reported on the Plex streaming service -- a brand of media player that allows users to stream their own video from a personal library or hard drive and push it to a smart TV.

Every 10-15 minutes whilst watching content on my Samsung TV I get a Pepsi advertisement showing!

One Plex user took to the company's customer forum to complain about the constant intrusion of ads on his Samsung TV.

"I have recently upgraded my Plex Media Server to version 0.9.1101 and every 10-15 minutes whilst watching content on my Samsung TV I get a Pepsi advertisement showing!" user Mike wrote. "At first I thought I was seeing things but no it repeats. Sometimes I can get out of it and go back to my media, others it hangs the app and the TV restarts."

Another Plex user took to Reddit to complain of a similar problem:

"I watch most of my TV shows on a Samsung Smart TV and it has been fantastic for the past year. Recently it has been stopping halfway through a show or a movie and has played a Pepsi ad that is muted. It does not do this on any other platform (PC, PS4, tablet) has anyone else experienced this?"

In Australia, customers of Foxtel, the country's largest pay TV provider, have reported similar issues on Samsung TVs. The Pepsi advertisement is once again popping up, but this time appearing during use of Foxtel's streaming app built into the Samsung SmartHub interface.

"After about 15 minutes of watching live TV, the screen goes blank, and then a 16:9 sized Pepsi advert (taking up about half the screen) pops up and stops Foxtel playing," a customer named Ian wrote on the Foxtel forums. "It's as if there is a popup ad on the TV. I have not installed any other software or apps - I just factory reset and loaded up Foxtel."

The response from Foxtel staff was swift.

"This absolutely should not be happening and has been escalated immediately," the Foxtel employee wrote in reply. "This appears to be a Samsung related issue and has been escalated to them with the highest priority."

A Foxtel spokesperson has since told CNET "this was an unintentional action by Samsung that we're working closely with them to resolve ASAP."

While unable to speak for cases overseas, Samsung Electronics Australia issued a statement on the Australian experience of the problem, saying it had now been rectified.

Samsung Electronics Australia is aware of an issue that has caused some Samsung Smart TV users to experience program interruption in the form of a Pepsi advertisement.

This was a result of an error that occurred as part of a recent software update that was not intended for the Australian market.

We can confirm that the issue has now been rectified and that there are currently no plans to introduce this type of advertising in Australia in the near future. Samsung Electronics Australia would like to apologise for any inconvenience that this has caused to our customers.


Samsung has been contacted for comment on the issue beyond the Australian experience.
http://www.cnet.com/au/news/samsung-...treaming-apps/





Your Samsung SmartTV Is Spying on You, Basically
Shane Harris

You may be loving your new Internet-connected television and its convenient voice-command feature—but did you know it’s recording everything you say and sending it to a third party?

Careful what you say around your TV. It may be listening. And blabbing.

A single sentence buried in a dense “privacy policy” for Samsung’s Internet-connected SmartTV advises users that its nifty voice command feature might capture more than just your request to play the latest episode of Downton Abbey.

“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party,” the policy reads.

So be advised: If you’re too lazy to pick up the remote, you may want to keep your conversation with the TV as direct and non-incriminating as possible. Don’t talk about tax evasion, drug use. And definitely don’t try out your Violet Crawley impression.

Judging by the privacy policy, it seems Samsung is collecting voice commands mostly to improve the TV’s performance. “It looks like they are using a third-party service to convert speech to text, so that’s most of what is being disclosed here,” said Corynne McSherry, the intellectual property director at the Electronic Frontier Foundation.

So this may just be an effort to make your SmartTV smarter.

But, said McSherry, “If I were the customer, I might like to know who that third party was, and I’d definitely like to know whether my words were being transmitted in a secure form.” If the transmission is not encrypted, a SmartHacker could conceivably turn your TV into an eavesdropping device.

Samsung didn’t immediately respond to a request for comment. And the privacy policy doesn’t identify the third party that’s listening to you scream, “I said Abbey, goddamit! Not Annie! Your as deaf as my mother-in-law!”

This isn’t the first time Samsung’s too-clever-by-half TV has set off alarms among privacy experts. Writing in Salon in November 2014, Michael Price, counsel in the Liberty and National Security Program at the Brennan Center for Justice at the NYU School of Law, said the details in his new smart TV’s lengthy privacy policy made him “afraid to use it.” Price didn’t name the brand, but the wording matches exactly what’s contained in Samsung’s notice to its customers.

“I do not doubt that this data is important to providing customized content and convenience, but it is also incredibly personal, constitutionally protected information that should not be for sale to advertisers and should require a warrant for law enforcement to access,” Price wrote.

Samsung’s privacy policy notes that in addition to voice commands being transmitted, information about your device, “including device identifiers,” may also be beamed over the Internet to the third-party service, “or to the extent necessary to provide Voice Recognition features to you.”

McSherry called that bit of qualifying language “worrisome.”

“Samsung may just be giving itself some wiggle room as the service evolves, but that language could be interpreted pretty broadly,” she said.

UPDATE 2/6/15 1:59 PM: "Samsung takes consumer privacy very seriously. In all of our Smart TVs we employ industry-standard security safeguards and practices, including data encryption, to secure consumers’ personal information and prevent unauthorized collection or use," the company said in a statement to The Daily Beast. "Voice recognition, which allows the user to control the TV using voice commands, is a Samsung Smart TV feature, which can be activated or deactivated by the user. The TV owner can also disconnect the TV from the Wi-Fi network."
http://www.thedailybeast.com/article...basically.html





Samsung: WHAT is My SmartTV Reporting? To Whom?
NetAlien

Being curious about the recent Samsung SmartTV stories, I connected my SmartTV through an old-fashioned HUB (copies all traffic to every port; unlike a switch) to my router. This allowed me to capture all traffic to/from my TV through my laptop's ethernet port.

A wireshark capture shows that remote sites are trying to access my TV until I turn it on, then after nearly 7400 packets, it settles down. Then changing channels over ~4.5 minutes results in ~10,000 more packets. The TV continues sending data for several more seconds after the set appears to be off.

Multiple servers were contacted in these domains: amazonaws.com, akamaitechnologies.com, cloudfront.net, twitvid.com, pcloud.com, yahoo.com, aclwireless25.com and some by IP address. WHAT are you sharing Samsung???
http://slashdot.org/firehose.pl?op=v...ion&id=4197957





Stopping a Smart TV From Eavesdropping On You Could Be a Felony
Yael Grauer

Samsung’s SmartTV recently came under fire when an item in its privacy policy—in place since at least October 2014—bubbled up in media reports. In the policy, Samsung warns users to “please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.” The type of conversation your television could pick up, of course, includes all sorts of sensitive topics—though the possibility of audio footage of consenting adults with a SmartTV in their bedroom is perhaps the most disconcerting.

Samsung has tried to allay fears by pointing out that users can deactivate voice recognition on their SmartTVs, or even disconnect the television from the Wi-Fi network. Furthermore, it said in a statement that consumers’ personal information is protected using data encryption and other security safeguards. However, smart TVs—Samsung’s and others’—don’t exactly have a good security track record. As we’ve previously reported, hackers have found ways to access built-in mics and cameras, and even stolen account credentials. Even children have found flaws and bugs in smart TVs. (Samsung styles its television’s name “SmartTV’; here, I’m referring to all televisions that are connected to the Internet as “smart TVs.”)

Most smart TVs’ core operating systems are based on the open-source software Linux. According to Linux’s license, companies are supposed to provide customers with a copy of the source code and the ability to install a modified version. But many smart TVs have violated that license.

To make matters worse, high-level users who want to take their smart TVs apart to see how they work or to attempt to disable or modify the underlying software—for example, to disable the eavesdropping software, or make modifications to make captions easier to read for the visually impaired—could face felony charges under the Digital Millennium Copyright Act. That’s because most smart TVs on the market have taken technological measures to prevent users from accessing or modifying firmware in order to prevent illegal copying and distribution of copyrighted material. But users could technically face felony charges for circumventing lockdown restrictions—even if the modifications they’re trying to make are legal under copyright law.

That means that even the act of verifying that voice recognition is turned off or that your TV isn’t sending reports about your viewing habits back to the manufacturer is a felony. “When you take away users’ ability to research or audit or modify the software that their devices are running, then they’re basically rendered powerless,” says Parker Higgins of the Electronic Frontier Foundation.

Software Freedom Conservancy, a nonprofit organization based in New York, is trying to fight back. It recently filed a comment with the U.S. Copyright Office as part of an ongoing effort to ensure that circumventing encryption for firmware on smart TVs is permitted. If the Library of Congress grants the exemption, developers and hobbyists will be able to tinker with televisions without facing felony charges for three years—after which they must reapply for an exemption.

If the exemption isn’t granted, developers and tinkerers who want to make modifications to prevent surveillance, improve subtitle display for users with vision problems, or even simply learn how their televisions work could face felony charges. Smart TVs are designed to be connected to the internet, often for benign reasons such as looking for firmware updates, but that means they can also tell if the firmware’s been changed, and keep the company informed.

“I’m not aware of anybody that’s actually been brought up on felony charges with regard to a TV, fortunately, but the specter is always there, as well as the chilling effect that it creates,” says Bradley Kuhn, president and distinguished technologist at Software Freedom Conservancy.

But it’s not just Samsung or other smart TV makers. Other voice-activated services—such as Siri, Amazon Echo, and Google Now—require a connection to operate, and may be sending signals back to the manufacturer or to third parties.

As the technologies and sensors become smaller and smaller—and less expensive—it’s possible that all sorts of household products (scales, refrigerators, mattresses, couches) could begin collecting information on what their users are doing, and reporting back to the manufacturer, a third party vendor, or even an ad partner. If that’s what a smart home will look like in the future, this is a worrying trend indeed.
http://www.slate.com/blogs/future_te...te_ dmca.html





Uncovering Security Flaws in Digital Education Products for Schoolchildren
Natasha Singer

When Tony Porterfield’s two sons came home from elementary school with an assignment to use a reading assessment site called Raz-Kids.com, he was curious, as a parent, to see how it worked. As a software engineer, he was also curious about the site’s data security practices.

And he was dismayed to discover that the site not only was unencrypted, but also stored passwords in plain text — security weaknesses that could potentially have allowed unauthorized users to gain access to details like students’ names, voice recordings or skill levels. He alerted the site to his concerns. More than a year later, the vulnerabilities remain.

“A lot of education sites have glaring security problems,” said Mr. Porterfield, the principal engineer at a software start-up in Los Altos, Calif. “A big part of the problem is that there’s not even any consensus of what ‘good security’ means for an educational website or app.”

Contacted last week by a reporter, John Campbell, the chief executive of the Cambium Learning Group, the company behind Raz-Kids.com, said that his company took privacy very seriously and that the site did not store sensitive personal details like student addresses or phone numbers.

“We are confident that we have taken the necessary steps to protect all student and teacher data at all times and comply with all federal and state laws,” Mr. Campbell wrote in an emailed statement.

Mr. Porterfield, though, has gone on to examine nearly 20 digital education products, used collectively by millions of teachers and students, and found other potential security problems. He alerted makers of those products, too — among them school-districtwide social networks, classroom assessment programs and learning apps.

Some, including Pearson, a leading educational publisher, and ClassDojo, a popular classroom management app for teachers, addressed the issues he brought to their attention. Others did not.

While none of the security weaknesses appear to have been exploited by hackers, some technologists say they are symptomatic of widespread lapses in student data protection across the education technology sector. They warn that insecure learning sites, apps and messaging services could potentially expose students, many of them under 13, to hacking, identity theft, cyberbullying by their peers, or even unwanted contact from strangers.

At fault, these experts say, is a common practice among start-ups of concentrating primarily on increasing their market share.

“For many younger companies, the focus has been more on building the product out and less on guaranteeing a level of comprehensive privacy and security protection commensurate with the sensitive information associated with education,” said Jonathan Mayer, a lawyer and computer science graduate student at Stanford University. “It seems to be a recurring theme.”

The New York Times asked Mr. Mayer to review the vulnerabilities in education tech software discovered by Mr. Porterfield and described in this article.

To help schools evaluate companies’ security practices, the Consortium for School Networking, a national association of school district chief technology officers, published a list of security questions last year for schools to ask before they sign purchase agreements with technology vendors.

“It is a huge challenge because there hasn’t been the time and attention and investment placed in security that school districts need,” said Keith R. Krueger, the group’s chief executive. His group has received financing from Dell, Google, Pearson, Microsoft and other companies involved in the education sector.

Security lapses are not limited to education software devised for prekindergarten through 12th-grade students, an annual market estimated at about $8 billion.

In the fall, as Mr. Mayer, the digital security expert, was preparing to teach a class at Stanford Law School for Coursera, a start-up that provides hundreds of free open online courses, he discovered a security weakness that could have allowed instructors to gain access to the names and email addresses of millions of Coursera students. Another flaw would have potentially allowed other websites, digital advertising networks or online analytics firms to compile lists of the students’ courses.

Coursera, which has raised $85 million from investors, quickly ameliorated the situation. In an explanation posted on its site, the company acknowledged that it had been more focused on deflecting potential attacks from outsiders than on the possibility of misuse of student data by insiders.

“If we were too trusting, we learned our lesson on this,” Richard C. Levin, the chief executive of Coursera, said in a recent interview.

Protection of student data is gaining attention as schools across the country are increasingly introducing learning sites and apps that may collect information about a student’s every keystroke. The idea is to personalize lessons by amassing and analyzing reams of data about each student’s actions, tailoring academic material to individual learning levels and preferences.

But some privacy law scholars, educators and technologists contend that federal protections for student data have not kept pace with the scope and sophistication of classroom data-mining. Although a federal privacy law places some limits on how schools, and the vendors to which they outsource school functions, handle students’ official educational records, these experts say the protections do not extend to many of the free learning sites and apps that teachers download and use independently in their classrooms.

In an effort to bolster confidence in their products, more than 100 learning companies recently signed on to a voluntary industry pledge on student privacy. The signers agree, among other commitments, to “maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality and integrity of student personal information against risks — such as unauthorized access or use.”

Although President Obama endorsed the industry pledge in a speech last month, it does not require ed tech vendors to comply with specific basic security measures — like encrypting students’ names, screen names or other personal details. Nor does it prohibit companies from using weak security, like storing users’ passwords in plain text, practices that could easily permit hackers to hijack teacher or student accounts, potentially linking students’ names to private details about their academic performance.

These kinds of security weaknesses are commonplace on consumer sites. But the law has long treated educational information as a category worthy of special protections, like credit or medical records. Considering the recent data breaches at even large, well-financed companies like Anthem and Sony, some privacy advocates want federal regulators to mandate that the education technology industry beef up student data protection.

“Bottom line, both the Federal Trade Commission and the Education Department could and should ramp up their student privacy enforcement,” said Khaliah Barnes, director of the student privacy project at the Electronic Privacy Information Center, a nonprofit group. “Students have little recourse against current abuses.”

Some learning companies were quite responsive to Mr. Porterfield’s concerns. The Pearson product in which he found vulnerabilities last fall is an online student learning and assessment system, Pearson Realize. The weaknesses could have allowed unauthorized users to gain access to details about class rosters like student names.

The company’s security experts corrected the issues in two days. Pearson was the only company to ask Mr. Porterfield to run his own tests afterward to make sure the fixes had worked.

“We should welcome the reporting of even a suspicion,” said Rod Wallace, Pearson’s chief information security officer. “We need to encourage the people who report them, engage them and let them know we are fixing them.”

Last fall, Mr. Porterfield also contacted ClassDojo, a free classroom management program for teachers that, according to its developer, is used by at least one teacher in roughly one-third of American schools. The software engineer alerted company executives to security weaknesses that could potentially have allowed unauthorized users to gain access to students’ names, behavior records and behavior scores.

Since then, ClassDojo has encrypted its mobile apps and instituted other security measures. Liam Don, the co-founder of ClassDojo, said its software was regularly subject to audits by security experts.

“We hope to see regular audits become standard practice across our industry,” Mr. Don said.
http://www.nytimes.com/2015/02/09/te...lchildren.html





EU Parliament Blocks New Outlook Apps Over Privacy Concerns
Loek Essers

Access to Microsoft’s new Outlook apps has been blocked for members of the European Parliament because of “serious security issues.”

Microsoft launched new Outlook apps for iOS and Android just over a week ago. The new apps are basically a rebranded version of a mail app made by Acompli, a company Microsoft bought in December for a reported US$200 million.

Access to the apps though was blocked on Friday by the Parliament’s IT department, DG ITEC, in order to protect the confidentiality and privacy of its users, according to an email seen by the IDG News Service.

“Please do not install this application, and in case you have already done so for your EP corporate mail, please uninstall it immediately and change your password,” it said.

The apps will send password information to Microsoft without permission and will store emails in a third-party cloud service over which the Parliament has no control, DG ITEC added in a message on the Parliament’s intranet.

Microsoft’s new Outlook app basically acts as an email inbox for Exchange, Outlook, iCloud, Google and Yahoo mail accounts.

The service retrieves incoming and outgoing messages, calendar data and address book contacts and pushes them securely to the app. Those messages, calendar events, and contacts, along with their associated metadata, “may be temporarily stored and indexed securely both in our servers and locally on the app on your device,” according to Acompli’s privacy policy. Email attachments will also be temporarily stored on its servers.

Email accounts that use Microsoft Exchange require users to provide email login credentials, including username, password, server URL, and server domain, it said, adding that other accounts such as Google Gmail accounts using the OAuth authorization mechanism do not require to store a password.

Each user’s credentials are double-encrypted using a server per-account unique key and then using a client device unique key, therefore the credentials can only be unlocked by the collaboration of both the server and the app at runtime, according to Acompli’s security page.

It’s not just the European Parliament though that thinks this is not secure enough: a number of other organizations have banned the new Outlook app because of how it stores passwords.

The University of Wisconsin for instance announced last week it would start blocking the app as of Monday. The app stores login information in the cloud, which clearly poses a security risk because the cloud service is not overseen by the University, it said in a blog post, adding that other universities are having similar issues.

In the Netherlands, the Delft University of Technology reportedly also started blocking the apps because they store contact data and passwords in the cloud.

A Microsoft spokesman said the app’s security and privacy capabilities, as well as the controls available to IT administrators, meet the company’s thresholds. If customers have concerns though, they can follow guidance on Controlling Device Access on Microsoft TechNet to block the app and continue using the Outlook Web Access (OWA) for iPhone, iPad, and Android apps, he added.
http://www.itworld.com/article/28816...-concerns.html





Report Sees Weak Security in Cars’ Wireless Systems
Aaron M. Kessler

Serious gaps in security and customer privacy affect nearly every vehicle that uses wireless technology, according to a report set to be released on Monday by a senator’s office.

The report concludes that security measures to prevent hackers from gaining control of a vehicle’s electronics are “inconsistent and haphazard,” and that the majority of automakers do not have systems that can detect breaches or quickly respond to them.

“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyberattacks or privacy invasions,” said the senator, Edward J. Markey, Democrat of Massachusetts, whose office published the report after obtaining detailed information from 16 automakers.

In addition to finding “a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle” or hackers who wish to “collect and use personal driver information,” the report expressed concerns over how automakers track drivers’ behavior and collect, transmit and store that information.

The report found that large amounts of data on driving histories are harvested, frequently without consumers being explicitly aware that the information is being collected or how it will be used. At least nine automakers use third-party companies to collect vehicle data, which can make consumers even more vulnerable, and some transmit that data to third-party data centers too.

“This reveals that a majority of vehicle manufacturers offer features that not only record but also transmit driving history wirelessly to themselves or to third parties,” the report said.

The information collected includes where drivers have been, like physical location recorded at regular intervals, the last location they were parked, distances and times traveled, and previous destinations entered into navigation systems. A host of diagnostic data on the car is also captured.

The findings in the report are based on information received from BMW, Fiat Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen and Volvo. Aston Martin, Lamborghini and Tesla did not respond to the requests.

Technological innovations for vehicles are expanding rapidly: Safety features powered by radars, lasers and cameras are available in some vehicles and coming to more, and vehicle-to-vehicle communication — in which cars can share information — is expected to be available in the near future.

At the same time, connecting cars to the Internet means that more vehicles have smartphonelike interfaces that allow for new possibilities, but also carry inherent risks.

In November, two auto industry trade groups — the Alliance of Automobile Manufacturers and the Association of Global Automakers — tried to address consumer concerns by publishing a set of voluntary privacy principles aimed at limiting the use of vehicle data for marketing purposes. The principles called on automakers to collect information “only as needed for legitimate business purposes.”

The report says the phrase “legitimate business purposes” is vague enough to allow for all kinds of collection, and asserts that clear federal rules should be established for what are permissible and appropriate uses of drivers’ data.

Ford and Toyota declined to comment on the report. Fiat Chrysler and General Motors referred questions to the Alliance of Automobile Manufacturers.

Wade Newton, a spokesman for the trade group, said “automakers believe that strong consumer data privacy protections and strong vehicle security are essential to maintaining the continued trust of our customers” and cited the November principles as a way that the industry was taking proactive steps.

“Auto engineers incorporate security solutions into vehicles from the very first stages of design and production — and security testing never stops,” he said.

Auto companies post privacy policies in their owner’s manuals and on corporate websites, he said, and they “pledge to provide heightened protections to the most sensitive types of consumer information — protections that go beyond similar principles in other industry sectors.”
http://www.nytimes.com/2015/02/09/bu...s-systems.html





Five Technologies that Betrayed Silk Road's Anonymity

Even technologies designed to preserve privacy can reveal identities when not used thoughtfully
Joab Jackson

Pro tip for any would-be online drug kingpins: Don’t post vacation pictures on Facebook.

Ross Ulbricht was convicted in a Manhattan federal court last week for his role operating the Silk Road online marketplace. He could serve 30 years or more behind bars.

The market Ulbricht built was based on an expectation of anonymity: Silk Road servers operated within an anonymous Tor network. Transactions between buyers and sellers were conducted in bitcoin. Everything was supposedly untraceable. Yet prosecutors presented a wealth of digital evidence to convince the jury that Ulbricht was Dread Pirate Roberts, the handle used by the chief operator of the site.

How was Ulbricht nabbed? At least some of the blame can be placed on what now seems like misplaced trust in a handful of technologies Ulbricht thought would shield his identity. These are five that tripped him up:

1. Bitcoin: If you assume your bitcoins can’t be traced back to you, think again. Like cash, bitcoins aren’t tied to a person’s identity. But unlike cash, a detailed public ledger called the blockchain keeps track of each wallet a bitcoin passes through. This case showed that all law enforcement needs to do is locate the wallets on each side of a transaction and follow the money.

In Silk Road’s case, prosecutors found it relatively trivial to track profits from Silk Road as they were transferred from wallets used by the online market to wallets on Ulbricht’s laptop. Silk Road offered a service, called a tumbler, that passed bitcoins through several intermediate wallets to obscure their origin and destination. Ulbricht either didn’t use the tumbler, or if he did, it didn’t help.

2. Chat logs: So much chatter. Thousands of pages of chat logs helped prosecutors trace the growth of Silk Road. Internal communication was carried out mostly through free software called TorChat. It provides an encrypted communication channel between two parties, using a Tor network to obscure the connection between them.

Although TorChat promises encrypted messaging, Ulbricht chose to save the logs in plain text on his computer, creating a trove of conversations with fellow Silk Road administrators. In example after example, the prosecution pointed to logs where the laptop user identified himself as Dread Pirate Roberts.

In TorChat, the user has to turn on the logging function for the chats to be saved in log files. Why Ulbricht chose this option is a mystery. Perhaps he thought law enforcement agents would never see the chats because they were on an encrypted hard drive.

3. Encryption: Encryption puts a digital padlock on information so it can’t be viewed. But eventually the person with the keys has to unlock the information in order to see it. That’s why law enforcement agents had to catch Ulbricht while he was logged into the SIlk Road’s admin console.

Ulbricht occasionally took his laptop out in public to work. So agents staked out his San Francisco neighborhood until he showed up at the local library, set up his laptop and logged on. They arrested him before he could close the laptop lid, which would have logged him out and locked the contents. Ulbricht didn’t do himself any favors by working that day with his back turned to the rest of the room—something he had warned other Silk Road administrators not to do.

Because law enforcement agents snatched the laptop before Ulbricht had closed it, the contents of its hard drive were completely accessible to them, including the chat logs, a personal journal, Silk Road spreadsheets, and most importantly, Dread Pirate Roberts’ private encryption keys.

In the end, encryption did as much to betray Dread Pirate Roberts’ identity as to protect it.

Ulbricht had affixed Dread Pirate Roberts’ public encryption key to an untold number of Silk Road-related emails and forum posts. A public key allows someone to verify that a message comes from the person who claims to have sent it. On Ulbricht’s computer, in a folder marked “keys,” were the private keys used to sign Dread Pirate Roberts’ messages. Law enforcement had only to verify that the messages, many of them incriminating, came from Dread Pirate Roberts, by using the public key found on the laptop.

4. Facebook and other public websites: Ulbricht sowed the seeds of his demise the very first time he publicized the Silk Road. To get people interested in the the new site in January 2011, Ulbricht posted a message on the Bitcointalk.org forum, under the username Altoid, asking if anyone had tried the site.

Ulbricht (or someone else) later deleted the message, perhaps to cover his tracks. But another user had quoted Altoid’s message in their own post, and that message was found by an IRS agent with a simple Google search.

Later in 2011, Altoid popped up on the forum again, posting a help-wanted ad for a bitcoin venture and leaving rossulbricht at gmail dot com as the contact address. That allowed the agent to connect Altoid to Ulbricht.

Ulbricht’s Facebook account also helped prosecutors. To make their case that Ulbricht was Dread Pirate Roberts, prosectors looked for times when the actions of Dread Pirate Roberts correlated closely with those of Ulbricht himself. In a chat with a fellow administrator in February 2012, Dread Pirate Roberts boasted of enjoying a vacation in Thailand. At the same moment, Ulbricht posted vacation pictures on Facebook ... from Thailand.

5. Automated server log-ins: The Silk Road servers were maintained in large part through ssh (Secure Shell), a tool that allows administrators to log into remote machines in a way that the communication is encrypted. Users can set up ssh hosts such that trusted parties can log in automatically without providing a password. A list of trusted parties is kept in a file on the server, along with their encrypted passkeys.

In the case of the SIlk Road servers, only two accounts had full administrative privileges. One was for a remote user called “frosty” who was able to connect from a machine also named “frosty.” As it happened, the laptop that law enforcement seized from Ulbricht at the time of his arrest was named “frosty” too. You get bonus points (though only a few) for guessing that Ulbricht was logged in as “frosty” on that laptop at the time of his arrest. In effect, his laptop had full administrative rights to the Silk Road operations.

Ulbricht’s defense lawyer, Joshua Dratel, pointed out to the jury that any computer could be given the name “frosty,” with a user account on it named “frosty.” But like a lot of other evidence in the case, while not definitive proof, the ssh accounts were part of a bigger picture that were enough to convince a jury of his guilt.
http://www.itworld.com/article/28817...anonymity.html





Pirate Party in 'Deadly' Legal High Scandal

Three members of Sweden’s Pirate Party were involved in an online store selling legal highs that have been linked to the deaths of fifteen people, it has been claimed.

Adrian Kristiansson, who set up the Hemulen site, has been questioned by police, alongside two other men linked to the Pirate Party who have not been named by the Swedish media.

Hemulen, which was one of Sweden’s biggest drug sites, has been taken offline since police started investigating the business following the deaths of more than a dozen people who had bought legal highs from the site. Legal highs contain chemical substances which are not banned, but which can produce similar effects to illegal drugs.

According to Swedish broadcaster SVT, Kristiansson was not openly involved in the Pirate Party, but the network believes he has been connected to the group since at least 2009 when he was pictured at an election night party. The other two men are understood to be 'active' in the political group.

The Pirate Party was founded in Sweden in 2006 and says its goal is to “fight for a better world, free of oppression and censorship”.

But support for the group has been waning and it scored less than one percent of the vote in Sweden’s last general election in September 2014.

It’s former leader, Anna Troberg, who stepped down in December, told SVT she wasn’t surprised by the legal high scandal, adding that she “imagined that there were people involved in this type of activity” following word-of-mouth rumours.

Her comments were backed up by a current senior party official, Anton Nordenfur, who said: “I know there has been a rumour that a sympathiser has been active”, but insisted that it was not anybody working directly for the Pirate Party.

At its peak, Hemulen was selling up to 400 bags of drugs a day, with many of the chemicals used understood to have been imported from the UK, where legal highs have become increasingly popular over the last five years. In 2012 alone, at least 68 people died there after taking the drugs.

The president of the Pirate Party’s Youth League has previously spoken out against the drugs and told SVT that his group “deeply disagreed” with the sale of legal highs.

Kristiansson and the other two men questioned by police are understood to have been released on Tuesday.
http://www.thelocal.se/20150211/pira...-high-scandal/





Notorious 8chan “Subboard” has History Wiped After Federal Judge’s Doxing

Archived "baphomet" posts hint at subboard's admin selling SSNs, moving to China.
Sam Machkovech

On Monday, imageboard site 8chan's "baphomet" subboard, an Internet destination known for hosting aggressive "doxing" posts, received a major history wipe the day after one of its users posted the personal information of a federal judge in the Silk Road case. Archived posts sent to Ars Technica contained the full mailing address, phone number, and Social Security number of Judge Katherine Forrest at the top of a "dox thread" from Sunday, February 8, that contained many other random people's personal information.

(Due to the way baphomet users frequently post and then delete sensitive information, we have relied on archive.today links to verify the following 8chan activity. The site has also disabled the ability to search through the baphomet board through its default tool.)

Forrest's details were identical to those that had been posted by anonymous darknet users in October of last year, though this time, they didn't also include any threatening messages. A follow-up post by baphomet's "Board Owner" account stated that "HW," a reference to site founder Frederick "hotwheels" Brennan, deleted "the SSN posts" and told the baphomet board founder, previously identified via an associated Twitter handle as Benjamin Biddix, to "lay low."

The same day, according to archived posts sent to Ars, baphomet's "Board Owner" announced a "doxing for hire" service due to "running low on funds," with instructions that included requests for Western Union payment. This post came days after another doxing thread contained a "Board Owner" post including a person's full information with only the Social Security number being redacted; in its place was a note that read, "selling on Tor [at the moment]."

The Twitter account associated with Benjamin Biddix has also had its history wiped; only one post remains as of press time. A Tuesday post by "Board Owner," which has since been deleted, indicated that the person behind baphomet was fleeing the United States. "I think it [sic] obvious I'm being hunted now," the post stated, before hinting at the user heading overseas to Shanghai.

We have reached out to 8chan's administrators with questions about why the baphomet board's history saw a major wipe of its full history up until this Monday and whether that had to do with the posting of a federal judge's personal details and Social Security number. We will update this report with any response.

Update: Late Thursday, 8chan founder Frederick Brennan returned Ars' e-mail and alleged that Biddix "wiped the [baphomet] board and deindexed it without any administrative help." On Sunday, February 8, Brennan said he had received "deletion requests" from users over credit card and Social Security numbers appearing on baphomet's boards, so he deleted the offending posts, then posted a warning that baphomet would be "reassigned" to a new user if Biddix himself continued to break 8chan's rules concerning illegal content. The next day, he saw most of the board's history had been wiped without receiving a direct explanation as to why.

"I was initially worried about a bug in the software, but after looking at the logs it became obvious to me that the owner of the board wiped it himself," Brennan wrote to Ars. "He claims to have been hacked, but I'm speculating that he did it just because he could."
http://arstechnica.com/security/2015...judges-doxing/





'Google Search on Steroids' Brings Dark Web Into the Light
Caroline Craig

The government agency that brought us the Internet has now developed a powerful new search engine that is shedding light on the contents of the so-called deep Web.

The Defense Advanced Research Projects Agency (DARPA) began work on the Memex Deep Web Search Engine a year ago, and this week unveiled its tools to Scientific American and "60 Minutes."

Memex, which is being developed by 17 different contractor teams, aims to build a better map of Internet content and uncover patterns in online data that could help law enforcement officers and others. While early trials have focused on mapping the movements of human traffickers, the technology could one day be applied to investigative efforts such as counterterrorism, missing persons, disease response, and disaster relief.

Dan Kaufman, director of the information innovation office at DARPA, says Memex is all about making the unseen seen. "The Internet is much, much bigger than people think," DARPA program manager Chris White told "60 Minutes." "By some estimates Google, Microsoft Bing, and Yahoo only give us access to around 5 percent of the content on the Web."

Google and Bing produce results based on popularity and ranking, but Memex searches content typically ignored by commercial search engines, such as unstructured data, unlinked content, temporary pages that are removed before commercial search engines can crawl them, and chat forums. Regular search engines ignore this deep Web data because Web advertisers -- where browser companies make their money -- have no interest in it.

Memex also automates the mechanism of crawling the dark, or anonymous, Web where criminals conduct business. These hidden services pages, accessible only through the TOR anonymizing browser, typically operate under the radar of law enforcement selling illicit drugs and other contraband. Where it was once thought that dark Web activity consisted of 1,000 or so pages, White told Scientific American that there could be between 30,000 and 40,000 dark Web pages.

Until now it was hard to look at these sites in any systemic way. But Memex -- which Manhattan DA Cyrus Vance Jr. calls "Google search on steroids" -- not only indexes their content but analyzes it to uncover hidden relationships that could be useful to law enforcement.

DARPA's search tools were introduced to select law enforcement agencies last year, including Manhattan's new Human Trafficking Response Unit. Memex is now used in every human trafficking case it pursues and has played a role in generating at least 20 sex trafficking investigations. The supercharged Web crawler can identify relationships among different pieces of data and produces data maps that help investigators detect patterns.

In a demo for "60 Minutes," White showed how Memex is able to track the movement of traffickers based on data related to online advertisements for sex. "Sometimes it's a function of IP address, but sometimes it's a function of a phone number or address in the ad or the geolocation of a device that posted the ad," White said. "There are sometimes other artifacts that contribute to location."

White emphasized that Memex does not resort to hacking in order to retrieve information. "If something is password protected, it is not public content and Memex does not search it," he told Scientific American. "We didn't want to cloud this work unnecessarily by dragging in the specter of snooping and surveillance" -- a touchy subject after Edward Snowden's NSA revelations.

Memex got its name (a combination of "memory" and "index") and inspiration from a hypothetical device described by Vannevar Bush in 1945 that presaged the invention of PCs, the Internet, and other major IT advances of the next 70 years. Now DARPA and Memex seem set to bring us one step closer to Philip Dick's futuristic police department depicted in "Minority Report."

A new round of testing, set to begin in a few weeks, will include federal and district prosecutors, regional and national law enforcement, and multiple NGOs. According to the Scientific American report, it aims to "test new image search capabilities that can analyze photos even when portions that might aid investigators -- including traffickers' faces or a television screen in the background -- are obfuscated."

By inventing better ways of interacting with and presenting information gathered from a larger pool of sources, "we want to improve search for everybody. Ease of use for nonprogrammers is essential," White said.
http://www.infoworld.com/article/288...-dark-web.html





Sites Featuring Terrorism or Child Pornography to be Blocked in France

ISPs will have to block questionable content within 24 of notice.
Megan Geuss

This week the French legislature published a decree that will force ISPs to block websites that incite or advocate acts of terrorism, as well as sites that have pedophilia-related content on them.

The decree had been in the works since July, though it was only published in France's Official Journal this week. The rules take effect in the context of the recent Charlie Hebdo killings, when terrorists gunned down a number of employees and bystanders at the offices of the satirical magazine. Since the attack in early January, leaders in the European Union and beyond have called for stricter measures to allow monitoring of the Internet—from UK Prime Minister David Cameron's misguided call for backdoors in encrypted messaging services, to the revivification of a “terrorist site reporting” scheme proposed by EU officials.

France's Decree No. 2015-125 was signed by president François Hollande and prime minister Manuel Valls. Although similar measures have been proposed since 2010, previous versions had thus far been shot down.

Now, the General Directorate of the National Police and its cybercrimes unit will be able to request that sites serving terrorist or pedophilia-related content be blocked by Internet Service Providers serving people in France and its territories. ISPs then have to comply with the request within 24 hours. ISPs will be able to request compensation from the French government for any extra costs incurred in blocking the sites.

Users who navigate to a site “to which access is prohibited will be led to an informational page from the Ministry of the Interior,” the text of the decree said. The informational page will list the grounds for the blocking as well as any possibly remedies. Every quarter, French authorities will check whether the blocked pages still contain the offending material. If not, then the authorities will contact ISPs, which will have to unblock the sites, again within 24 hours.

La Quadrature du Net, a French digital rights advocacy group, decried the decision in a statement this week writing, "With this decree establishing the administrative censorship for Internet content, France once again circumvents the judicial power, betraying the separation of powers in limiting what is the first freedom of all in a democracy—freedom of speech. Website blocking is ineffective since it is easily circumvented. It is also disproportionate because of the risk of over-blocking perfectly lawful content, especially with the blocking technique retained by the Government. The measure only gives the illusion that the State is acting for our safety, while going one step further in undermining fundamental rights online. We must now bring this decree before the French Council of State to get it overturned."
http://arstechnica.com/tech-policy/2...ked-in-france/





Russia Readying for Attempt to Ban Tor, VPNs and Other Anonymising Tools
Martin Anderson

Russian authorities have made a concerted series of announcements regarding the future of online anonymising software Tor for the country’s 143 million residents, who constitute Tor’s third largest user-base – concluding that it has none.

On 5th February Leonid Levin, Chairman of the Duma Committee on Information Policy, Information Technologies and Communications, proposed to consider limiting access to anonymising networks such as Tor and VPNs. Speaking at the ironically-named Infoforum 2015, Levin said [Russian language] that international tensions and the increase of technological, international crime “forces us to invest significant additional funds to the armed forces and to law enforcement agencies. Though this is justifiable, it does not result in effective information control,”

Levin also opined that restricting access to de-identifying networks and process would “increase opportunities to counter the commercial distribution of malware” and also help to impede access to “forbidden” information.

Shortly after Vadim Roskomnadzora Ampelonsky, the press secretary of Russia’s media watchdog Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology and Mass Media), released a statement [Russian language] of support for Levin’s stance on Tor, claiming that the technological obstacles to blocking The Onion Router’s obfuscation protocols are “difficult, but solvable,”

On February 9th the formidably-powered Safe Internet League, which consists of Russia’s state telecom company Rostelecom and two other major mobile providers, came out in unity against Tor [Russian language]. Spokesman Denis Davydov said: “We strongly support the idea of limiting Russia's access to anonymous networks, including Tor. The ‘Invisible’ Internet has made it possible for offenders of all kinds to hide their intentions from the state and use it to commit crimes: acquiring drugs and weapons, distributing child pornography, trafficking in human beings - including sex slaves – and leading political struggle. Do not forget that Tor was developed and is used by Americans, including US intelligence agencies, to expand the hegemony of the United States around the world,”

Davydov went on to say that banning anonymising networks would increase user-trust among the Russian people and lead to economic benefits, having described Tor as an ‘Anonymous network used primarily to commit crimes’.

Roskomnadzor already maintains a government blacklist of forbidden sites, updates to which are regularly circulated to network providers, who are then obliged to block the domains.

Interestingly one of the most articulate and outraged voices on the new Russian assault on Tor comes from the online gambling community, long-since blacklisted by Russian authorities, which relies on the use of Tor and VPNs to maintain its user-base in Russia. According to them, “The odds of Roskomnadzor breaking Tor is about as likely as your $5 Spin & Go landing on a $1 million jackpot,”

The difficulty of blocking the correct network packets to filter out a specific protocol are considerable, particularly when it is double-encrypted, such as when Tor is used in combination with a Virtual Private Network (VPN). Notwithstanding that, researchers Philipp Winter and Stefan Lindskog of Karlstad University published a revealing paper in 2012 disclosing how the Chinese authorities ran its own Tor exit node in order to harvest IP addresses which would then be blacklisted. Though Tor’s obfuscation techniques are supposed to mask the end-user’s IP address, there are effective techniques for well-resourced governments to use to circumvent this protection.
http://thestack.com/russia-ban-tor-v...mnadzor-110215





Turkey Tops Countries Demanding Content Removal – Twitter
Humeyra Pamuk and Jonny Hogg

Turkey filed over five times more content removal requests to Twitter than any other country in the second half of 2014, data published by the micro-blogging site showed on Monday.

The figures are likely to reinforce fears of a crackdown on Internet freedom in the predominantly Muslim NATO state where President Tayyip Erdogan has said he is determined to stamp out what he sees as illegal online activities.

Twitter's transparency report showed Turkey filed 477 content removal requests between July and December, an increase of more than 150 percent compared to the first six months of 2014.

Russia and Germany followed with 91 and 43 removal requests respectively. Overall, government requests for removal of material were up by 40 percent.

Turkish requests generally focussed around accusations of violation of personal rights and defamation of private citizens and government officials.

Turkey temporarily blocked Twitter and Youtube in the run-up to local elections last March, after audio recordings purportedly showing corruption in Erdogan's inner circle were leaked on their sites. The decision caused a public uproar and drew heavy international criticism.

Erdogan said the corruption scandal was engineered by political opponents to topple him and vowed to "eradicate" Twitter which he accused of threatening national security.

In January, the ruling AK Party proposed a new law which would allow ministers to temporarily ban websites deemed to threaten lives, public order or people's rights and freedoms by committing a crime.

"We filed court objections in response to over 70 percent of the Turkish court orders we received, winning around 5 percent of our appeals," Twitter said, adding that about 15 percent of its objections were still pending with the courts.

It said it complied with 13 percent of Russian requests, but said it had denied several demands to silence critics of the Kremlin.

Germany's requests, mainly dealing with alleged hate-crimes, were complied with in about a third of the cases.

(Reporting by Humeyra Pamuk and Jonny Hogg, Editing by Liisa Tuhkanen)
http://uk.reuters.com/article/2015/0...0LD1PE20150209





Hundreds of South Carolina Inmates Sent to Solitary Confinement Over Facebook
Dave Maass

In the South Carolina prison system, accessing Facebook is an offense on par with murder, rape, rioting, escape and hostage-taking.

Back in 2012, the South Carolina Department of Corrections (SCDC) made “Creating and/or Assisting With A Social Networking Site” a Level 1 offense, a category reserved for the most violent violations of prison conduct policies. It’s one of the most common Level 1 offense charges brought against inmates, many of whom, like most social network users, want to remain in contact with friends and family in the outside world and keep up on current events. Some inmates ask their families to access their online accounts for them, while many access the Internet themselves through a contraband cell phone (possession of which is yet another Level 1 offense).

Through a request under South Carolina’s Freedom of Information Act, EFF found that, over the last three years, prison officials have brought more than 400 hundred disciplinary cases for “social networking”—almost always for using Facebook. The offenses come with heavy penalties, such as years in solitary confinement and deprivation of virtually all privileges, including visitation and telephone access. In 16 cases, inmates were sentenced to more than a decade in what’s called disciplinary detention, with at least one inmate receiving more than 37 years in isolation.

The sentences are so long because SCDC issues a separate Level 1 violation for each day that an inmate accesses a social network. An inmate who posts five status updates over five days, would receive five separate Level 1 violations, while an inmate who posted 100 updates in one day would receive only one.

In other words, if a South Carolina inmate caused a riot, took three hostages, murdered them, stole their clothes, and then escaped, he could still wind up with fewer Level 1 offenses than an inmate who updated Facebook every day for two weeks.

So extreme is the application of this policy that SCDC is forced to regularly suspend solitary confinement sentences because of a lack of space in disciplinary segregation. In many cases, the punishments associated with using social media are so unnecessarily long that inmates will never actually serve them since they exceed their underlying prison sentences.

Prison systems have a legitimate interest in keeping contraband devices out of their facilities and preventing inmates from engaging in illegal activities through the Internet. But South Carolina’s policy goes too far, and not only because of the shockingly disproportionate punishments. The policy is also incredibly broad; it can be applied to any reason an inmate may ask someone outside to access the Internet for them, such as having a family member manage their online financial affairs, working with activists to organize an online legal defense campaign, sending letters to online news sites, or just staying in touch with family and friends to create the type of community support crucial to reintegrating into society.

There is also a censorship component.

Facebook has processed hundreds of requests from SCDC officers who want inmates’ profiles taken down. Facebook’s stated policy is to suspend these pages under the auspices of Terms of Service (ToS) violations—specifically, purported violations of terms banning users from using aliases or sharing passwords with third parties—effectively allowing SCDC to censor inmates’ online speech. Yet, as described below, Facebook goes beyond its stated policy and agrees to SCDC requests to censor inmate pages even when no ToS violation has been alleged. In addition, Facebook seems to have taken no action against SCDC investigators who regularly violate these same terms in uncovering inmate profiles.

What’s more, this process is veiled in secrecy, with both Facebook and SCDC failing to create a public record paper trail documenting the takedown of inmate pages.

It’s time for South Carolinians to demand a review of this policy and for Facebook to reevaluate its role in helping prison systems censor and excessively punish inmates.

Social Media in South Carolina Lockups

Prisons and jails across the country have been looking for new ways to keep inmates off the Internet, not only by investing in controversial new cell-tracking technologies such as Stingrays and DRTboxes, but also using social networks as avenue to find and punish inmates.

South Carolina adopted a Level 1 social media offense to punish “Creating and/or Assisting With A Social Networking Site,” defined as: “The facilitation, conspiracy, aiding, abetting in the creation or updating of an Internet web site or social networking site.”

SCDC defines “social networking” very broadly, covering everything from YouTube and Twitter to blogs and email, although all of the cases EFF reviewed involved Facebook. Investigations are conducted by corrections officers and inmates are convicted during disciplinary hearings that often last mere minutes.

Since the policy was implemented, SCDC has brought 432 disciplinary cases against 397 inmates, with more than 40 inmates receiving more than two years in solitary confinement.

Here are some of the most severe social media punishments we’ve seen:

• In October 2013, Tyheem Henry received 13,680 days (37.5 years) in disciplinary detention and lost 27,360 day (74 years) worth of telephone, visitation, and canteen privileges, and 69 days of good time—all for 38 posts on Facebook.
• In June 2014, Walter Brown received 12,600 days (34.5 years) in disciplinary detention and lost 25,200 days (69 years) in telephone, visitation, and canteen privileges, and 875 days (2.4 years) of good time—all for 35 posts on Facebook.
• In May 2014, Jonathan McClain received 9,000 days (24.6 years) in disciplinary detention and lost 18,000 days (49 years) in telephone, visitation, and canteen privileges, and 30 days of good time—all for 25 posts on Facebook.

The average punishment length for a “social networking” case was 512 days in disciplinary detention, and the average length of lost privileges was even longer.

So disproportionate are these punishments that South Carolina doesn’t have space in disciplinary detention for all the offenders and “regularly” is forced to put the punishments on hold. In the cases of the three above inmates, SCDC says that none will serve the full punishment since they will be released from prison within the next five to 10 years.

As punishment for social media use, inmates also lose “good time” days that would had otherwise resulted in early release. Since 2012, inmates have collectively lost 14,564 “good time” days, the equivalent of 44 extra years in prison. In fiscal terms, that’s approximately $842,000 more that taxpayers will have to pay to keep inmates behind bars—just because they posted on Facebook.

Social Media Investigations

SCDC investigators uses a variety of tools to catch inmates on social media. Sometimes, evidence is obtained during cell phone searches. Other times, investigators simply hear inmates talking about accessing Facebook.

In summer 2014, SCDC launched a mechanism for crowdsourcing social media investigations with a prominent button on the front page of its website, encouraging the public to report inmates using social media to SCDC. In only eight months, SCDC has collected more 230 submissions from the public about inmates using social networks and cell phones.

SCDC also uses outside contractors in its investigations, paying $12,500 to an unnamed entity for unspecified services. All but the price tag was redacted from the document provided to EFF under South Carolina’s Freedom of Information Act.

Certain other tactics are more alarming. In response to inquiries from EFF, SCDC acknowledged that staff obtained inmate passwords through various means, including from inmates informing on inmates, family members, and the inmates themselves. In violation of Facebook’s Terms of Service, SCDC staff have used those passwords to access inmate accounts.

SCDC investigators have also created fake social media profiles in order to catch inmates in the act—again, a clear violation of Facebook’s Terms of Service. Unfortunately, all information regarding these investigations is shielded from disclosure under the state’s Freedom of Information Act.

In addition to the potential legal issues these practices may raise, the policies also pose problems for Facebook, which, as of February 3, has processed 512 “deactivation requests” from South Carolina corrections officers since 2012.

Facebook: Prison Censor

Facebook has made it all too easy for prisons to report inmates for having profiles: the site has a form titled “Inmate Account Takedown Request.” A corrections officer only needs to enter a few pieces of information about the inmate—the inmate’s name, profile link, and the crime for which they’re being imprisoned, but not the purported violation of Facebook’s Terms of Service—to get the inmate’s profile taken down.

In direct discussions with EFF, Facebook repeatedly asserted it does not enforce prison policies. Rather, according to Facebook, when a corrections officer contacts Facebook about an inmate page, Facebook staff may suspend the account on the grounds that the inmate violated the site’s Terms of Service.

Specifically, Facebook pointed to terms that forbid users from sharing their passwords or otherwise allowing other people to access their accounts, a practice common among inmates. Facebook claims that they suspend inmate accounts for violations of this policy not only because of the ToS violation, but also because it protects the inmate’s privacy. Facebook also forbids the use of aliases, which inmates also frequently employ.

However, prisons are very aware of how to exploit Facebook’s Terms of Service, with the Federal Bureau of Prisons even quoting the terms in handbooks and presentations, adding that "Facebook also deactivates prisoner pages, regardless of who set up the page."

Facebook says this isn't true, but its claim that it does not enforce prison policies is contradicted by correspondence that shows Facebook explicitly censored a South Carolina inmate’s page when no ToS violation was alleged.

In July 2014, a South Carolina corrections officer emailed Facebook asking for the removal of the profile of an inmate who had violated prison policy by accessing Facebook through a cell phone. Accessing Facebook through a contraband cell phone in itself does not seem to be a ToS violation. But as the below email shows, Facebook still removed the page—not for a ToS violation, but for breach of “inmate regulations.”

Remarkably, this email exchange occurred after Facebook assured EFF it was not doing this exact thing.

This was the only email chain between Facebook and SCDC that EFF received in response to the FOIA request. That’s because Facebook’s system allows for secret censorship. Inmate takedown requests usually occur through Facebook’s online form, which, as a Facebook employee told SCDC in a follow-up email, does not generate a receipt email. This means that more than 500 inmate take down requests have been filed without any kind of paper trail accessible to the inmate or the public—a lack of transparency that is simply not acceptable when government-instigated censorship is involved.

Even if you take Facebook at its word—i.e., that it only enforces its own Terms of Service (despite the evidence to the contrary)—Facebook is guilty of applying a double standard when it comes to ToS violations. SCDC’s practices of logging into inmate’s accounts and creating fake profiles is a clear violation of not only its ToS, but also the very same terms inmates are accused of violating. Despite SCDC’s rule-breaking, Facebook allows SCDC to maintain its own public Facebook page, where it posts career fair notices and positive news stories about its programs.

When EFF pointed this out, Facebook said it would remove any of SCDC’s secret alias pages we could identify—but this is a next to impossible feat given that information about such secret aliases isn’t publicly available through South Carolina’s FOIA.

Ensuring Accountability

South Carolina may be unique only in the frequency and severity with which it enforces social media punishments. In New Mexico, an inmate was sentenced to 60 days in solitary confinement after his family members accessed Facebook on his behalf. In Alabama, a law was recently passed to make it a misdemeanor to serve as a go-between for an inmate who wants to post information to the Internet.

These policies have not gone unchallenged. An Arizona law forbidding inmates from accessing the Internet through a third party was struck down as unconstitutional. The Florida Department of Corrections backtracked on a policy proposal similar to South Carolina's after the Florida Justice Institute and other civil liberties groups threatened litigation. Just last week, the ACLU of Indiana filed a lawsuit alleging First Amendment violations when prison officials punished an inmate after his sister launched a social media campaign to get him freed.

SCDC has set up a system that allows prison administrators to hold inmates longer, in harsher conditions, and to largely cut them off from the rest of the world. South Carolinians should demand an immediate review of how this policy is applied.

We’re also calling on Facebook to embrace the position that inmate communication often has public value, such as when inmates raise issues about possibly unconstitutional prison conditions and other irregularities in the criminal justice system.

Steps Facebook should take include:

• Stop censoring inmates without first evaluating whether a serious ToS violation has occurred (such as harassing a victim or engaging in a criminal enterprise).
• Eliminate the inmate takedown feature, or, at the very least, ensure that a public record (such as a receipt email) is generated every time a prison official files a takedown request and every time Facebook complies.
• Revise its transparency report to include detailed numbers of takedown requests Facebook has received, what agency sent each request, and how Facebook responded.
• Hold law enforcement agencies, such as prisons, accountable for abusing Facebook’s ToS.
• Revise its transparency report to include detailed numbers of takedown requests Facebook has received, what agency sent each request, and how Facebook responded.

Balancing the rights of inmates with public safety is a tricky task, but prisons—and the companies that assist them—must consider proportionality and fairness for justice to be truly served.
https://www.eff.org/deeplinks/2015/0...-over-facebook





Alleged Swatting Prankster “Famed God” Arrested in Las Vegas

Teen's computers point to swatting incidents nationwide, authorities said.
David Kravets

A 19-year-old Las Vegas teen is expected to appear in court Monday, days after being arrested in connection to a July swatting incident in suburban Illinois.

Brandon Wilson, who goes by the online handle "Famed God," was arrested Thursday in Nevada and faces an extradition hearing to determine whether he should be sent to face hacking and other charges. Illinois prosecutors said there was evidence on his computers about the July 10 swatting incident, in which he allegedly reported a murder to Naperville's emergency 911 line. The SWAT team responded, but the call was a hoax.

The Chicago-Sun Times said that, in addition to the Naperville incident, the suspect's computers held evidence "of similar incidents across the country."

The teen's arrest coincidently came the same day as a popular online gamer, Joshua Peters, aka Koopatroopa787, was swatted while thousands were watching him live stream on Twitch.

Swatting has seemingly become a national phenomenon in the online gaming world, with pranksters calling police and claiming that heinous crimes are underway at a certain location. That usually prompts armed SWAT teams to arrive at the scene. Often, the prank call appears to be coming from the innocent target's address.

"Famed God," meanwhile, is also said to have hacked the gaming consoles owned by two others and threatened to put somebody "in debt for life" by accessing banking information. Illinois prosecutors said charges Wilson faces include computer tampering, intimidation, and identity theft. If convicted, he faces up to five years in prison.
http://arstechnica.com/tech-policy/2...-in-las-vegas/





How a Lone Hacker Shredded the Myth of Crowdsourcing
Mark Harris

Meet Adam. He’s a mid-level engineer at a mid-level software company in a cookie-cutter California office park. He can code a handful of languages, has a penchant for computer vision and enjoys soccer and skiing. In short, Adam has little to distinguish him from legions of other programmers in the Bay Area. Except that over a couple of nights in 2011, he stopped thousands of people from sharing in $50,000, nudged the American military in a new direction, and may have changed crowdsourcing forever.

This is the previously untold story of how and why Adam humbled some of the brightest brains in computer science, their years-long search to find him, and the researchers who now believe that the wisdom of the crowd might be nothing more than a seductive illusion.

To understand why Adam was able to make such an unwelcome impact, we must go back to 2009. Back then, the ability of crowdsourcing to crack big problems seemed unlimited. That was in large part due to DARPA’s Network Challenge, a competition organized by the Pentagon’s R&D agency to locate large balloons hidden in plain sight across the United States.

The task, declared “impossible” by one senior intelligence analyst, was actually solved in a matter of hours by a team of MIT students and scientists with the help of crowdsourcing and social networks. They developed a recursive incentive scheme that split the Challenge’s $40,000 prize money between the finders of each balloon, their recruiters, the people who recruited them, and so on. Over five thousand people joined MIT’s pyramid scheme, which DARPA later called “a clear demonstration of the efficacy of crowdsourcing.”

The high profile challenge spawned further contests, including DARPA’s follow-up Shredder Challenge, in 2011. The Shredder Challenge had clearer intelligence applications. Participants had to piece together documents sliced and diced using high-end shredding machines — the kind of evidence that military operatives might find at terrorist training camps. Five handwritten documents were shredded into thousands of tiny pieces half a centimeter long. The first puzzle had just a couple hundred shreds, the fiendish final one over 6,000. Images of these minuscule chads were posted online, and the first team to reconstruct the pages would win $50,000.

“If finding the balloons was a sprint, the Shredder Challenge was a marathon,” remembers Manuel Cebrian, who was part of MIT’s winning team in the earlier challenge and ready for a new adventure. “We had to get a crowd really, really engaged for weeks rather than hours.”

It would be the perfect test for Cebrian. The energetic computational social scientist divides his time between the University of Melbourne in Australia and MIT in Cambridge, his research focusing on how social networking can make it easier to find people and tackle real-world problems like global epidemics and disaster response.

For the Shredder Challenge, Cebrian turned to new collaborators: smart grad students at the University of California San Diego (UCSD) who wanted to repeat Cebrian’s success at MIT. They were researchers in crypto-analysis, game theory and network science. “My role was to be very enthusiastic and then get these people to do the difficult work,” Cebrian says with a laugh. The team swiftly settled on rewards similar to those in the Network Challenge. If it won, users would get $1 for each edge they matched correctly. The person who recruited them would receive 50 cents, and the person above that a quarter. Though the UCSD group was not the only one to use crowdsourcing, it was the only competitor planning a completely open platform, allowing anyone, anywhere, to join online.

But this time Cebrian would not be competing just against other crowds. Some of the 9,000 teams that signed up were using sophisticated algorithms to automatically match the myriad pieces with machine learning and computer vision. (Despite this being the world’s toughest jigsaw puzzle, a few people even tried to solve the puzzles manually. Tellingly, only 70 teams managed to complete even the easiest of the five puzzles).

To make matters worse, Cebrian’s group didn’t get going until two weeks after the competition started on October 27. They quickly developed a web interface and collaborative work space for the crowd to re-assemble the documents — essentially a giant virtual jigsaw mat. But they didn’t have time to construct digital defenses, such as verifying users’ identities or limiting their access to completed sections of the puzzle. “We were crossing our fingers, hoping we wouldn’t get sabotaged,” says Wilson Lian, the team’s security expert.

At first the hive mind functioned flawlessly. Cebrian’s winning history helped recruit over 3,600 users, who blasted effortlessly through the simpler puzzles. Individual players made errors, of course, but nearly 90 percent of those mistakes were fixed by others in the crowd in a matter of minutes. In just four days, the UCSD group had rebuilt the first three documents and was rated second overall. In late November DARPA updated its leader board to reflect UCSD’s meteoric progress — and that’s when their troubles began.

Overnight that night, and for the two following nights, saboteurs hiding in UCSD’s crowd went to work. At first, the attackers just scattered pieces that had already been correctly assembled, like a child petulantly trashing a half-finished jigsaw. Then the attacks became more sophisticated, exploiting bugs in the team’s code to pile hundreds of chads one on top of another, or moving important pieces far off the virtual mat where they couldn’t be seen.

An army of genuine users valiantly tried to repair the damage but the attackers seemed too numerous and too fast. Not once, but twice the group was forced to reset the puzzle to a previously saved configuration.

“Our first response was ‘Oh crap!’ Then we looked in the database for patterns of destruction, and rolled everything back to before that,” remembers Lian. As the attacks continued, the team tried blocking individual accounts they suspected of being malicious, and then whole IP addresses to contain the destruction. “I lost five kilos doing this Challenge,” says Cebrian. “I got really sick. We were working without sleep for days in a row.”

On November 24, an email from an anonymous Hushmail address landed in the team’s inbox. It taunted UCSD about the team’s security lapses, claimed that the sender had recruited his own horde of hackers from the notorious 4chan bulletin board, and revealed exactly how he had used proxy servers and virtual private networks (VPNs) to launch his attacks.

“I too am working on the puzzle and feel that crowdsourcing is basically cheating,” read the email. “For what should be a programming challenge about computer vision algorithms, crowdsourcing really just seems like a brute force and ugly plan of attack, even if it is effective (which I guess remains to be seen).” He signed off with the phrase “All Your Shreds are Belong to U.S.”

That was the jokey name of the team then in first place. Its leader, an experienced coder and inventor named Otavio Good, vehemently denied responsibility for the attacks. And the San Francisco-based Shreds team did seem legit: it was using custom computer vision algorithms to solve the puzzles, with humans double-checking the software’s work.

But paranoia reigned at UCSD. “We looked at the Shreds team members and wondered, is this person capable of sabotage? Or this one?” says Lian. He even tried to geo-locate their IP addresses to see where they lived. Nothing led back to the attacker. Meanwhile, the team was desperately trying to shut the stable door: changing the interface to permit only one move every 30 seconds, preventing pieces from being stackable, and making registration mandatory. There was also a plan to develop a reputation system, where only the best performing users would be allowed to contribute to the puzzle. Nothing helped.

Hundreds of users melted away before the team’s eyes, and those that remained were disorganized and demoralized. Not a single new productive player joined the UCSD effort following the attacks.

Overall, their crowd was only two thirds as efficient as it was before, and nearly ten times slower to recover. A week later, on December 1, All Your Shreds are Belong to U.S. completed the fifth and final document to claim DARPA’s $50,000 prize.

The identity of the attacker remained a secret. Cebrian vowed to continue to investigate the sabotage. But he was doubtful that his quest would succeed. “We will probably never know the true story about this,” he said then.

That would have likely have been true, if not for a young French data scientist called Nicolas Stefanovitch. In 2011, Stefanovitch was half a world away from the Shredder Challenge, teaching computer science at Dauphine University in Paris. Two years later, and now a post-doc researcher in Abu Dhabi, a fascinating dataset arrived from Cebrian in Australia: the log-in and move tables from UCSD’s Shredder Challenge. The tables contained a complete record of the position and movement of each of the thousands of puzzle pieces, who had moved them, and the IP addresses they had used; over 300,000 entries in all.

Just as the Challenge teams had reassembled documents from a mess of tiny shreds, Cebrian asked Stefanovitch to painstakingly recreate the contest itself, hunting through a haystack of genuine users for the telltale pinpricks of those who wanted to unravel the crowd’s best efforts. Unlike UCSD’s legions, though, Stefanovitch was a crowd of one.

After a month of crunching the numbers, Stefanovitch was getting nowhere. With so many users working on the puzzle simultaneously, it was proving impossible to distinguish attacks from normal gameplay. Then he had a thought: if the shredded documents were a problem in vision, perhaps the attacks could be solved the same way? Stefanovitch animated the data, ignoring the content of the shreds themselves but plotting their movements over time.

When the first animation ran, he knew he was on to something. Dozens of likely attackers jumped off his laptop screen. These users either placed and removed chads seemingly at random, or moved pieces rapidly around the board. It was hardly surprising that the UCSD researchers believed they were under attack from a large group. But Stefanovitch was still a long way from a solution. “It was super hard to determine who was a saboteur,” he says. “Most of the people who looked like attackers, were not.”

Many of the high-speed moves turned out to be from genuine players responding to attacks, whereas others were just the actions of inept puzzlers. A few assaults were so rapid, however, that Stefanovitch thought the saboteurs might have deployed specialized software attack tools.

Stefanovitch set about identifying features — unique characteristics in the data — that he could match with behaviors on the board. He ended up with 15 features to separate saboteurs from honest users, and slowly honed in on those whose actions were destructive. There were far fewer than anyone had suspected: less than two dozen email addresses.

“I found a peak in recruitment that corresponds almost exactly to when the attacker claims he made an announcement on 4chan,” says Stefanovitch. “But I detected only a very small scale attack at this time, an attack so tiny you couldn’t even see it if you didn’t know it was there.”

Stefanovitch speculates that any 4chan hackers who logged on to wreak havoc soon got bored. “They might have been attackers but they weren’t motivated; they had nothing to gain from scorching our puzzle.”

Once he had eliminated the 4chan wave, Stefanovitch could identify the hardcore attackers. He then tracked their behavior forward and backward through time. When he re-watched his simulation of the very first attack, he struck gold. The initial assault was a sluggish affair, about ten times slower than subsequent hacks, as though the saboteur was still feeling out the system’s weaknesses. “When he realized he maybe could be traced, he logged off. Twenty minutes later, he logged in again with a different email address and continued doing the same stuff,” remembers Stefanovitch.

Crucially for Stefanovitch, the attacker had left his digital fingerprints on the system. When he logged in again from the same IP address, Stefanovitch was able to associate the two email accounts. As the attacks accelerated, the team in San Diego banned the attacker’s usernames. He, in turn, opened a stream of webmail accounts, eventually leading UCSD to block his IP address. The attacker then hijacked a neighbor’s wifi router and used a VPN to log in from different IPs. Yet he stumbled again, connecting from the new IPs with old, discredited usernames. No matter how many disposable emails the attacker now used, Stefanovitch could link them all back to him.

Three years after the Challenge, and after six months of solid work, Stefanovitch was finally able to sketch out a map of email addresses and IPs that covered all the destructive accounts.

He had solved the first-ever documented attack on a deployed crowdsourcing system. And the results were terrifying.

By Stefanovitch’s reckoning, just two individuals had accounted for almost all the destruction, eviscerating the completed puzzle in about one percent of the moves and two percent of the time it had taken a crowd of thousands to assemble it. Yet the attacker had left one more clue, a blunder that pointed right back to his door. During the first attack, he had logged in with an email address from his very own domain.

Late last year, Stefanovitch and Cebrian collaborated on a paper about the Challenge. When I read it, I asked Stefanovitch whether he had tried contacting the attacker. “Tracing him was the most exciting aspect of the project, it felt like a thriller,” says Stefanovitch, who still had a few technical questions about the attacks. “But I was very busy so I just dropped it.”

He was, however, happy to share the attacker’s email with me. I got in touch with Adam and we finally spoke just before Christmas. It was a confusing experience at first. I found it hard to reconcile the softly spoken, modest voice on the phone with the high-octane firebrand I was expecting. Adam was thoughtful, even hesitant, choosing his words with care. But once we started talking about the Challenge, he gradually opened up.

Adam had first heard about the Shredder Challenge on a Reddit hacker thread, while working on character recognition and computer vision at a document imaging firm. “I had a little bit of background in that arena and decided to take a stab at it,” he told me. “My team, basically just me and a friend, was not super organized. We were having fun with it and didn’t really expect to win.”

Like Manuel Cebrian’s group, Adam and his buddy started late but managed to crack the first two puzzles fairly easily, placing them in the top 50 worldwide. Between coding sessions, Adam would check out his rivals, including UCSD’s crowdsourcing platform.

“I don’t remember the point that I made a conscious decision to attack them,” he said. “I guess it was a spur of the moment kind of a thing.” He moved a few shreds around and noticed he could pile them up on top of each other. “They had hardly any constraints to prevent users from doing what they shouldn’t.”

Adam logged off to read the Challenge’s guidelines and consider his options. He couldn’t see anything in the rule book to prevent him from infiltrating UCSD’s crowd. And the more he thought about it, the more justifiable it seemed. “The scenario for the competition was a defense agency gathering documents on the battlefield. In that case, it makes total sense that there might be somebody out there who doesn’t want them put back together and might try to prevent it,” he says.

Adam ditched his personal email address (too late, as it turns out) and asked another friend, a design student who happened to be at his house, to join him. Together they got serious about destruction. The UCSD team had incorporated a feature (“multi select”) that allowed users to select and move many pieces at once — they thought it might help players with the early stages of each puzzle. In fact, it became Adam’s most powerful weapon against them.

“There was one night when I figured out they had multi select,” says Adam. “I picked up huge swathes of the puzzle space and made one huge pile. It was suddenly much easier for one person to do a lot of damage.”

As genuine users pulled pieces out of the stack, Adam would grab a bunch and drop them back in. “I definitely had the advantage,” he says.

It was this devastating multi select mode that had Cebrian chasing his tail looking for an army of attackers, and later Stefanovitch imagining the hackers with a powerful software attack tool. In reality, it was just Adam and his fast fingers, gleefully routing the hard-working crowd “for the lulz,” he admits. “Pure malign mischief.”

In Stefanovitch’s and Cebrian’s paper, they conclude: “The real impact of the attack was not to destroy the assembled pieces but to destroy the user base of the platform, and to disrupt the recruitment dynamics.”

All the motivation generated by weeks of good PR, a fun task and a smart financial incentive scheme evaporated in the face of attacks by a single person lasting, in total, no more than a couple of hours. The researchers warned, “Our results raise caution in the application of crowdsourced problem solving for sensitive tasks involving financial markets and national security.” DARPA might have already reached the same conclusion: the agency has issued no further crowdsourcing challenges since 2011. The agency did not respond to my request for an interview about how the Shredder Challenge attacks might have shaped their decisions.

But don’t pity Cebrian as someone who was blindsided by an unforeseen enemy. His experience at the previous challenge had schooled him quite thoroughly on crowdsourcing’s susceptibility to sabotage, long before he got shredded. “I didn’t say much about this at the time because I wanted to really sell the recursive structure,” he says. “But the truth is that the real challenge in the 2009 balloon competition was filtering out misinformation.” Of over 200 balloon sightings received by the MIT team in DARPA’s Network Challenge, just 30 to 40 were accurate. Some of the fake reports were utterly convincing, including expertly Photoshopped photos that put Adam’s ad hoc hacks to shame.

“Myself and others in the social sciences community tend to think of such massive acts of sabotage as anomalies, but are they?” wondered Cebrian. To settle the question, Cebrian analyzed his (and other) crowdsourcing contests with the help of Victor Naroditskiy, a game theory expert at the University of Southampton. The results shocked him. “The expected outcome is for everyone to attack, regardless of how difficult an attack is,” says Cebrian. “It is actually rational for the crowd to be malicious, especially in a competition environment. And I can’t think of any engineering or game theoretic or economic incentive to stop it.”

Even worse, their analysis suggests that dissuading attacks, such as by making a crowdsourcing platform more robust or authenticating users, actually makes things worse. “Raising the cost of the attack doesn’t help you because you need to invest resources to do it,” says Cebrian. “And because that investment doesn’t pay off very well, eventually everyone is worse off.” Basically, in a competitive crowdsourcing environment, game theory says you will always get more bang for your buck by attacking rather than defending.

Every crowd has a silver lining

Luckily for platforms like Wikipedia or Amazon’s Mechanical Turk, the prospect for longer-term crowdsourcing projects are not so bleak. Game theorists have found that systems where individuals can build up a good reputation, are (probably) not as prone to devastating attacks from within.

But wily humans are good at finding their way around even the most secure digital systems. In a paper last year, researchers at the University of California, Santa Barbara, used AI software to detect spammers in China’s Weibo social network with an accuracy of up to 99%. Despite that, the authors concluded that “adversarial attacks are effective against all machine learning algorithms, and coordinated attacks are particularly effective.”

DARPA’s brief, intensely competitive challenges have produced something far more valuable than a new way of locating balloons or stitching together documents: a realization that crowds are far more complex, and far less wise, than they first appeared to be.

Three years later, Cebrian doesn’t harbor any ill will towards Adam: “One way of looking at this saboteur is as someone who loves machines. If you read his emails, he thinks crowdsourcing is crappy and he wants to lend machines a hand because they are still improving. I think we’re going to see a bit of that in the next few years: people who actually prefer machines.”

Despite his astonishingly successful efforts to disrupt the UCSD’s crowd, Adam would prefer to be remembered as someone who improved crowdsourcing rather than killing it off. “I have some faith in the wisdom of the crowds,” he tells me with a smile in his voice. “But there will always be a caveat, always a wild card.”

In other words, the future of crowdsourcing is yet another puzzle that won’t be solved by putting our heads together.
https://medium.com/backchannel/how-a...g-d9d0534f1731





FBI Really Doesn’t Want Anyone to Know About “Stingray” Use by Local Cops

Memo: Cops must tell FBI about all public records requests on fake cell towers.
Cyrus Farivar

If you’ve ever filed a public records request with your local police department to learn more about how cell-site simulators are used in your community—chances are good that the FBI knows about it. And the FBI will attempt to “prevent disclosure” of such information.

Not only can these devices, commonly known as "stingrays," be used to determine a phone’s location, but they can also intercept calls and text messages. During the act of locating a phone, stingrays also sweep up information about nearby phones. Last fall, Ars reported on how a handful of cities across America are currently upgrading to new hardware that can target 4G LTE phones.

The newest revelation about the FBI comes from a June 2012 letter written by the law enforcement agency to the Minnesota Bureau of Criminal Apprehension. It was first acquired and published by the Minneapolis Star Tribune in December 2014—similar language likely exists between the FBI and other local authorities that use stingrays.

As the letter states:

In the event that the Minnesota Bureau of Criminal Apprehension receives a request pursuant to the Freedom of Information Act (5 USC 552) or an equivalent state or local law, the civil or criminal discovery process, or other judicial, legislative, or administrative process, to disclose information concerning the Harris Corporation [REDACTED] the Minnesota Bureau of Criminal Apprehension will immediately notify the FBI of any such request telephonically and in writing in order to allow sufficient time for the FBI to seek to prevent disclosure through appropriate channels.

While the FBI did not immediately respond to Ars’ request for comment, privacy activists were dismayed to see this language.

“It’s remarkable to see collusion by state and federal agencies to undermine public records requests, which are clearly aimed at keeping the public in the dark about the use of Stingray technology,” Hanni Fakhoury, a lawyer with the Electronic Frontier Foundation, told Ars. “After all, any truly sensitive law enforcement details could be redacted under traditional public records act law. But the notion that the federal government would work to actively block disclosure of records seems clearly to have a chilling effect on obtaining information about this controversial surveillance tool.”

Staying mum

Earlier this month, Mike Katz-Lacabe, a California-based privacy activist, submitted public records requests to the 100 largest local law enforcement agencies in the country. So far, he has only received one response—notification by the police in Tacoma, Washington, to the FBI concerning a records request made by an Associated Press reporter in October 2013.

“I am trying to systematically determine which law enforcement agencies have these cellular telephone surveillance and monitoring devices,” he told Ars by e-mail. “My first set of requests was sent to the law enforcement agencies of the 100 largest cities in the US. My next requests will go to the state police departments (or public safety departments) of all 50 states and to the county police/sheriff departments.

“The secrecy around these devices (Stingray, KingFish, DRTbox) suggests that it is critical to national security. However, these devices are mostly used in regular criminal cases as a standard tool of local police departments and as such, should be subject to the same disclosure as any law enforcement tool.”

Worst-kept secret

Relatively little is known about how, exactly, the stingrays are used by law enforcement agencies nationwide, although documents have surfaced showing how they have been purchased and used in some limited instances. In 2013, Ars reported on leaked documents showing the existence of a body-worn stingray. Back in 2010, Kristin Paget famously demonstrated a homemade device built for just $1,500.

Worse still, cops have lied to courts about the use of such technology. Just last month, two US senators made public the FBI’s position that the agency could use stingrays in public places without a warrant. The largest manufacturer of the devices, the Harris Corporation, has routinely been tight-lipped about its hardware capabilities.

Many legal experts have pointed out that a federal agency like the FBI should not have any bearing on whether a state agency complies with state law.

“It is surprising in the sense that it seems like just a completely inappropriate and over-broad use of federal authority,” Nathan Wessler, an American Civil Liberties Union attorney, told Ars. “What is most egregious about this is that, in order for local police to use and purchase stingrays, they have to get approval from the FBI, then the FBI knows that dozens of police departments are using them around the country. And yet when members of the press or the public seek basic information about how people in local communities are being surveilled, the FBI invokes these very serious national security concerns to try to keep that information private.”

Others, though, pointed out that the FBI is likely not doing anything illegal by compelling police departments to hand over public records requests. After all, public records in and of themselves are by definition, public.

“The fact that you get put on a notification, might maybe, sometimes, help [the FBI] catch some bad players,” Daniel Stotter, an Oregon-based public records lawyer told Ars. “It doesn't mean you're going to get picked on or arrested. I would not be scared to make a request. It wouldn't scare me, but would it scare Grandma? Maybe. Would it [put a chilling effect] on some people? Sure. But if you’re going to investigate law enforcement then you've got to be a tough cookie.”
http://arstechnica.com/tech-policy/2...by-local-cops/





California Lawmaker Proposes Warrant Requirement for Digital Data Access

"Californians recognize the risk to their privacy," Sen. Mark Leno tells Ars.
Cyrus Farivar

While a warrant requirement for e-mail is unlikely to be passed at the federal level anytime soon (despite yet another recently introduced bill), a California state senator wants his home state to do just that. If passed, the bill would extend significant digital privacy rights to the most populous state in America.

On Monday, Mark Leno, a state lawmaker who represents San Francisco, is set to introduce a new bill, called the Electronic Communications Privacy Act (CalECPA).

If passed, it would not just impose a warrant requirement to access e-mail, but would also require that law enforcement officials not interact with any electronic device in the possession of a citizen—to put the law in formal compliance with the unanimous 2014 Supreme Court decision Riley v. California, which required a warrant to search a cellphone.

"Californians lives are relying evermore on digital information and following the NSA debacle, more Californians recognize the risk to their privacy and their Fourth Amendment constitutional rights," Leno told Ars.

"Other states have moved ahead, bypassing California. Texas, Maine, Utah, are among 15 states that have put into law similar protections and the Supreme Court of the United States has urged state legislatures to update their warrant requirements for the digital age. This time, different from before, we have near universal support from the tech industry."

As the California bill states:

1546.1. Except as provided in this section, a government entity shall not do any of the following:

(1) Compel the production of or access to electronic communication information from a service provider.

(2) Compel the production of or access to electronic device information from any person or entity except the authorized possessor of the device.

(3) Access electronic device information by means of physical interaction or electronic communication with the device, except with the specific consent of the authorized possessor of the device.

A “Golden State” of mind

The bill has a substantial amount of support from established tech companies and civil liberties groups, including Apple, Google, Facebook as well as the Electronic Frontier Foundation and the American Civil Liberties Union.

“At Adobe, we believe our customers’ private communications should receive full constitutional protections, regardless of whether these communications are stored at home, at work or in our cloud,” Mary Catherine Wirth, an Adobe Systems lawyer, said in a statement.

Legal experts say that CalECPA, if it passes, would not be the first such digital protection bill at the state level, but it would be the most comprehensive.

“In addition to providing warrant protection for the contents of electronic communications like emails and Facebook messages, it also requires law enforcement obtain a warrant to obtain location information and metadata,” Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, told Ars by e-mail.

“It also has reporting requirements to provide oversight and, I think most uniquely, gives California judges the discretion to appoint a special master to ensure an electronic search warrant is narrowed, as well as require information obtained by the warrant that is unrelated to the investigation be destroyed as soon as possible.”

Nicole Ozer, an attorney with the ACLU of Northern California, concurred with this sentiment.

“It's really important both for users and companies that there be rules that reflect the modern digital world and over the past few months many different companies have come together to draft CalECPA and hopefully it will be enacted in California and will serve as a model for other states to follow,” she told Ars.
http://arstechnica.com/tech-policy/2...l-data-access/





Clear Proof Obama's Surveillance Oversight Board Is a Pathetic Sideshow

The easiest way for leaders to manage public outcry is to put on an elaborate performance of mock reform.
Bill Blunden

In the aftermath of the Snowden revelations President Obama made a big show of ordering changes to how American spies operate. Sadly, the reforms implemented by the U.S. intelligence community reveal that White House officials have opted for a bunch of cosmetic gestures as the NSA adds 2,880,000 square feet of real estate and Obama openly boasts to Chinese leaders about tripling American cyber forces to 6,000 by 2016. On the whole not much has changed. Government spies are still bulk collecting telephone metadata and international communiqués.

Spies be spying, that’s what they do.

To see why this is the case, let’s dig into some details. Specifically, check out the reform scorecard written up by the Privacy and Civil Liberties Oversight Board, an agency within the executive branch. The board recently published its evaluation of how the government instituted its recommendations regarding NSA spying. Over a year ago the board made a series of proposals for amending programs based on Section 215 of the Patriot Act and Section 702 of the Foreign Intelligence Surveillance Act. Section 215 covers telephone metadata collection and Section 702 deals with intercepting international communications that cross American borders.

The board provided a summary of its recommendations in table form detailing the measures that were instituted. While there have been modest steps taken to address issues like transparency and introduce so-called privacy “safeguards” what’s really interesting are the suggestions that were largely ignored. The oversight board reports that the recommendation to “End the NSA’s Bulk Telephone Records Program” hasn’t been implemented, and neither has the recommendation to “Develop a Methodology to Assess the Value of Counterterrorism Programs.”

What we’re witnessing is Reform Theater, a sort of kabuki act intended to provide the impression that, in the wake of Snowden’s revelations, something is being done. Officials create the perception of action by occupying themselves with narrow aspects of mass interception and this is intentional. They wouldn’t dare do anything substantial that would threaten the gears of the surveillance state. Instead they’ll leave Big Brother’s infrastructure in place and dither around the edges.

Nor would they dare establish metrics to quantify the usefulness of mass interception. Doing so would only expose U.S. counter terrorism initiatives for the frauds that they are, leading the public to question the NSA’s global panopticon or the FBI’s habit of cultivating terrorism plots. Whose national security do these secret programs safeguard?

Remember J. Edgar Hoover’s “Do Not File” stash or Richard Nixon’s “Enemies” list? Recall how Truman wrote his wife about Hoover, lamenting that “all Congressmen and Senators are afraid of him.” Noam Chomsky spells it out: “Policy must assure the security of state authority and concentrations of domestic power, defending them from a frightening enemy: the domestic population, which can become a great danger if not controlled.”

Chomsky’s findings are in line with the conclusions of the NSA’s own Snowden: “These programs were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power.”

The NSA is aiming for "global network dominance," a term no doubt derived from the Pentagon's notion of "full spectrum dominance." The hyperbolic rhetoric of the Department of Defense in turn reflects the broader agenda described by Snowden and Chomsky, a pathological desire to maintain control both at home and abroad.

Who benefits? Profound sources of influence outside of government; corporate factions that transmit their wishes through the American "Deep State." Anyone who doubts this should note how politicians eagerly lined up to audition for the Koch brothers' network of some 300 donors, an organization that has budgeted close to a billion dollars for the 2016 election cycle. Why did Mitt Romney drop out of the 2016 presidential race? Because funders denied their support.

All told there are over 1,300 billionaires in the United States and the politically minded members of this demographic—both Democrats and Republicans—have essentially succeeded in state capture. The two-party system of the United States is actually a one-party system: the corporate party. And U.S. spies are the Praetorian Guard of these “deciders.”

So if it seems like nothing on the whole is being done to rein in mass interception, that assessment would be accurate. The NSA’s all-seeing Eye of Providence, and the even larger corporate surveillance apparatus that supports it, are incredible tools of control. The easiest way for leaders to manage public outcry is to put on an elaborate performance of mock reform. It appeases Main Street without offending the deep sources of wealth and power that tread the corridors of the Deep State.
http://www.alternet.org/news-amp-pol...hetic-sideshow





Obama to Sign Executive Order on Sharing Cybersecurity Threat Information
Katie Zezima

President Obama will sign an executive order Friday that urges companies to share cybersecurity-threat information with one another and the federal government.

The order is advisory in nature and comes as the White House will kick off its first summit on Cybersecurity and Consumer Protection at Stanford University on Friday. The summit, which will focus on public-private partnerships and consumer protection, is part of a recent White House push to focus on cybersecurity.

It encourages the development of central clearinghouses for companies and the government to share data and creation of centers where data can be shared across specific geographic regions.

The order is part of a broader White House effort to beef up the nation's cybersecurity infrastructure, something the administration wants to push on Capitol Hill. Last month Obama proposed legislation that would shield companies from lawsuits for sharing threat data with the government.

Both privacy groups and Silicon Valley companies have said they would oppose the legislation unless reforms are first made to the NSA's surveillance program.

The CEOs of companies including Google and Facebook will not attend the summit, though Apple CEO Tim Cook will. White House spokesman Eric Schultz said the administration is "very pleased at the participation across the board" at the summit, which will include leaders from academia, tech and the privacy advocacy community.

"We are gratified and look forward to their participation," Schultz said.

Speaker Boehner's office was critical of the move. "Unilateral, top-down solutions will not solve America’s cyber problems," said Boehner spokesperson Cory Fritz. "The President should work with Republicans to enact the types of common-sense measures that passed the House twice in recent years with strong, bipartisan majorities but stalled in the Democratic-controlled Senate."

The order would put the Department of Homeland Security in charge of approving and making sure companies can access the information sharing programs. It will also allow the National Cybersecurity and Communications Information Center to enter into agreements with the organizations, which have yet to be developed. Companies including the Cyber Threat Alliance and Entertainment Software Association will announce they will build programs using the parameters of the executive order.

A number of companies will announce Friday that they are incorporating the administration's cybersecurity framework, which was created after a 2013 executive order, into their companies. The framework helps businesses decide how to use cybersecurity investments, ways to implement cybersecurity for new companies and measure their programs against others. Intel, Apple and Bank of America use framework and will announce that they will require all vendors to use it. Both QVC and Walgreens will say they will employ the framework in their risk management practices, while Kaiser Permanente will commit to using it as well.

Businesses will also announce secure payment programs at the conference. MasterCard will put more than $20 million into new cybersecurity initiatives, Visa will commit to tokenizing credit cards and Square, along with the Small Business Administration, will work with small businesses to encourage them to use secure payment technologies. Companies will also announce that they are moving toward multi-factor authentication, which uses a number of steps to ensure that the person paying with a credit card is the authorized user.

The event will also include a push for greater transparency when it comes to credit scores. Nationstar, working with NICO, will announce it will make credit scores available to their customers for free by the end of the year.

Juliet Eilperin contributed to this report.
http://www.washingtonpost.com/blogs/...urity-threats/





Obama Heads to Security Talks Amid Tensions
David E. Sanger and Nicole Perlroth

President Obama will meet here on Friday with the nation’s top technologists on a host of cybersecurity issues and the threats posed by increasingly sophisticated hackers. But nowhere on the agenda is the real issue for the chief executives and tech company officials who will gather on the Stanford campus: the deepening estrangement between Silicon Valley and the government.

The long history of quiet cooperation between Washington and America’s top technology companies — first to win the Cold War, then to combat terrorism — was founded on the assumption of mutual interest. Edward J. Snowden’s revelations shattered that. Now, the Obama administration’s efforts to prevent companies from greatly strengthening encryption in commercial products like Apple’s iPhone and Google’s Android phones has set off a new battle, as the companies resist government efforts to make sure police and intelligence agencies can crack the systems.

And there is continuing tension over the government’s desire to stockpile flaws in software — known as zero days — to develop weapons that the United States can reserve for future use against adversaries.

“What has struck me is the enormous degree of hostility between Silicon Valley and the government,” said Herb Lin, who spent 20 years working on cyberissues at the National Academy of Sciences before moving to Stanford several months ago. “The relationship has been poisoned, and it’s not going to recover anytime soon.”

Mr. Obama’s cybersecurity coordinator, Michael Daniel, concedes there are tensions. American firms, he says, are increasingly concerned about international competitiveness, and that means making a very public show of their efforts to defeat American intelligence-gathering by installing newer, harder-to-break encryption systems and demonstrating their distance from the United States government.

The F.B.I., the intelligence agencies and David Cameron, the British prime minister, have all tried to stop Google, Apple and other companies from using encryption technology that the firms themselves cannot break into — meaning they cannot turn over emails or pictures, even if served with a court order. The firms have vociferously opposed government requests for such information as an intrusion on the privacy of their customers and a risk to their businesses.

“In some cases that is driving them to resistance to Washington,” Mr. Daniel said in an interview. “But it’s not that simple. In other cases, with what’s going on in China,” where Beijing is insisting that companies turn over the software that is their lifeblood, “they are very interested in getting Washington’s help.”

Mr. Daniel’s reference was to Silicon Valley’s argument that keeping a key to unlocking terrorists’ secret communications, as the government wants them to do, may sound reasonable in theory, but in fact would create an opening for others. It would also create a precedent that the Chinese, among others, could adopt to ensure they can get into American communications, especially as companies like Alibaba, the Chinese Internet giant, become a larger force in the American market.

“A stupid approach,” is the assessment of one technology executive who will be seeing Mr. Obama on Friday, and who asked to speak anonymously.

That tension — between companies’ insistence that they cannot install “back doors” or provide “keys” giving access to law enforcement or intelligence agencies and their desire for Washington’s protection from foreign nations seeking to exploit those same products — will be the subtext of the meeting.

That is hardly the only point of contention. A year after Mr. Obama announced that the government would get out of the business of maintaining a huge database of every call made inside the United States, but would instead ask the nation’s telecommunications companies to store that data in case the government needs it, the companies are slow-walking the effort.

They will not take on the job of “bulk collection” of the nation’s communications, they say, unless Congress forces them to. And some executives whisper it will be at a price that may make the National Security Administration’s once-secret program look like a bargain.

The stated purpose of Friday’s meeting is trying to prevent the kinds of hackings that have struck millions of credit card holders at Home Depot and Target. A similar breach revealed the names, Social Security numbers and other information of about 80 million people insured by Anthem, the nation’s second-largest health insurer.

Mr. Obama has made online security a major theme, making the case in his State of the Union address that the huge increase in attacks during his presidency called for far greater protection. Lisa Monaco, Mr. Obama’s homeland security adviser, said this week that attacks have increased fivefold since the president came to office; some, like the Sony Pictures attack, had a clear political agenda.

The image of Kim Jong-un, the North Korean leader, shown in the Sony Pictures comedy “The Interview” has been emblazoned in the minds of those who downloaded the film. But the one fixed in the minds of many Silicon Valley executives is the image revealed in photographs and documents released from the Snowden trove of N.S.A. employees slicing open a box containing a Cisco Systems server and placing “beacons” in it that could tap into a foreign computer network. Or the reports of how the N.S.A. intercepted email traffic moving between Google and Yahoo servers.

“The government is realizing they can’t just blow into town and let bygones be bygones,” Eric Grosse, Google’s vice president of security and privacy, said in an interview. “Our business depends on trust. If you lose it, it takes years to regain.”

When it comes to matters of security, Mr. Grosse said, “Their mission is clearly different than ours. It’s a source of continuing tension. It’s not like if they just wait, it will go away.”

And while Silicon Valley executives have made a very public argument over encryption, they have been fuming quietly over the government’s use of zero-day flaws. Intelligence agencies are intent on finding or buying information about those flaws in widely used hardware and software, and information about the flaws often sells for hundreds of thousands of dollars on the black market. N.S.A. keeps a potent stockpile, without revealing the flaws to manufacturers.

Companies like Google, Facebook, Microsoft and Twitter are fighting back by paying “bug bounties” to friendly hackers who alert them to serious bugs in their systems so they can be fixed. And last July, Google took the effort to another level. That month, Mr. Grosse began recruiting some of the world’s best bug hunters to track down and neuter the very bugs that intelligence agencies and military contractors have been paying top dollar for to add to their arsenals.

They called the effort “Project Zero,” Mr. Grosse says, because the ultimate goal is to bring the number of bugs down to zero. He said that “Project Zero” would never get the number of bugs down to zero “but we’re going to get close.”

The White House is expected to make a series of decisions on encryption in the coming weeks. Silicon Valley executives say encrypting their products has long been a priority, even before the revelations by Mr. Snowden, the former N.S.A. analyst, about N.S.A.’s surveillance, and they have no plans to slow down.

In an interview last month, Timothy D. Cook, Apple’s chief executive, said the N.S.A. “would have to cart us out in a box” before the company would provide the government a back door to its products. Apple recently began encrypting phones and tablets using a scheme that would force the government to go directly to the user for their information. And intelligence agencies are bracing for another wave of encryption.
http://www.nytimes.com/2015/02/13/bu...-tensions.html





Three of Tech’s Top CEOs to Skip Obama Cybersecurity Summit
Chris Strohm

The top executives of Google Inc., Yahoo! Inc. and Facebook Inc. won’t attend President Barack Obama’s cybersecurity summit on Friday, at a time when relations between the White House and Silicon Valley have frayed over privacy issues.

Facebook Chairman and Chief Executive Officer Mark Zuckerberg, Yahoo CEO Marissa Mayer, and Google’s Larry Page and Eric Schmidt all were invited but won’t attend the public conference at Stanford University, according to the companies. Apple Inc. CEO Tim Cook is planning to be at the event, where Obama is scheduled to give the keynote speech and have a private lunch with a select group of attendees.

The technology industry had been a vital source of political support, campaign contributions and assistance in developing cutting-edge tech tactics for Obama when he won the presidency in 2008 and re-election in 2012. Relations have soured since, as the companies have clashed with the Obama administration over government spying and protecting the privacy rights of their users and customers.

Yahoo, Facebook, Google and Microsoft Corp. said they decided to send their top information security executives to the summit instead.

“We are pleased with their participation,” Eric Schultz, White House deputy press secretary, told reporters Thursday. In addition to executives being at the meeting, Schultz said “some of the commitments that are going to be announced in the next couple days are pretty significant.”

NSA Spying

The summit is part of a renewed push to combat hackers. Panels will focus on boosting collaboration between companies and agencies, improving cybersecurity to protect consumers and better securing payment processing systems.

“It’s going to bring everybody together -- industry, tech companies, law enforcement, consumer and privacy advocates, law professors who are specialists in the field,” Obama said last month when he announced the summit.

The themes back up the administration’s efforts to improve information sharing about hacking threats and establishing a national standard for companies to report data breaches.

However, Yahoo, Facebook and Google are still reeling from revelations about the extent of National Security Agency spying exposed by former U.S. contractor Edward Snowden in 2013. The companies are trying to assure their users or customers that their products are secure and that they don’t willingly turn over data to the government.

Data Encryption

Apple and Google have started offering smartphones that encrypt data by default, essentially shielding photos, documents and contact lists from the prying eyes of government or hackers. Law enforcement agencies have been trying to convince the companies to make the data available for legitimate investigations.

The White House didn’t put any of those issues on the agenda for the summit.

The Yahoo, Facebook, Google and Microsoft representatives will participate on a break-out panel at the end of the event on lessons learned from fighting hackers.

The panel will include Scott Charney, Microsoft’s corporate vice president for trustworthy computing; Eric Grosse, Google’s vice president for security engineering; Alex Stamos, Yahoo’s chief information security officer; and Joe Sullivan, Facebook’s chief information security officer.

Other Obama administration officials who will attend the conference include Homeland Security Department Secretary Jeh Johnson, Commerce Secretary Penny Pritzker and Michael Daniel, the White House’s cybersecurity coordinator.

MasterCard, BOA

Along with Apple’s Cook, others who will attend the conference are Ajay Banga, president and CEO of MasterCard Inc.; Brian Moynihan, chairman and CEO of Bank of America Corp.; and Michael Brown, CEO of Symantec Corp.

Obama also will announce an executive action aimed at encouraging companies to share information across industry sectors. The executive action will create a process for coming up with cybersecurity practices that the organizations should voluntarily follow.

It also will authorize the Homeland Security Department to enter into agreements with the organizations to share data about hacking threats.
Campaign Contributions

Microsoft employees donated $854,717 to Obama in the 2008 election cycle, and Google workers contributed $817,855 -- ranking them fourth and sixth among all employers -- according to the Center for Responsive Politics, a Washington non-profit that tracks political spending.

Yahoo’s Mayer gave Obama $2,300 in September 2007, when she was at Google and he was trying to emerge from the shadow of then-Democratic presidential front-runner Hillary Clinton. Mayer followed up with $60,800 for the Democratic National Committee in 2010, $5,000 to Obama’s re-election campaign in 2011 and a maximum contribution of $35,800 to Obama’s “victory fund” that same year.

Microsoft and Google employees became the second- and third-ranking sources of campaign cash for Obama in the 2012 election, ranking only behind the University of California, according to the Center for Responsive Politics. Microsoft employees gave his campaign $814,645 in 2012, and Google employees contributed $801,770.
http://www.bloomberg.com/news/articl...ecurity-summit





Apple's Cook: 'Everyone has a Right to Privacy and Security'

CEO Tim Cook, speaking at President Barack Obama's cybersecurity summit, also says consumers will be able to use Apple Pay at government locations, like national parks, in September.
Shara Tibken

Apple CEO Tim Cook on Friday strongly defended consumers, saying "everyone has a right to privacy and security."

The head of the world's biggest technology company, speaking at President Barack Obama's cybersecurity summit in Palo Alto, Calif., called for the government and other companies to work together to make sure consumers are protected.

"When it comes to the rights of customers and the rights of citizens, it's important to realize we're all talking about the same people," Cook said. "We owe them nothing less but the best protections that we can possibly provide by harnessing the technology at our disposal and working together...We must get this right."

Cook, who came out as gay last year, added that "history has shown us that sacrificing a right to privacy can have dire consequences," and that we still live in a world where people aren't treated equally and can face discrimination based on personal information.

"If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money," Cook said. "We risk our way of life. Fortunately, technology gives us the tools to avoid these risks. And it is my sincere hope that by using them and by working together, we will."

The White House's summit, held at Stanford University, assembled leaders from all sectors of business, and across industries, to find new ways to improve security against cyberthreats.

Obama's early years in office involved a close relationship with Silicon Valley, but those ties have frayed in recent months as the government has asked tech companies for access to their user data. Obama on Friday plans to sign an executive order to promote sharing of information on cybersecurity threats among businesses and between the private sector and government agencies.

Apple, in contrast to many other technology companies, has taken a strong stance to protect user privacy. The company makes money from selling hardware and from services like iTunes, not from selling user data. Google, Facebook and others largely generate revenue from selling targeted advertising.

Cook in September published a lengthy letter detailing Apple's privacy and security policies. Part of the letter sought to reassure Apple's customers that their data was safe from the prying eyes of government surveillance agencies, which have reportedly procured information on electronic communications from Google, Microsoft, and Yahoo, among others. Cook said Apple has never worked with any government agency to create backdoors in Apple products, and data on devices running iOS 8, the mobile operating system Apple released in September, is protected by users' personal pass codes that Apple can't bypass.

"So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8," Cook wrote at the time.

Cook as recently as Tuesday reiterated Apple's commitment to maintaining user privacy for features such as the company's mobile payments service, Apple Pay. Neither merchants nor Apple store your credit card number, and Apple doesn't track what you've purchased.

"We believe that customers have a right to privacy," Cook said Tuesday during the Goldman Sachs technology conference. "The vast majority of customers don't want everyone knowing everything about them...You are not our product."

And Thursday, Apple said it was strengthening the log-in process for its iMessage and FaceTime digital communications services with the aim of preventing hackers from hijacking users' accounts. It added two-step identity verification to users' accounts, stopping unauthorized people from accessing accounts, even if they know the user's password. Apple has been beefing up the security of its Internet products since last year's high-profile breaching of iCloud accounts belonging to celebrities who use the service.

Cook on Friday said Apple Pay "will be available for many transactions with the federal government," such as paying for admission to national parks.
http://www.cnet.com/news/apples-cook...-and-security/





Obama Calls for New Cooperation to Wrangle the ‘Wild West’ Internet
Nicole Perlroth and David E. Sanger

Declaring that the Internet has become the “Wild Wild West” with consumers and industries as top targets, President Obama on Friday called for a new era of cooperation between the government and the private sector to defeat a range of fast-evolving online threats.

Mr. Obama signed an executive order urging companies to join information-sharing hubs to exchange data on online threats — and, in some cases, to receive classified information from the government. But the order stopped short of exempting the companies from liability if the data they collected and shared led to legal action.

Only legislation, which Mr. Obama has tried and failed to get through Congress for three years, can exempt the companies from such liability. Many companies outside the financial industry have been reluctant to share data without such a law in place.

Mr. Obama deliberately chose Stanford University as the site of the first summit meeting on online security and consumer protection, saying that it was where much of the Internet was born and is also where the innovations to secure it must be developed.

“The very technologies that can empower us to do great good can also be used to undermine us and do great harm,” Mr. Obama said.

Mr. Obama also made clear that his six years of presidency had given him new appreciation of how the government will be called upon to protect citizens against the most severe attacks, and once again accused North Korea of hacking into Sony Pictures. “The cyberworld is the Wild Wild West — to some degree we’re asked to be the sheriff,” he said. “When something like Sony happens, people want to know what the government can do about this.”

Mr. Obama arrived in the heart of Silicon Valley at a time of great tension with companies here, including Apple and Google, both represented at the event. Apple’s chief executive, Timothy D. Cook, was seated to Mr. Obama’s left Friday afternoon at a closed-door lunch meeting with senior executives, only months after coming into direct conflict with the Federal Bureau of Investigation and intelligence agencies over the full encryption of its mobile devices.

Mr. Obama’s intelligence and law enforcement aides would like to preserve access to all digital communication with a court order. The companies say that would create a breach that China and Russia, among others, would exploit.

Mr. Cook, who was invited to the meeting to discuss Apple’s new payment system, Apple Pay, used the occasion to urge government and technology leaders to do everything they can to protect users’ rights to privacy and security.

“People have entrusted us with their most personal and precious information,” Mr. Cook said. “We owe them nothing less than the best protections that we can possibly provide.”

Failing to do so, Mr. Cook said, would “risk our way of life.”

The private sector has largely been reluctant to share information about threats with the government, arguing that it would create onerous regulations and potentially compromise proprietary and customer data.

Joseph M. Demarest Jr., assistant director of the F.B.I.’s cyberdivision, said in an interview that given the sophistication of the hackers American companies are up against, information-sharing had proved critical to tracing attacks back to hackers and ridding them from systems.

“We’re fighting Ph.D.s on the other side of the world,” Mr. Demarest said. “Not only the F.B.I., but our colleagues from the intelligence community, can enable and assist not only with attribution but with kicking actors out and keeping them out.”

After the Sony attacks late last year, Mr. Demarest said the F.B.I.’s presence at Sony’s headquarters was crucial in helping the government trace the attacks back to North Korea.

“Companies are realizing there is a benefit to keeping us involved,” he said.

But businesses reeling from the fallout of the revelations about online surveillance from the former government contractor Edward J. Snowden worry about the impression such sharing would create among customers. Foreign governments are worried that such arrangements will compromise their data.

Privacy activists say the approach is misguided. “Key to security is to minimize data collection and adopt robust security measures,” said Marc Rotenberg, president of the Electronic Privacy Information Center. “If they can’t protect it, they shouldn’t collect it.”

But few of those tensions were on display on Friday, as Mr. Obama, government officials and a carefully curated list of executives from the technology, banking, energy and health care sectors took the stage to speak for the need for greater public-private partnership in combating online threats.

“This work cannot be adversarial; we have enough adversaries out there,” Anthony Earley Jr., the chairman and chief executive of Pacific Gas & Electric, said on stage Friday.

Many companies point out that they already share information with others in their industries through industry-specific instruments, notably the Financial Services Information Sharing and Analysis Center, a group that shares threats with members of the banking industry.

And companies have been particularly reluctant, after the Snowden revelations, to do anything to aggravate concerns abroad that they are sharing data on foreigners with intelligence agencies.

To assuage those concerns, Bernard Tyson, the chairman of Kaiser Permanente, tried to distinguish the kinds of data his corporation would share with the government.

“I am not talking about sharing the actual content that I am here to protect,” Mr. Tyson said. “It is sharing what I am learning about people trying to get at that content. It’s important for me to say that because that is the sensitivity I hear every day.”

Not mentioned at the event was the issue that has most roiled companies in Silicon Valley. Disclosures by Mr. Snowden showed that intelligence agencies were surreptitiously siphoning off customer data from companies like Google and Yahoo as it flowed internally between their data centers.

That information created an atmosphere of distrust that executives say will make information-sharing much more difficult.

“The tricky thing with information-sharing is that it is about trust,” Eric Grosse, Google’s vice president of security, said in an interview earlier this week. “Information-sharing becomes pretty hard to do once trust is lost.”
http://www.nytimes.com/2015/02/14/bu...-security.html





The FCC Isn’t Afraid of AT&T’s Legal Threats Over Net Neutrality

Lawyers dissect AT&T's claim that broadband can't be a common carrier service.
Jon Brodkin

AT&T will probably be one of the first companies to file a lawsuit if the Federal Communications Commission follows through on a plan to impose stricter rules on broadband. But FCC officials say they’re on solid legal ground.

In a call with reporters to discuss Chairman Tom Wheeler’s net neutrality proposal this week, an FCC official said that AT&T’s threatened lawsuit isn’t a surprise and FCC officials don’t expect it to be successful. AT&T is arguing that broadband has to be considered an information service and not a telecommunications service. This is important because only telecommunications providers can be treated as common carriers under Title II of the Communications Act, a designation that Wheeler will use to impose net neutrality rules.

The FCC official said it’s a simple matter: broadband providers offer, for a fee, a service to the public consisting of the transmission of packets. That makes it telecommunications in Wheeler’s view.

Using the common carrier status of telecommunications providers, Wheeler intends to apply net neutrality rules that prevent Internet providers from blocking or slowing down Web content or prioritizing it in exchange for payment.

But the very acts of blocking, throttling, or prioritizing Web content can’t be telecommunications under the Communications Act, AT&T argues. Instead, they must be considered information services, leaving them free of common carrier rules.

"[T]he capabilities that allow prioritization... involve the use of an ISP’s 'computing functionality' to provide 'the capability of getting, processing, and manipulating information,'" AT&T General Attorney Christopher Heimann wrote to the FCC.

The Communications Act says an information service is “the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications, and includes electronic publishing, but does not include any use of any such capability for the management, control, or operation of a telecommunications system or the management of a telecommunications service.”

Telecommunications is “the transmission, between or among points specified by the user, of information of the user's choosing, without change in the form or content of the information as sent and received.” A telecommunications service is the offering of telecommunications for a fee directly to the public.

Do these definitions lend credence to AT&T's argument? Barbara Cherry, who was once an attorney for AT&T and is now a professor at Indiana University's department of telecommunications, says no. Cherry and Jon Peha, a former FCC Chief Technologist who now is a professor at Carnegie Mellon University, told the FCC in a December filing that the Telecommunications Act of 1996 requires the FCC to classify commercial Internet access as a telecommunications service.

In an e-mail to Ars, Cherry summarized the argument:

• Classification of a service as a Title II "telecommunications service" is based on two types of functionality—technical and commercial.
• The paper explains why broadband Internet access service—and particularly the function of IP packet transfer—satisfies these two types of functionality.
• The paper also explains why commercial Internet access service is NOT an "information service." Critically, the definition of "information service" includes an exclusion. After listing several functional capabilities, the definition further states that information service "does not include any use of any such capability for the management, control, or operation of a telecommunications system or the management of a telecommunications service."

AT&T's argument ignores the exclusion in the definition of an information service, she said.

John Bergmayer, senior staff attorney for pro-net neutrality advocacy group Public Knowledge, agrees.

"Either an information service is an integral part of offering telecommunications or it isn’t," he told Ars in an e-mail. "If it is, it’s considered to be part of the telecom service. The carriers started making these 'but we added a computer!' arguments a long time ago.

"If the information service is not part of the telecom service and is just this other thing, hey, great," Bergmayer continued. "That doesn’t mean you get to use it to interfere with the nondiscriminatory telecommunications service."

AT&T is trying to “spook” the FCC

AT&T, which has decades of experience with common carrier rules because of its wireline telephone and mobile voice businesses, also says broadband providers can’t be classified as common carriers unless they already act like common carriers.

The FCC has to "assess whether [an ISP] offers to serve indifferently, or whether it retains the ability to decline to serve customers," AT&T said. There simply is not enough evidence in the FCC's record "to determine that any ISP, let alone every ISP, holds itself out to serve customers indifferently. And in some markets, such as for peering and interconnection, the record is in fact quite clear that ISPs do not operate as common carriers, and expressly retain the right to refuse to provide service."

But even if providers offer service under "private carriage" terms today, "the FCC has the discretion to require that it be provided on a common carriage basis," Cherry and Peha wrote in their filing with the FCC.

AT&T argued that the FCC must find that a provider has market power in a particular geographic market in order to reclassify broadband.

"It seems to me that AT&T is trying to 'spook' the FCC into fearing the need for granular, market-specific analyses—such as what the courts required when FCC developed its unbundling rules under Section 251 [of the Communications Act]," Cherry told Ars.

Although the FCC plans to reclassify broadband, it doesn't intend to enforce unbundling rules that would force providers to share their infrastructure with competitors. "The statutory requirements of Section 251 are unrelated to the Title II classification issue," according to Cherry.

There's also a much simpler argument that disputes AT&T's claims, said Georgetown Law lecturer Andrew Schwartzman, an attorney who specializes in media and telecommunications policy.

"The notion that broadband could never be a common carrier service is at odds with history," he told Ars in an e-mail. "Until 2005, DSL service was regulated as common carriage, so it is very hard to argue that common carriage is completely at odds with the statute."

Schwartzman also noted that when statutory language is deemed ambiguous, courts give deference to the FCC's reading of the statute under the "Chevron Doctrine."

"However much AT&T argues that this is the only possible result, the fact is that the language is susceptible to multiple readings and, therefore, an FCC decision to reclassify would get deference," he wrote.

AT&T is far from alone in arguing against imposing common carrier rules on broadband providers. The National Cable & Telecommunications Association (NCTA) is among those making the case that stricter rules will ultimately harm consumers. The NCTA agrees with AT&T's legal argument, a group spokesperson told Ars.

"We share the concerns raised by AT&T," the NCTA said. "AT&T is correct that, from the beginning of the dial-up era until today, the Commission always has treated the computing functionality offered by an ISP as an information service. AT&T also is correct that today’s ISPs do not offer broadband service on a common carrier basis and cannot be compelled to do so. As NCTA has noted previously, the Commission unfortunately seems to be heading down an uncharted path that entails significant legal risk.”

In a blog post in September, the NCTA also argued that prior to 2005, the FCC only regarded the "wholesale transmission capability provided by telephone companies to ISPs as a 'telecommunications service.'" Retail broadband access was not viewed as telecommunications, the NCTA said.

Wheeler has promised that he will write neutrality rules that can survive a legal challenge, unlike the FCC's previous attempt that was thrown out in court. So far, Wheeler has revealed just the broad strokes of his plan. A much lengthier order will become available after the commission votes on February 26 and should give us a better idea of how the FCC might defend its rules in court.
http://arstechnica.com/tech-policy/2...et-neutrality/





Comcast-Time Warner Cable Deal Still Up in the Air a Year Later
Emily Steel and David Gelles

A year after it was announced, Comcast’s audacious acquisition of Time Warner Cable remains in limbo as Washington regulators scrutinize the deal. No surprise there. After all, the $45 billion merger would consolidate an already-concentrated industry, uniting the two largest cable operators in the United States.

But in recent weeks, the air of inevitability around the deal has dissipated. With the Federal Communications Commission proposing stringent new rules to govern the Internet, analysts have grown more skeptical about the acquisition being approved. Investors began betting against the combination late last month, with shares of both companies falling sharply before recovering last week.

“The prospects for the deal, while they’re still not bad, have continued to go down,” said Kevin Werbach, a former F.C.C. counsel and a professor at the Wharton School of the University of Pennsylvania in Philadelphia.

Advisers to both companies acknowledge that passing regulatory muster is far from certain. Yet David L. Cohen, an executive vice president at Comcast, expressed confidence that the merger would still be approved but acknowledged that the outcome was hard to handicap.

“This is a bit of a black-box process,” he said. “You don’t really know what’s going on under the surface.”

In Washington, officials at the Justice Department and F.C.C. are poring over data to decide whether to approve the deal, and what if any concessions the companies must make to satisfy antitrust laws. The review continues even as Comcast and Time Warner Cable are completing the minutiae of their planned merger.

Among the issues being examined by regulators are whether a combined Comcast and Time Warner Cable would have too much sway over how traffic moves around the Internet and how much consumers and companies pay for Internet access.

If regulators allow the deal, the company would control an estimated 35 percent of broadband Internet service coverage and just under 30 percent of the country’s pay television subscribers.

Fueling the uncertainty is a series of remarks made by Tom Wheeler, chairman of the F.C.C., before a vote by the commission on Feb. 26. Mr. Wheeler has proposed regulating the Internet like a utility, under Title II of the Communications Act.

If approved, such a move would give the F.C.C. the authority to ensure that content is not blocked on the Internet, and that broadband providers cannot charge companies for the privilege of allowing their websites to load faster — the essential components of what is known as net neutrality.

Though Mr. Wheeler’s proposal is not directly related to the Comcast-Time Warner Cable merger, those familiar with the F.C.C. say it signals a more vigorous approach to protecting customers, which could also affect thinking on the deal.

“What the F.C.C. is now apparently going to adopt signals a much harder line on their view of the state of competition in the broadband market,” Mr. Werbach said. “If their view is that the market is not working as it is right now, it’s less likely that they’re going to feel that a combination of two of the largest players is going to be in the public interest.”

If Comcast’s acquisition of Time Warner Cable were to be blocked by either agency, the industry could be thrown into tumult, with industry observers speculating that it would set off a flurry of new deal activity.

“I don’t think they would say so publicly, but I think everyone involved has to be at least considering a Plan B,” said Craig Moffett, an analyst with MoffettNathanson research. He recently lowered his odds that the deal goes through from 80-20 to 70-30, for factors including a changing regulatory environment and potential changes to how regulators define the broadband market.

Yet with all the uncertainty, it is impossible to know how the F.C.C. and Justice Department will rule. Regulators rarely telegraph their intentions, though in some past deals that have been blocked, regulators have sent subtle signals about how reviews were going; they have yet to do that during this review process.

Comcast is in touch with regulators almost every day, Mr. Cohen said, supplying them with information about business operations and plans for the integration of Time Warner Cable.

“There is nothing that we have heard as part of those contacts that suggest this transaction’s review is any different than our prior transaction reviews, when our deals have been approved,” he said.

Time Warner Cable executives also expressed confidence in the deal, saying on a recent conference call that they expect the closing of the merger with Comcast to occur “early this year.”

Comcast deploys a vigorous lobbying effort in Washington, spending $17 million on such efforts last year, which made the cable operator one of the biggest corporate campaigners in the country. In several instances, state and local officials, including Hawaii’s governor and Oregon’s secretary of state, have sent letters to the F.C.C. supporting the deal that were written almost entirely by Comcast employees. (Government officials first had asked Comcast for help in providing the information.)

As for the government’s own timetable, the Justice Department has no firm deadline. The F.C.C. has an informal agenda to rule by the end of March, but could extend that.

Consideration of the deal by the F.C.C.is expected to intensify next month, after the net neutrality vote. At the same time, both the F.C.C. and the Justice Department are weighing the antitrust ramifications of another proposed media merger, the acquisition of DirecTV by AT&T.

Even if regulators approved the Comcast-Time Warner Cable merger, they could demand onerous concessions from Comcast. If that were to occur, or if Comcast decided that new net neutrality rules would hurt the merged company, it could simply change its mind and refuse to complete the deal, which forgoes a breakup fee.

Mr. Cohen emphasized this point in an interview. “It is absolutely accurate that we have a very broad right to walk away from the transaction,” he said, without elaborating on what conditions could cause Comcast to walk away.

Yet he cautioned that there was no indication that regulators would ask for costly divestitures.

“There hasn’t been anything that we have heard at this point that has led us to believe that anybody is thinking about imposing overly burdensome conditions on this transaction,” Mr. Cohen said.

But if regulators did ask for some divestitures, Comcast is unlikely to simply abandon the deal. In Time Warner Cable, Comcast sees the opportunity to become a truly national provider of television, Internet and phone services, giving it unparalleled scale.

Amy Yong, an analyst with Macquarie research, said the importance of Time Warner Cable’s assets had only increased for Comcast in the last year, as competition from telecom providers like AT&T and new entrants like Google has grown fiercer.

Because there is no formal proposal, Mr. Cohen would not say whether the new net neutrality rules might make the deal less financially attractive to Comcast. Even if the proposal is approved, it will face months, and possibly years, of review and potential legal appeals. Before that process is complete, a new administration could change the rules yet again.

Comcast, meanwhile, is spending countless hours and millions of dollars planning to swallow Time Warner Cable, and brushing aside any suggestion that the regulatory winds are blowing the wrong way.

“There’s no demonstrable information out there that that is the case,” Mr. Cohen said. “The regulators haven’t talked, because they never talk.”

Michael J. de la Merced contributed reporting.
http://dealbook.nytimes.com/2015/02/...-a-year-later/





Sprint Says U.S. Telecoms Will Invest Despite Stronger Net Neutrality
Malathi Nayak

With its surprise endorsement of a stricter U.S. regulatory regime for Internet service providers, Sprint Corp wanted to show that tougher rules would not stop rival telecom players from investing, Chief Technology Officer Stephen Bye said in an interview.

"It's one of those topics that is highly charged, highly politicized and we took a step back and said it works in the interest of our customers, our consumers and the industry and we frankly found some of the arguments (of our competitors) to be less than compelling," Bye told Reuters this week.

"Our competitors are going to continue to invest so they are representing a situation that won't play out," he added.

Sprint's stance starkly contrasts with that of other U.S. wireless and cable companies such as Comcast Corp , Time Warner Cable Inc, Verizon Communications Inc and AT&T Inc.

The companies say they support net neutrality, the concept that all web traffic should be treated equally, but vehemently oppose the Federal Communications Commission's proposal to regulate Internet service providers more strictly under a section of communications law known as Title II, which would treat them more like traditional telephone companies.

They are expected to challenge the rules in court after the FCC votes on them on Feb. 26.

In a call with investors last week, Verizon's Chief Executive Officer Lowell McAdam said that the stronger regulatory regime is "completely the wrong way to go" and would stifle job creation and innovation.

But Bye said that the government's recent record-setting $44.9 billion spectrum auction is a "great proof point of the level of investment the companies in the industry are willing to make."

AT&T and Verizon emerged among top buyers in the auction with bids worth $18.2 billion and $10.4 billion. Sprint did not participate in the auction, eyeing the next auction in 2016.

"The notion that some of our competitors are suggesting that they will stop investing if Title II is brought into effect... That's something we've refused," Bye said.

Sprint's public support of stricter net neutrality rules, revealed in a Jan. 15 filing in the run-up to FCC Chairman Tom Wheeler's latest proposal last week, took the industry and competitors by surprise.

The proposed rules would ban Internet providers from blocking or slowing down websites or charging companies for swifter delivery of their content. But Wheeler also sought to address some Internet providers' concerns, saying he would not pursue price regulations, tariffs or requirements to give competitors access to their networks.

"In the terms of Title II with the appropriate forbearance we made the point that we really don't see this as negative for the industry at all," Bye said.

Sprint is the third-largest U.S. wireless carrier based on subscribers. Bigger rivals AT&T and Verizon have market capitalizations about 10 times that of Sprint's $19.47 billion.

Given the sheer scale of AT&T and Verizon's operations, some analysts have argued that they have more at stake when it comes to net neutrality rules.

(Reporting by Malathi Nayak; Additional reporting by Alina Selyukh in Washington; Editing by Lisa Shumaker)
http://uk.reuters.com/article/2015/0...0LF00F20150211





Virgin Media Spending £3 Billion on 'Superfast' Broadband in UK
Blathnaid Healy

The UK has some of the slowest broadband speeds in Europe. It means Virgin Media's announcement Friday to invest heavily in the broadband infrastructure will be welcomed by anyone who has struggled to download a file or stream a movie.

The company claims the £3 billion ($4.6 billion) announcement is the single largest investment in the UK's broadband infrastructure for more than 10 years.

Over the next five years Virgin said it will improve its fibre optic broadband network, made up of strands of thin glass that carry information over long distances, bringing speeds of up to 152Mbps to four million more homes and businesses.

Internet connections in London are often less than 24Mbps, and rural parts of Britain are much worse. The average download speed across the UK is 29Mbps, according to Ookla, this compares poorly with other parts of Europe like Sweden and Romania where average speeds are over 50Mbps.

Virgin said it will be focusing its expansion on areas that are close to Virgin Media's existing network. This is likely bad news for those in rural parts of the country as the company's current network is mostly based around cities and other urban areas.
Broadband Delivery UK, which is part of the Department of Culture, Media and Sport is tasked with providing 'superfast' broadband, defined as 24Mbps or more, to 90% of the UK as well as providing basic broadband, 2Mbps, for all by 2016.

Last month, BT promised "ultrafast" broadband of up to up to 500Mbps for the UK within a decade.
http://mashable.com/2015/02/13/virgi...-broadband-uk/





Net Neutrality Saves Pornland
Nichi Hodgson

So President Obama may just be the most pro-porn president ever to take office. He’s recently protected net neutrality – and the right of the Federal Communications Commission to uphold it, effectively stating that no ISPs should be allowed to restrict or govern access to content on the internet – even if that content is legal pornography.

Net neutrality – the matter of free movement of information on the internet – is a hot topic, if not always a well-understood one. When Funny or Die released its net neutrality explained by porn stars video in November, online magazines and social networking sites lapped it up like a leaked A-lister sex tape. As we well know, that’s the useful thing about adult content – it captures the imagination and attention in a way little else can – even when it’s explaining download speeds.

The video came off the back of the announcement that the Federal Communications Commission was proposing to create internet ‘fast lanes’ at a premium for paying clients. PornHub and a maelstrom of other adult and non-adult sites alike joined together to protest. In particular, the proposals would affect streaming services – a mainstay of much online adult content – by putting pressure on them to opt for the fast lanes. It would be creating a tiered and undemocratic internet, where access to funds dictated download speed.

Shortly afterwards, President Obama came out in favor of allowing the Federal Communications Commission to regulate ISPs more thoroughly under a section of existing communications laws called Title II, leading many in the adult industry to pronounce him the most pro-porn president yet to enter office. The Republicans, meanwhile, proposed a new bill that would inhibit the FCC’s regulation, claiming it would lead to too heavier a restriction on business. But as of today, the White House has pronounced the legislation unnecessary, and that the FCC has the powers anyway.

The adult industry is in a Master/slave relationship with freedom of information and democratic access to it. Porn is still the number one most searched thing on the internet. It generates $25 billion dollars a year in revenue in the US alone, and pioneers new technology (an irony, then, that the streaming speeds it had a hand in developing could be used against it). And yet it is demonized as a source of social instability and routinely discriminated against for being an ‘immoral’ business. Professionals contracts are mysteriously terminated, personal bank accounts are closed down, and performers suffer employment discrimination if they want to embark on another career post-porn.

The digital frontier has so far always been Pornland’s nation-home. But if net neutrality is compromised, Pornland would start to find itself on seriously shaky ground. It’s logical that pornography that is legal should not be censored. But given the power that ISPs such as Comcast and Verizon have to control traffic – and have been proved to manipulate – the power for them to kowtow to public taste or to curry favor for being ‘socially responsible’ means they could easily manipulate traffic to adult sites.

There are plenty on the religious Right that would vocally support that, and plenty of more silent liberal bystanders that would not – but nor would they feel comfortable openly getting behind a porn campaign. Net neutrality maybe dearly held, but it is not readily protected, despite its protection being a mere extension of the First Amendment. Somehow, no matter how much of our lives we spend online, we still struggle to understand that online liberties affect our daily lives as much as offline ones.

The view held by those wary of ISP power, including the Federal Communications Commission, is that ISPs are not well regulated enough to ensure they keep the information super highway open and democratic. That’s why individuals such as Tim Wu, the academic instrumental in developing the definition of net neutrality, have been pushing for them to be re-categorized as “common carriers”, as they were in the 90s. ‘Common carriers’ are subject to closer monitoring and have more responsibility to their customers.

What’s more, it’s mot just ISPs that manipulate the access power – but companies such as Facebook and Google which generate so much traffic, they have their own arrangements with ISPs to accommodate it. In many ways, they are just as guilty of compromising net neutrality, yet for now, they are certainly out of the FCC’s direct governance.

The irony is that there is one key way in which compromising net neutrality could benefit the porn industry – and that’s in relation to porn piracy. Back in 2007, ComCast intercepted a range of file-sharing software, including BitTorrent – a thorn in the side to adult businesses trying to prevent their content being ripped for free. But let’s get real – given the status of the adult industry, could we ever expect to see a time when ComCast et al would use its powers to protect the adult industry’s right to profits?

Countries such as China and Saudi Arabia have long proved benchmarks for what happens when the internet is censored. Namely, proxies and peer-to-peer networking take over for the rich and the tech savvy, while internet access and freedom of information is curtailed for everyone else. But if you want to see a current living experiment in internet censorship, look to the UK. For the past year, internet service providers have been demanding subscribers opt in to view adult content. Adult content doesn’t just cover porn – other topics include humor and information about war and weapons. Meanwhile, restrictions are so unsophisticated that they have lead to sites on counseling and sexual health being blocked.

There have, however, been some positives to these restrictions and the publicity they’ve received. Independent ISPs have been able to sell the benefits of their unrestricted services, while the issue of how we keep children safe online has forced a national conversation about parental responsibility and the paucity of sex education.

But these benefits did not need to come at the cost of net neutrality – a severe to civil liberties, as well as the growth and future of the adult industry.

The term may not be sexy, nor the technical details. But a future with even more restrictions on internet porn certainly wouldn’t be a hot one. President Obama’s challenge to the Republicans has certainly raised the temperature. Let’s hope he can keep it up – for all of us.
http://blog.eros.com/net-neutrality-saves-pornland/





Republicans Launch Attack On FCC’s Net Neutrality Plan

A commissioner, a former chairman, and Congress target Obama and Tom Wheeler.
Jon Brodkin

Republicans are launching a multi-pronged assault on the net neutrality plan proposed by Federal Communications Commission Chairman Tom Wheeler.

Ajit Pai, one of two Republicans on the five-member commission, held a press conference Tuesday denouncing Wheeler, saying the plan goes further than the Democratic chairman admits. Pai referred to the proposal as “President Obama’s plan” because Wheeler decided to reclassify broadband as a common carrier service after Obama asked him to do so.

Wheeler says the plan does not impose rate regulation on Internet providers, but Pai said, “the claim that President Obama’s plan to regulate the Internet does not include rate regulation is flat-out false."

Although the FCC won’t decide on rates initially, home Internet customers or companies that interconnect with Internet providers would be able to complain to the FCC that rates are unreasonable.

“The plan clearly states that the FCC can regulate the rates that Internet service providers charge for broadband Internet access, for interconnection, for transit—in short, for the core aspects of Internet services,” Pai said. “To be sure, the plan says that the FCC will not engage in what it calls ex ante rate regulation. But this only means that the FCC won’t set rates ahead of time. The plan repeatedly states that the FCC will apply sections 201 and 202 of the Communications Act, including their rate regulation provisions, to determine whether the prices charged by broadband providers are ‘unjust or unreasonable.’ The plan also repeatedly invites complaints about section 201 and 202 violations from end-users and edge providers alike. Thus, for the first time, the FCC would claim the power to declare broadband Internet rates and charges unreasonable after the fact. Indeed, the only limit on the FCC’s discretion to regulate rates is its own determination of whether rates are ‘just and reasonable,’ which isn’t much of a restriction at all.”

Protestors who support net neutrality interrupted Pai's press conference.

Pai also criticized Wheeler for releasing only a description of the plan instead of the entire 332-page document. Pai said he is prohibited from releasing the plan himself unless Wheeler allows it.

Pai said he believes in “a free and open Internet,” but said the Internet is already free and open and that net neutrality rules are thus “a solution in search of a problem.”

Wheeler’s plan would prevent Internet service providers from blocking or throttling traffic, or prioritizing Web content in exchange for payment.

Former FCC Chairman Michael Powell, who is now CEO of the National Cable & Telecommunications Association, also criticized Wheeler’s plan in an op-ed in USA Today Monday.

Wheeler’s plan relies on Title II of the Communications Act, which sets out the common carrier rules that have long applied to the wireline telephone system. This “would shackle the Internet in an outdated legal regime from the Ma Bell era that has nothing to do with net neutrality at all—opening the door to price regulation, new tax and fee increases, and a costly slowdown in investment and innovation,” Powell wrote. “We've seen where this approach leads in Europe, where under Title II-style rules broadband investment per household is half that of the US, and Internet speeds there, on average, are considerably slower. Even worse, by going down the legally risky road of Title II reclassification, we won't end the debate. We'll simply kick the problem to the courts (again), creating new uncertainties and leaving everyone who wants enforceable Internet rules in limbo.”

Powell, a Republican, helped make sure that Title II rules would not apply to Internet providers during his 2001-2005 tenure as FCC chairman.

Wheeler's office says his plan "will not impose, suggest or authorize any new taxes or fees."

Republicans in Congress are also taking action. Last week, the House Committee on Oversight and Government Reform claimed Obama had “improper influence” over the net neutrality decision and launched an investigation.

Republican senators have now begun a parallel investigation, and Sen. Dean Heller (R-NV) has proposed legislation that would require the FCC to publish its full proposals before voting on them.

The FCC is scheduled to vote on Wheeler's proposal on February 26.

UPDATE: A spokesperson for Wheeler issued a response to Pai's concerns. "Regarding rate regulation, mobile voice services have been classified under similar Title II rules for 21 years, including a requirement by Congress that the FCC apply sections 201 and 202 to that service," the spokesperson said. "And the FCC has never used that authority to question prices in that sector. The Chairman’s Open Internet proposal follows this model."

As for whether to release the order before the vote, "the Chairman will continue following the FCC’s longstanding practice of circulating proposals to the commission three weeks before a meeting, getting their input, and making the final Order as agreed upon by the commissioners public after the vote," the spokesperson said.
http://arstechnica.com/tech-policy/2...utrality-plan/





GOP, Tech Industry Mostly Out of Step Over Net Neutrality Issue
Noah Bierman and Evan Halper

The intensifying debate over how to keep the Internet open and ripe for innovation has heightened tensions between Republican congressional leaders and tech entrepreneurs they have been trying to woo.

As tech firms and cable companies prepare for a fight that each says will shape the future of the Internet, Silicon Valley executives and activists are growing increasingly irritated by the feeling that the GOP is not on their side.

Republican leaders have struggled to explain to their nascent allies in the Bay Area why they are working so hard to undermine a plan endorsed by the Obama administration to keep a level playing field in Internet innovation, enforcing what the administration and its allies call "net neutrality."

Arguments from the GOP that the plan amounts to a government takeover of the Web — "Obamacare for the Internet," as Sen. Ted Cruz (R-Texas) called it — are falling flat with many tech innovators.

"This is one of the most prominent moments in Internet freedom," said Julie Samuels, executive director of Engine, a nonpartisan advocacy group that brings policymakers together with tech start-ups. "I don't think any party can afford to be on the wrong side of this conversation."

But Republicans, she said, are on the wrong side.

The Federal Communications Commission is expected to vote this month to adopt the net neutrality plan proposed last week by the panel's chairman, Tom Wheeler. The plan would regulate Internet service providers, such as Comcast Corp. and AT&T Inc., as public utilities and would ban them from offering high-speed lanes to companies that pay more.

Republicans have promised to push legislation to overturn any such move, but most high-tech companies support it.

The fight comes at a time when Republicans had been making gains in Silicon Valley, a constituency of well-heeled donors and coveted millennial-generation voters who have generally been loyal to Democrats.

Prominent Republicans, including House Majority Leader Kevin McCarthy (R-Bakersfield), have taken members of Congress on listening tours of tech companies. Tech money has begun flowing into GOP campaign accounts. Presidential hopefuls, including Sen. Rand Paul (R-Ky.), have made an aggressive case that the GOP better understands the values of privacy and freedom in the digital world.

GOP leaders had hoped to build on those gains at an event in Washington called RebootCongress, which started Wednesday evening, where top Republican lawmakers plan to join Silicon Valley business leaders to discuss the future of the Internet.

Republicans have hoped to seize on recent Democratic policy moves that riled tech companies, including a push for strict anti-piracy rules and the Obama administration's continued backing of National Security Agency surveillance of Internet users.

But the hot issue in Silicon Valley now is net neutrality. And on that issue, the GOP and the tech industry are mostly out of step.

Republicans argue that intervention by a big government agency is the wrong approach to leveling the playing field for companies that depend on the Internet. That's especially true now, as conservatives accuse Obama of a broad pattern of regulatory overreach in healthcare, the environment and immigration.

"As is often the case in Washington, those who want more power create the specter of a false threat that is not occurring in the marketplace today," Cruz said in an interview in which he warned that new regulations could lead to new taxes and put a chill on innovation. "The power of regulation is like a camel's nose under the tent," he said.

In Congress, GOP lawmakers are unified in opposition to the administration approach.

That includes tech-savvy California Republicans such as Rep. Darrell Issa (R-Vista), who warns that the administration approach "will result in over-regulation and years of fruitless litigation." McCarthy joined his House leadership colleagues in warning regulators that imposing net neutrality rules would "deter investment and stifle one of the brightest spots in our economy."

Many Internet entrepreneurs disagree.

"The argument is a red herring," said Corynne McSherry, intellectual property director at the Electronic Frontier Foundation, which fights alongside GOP lawmakers on privacy and surveillance issues but is helping lead the attack against them on net neutrality.

"Nobody is talking about wanting the Federal Communications Commission to regulate the Internet. That would be terrible," McSherry said. "All they would be doing is putting in rules of the road for broadband providers."

Republicans, she said, are essentially helping big corporations squeeze out innovation. "Politically, this is a real mistake," she said.

It is unclear to what extent the issue will overshadow other Silicon Valley priorities. But it is certainly making the GOP a tougher sell.

"It is close to a litmus test," said Paul Sieminski, a Republican who is the general counsel to Automattic, the company that operates Web-making tool WordPress.com.

"It's such a fundamental issue for the Internet," said Sieminski, who has been active in fighting for net neutrality. "I guess it is a proxy on where a candidate may stand on a lot of issues related to the Internet."

The fight goes beyond wealthy entrepreneurs making or seeking their fortunes in start-up companies. Silicon Valley is adept at mobilizing consumers eager to protect what they see as a core value of the digital age.

The FCC received nearly 4 million comments on the net neutrality rules — most urging them to enforce stricter regulations — before Wheeler announced his proposal last week.

Groups such as Fight for the Future, whose donors include technology companies, said they have helped initiate tens of thousands of calls from their members to regulators and lawmakers using technology that bypasses switchboards.

Polls also showed overwhelming support for the concept that big carriers such as Verizon Communications Inc. and Comcast should not be allowed to charge more to companies that want a fast lane.

That may have propelled a shift among some Republicans, who once questioned the need for any new regulations.

Sen. John Thune (R-S.D.) is proposing a bill that would let Congress, rather than regulators, set the terms for net neutrality. In establishing the concept, however, the measure also would take away the FCC's authority to make any new regulations in the fast-changing broadband marketplace.

Thune and others frame their disagreement with Obama and federal regulators as one over process, asserting that Congress would better protect openness on the Internet yet avoid burdensome regulations.

"I worry that online innovators will be subject to the Mother-may-I system in which startups have to hire regulatory lawyers before they hire engineers," Thune said Wednesday night as the Reboot conference began at the U.S. Chamber of Commerce headquarters in Washington.

Silicon Valley activists are unimpressed. They don't trust the GOP-controlled Congress on this issue.

"They're cynical attempts," Evan Greer, campaign manager for Fight for the Future, said of the legislative proposals, "last-ditch efforts by cable lobbyists who know they've been beat in the court of public opinion.
http://www.latimes.com/business/la-f...213-story.html





Got a Thing for Vintage File Sharing? You Can Now Buy the Original Napster HQ Sign
Stuart Thomas

In 1999, Shawn Fanning, John Fanning, and Sean Parker launched file sharing service Napster and changed the music landscape forever. Whether or not you agree with what they did, you can’t deny the impact they’ve had on the music, and wider media, industry. And now, if you manage to put in the winning bid, you can own a piece of that history.

The sign which adorned Napster’s Los Angeles headquarters — and features its headphone-wearing cat logo — is being sold on Ebay by Red Bull Records, the building’s current occupant.

With a starting bid of US$1000, the proceeds of the online auction will go to the MusiCares Foundation, which provides assistance to musicians in times of need.

Before you rush out and place your bid, you should probably check whether it’s actually possible to ship the sign to the country you live in. Oh, and given that it’s nearly 2.5 meters high and just over 3.5 meters wide, it’s probably also worthwhile making sure that you actually have enough space for it.
http://memeburn.com/2015/02/got-a-th...pster-hq-sign/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

February 7th, January 31st, January 24th, January 17th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 03:49 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)