P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 17-09-14, 08:03 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - September 20th, '14

Since 2002


































"We are in that brave new world, and we are capable of being in that Orwellian world, too." – Supreme Court Justice Sonia Sotomayor


"There were rumors and things being written in the press that people had backdoors to our servers. None of that is true. Zero. We would never allow that to happen. They would have to cart us out in a box before we would do that." – Apple CEO Tim Cook


"As for 'music that can’t be pirated', I ask again, what decade is this? That ship has not only sailed long ago, but has circled the world hundreds of times, sunk, been dragged up, turned into a tourist attraction, went out of business, and been gutted and retrofitted as a more profitable oil tanker. Piracy is not the music industry’s real problem and never has been, and we have yet to come up with any audio or video medium that truly can’t be pirated." – Marco Arment






































September 20th, 2014




Dotcom Email is a Fake - Warner Bros
Claire Trevett, David Fisher

- Purported email is the evidence Kim Dotcom plans to reveal tonight

- Said to be written by Warner Bros CEO at time of Hobbit negotiations

- PM allegedly in on plan to have Dotcom extradited to US

- Warner Bros dismisses email as a fake

- Key says he has no recollection of such a conversation

The Kim Dotcom "big reveal" is out - and has almost immediately been dismissed as a fake.

The "reveal" is an email which purports to show Prime Minister John Key involved in a plan to get the internet entrepreneur into New Zealand so he could be extradited to the United States.

It is the evidence which Dotcom is planning on producing at the Moment of Truth event tonight. It is also contrary to every assurance the Prime Minister has ever given about his knowledge of Dotcom.

The source of the email is shrouded in mystery and there are likely to be arguments over its authenticity.

It is is dated October 27, 2010 and is purported to be from Warner Brothers chairman and chief executive Kevin Tsujihara to a senior executive at the Motion Picture Association of America - the lobby group for the Hollywood studios.

However, Warner Bros told the Herald the email was a fake. Paul McGuire, the movie studio's senior vice president for worldwide communications, told the Herald: "Kevin Tsujihara did not write or send the alleged email, and he never had any such conversation with Prime Minister Key."

Mr McGuire said: "The alleged email is a fabrication."

Mr McGuire said Warner Bros had conducted a "thorough internal review" before dismissing the email. The review would have taken place in just over two hours between the Herald asking questions of the studio and the response.

The MPAA's Kate Bedingfield also dismissed the email. She said: "Mike Ellis never received this alleged email or discussed this matter with Kevin Tsujihara."

Mr Key said this afternoon he had absolutely no recollection or record of any such conversation. "I do not believe that to be correct. I have no recollection of the conversation alluded to in that email, there are no records there and the meetings I had were with other people around me. So in the end we'll try go and get to the bottom of it, but we don't have any record of it."

He said in all the meetings he had with Mr Tsujihara there were other people present.

Asked if he had asked the Warners' executives about it, he said he was only made aware of it a few minutes earlier. "So, yeah, we'll go and ask them. But look, I'd never heard of the guy. I hadn't been briefed on the guy.

"Look, I can't recall any conversation with him, I don't believe it to be correct but we'll go and check it out."

He again denied he was involved in the plan to have Mr Dotcom extradited.

Mr Key has previously said he had no knowledge of Dotcom before January 19, 2012, the day before the tycoon was arrested by NZ Police acting on behalf of the FBI.

In a statement this afternoon, Mr Key said he stood by his statements that he did not know about Dotcom until then.

"The conversation allegedly reported on in the email did not take place," Mr Key said.

"People will see this for what it is."

Labour leader David Cunliffe said Mr Key must release all minutes, notes, briefings and emails relating to his meetings with Warner Bros.

In a statement, Mr Cunliffe said if the email was true, it meant Mr Key had "lied repeatedly to the public and would be grounds for him to resign".

Mr Cunliffe also called on Mr Key to release the full Immigration New Zealand file on Dotcom.

He said Mr Key had been evasive for years about his October 2010 meeting with Warner Bros executives at Premier House.

"Claims just days before that an Immigration official said there was 'political pressure' to process Kim Dotcom's immigration application must now also be cleared up.

"If John Key is able to declassify documents about national security to protect his reputation over the claims by American journalist Glenn Greenwald, he is able to release these documents as well.

"The National leader's credibility is on the line. The public are being expected to take him at his word. But his credibility has been stretched about as far as it can go.

"John Key must now show New Zealanders he has been acting appropriately by releasing evidence to back his claims," Mr Cunliffe said.

The Herald has confirmed that the content of the email is the same information Dotcom is fronting this evening at the public meeting.

It is not from the cache of documents brought to New Zealand by journalist Glenn Greenwald, who is also speaking at the event to allege Mr Key misled the public over mass surveillance by spy agencies.

The date of the alleged email places it right in the midst of negotiations over The Hobbit, which saw the government change the law and grant concessions to keep the making of the trilogy in New Zealand.

It is also smack in the middle of key dates relating to the granting of Dotcom's residency - a decision opposed by intelligence officials who screen immigrants but passed by Immigration officials amid talk of "political pressure".

Dotcom has claimed he was a bargaining chip used in the deal with Warner Bros.

The alleged email reads: "We had a really good meeting with the Prime Minister. He's a fan and we're getting what we came for. Your groundwork in New Zealand is paying off. I see strong support for our anti-piracy effort.

"John Key told me in private that they are granting Dotcom residency despite pushback from officials about his criminal past. His AG will do everything in his power to assist us with our case. VIP treatment and then a one-way ticket to Virginia.

"This is a game changer. The DOJ is against the Hong Kong option. No confidence in the Chinese. Great job."

The recipient of the alleged email was said to be the MPAA's Asia-Pacific president Michael Ellis, who has previously figured in the conspiracy Dotcom has claimed led to him being entrapped in New Zealand.

The email largely backs up the theory Dotcom has pushed for almost three years after being arrested in 2012 on behalf of the FBI on charges of criminal copyright violation.

Dotcom had claimed earlier this year that Tsujihara had him followed in Hong Kong.

Kevin Tsujihara of Warner Bros had me followed, photographed and surveilled in Hong Kong. #TheTruthWillComeOut
— Kim Dotcom (@KimDotcom) February 13, 2014

Mr Key has previously dismissed claims of a conspiracy and said he had no knowledge of Dotcom before January 19 2012, the day before the tycoon was arrested by NZ Police acting on behalf of the FBI.

It is dated the day after Mr Tsujihara met with Mr Key to discuss The Hobbit and dated the day before the decision to grant Dotcom residency on October 28.

The decision to make Dotcom a resident - allowing him to move to New Zealand - came after resistance from the Prime Minister's Security Intelligence Service.

The SIS screened Dotcom as part of the residency process and discovered the FBI was in the process of investigating the tycoon.

Emails obtained by the Herald under the Official Information Act showed the objections were over-ruled, with the spies doing the screening believing Immigration staff were under "political pressure".

Dotcom has previously claimed Mr Ellis, a former Hong Kong police superintendent with extradition expertise, had a role in the case against him. Records show Mr Ellis met with Justice Minister Simon Power on copyright issues prior to the 2011 election. He was also present at a meeting between US vice-president Joe Biden with Hollywood executives and the MPAA's president Chris Dodd in July 2011. The MPAA ridiculed the suggestion, saying the meeting with Biden was to discuss getting films into China.
http://www.nzherald.co.nz/nz/news/ar...ectid=11324988





Audible Security Flaw Lets Anyone Download Unlimited Free Audiobooks
Kate Knibbs

A loophole in Audible's security is making it easy to get unlimited free audiobooks, as long as you have no moral qualms about using a fake name and credit card.

It turns out that Audible, which is owned by Amazon, doesn't verify credit cards and user information before it allows people to start downloading audiobooks, so you can fill your iPhone with audiobooks even if you sign up for an account using an obviously fake credit card.

A teenager in India recently told Business Insider about the flaw. After seeing BI's experiment, Gizmodo used the same technique to confirm that the loophole is still there.

First, we made a fake account:

Using a fake name, email address, and credit card number, you can sign up for any membership plan, so we chose the most expensive plan, which gives you 24 free book credits. It's easy to buy expensive shit when you're using completely fake information.

Audible noticed right away that the card information was shady (maybe it was the Simpsons reference or the address of "Fake Avenue" that gave it away). But it didn't lock "Rory B. Bellows" out.

Even though you'll get a warning, Amazon doesn't check your credit card information until those run out of credits. Even then, once Amazon figures out your card is faulty, you can just renew your membership instead of updating the card information. That refills the credits, basically letting you download Audible's entire catalog without paying. I accidentally tried to buy stuff using the (fake) credit card instead of the 24 credits at first, and received a notice that Amazon had to verify my information before they'd let my audio book download start... but then I renewed my membership and was able to get the same audiobooks for free.

Obviously you should not do this! It's stealing, even though it might feel less so because it's online. It's notable, though, that Amazon has left Audbile's system so insecure for so long.

I've asked Audible and Amazon whether they plan to fix the issue and will update when they respond. Business Insider claims Amazon has known about this since 2013. It seems like an odd thing not to fix, because it gives people a very easy way to snag free audiobooks. Almost as easy as just torrenting them.
http://gizmodo.com/audible-security-...8885/+andyoooo





More Students are Illegally Downloading College Textbooks for Free
Valerie Strauss

It’s hard (if not impossible) to know just how prevalent this practice is, but some college students around the country are uploading their expensive college textbooks onto the Internet so other students can download them for free and avoid the hefty fees that are sometimes more than $200 a book.

Vocativ.com has a story titled “Why College Students are Stealing Their Textbooks,” which notes that some students are even downloading them for ethics classes.

The cost to students of college textbooks skyrocketed 82 percent between 2002 and 2012, according to a 2013 report by the U.S. General Accountability Office, the research arm of Congress. As a result, students have been looking for less expensive options, such as renting books — and, now, finding them on the Internet, uploaded by other students.

In August, an organization called the Book Industry Study Group, which represents publishers, retailers, manufacturers, distributors, wholesalers, librarians and others in the industry, released a survey of some 1,600 students and found, according to a release on the data, that “students continue to become more sophisticated in acquiring their course materials at the lowest cost as illicit and alternative acquisition behaviors, from scanned copies to illegal downloads to the use of pirated websites, continue to increase in frequency.”

A year ago a student wrote on a Tumblr blog called “Children of the Stars” complaining about a professor who insisted that students buy an online version of a specific paperback sociology book for more than $200 — which the professor wrote himself — and would not allow them to purchase “an older, paperback edition of the same book for $5.” The student continued: “This is why we download,” and “Don’t ever, EVER buy the newest edition of a book,” which is followed by a list of Web sites with pirated books. As of 2:20 p.m. Eastern on Wednesday, the post had 780,942 views.

Vocativ.com decided to do an experiment to see how easy it would be to find college textbooks for free online. The story says:

We were curious how deep the selection of books is and how easy it is to download them, so we picked five typical freshman core courses, including Culture, Ethics and Economics at Barnard College, Humanities 1217 at the University of Wisconsin and Honors Philosophy 200 at Michigan State University. Working off the syllabi for these classes and others, we tried to download all our textbooks without paying a dime from the sites offered up by the “Children of the Stars” blogger…. We typed in the titles for our books, one by one, and found them all immediately. Within minutes, we had four textbooks on our hard drive: Herodutus’ Histories, Adam Smith’s The Wealth of Nations, Chaucer’s Canterbury Tales and Physics: The Human Adventure.

The Web site said it found tweets from students across the country — “from New York University and Long Beach State to the University of Michigan and George Mason University touting the joys of shaving several thousand dollars off their college bills.”

Here are some tweets about free textbook downloading that were published on Wednesday at “textbook pdf”:

downloaded $170 textbook as a pdf for $0 #SchmoneyDance

— deevo (@DevinChavanne) September 17, 2014

Finding a textbook PDF is like winning $100 on a scratch card. — Kevv (@kvntnz) September 17, 2014

Sits quietly while emailing pdf of 300$ textbook to entire class. faith in humanity… upgrade

— snosaj (@merrickj1) September 17, 2014


It isn’t legal to upload or download copyrighted material without permission, but that isn’t stopping students from doing it. The Web site said in its story that schools aren’t doing a lot to proactively stop it.
http://www.washingtonpost.com/blogs/...ooks-for-free/





From 2004

Popsong Piracy

Or, Napster in the 1930s and the Story of Fakebooks
Barry Kernfeld

In April 1930, in a raid on bootleg song-sheet peddlers on Broadway between 42nd and 43rd, Traffic Patrolman Broger made the first arrest: Mrs. Sarah Yagoda, age 80. After a Music Publishers Protective Association representative and the district attorney interrogated Mrs. Yagoda in a failed attempt to identify the sheet's printer and distributors, she was allowed to go home. Nine years later, nothing much had changed in Times Square. The New York Times noted that "on any afternoon or evening, if the magistrate sitting in West Side Court is known to be lenient, the area north of Forty-second Street is a beehive for the street sale of song sheets," as well as watches, French pictures, neckties, jewelry, flowers, and suspenders.

Bootleg song sheets emerged in 1929 as newspaper-sized sheets of pop-song lyrics. Later, they evolved into song-lyric magazines. These products appeared in response to sweeping changes in the way Americans related to pop songs. The recording industry had become a powerhouse; nationwide AM radio networks were in place, and movies with sound delivered musicals far beyond the Broadway theater district. Increasingly, people made music not by gathering around the piano and singing, but by singing along with electronic media: recordings, broadcasts, and films. Because musical notation was no longer essential, lyrics-only song sheets became popular. Instead of paying 35 cents for one piece of sheet music, music fans could get a sheet of lyrics to many songs for only a nickel or a dime.

These bootleg song sheets elicited a hysterical response from the music industry, which fought against the sheets for roughly a decade, using every legal ploy available. Eventually there were more than 5,000 arrests in North America: for peddling without a license, vending without the consent of the copyright owner, criminal copyright infringement, and conspiracy to violate the laws of the United States of America. Nothing worked. "Song-legging" flourished. While the MPPA pursued its policy of heavy-handed prohibition, including, as the 1930s ended, a systematic crackdown on nearly 100,000 newsstands nationwide, a few music publishers took a different tack. Much like Apple with its iTunes today, these pioneers embraced the new medium instead of fighting it, and produced an industry-approved alternative: legiti-mate song-lyric magazines. The mag-azines took off, with the leading ones, Song Hits and Hit Parader, flourishing for decades. The bootleg market dried up and thus the crackdown ended in the 1940s.

Pop song piracy moved into a new arena with the appearance of the first "fake book," a sort of cheat sheet with lyrics and performance cues for musicians, in 1949. Unlike the earlier song sheets, which disseminated pop songs to the general public, fake books began as sampling later would, as a tool for professional musicians. Only later, in the 1970s, did fake books spread out into the general marketplace.

Bootleg fake books originally derived from a legitimate source. In 1942, George Goodwin, a radio-station director, initiated a subscription service, the Tune-Dex, which he hoped would serve as a card catalog for the music industry, helping individuals in film, radio, recording, and advertising in the day-to-day routine of operations involving programming or licensing. The front of each 3- by 5-inch card gave the most familiar phrases of a pop-song melody, with lyrics and chord symbols--shorthand guides to piano and guitar accompaniment. The back of each card identified the copyright holder and the performing-rights agency controlling the song's licensing, and it gave references to published versions of the song.

In May 1942, Goodwin sent out the first monthly issue of 100 Tune-Dex cards. The Tune-Dex was a huge and immediate success, adopted industry-wide. It ran to 25,000 cards and ended in 1963 only because ill health forced Goodwin's retirement. (He died in 1965.)

As an adjunct to his principal promotional campaign, Goodwin promoted the Tune-Dex to professional entertainers in the emerging field of cocktail music. The advertisement "Which of These Worries Are Yours?" appealed to a feeling of musical inadequacy. If a customer requested a song and the musician didn't know it, or couldn't remember it, the Tune-Dex could come to the rescue.

In our day, hip-hop composers sample fragments of recorded jazz and pop and transform these fragments into dance grooves. A half century ago, Tune-Dex cards began to serve as visual aids enabling mainstream entertainers to apply African-American-derived improvisatory methods to notated compositions--to start with a fragment of printed sheet music, and improvise the rest. To use the modern parlance, Tune-Dex cards "sampled" sheet music. It was, in effect, a twist on the old cliché, "If you hum a few bars, I can fake it." Instead, with a Tune-Dex card at hand, "If I read a few bars, I can fake it."

But Goodwin was wrong about the utility of his design. A card catalog was a handy thing to have sitting in a radio studio or an ad agency, but no one in his right mind would bring a card catalog to a cocktail lounge. And having a couple of thousand loose index cards was probably even more unwieldy and disastrous than sorting through loose full-size pages of promotional copies of sheet music or orchestrations (the "pros" and "orks" in Goodwin's ad). What musicians needed was a bound collection of Tune-Dex cards organized by title, by songwriter, or by dance category. A fake book.

The music-publishing in-dustry refused to authorize such a book, asserting that it would undermine sheet-music sales. Gangsters stepped into the gap, filling a new niche in our music economy. The first bootleg fake books, photostat collections of Tune-Dex cards, were published in 1949. A Down Beat magazine article from 1951 refers to an FBI investigation of these books that would continue through the 1960s.

This investigation led to two trials for criminal copyright infringement in Federal District Court in Manhattan, in 1966 and 1969. In both instances, the defendants were found guilty but received only the minimum fines allowed by law. In preparing for the latter case, an FBI special agent interviewed a music-store owner in Akron, Ohio, who celebrated the utility of fake books: "It is his belief that practically every professional musician in the country owns at least one of these fake music books, as they constitute probably the single most useful document available to the professional musician. They are a ready reference to the melodies of almost every song which might conceivably be requested of a musician to play."

Neither the publishers' association nor the government cared that musicians liked these books, and at the conclusion of the trial, Judge J. Weinfeld had this to say: "We have not yet reached the point, at least in this court's view, where an industry custom and practice serves to repeal criminal laws." This declaration sounded forceful and righteous--the law prevails--but it turned out to be hot air. Weinfeld had it backwards: in any meaningful, long-standing, widespread sense, custom and practice held sway over the law. The law had attempted to express a prohibition but that prohibition had been repeatedly ignored, and hereafter it would be permanently ignored. There were no further federal trials surround-ing bootleg fake books. Compared to the new problems raised by record and movie piracy from the 1970s onward, prosecuting fake-books was no longer worth the effort.

Having utterly failed to suppress fake books, the music publishing industry had no choice but to try to incorporate them into the mainstream. In the mid-1970s, publishers began to put out legitimate pop-song fake books. Almost immediately, bootleg fake books faded away. Prohibition failed. Assimilation worked. But no sooner did music publishers learn their lesson than the whole ball game shifted to another field and started up all over again, in the realm of jazz.

During the academic year 1974--75, two students at the Berklee College of Music in Boston created a bootleg fake book called The Real Book. The Real Book endeavored to notate what professional jazz musicians would really play, in contrast to the simplified versions typically given out on sheet music and Tune-Dex cards. Steve Swallow, a professional bassist teaching at Berklee at that time, reports that the students' intention was "to make a book that contained a hipper, more contemporary repertoire. They thought about what would be involved in doing it legally but didn't have the time or money to pay royalties." And so they did it illegally, "publishing" at local copy shops a book of approximately 400 jazz tunes in 1975.

Swallow noticed the effect of The Real Book as he walked past rehearsal rooms at Berklee. "A month after The Real Book was published, all of a sudden I was hearing the right 'changes' to tunes that had been butchered," he observed. "It used to be a hilarious journey down the corridor, to hear the flagrant harmonic violations spewing out of these rooms. It's not to say that all of a sudden everything sounded great and it was Bill Evans at every turn, but there was a huge improvement."

The fact that The Real Book became, unexpectedly, the jazz bible, did not trouble Swallow. He acknowledged that "these particular 400 tunes were canonized at the expense of what they left out, and they left out plenty." But its compilers "were accurately reflecting what college jazz people were listening to at that time and skimming the cream of that repertoire."

Jazz guitarist Pat Metheny expanded on this thought: "It was the first book that reflected the ecumenical nature of jazz," with tunes drawn from swing, bop, blues, ballads, Latin jazz, jazz-rock, and other styles. The Real Book, said Metheny, "caused a few generations of players to have to develop skills that were rare at that time--only the very best players of that era would be able to go from start to finish in that book and be able to deal with the intrinsic musical requirements that such a book would demand. Nowadays, it is pretty common; and in fact, sort of required."

Today, despite the subsequent appearance of numerous legitimate rivals, The Real Book continues to be used extensively due to its unmatched combination of tasteful repertoire and idiomatic representation. It is a story of happenstance, of a casual student effort transforming itself into a creative act of immense significance and surviving only because bootleg fake books were by this time flying beneath the radar, as far as federal criminal prosecution was concerned. Metheny said: "It still is kind of unbelievable to me when I see it almost thirty years later now, on bandstands from Kiev to Bali, knowing its history like I do. Believe me, no one involved would have ever imagined it."

And here we are, in 2004, with shady characters still delivering The Real Book to stores from car trunks, and just about every aspiring jazz musician still lining up to buy a copy under the counter.
http://www.stayfreemagazine.org/arch...fakebooks.html





Jury Finds CBS Infringes Podcasting Patent, Awards $1.3 Million

"Patent troll" lost its damages case, but it can move on to trials against NBC, Fox.
Joe Mullin

A jury in Marshall, Texas, found the infamous "podcasting patent" was infringed by CBS's website today and said that the TV network should pay $1.3 million to patent holder Personal Audio LLC.

The verdict form shows the jury found all four claims of the patent infringed, rejecting CBS' defense that the patent was invalid. The document was submitted today at 1:45pm Central Time.

That's substantially less than Personal Audio was asking for, which was reportedly $7.8 million. That figure was given to Ars by a source that observed the relevant parts of the court proceedings.

High-stakes patent cases can cost up to $4 million to litigate through trial. Even though the expense can be lighter for plaintiffs, it's unlikely that $1.3 million would be enough to cover the patent-holding company's expenses.

Lawyers for both sides didn't immediately respond to request for comment on the verdict or to confirm the Personal Audio damages demand.

In a motion filed yesterday in the case, CBS makes an argument attacking Personal Audio's damage claim as unjustified, but the document refers to the number only as the "requested damages figure." The motion does reveal that Personal Audio was asking for 3.5 percent of the ad revenue for the allegedly infringing sites. The accused sites included a wide variety of CBS' most popular programs, from NCIS to 60 Minutes.

When Personal Audio went to trial against Apple in 2011 over a patent it claims covered playlists, it also got a greatly reduced damage figure—an $8 million verdict after a reported $84 million damage demand.

The much lower damage demand against CBS probably reflects the fact that online streaming is still a small, albeit growing part of the corporation's revenue stream.

From podcasting to 'episodic content'

Personal Audio is a holding company, cobbled together from the patents that were left after a failed startup that Jim Logan founded in 1996. The company became one of the poster children for problematic patents when it claimed that its patent number 8,112,504 was infringed by podcasters, including comedian Adam Carolla. Instead of settling quickly, though, Carolla fought back hard before settling last month.

Then Personal Audio said that podcasters were actually too poor to bother suing, so it kept up its case against three big TV networks: CBS, NBC, and Fox. The company made the argument that the "podcasting" patent actually covered "episodic content" transmitted over the Internet, including video content. The patent refers to a "compilation file," which Personal Audio lawyers say correlates to the HTML webpage that CBS hosts its content at.

Critics of Personal Audio, such as the Electronic Frontier Foundation's Daniel Nazer, say that's nothing more than an electronic table of contents. The argument goes that the concept was old hat by the time Logan filed for a patent in 1996, and in any case it's such a basic idea it shouldn't be patented.

Now that its patent has been validated against CBS, Personal Audio will be allowed to move forward with trials against NBC and Fox. However, it's still facing a crowd-funded challenge at the patent office brought by EFF, and that effort is scheduled to be heard later this year. In a short blog post about today's verdict, EFF's Nazer vowed the patent office challenge will continue despite today's "disappointing" verdict.
http://arstechnica.com/tech-policy/2...s-1-3-million/





CD-Loving Japan Resists Move to Online Music
Ben Sisario

Around the world, the music business has shifted toward downloads and streaming. But in Japan, the compact disc is still king.

On a drizzly Sunday afternoon recently, Tower Records’ nine-level flagship store here was packed with customers like Kimiaki Koinuma. A 23-year-old engineer in a Dee Dee Ramone T-shirt, Mr. Koinuma said that, unlike most men his age around the world, he spends little time with digital services and prefers his music on disc.

“I buy around three CDs a month,” he said, showing off a haul of six new albums, including the Rolling Stones’ classic “Exile on Main St.” and an assortment of the latest Japanese pop hits.

Japan may be one of the world’s perennial early adopters of new technologies, but its continuing attachment to the CD puts it sharply at odds with the rest of the global music industry. While CD sales are falling worldwide, including in Japan, they still account for about 85 percent of sales here, compared with as little as 20 percent in some countries, like Sweden, where online streaming is dominant.

“Japan is utterly, totally unique,” said Lucian Grainge, the chairman of the Universal Music Group, the world’s largest music conglomerate.

That uniqueness has the rest of the music business worried. Despite its robust CD market, sales in Japan — the world’s second-largest music market, after the United States — have been sliding for a decade, and last year they dropped 17 percent, dragging worldwide results down 3.9 percent.

Digital sales — rising in every other top market — are quickly eroding in Japan, going from almost $1 billion in 2009 to just $400 million last year, according to the Recording Industry Association of Japan.

Turning Japan around has become a priority for the global music business, which has struggled to regain its footing after losing about half its value since 2000, when digital technology began to disrupt the album-based business model.

But accomplishing change has been difficult, according to analysts and music executives in Japan and the West, in part because of a protectionist business climate in Japan that still views the digital business with suspicion.

Streaming music services like Spotify and Rdio, widely seen as the industry’s best new hope for new revenue, have stalled in efforts to enter Japan. Spotify, the biggest such player, has been stuck for two years in licensing negotiations with music companies in Japan, where homegrown pop idols by far outsell Western acts.

Ken Parks, Spotify’s chief content officer, said he was optimistic about his company’s prospects, and noted that the negotiating process was slow wherever it went. Spotify, which has more than 10 million customers in 57 markets around the world, negotiated with labels for almost two years before it arrived in the United States in 2011, for example.

“When the decision makers finally feel that the heat is intense enough that they have to do something different, they will,” Mr. Parks said. “I think we are approaching that moment in Japan.”

Others have doubts, pointing to the Japanese market’s devotion to the CD, which remains a primary source of revenue for record labels in the country, and an indispensable promotional tool.

Peculiarities of Japan’s business climate have shaped its attachment to the CD, but cultural factors may also be at play, like Japanese consumers’ love for collectible goods. Greatest hits albums, for example, do particularly well in Japan, perhaps because of the elaborate, artist-focused packaging. The hugely popular girl group AKB48 pioneered the sale of CDs containing tickets that can be redeemed for access to live events — a strategy credited with propping up CD sales, because it can lead the biggest fans to buy multiple copies of an album.

Tower Records closed its 89 American outlets in 2006, but the Japanese branch of the chain — controlled by NTT DoCoMo, Japan’s largest phone carrier — still has 85 outlets, doing $500 million in business a year.

At Tower’s flagship store, in the heart of the skyscraper-lined shopping district of Shibuya, a group of preteen girls called Kokepiyo performed for fans and autographed CDs one afternoon last month, while their mother-managers watched protectively. Outside, an 18-year-old student who gave her name as Yuria had come to Tower to see her favorite band, the Lotus. She carried a bag full of merchandise she had bought at the store, and said that she frequently buys multiple collectible copies of CDs.

“Each store has its own freebies to give away to sell more CDs,” Yuria said. “So it all depends on how good they are.”

In the United States, digital sales have long since overtaken physical ones. But CDs still account for 41 percent of the $15 billion recorded music market worldwide, and, in addition to Japan, some big markets like Germany remain reliant on CD sales. That attachment worries some analysts, who contend that if those countries do not embrace online music, an inevitable decline in CD sales will further damage the industry.

“If Japan sneezes and Germany catches a cold, that’s it — we’re done,” said Alice Enders, a media analyst with Enders Analysis in London.

A distinctive business ecosystem in Japan has kept CD sales lucrative for music companies. Pricing restrictions on retailers keep the cost of most new CDs at more than $20. In the mid-2000s, a nascent download service, Recochoku, was tethered to Japan’s expansive cellphone market, but that system collapsed once the country moved on to smartphones like the iPhone.

Part of the problem, executives say, is the complex array of companies that control rights to the most popular music in Japan, which have been very slow to license new services.

Sony’s Music Unlimited, for example, is the largest available streaming service in Japan, but it lacks the most popular hits there. (Sony declines to say how many subscribers it has to Music Unlimited, in Japan or elsewhere.) Apple’s iTunes store arrived in Japan in 2005, but only in 2012 did it begin to sell the Japanese music titles of its hardware rival Sony.

Executives in Japan and the West blame an overly cautious Japanese music industry for not adapting, and serious worries remain about Japan’s ability to recover from its losses last year.

“A substantial amount of senior management is worried about what happens on their watch, but not necessarily worried about what happens after that,” Shigeo Maruyama, the former president of Sony Music Entertainment Japan, said in an interview.

This year, things in Japan are looking slightly better. In 2013, there were no million-selling albums, but this year there have been two: a Japanese version of Disney’s “Frozen” soundtrack and the latest release by AKB48. Yet in the first half of the year sales were still down an additional 3 percent compared with a year earlier.

“The Japanese record companies’ hope is to maintain the current size of the physical market, and to try to make the digital market grow again by licensing new digital services,” said Yoichiro Hata a director of the Recording Industry Association of Japan.
For the rest of the struggling global recording industry, that growth cannot come soon enough.

“It’s inevitable that this market comes back to growth,” said Mr. Grainge, of Universal. “What I’m not going to predict is when.”
http://www.nytimes.com/2014/09/17/bu...al-music-.html





Thoughts on Music Formats
Marco Arment

Time reports:

Bono, Edge, Adam Clayton and Larry Mullen Jr believe so strongly that artists should be compensated for their work that they have embarked on a secret project with Apple to try to make that happen, no easy task when free-to-access music is everywhere (no) thanks to piracy and legitimate websites such as YouTube. Bono tells TIME he hopes that a new digital music format in the works will prove so irresistibly exciting to music fans that it will tempt them again into buying music—whole albums as well as individual tracks. The point isn’t just to help U2 but less well known artists and others in the industry who can’t make money, as U2 does, from live performance. “Songwriters aren’t touring people,” says Bono. “Cole Porter wouldn’t have sold T-shirts. Cole Porter wasn’t coming to a stadium near you.”

Billboard:

In Time’s forthcoming cover story, Bono hints that the band’s next record is “about 18 months away” and will be released under the new file format. “I think it’s going to get very exciting for the music business,” Bono tells Time, “[it will be] an audiovisual interactive format for music that can’t be pirated and will bring back album artwork in the most powerful way, where you can play with the lyrics and get behind the songs when you’re sitting on the subway with your iPad or on these big flat screens. You can see photography like you’ve never seen it before.”

If correct, this sure is a lot of misguided thinking and misplaced optimism.

If you’re actively using a screen, music competes with everything else that screen can do — and these days, that’s a lot. You’re lucky if people listen to music at all anymore, and the most you can usually hope for is that they have it on in the background while doing some other activity that doesn’t provide its own audio. The most important music-discovery platform in the world is YouTube.

So I can see why people in the music business might think it’s important to make and sell interactive, multimedia music formats (what decade is this?) to compete, but I don’t think they stand a chance. Every trend in music is going in the opposite direction.

Music sales are declining rapidly as more people switch to streaming services. That ship has sailed. It’s not turning around.1

Full albums are as interesting to most people today as magazines. Single songs and single articles killed their respective larger containers. This is true on both the supply and demand sides: most people don’t listen to full albums, and most bands don’t produce very good ones.2 People only care about hit singles. That ship has sailed, too.3

This alleged new format will cost a fortune to produce: people have to take the photos, design the interactions, build the animations, and make the deals with Apple. Bono’s talking point about helping smaller bands is ridiculous — smaller bands can barely afford professional production on the music, let alone these extras.

Apple doesn’t have the market power anymore to lock in a proprietary format’s success. When everyone was still buying on iTunes and listening on iPods, the chances of success were better, but that’s not the case today. The market is too diverse, especially with so much listening happening on streaming services and non-Apple devices that can’t and won’t display any of these extras.

So maybe this would have worked in the past. Maybe, say, in 2009, when Apple’s market power was more dominant and streaming services weren’t taking over music yet.

Fortunately, we don’t need to wonder how a theoretical new multimedia album format in 2009 would have fared, because Apple really launched one. Remember iTunes LP? It’s still around, but it never really took off, it hasn’t saved full-album sales, it hasn’t reduced piracy or the appeal of streaming services, and the music industry is still losing relevance.

Because just like every other hopeful music and movie format, people don’t value the “extras” very much. People value the music itself (just barely) and the convenience of playing it the way they want. That’s it.

So many people re-bought music they already owned on vinyl or cassettes through the shifts to CDs and digital downloads mostly because each medium was so much more convenient than its predecessor. Nobody bought CDs because the booklets were longer and had more liner notes than the fold-in cassette cards.

SACD and DVD-Audio never went anywhere, and Pono likely won’t,4 because imperceptibly better sound quality isn’t compelling enough to overcome the dramatic loss of convenience that new, proprietary formats bring to today’s world of ubiquitous music players.

There’s nothing Apple or Bono can do to make people care enough about glorified liner notes. People care about music and convenience, period.

As for “music that can’t be pirated”, I ask again, what decade is this? That ship has not only sailed long ago, but has circled the world hundreds of times, sunk, been dragged up, turned into a tourist attraction, went out of business, and been gutted and retrofitted as a more profitable oil tanker. Piracy is not the music industry’s real problem and never has been, and we have yet to come up with any audio or video medium that truly can’t be pirated.

In 2007, Steve Jobs wrote an essay called “Thoughts on Music” to attempt to pressure the big record labels into agreeing to DRM-free music sales. Here’s a portion of it:

Imagine a world where every online store sells DRM-free music encoded in open licensable formats. In such a world, any player can play music purchased from any store, and any store can sell music which is playable on all players. This is clearly the best alternative for consumers, and Apple would embrace it in a heartbeat. If the big four music companies would license Apple their music without the requirement that it be protected with a DRM, we would switch to selling only DRM-free music on our iTunes store. Every iPod ever made will play this DRM-free music.

Why would the big four music companies agree to let Apple and others distribute their music without using DRM systems to protect it? The simplest answer is because DRMs haven’t worked, and may never work, to halt music piracy.


I’m sure it’s a coincidence, but I’m having a hard time finding “Thoughts on Music” on Apple’s site anymore.5 Here’s the Internet Archive’s copy — the only live copy I found is in the Korean Hot News archive.

Jobs likely had ulterior motives, as usual — he likely wanted easier negotiations and flexibility for future hardware and features, and probably knew the upcoming Amazon MP3 Store had negotiated DRM-free music and didn’t want to be at a competitive disadvantage.

But I bet he also truly disliked DRM, as a tasteful consumer, technologist, and human being, and wanted to abolish as much of it as he could.

The effort ended up succeeding, mostly. TV shows and movies from iTunes didn’t stand a chance of going DRM-free, but iTunes music did indeed lose its DRM in the coming months (this page is still up). And the world didn’t end. Piracy didn’t suddenly explode. Everything stayed mostly the same, except it was nicer to be a music customer.

Now that we’re all accustomed to DRM-free music, I think it would be a big mistake to ever launch a DRM-encumbered music format for purchasing again.6 It’s hard enough to get people to buy music today at all — the last thing the industry needs is another excuse for people not to care.
http://www.marco.org/2014/09/18/thou...-music-formats





Apple Releases U2 Album Removal Tool

Tim Cook and U2 Apple and U2 announced the giveaway last Tuesday
Leo Kelion

Apple has released a tool to remove U2's new album from its customers' iTunes accounts six days after giving away the music for free.

Some users had complained about the fact that Songs of Innocence had automatically been downloaded to their devices without their permission.

It had not been immediately obvious to many of the account holders how to delete the tracks.

The US tech firm is now providing a one-click removal button.

"Some customers asked for the ability to delete 'Songs of Innocence' from their library, so we set up itunes.com/soi-remove to let them easily do so. Any customer that needs additional help should contact AppleCare," spokesman Adam Howorth told the BBC.

Users who remove the album and do not download it again before 13 October will be charged for the 11 tracks if they subsequently try to add them again.

"It's embarrassing for Apple that it's had a bit of a backlash," commented Ian Maude from the media consultancy Enders Analysis.

"It was giving something away to its customers - so that part was really good - but what it should have probably done was make it optional. Not everybody's a U2 fan as it's just discovered.

"Is there any long-term impact? No. It's moved very quickly to fix the problem."

'Blood, sweat and tears'

Apple made the album available to about 500 million iTunes customers in 119 countries to coincide with its iPhone 6 and Watch launch event last week.

U2's singer Bono acknowledged at the time that not everyone would appreciate the gift.

"People who haven't heard our music, or weren't remotely interested, might play us for the first time because we're in their library," he wrote on the band's site.

"And for the people out there who have no interest in checking us out, look at it this way… the blood, sweat and tears of some Irish guys are in your junk mail."

Bono added that Apple had "paid" for the giveaway, and reports have suggested that prime placement of banner ads publicising the album on the iTunes store and other publicity provided by the tech firm might be worth as much as $100m (£62m).

Sales of earlier U2 albums have re-entered iTunes' charts and the band has also raised its profile ahead of an expected tour as well as a planned follow-up album called Songs of Experience.

The new tracks on Songs of Innocence have, however, split the critics.

The Drowned in Sound site suggested that U2 no longer had it in them to make a great album, adding that giving away songs for free had "somewhat devalued a record that cost six years of their lives and a lot of money to make".

But Rolling Stone magazine gave the album its maximum score, saying that it was "a triumph of dynamic, focussed renaissance".
http://www.bbc.co.uk/news/technology...PublicRSS20-sa





Apple Watch Privacy Questioned by Connecticut AG Jepsen
Chris Dolmetsch, Tim Higgins

Apple Inc. (AAPL) faces questions by Connecticut Attorney General George Jepsen over privacy protections for users of the company’s watch, which includes features such as health tracking, unveiled last week as part of its lineup of new products.

Jepsen said he asked Apple’s Chief Executive Officer Tim Cook for a meeting with representatives of the Cupertino, California-based company. Privacy is a key issue for Apple as it introduces new services that will require people to trust it with sensitive information. Apple also introduced a mobile payment system called Apple Pay, which will be available starting next month.

The announcements follow new concerns raised about privacy after the release of stolen pictures of naked celebrities such as Kate Upton and Jennifer Lawrence from Apple’s iCloud. Apple has said iCloud wasn’t breached by hackers and it encouraged people to use stronger passwords and two-step verification.

Jepsen said he wants to know whether Apple will allow users to store personal and health information on the Apple Watch or on computer servers, and how that information will be protected.

He said he would ask Apple if it will review privacy policies for apps, and if it intends to enforce policies requiring it to reject apps that offer diagnoses or treatment advice without regulatory approval.

“When new technologies emerge in consumer markets they inevitably lead to new questions, including questions about privacy,” Jepsen said. “Asking those questions and engaging in a proactive dialogue about privacy concerns before a product comes to market is an effective and mutually beneficial way to ensure that consumer privacy is protected.”

Touch Screen

The touch-screen Apple Watch, which also includes maps, voice commands and text-message notifications, goes on sale next year starting at $349.

The wearable device, which requires an iPhone to connect with, detects a user’s pulse rate and interacts with the company’s new apps for monitoring health and workout progress. It comes in two sizes and different models, displays weather, stocks, music apps -- and will tell time in a choice of display styles.

Jepsen said he will seek to find out what information the watch and its applications will collect, and how the company and developers of apps will obtain consent from users to collect and share that data.

Trudy Muller, a spokeswoman for Apple, didn’t immediately return a request for comment on Jepsen’s letter.
State Inquiries

Attorneys general across the U.S. have urged Apple and other technology companies to enhance privacy and security measures as mobile devices such as smartphones gain popularity.

Following a meeting with Jepsen, Google Inc. last year implemented a policy requiring it to review and approve third-party apps developed for its Google Glass computerized eyewear, before they are made available to users.

Apple, Google and Microsoft Corp. agreed to incorporate “kill switch” technology in smartphone systems after prodding by a group of government officials including New York Attorney General Eric Schneiderman and San Francisco District Attorney George Gascon.

The new Apple Pay offering announced last week comes as the company partners with credit-card companies including American Express Co., MasterCard Inc. and Visa Inc. Apple Pay will work with the latest iPhones and the Apple Watch, and be available for use at retailers include Staples Inc. and Whole Foods Market Inc., the company said.

Apple has stressed that its payment system will be more secure than traditional credit cards and that the company won’t track people’s spending.
http://www.bloomberg.com/news/2014-0...ag-jepsen.html





Apple CEO Tim Cook on Snowden, Surveillance, Sweatshops, and the Threats to the Planet
Zack Whittaker

Summary: The usually tight-lipped chief executive of Apple opened up to PBS' Charlie Rose in a two-part interview. Here's the second part.


Apple's chief executive Tim Cook opened up for the second-part of his hour-long interview with PBS' Charlie Rose on Monday.

In the first-part of the interview, the Apple boss spoke about the company's rivalries with Google, its distant relationship with Amazon, corporate secrecy, the Apple-IBM deal, televisions and other products, his former boss Steve Jobs, and when things go wrong.

In the second-part, Cook spoke about government surveillance and the Edward Snowden disclosures, his company's supply chain and some of the controversies Apple's faced as a result, and saving the planet as we know it.

PBS shared a copy of the interview's transcript with ZDNet.

Here's what we learned:

On Edward Snowden and the surveillance state

The leaks from the former U.S. government contractor Edward Snowden threw a number of technology giants under the bus, including Apple, which was implicated in the PRISM scandal.

That balance between privacy and necessary surveillance against terrorists, and domestic and international threats, he said, has not been met.

"I don’t think that the country, or the government’s found the right balance. I think they erred too much on the collect everything side. And I think the [U.S.] president and the [Obama] administration is committed to kind of moving that pendulum back.

However, you don’t want... it’s probably not right to not do anything. And so I think it’s a careful line to walk. You want to make sure you’re protecting American people. But... there’s no reason to collect information on you. But people are 99.99 percent of other people."

Apple previously said that even it can't access iMessage and FaceTime communications, stating that such messages and calls are not held in an "identifiable form."

He claimed if the government "laid a subpoena," then Apple "can't provide it." He said, bluntly: "We don't have a key... the door is closed."

He reiterated previous comments, whereby Apple has said it is not in the business of collecting people's data. He said: "When we design a new service, we try not to collect data. We're not reading your email."

Cook went on to talk about PRISM in more detail, following the lead from every other technology company implicated by those now-infamous PowerPoint slides:

"I think that the, for us, in the Snowden thing, just to go along on that for just a moment. What we wanted, was, we wanted instantly to be totally transparent because there were rumors and things being written in the press that people had backdoors to our servers. None of that is true. Zero.

We would never allow that to happen. They would have to cart us out in a box before we would do that."

The reports were widely regarded as discredited to a certain degree, as it transpired that the U.S. government did not have "direct access" to servers in the aftermath of the reporting.

On business models around collecting people's data

On a similar line of thinking, Cook went on to lay more blame at companies like Google, which Rose referenced in his question, for holding on to so much data — which allowed the government to collect so much in the first place.

"We run a very different company. I think everyone has to ask, how do companies make their money? Follow the money. And if they’re making money mainly by collecting gobs of personal data, I think you have a right to be worried."

He went on to explain that users of products and services should "really understand what's happening to that data."

Although he said companies should be transparent about data practices, Apple was one of the Silicon Valley technology giants to issue a transparency report far later than anyone else. The company came under fire from the privacy rights group, the Electronic Frontier Foundation, in 2012 and 2013 for having poor privacy practices around user data, gaining just one star out of five each year.

In 2014, Apple scored the full five stars — a momentous change in such a short period of time.

"I think people have a right to privacy," Cook added. Because of Apple's business practices, he hinted, that's a good reason why U.S. government demands for data are so low.

On diversity and dignity

Apple also came under fire for having a poor diversity record as part of its workplace statistics — from no less than Cook himself. He said in August following the release of the company's debut diversity report that he was "not satisfied," but that the company was "making progress."

He expanded on this in the interview, in response to a question from Rose about what's important to him, personally, beyond the culture and values of Apple:

"Treating people with dignity. Treating people the same. That everyone deserves a basic level of human rights, regardless of their color, regardless of their religion, regardless of their sexual orientation, regardless of their gender. That everyone deserves respect."

He went on to describe a "class-kind of structure" in which some groups think other groups of people don't deserve the same rights.

Cook flat out called it "un-American." He said Apple was the sort-of place where it will "allow anyone in the front door," but did not directly address the concerns from the diversity report released a month prior.

On saving the planet

Cook said this is one of the things that Apple was "putting a lot of energy in," notably the planet's health and how the company is working to increase its renewable energy focus.

"You know, we want to leave the world better than we found it," Cook told Rose. But he also admitted the company's limitations.

"I think we’re still the only consumer electronics company that’s done that. It means that we focus on renewable energy, and so we have a data center that people tell us we could never get to 100 percent renewable energy there. It’s just too much of — it’s too much. We’d never get there. Well, we’re there... we have it in Maiden, North Carolina. You should go see it.

Working with both the state and working with... the talent without Apple, we were able to pull that off. We’ve got other data centers; 100 percent renewable. We’re building the headquarters — our new headquarters. It will be 100 percent renewable."

And that doesn't rule out the company's own supply of chips, technologies, and parts that make Apple's own products. Cook said Apple had initiatives going in order to "dig deep" within its upstream supply chain in efforts to reduce the company's overall carbon footprint.
On the supply chain and "sweatshops"

But the supply chain has caused some headaches for Apple — not least, the conditions in which the staff in Chinese factories live and work in.

The iPhone and iPad maker has come under heavy scrutiny for its responsibilities to its suppliers, notably Foxconn. Over the course of the last few years, there have been numerous suicides, threats of violence, strikes, and complaints about working conditions.

Apple has also faced some significant criticism following audits, which found the company's suppliers to have violated labor rules and rights.

Cook defended the company's record:

"We've audited so deep in our supply chain. We do it constantly, looking for anything that's wrong, whether it's down to the — there's a safety exit blocked. We have gone beyond the auditing and are now essentially holding university-style classes on the manufacturing campuses with our partners...

We're trying to provide education, which to me, is the great equalizer among people, to people on the factory floor who want and aspire to do more. And so, we worked with local Chinese universities to employ classes right on campus, to make it super convenient for people."

On corporate secrecy, he admitted that he is as transparent as he can be, "unlike me being secretive about the future" of its products.
http://www.zdnet.com/apple-ceo-tim-c...et-7000033704/





Apple’s “Warrant Canary” Disappears, Suggesting New Patriot Act Demands
Jeff John Roberts

Summary: Apple included language in its first Transparency Report to say that it had not been subject to a Section 215 Patriot Act request. That language is now gone.

When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated:

“Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.”

Writer and cyber-activist Cory Doctorow at the time recognized that language as a so-called “warrant canary,” which Apple was using to thwart the secrecy imposed by the Patriot Act.

Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request.

Now, Apple’s warrant canary has disappeared. A review of the company’s last two Transparency Reports, covering the second half of 2013 and the first six months of 2014, shows that the “canary” language is no longer there.

The warrant canary’s disappearance is significant because Section 215 of the Patriot Act permits the National Security Agency to demand companies to hand over their business records in secret, and is believed to be the legal foundation of the controversial PRISM program, which forced major tech companies like Google and Yahoo to participate in a data-collection scheme.

The Patriot Act tool is also controversial because the NSA gains permission to use it by applying to the FISA Court, a body where only the government can speak and whose records are kept almost entirely secret. The tech industry has been battling to disclose the existence of so-called “FISA requests” and only won the right to do so this year; however, companies must wait six months to disclose the number of requests they receive, and can only do so as a range (such as “0-999″).

The disappearance of Apple’s warrant canary thus suggests that the company too is now part of FISA or PRISM proceedings. Apple did not immediately respond to an email request for comment.

Update: As the ACLU’s Christopher Soghoian has noted, Apple’s latest report says it has not received any orders for “bulk data.” That language, however, appears in the National Security Letter section of the document (NSL letters concern domestic FBI requests, not FISA requests) and, in any event, not all FISA requests concern bulk data.

Meanwhile, as stated above, Apple is newly silent in regard to Section 215, the law that covers the FISA requests whose existence is subject to temporary non-disclosure rules. The upshot is that it is unclear if Apple has not received any FISA requests, or if it is under a gag order not to disclose such requests.
https://gigaom.com/2014/09/18/apples...t-act-demands/





Newest Androids Will Join iPhones in Offering Default Encryption, Blocking Police
Craig Timberg

The next generation of Google’s Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones.

Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devices so that encryption happens automatically, meaning only authorized users will be able to see the pictures, videos and communications stored on those smartphones.

The move offers Android, the world’s most popular operating system for smartphones, a degree of protection that resembles what Apple on Wednesday began providing for iPhones, the leading rival to devices running Android operating systems. Both companies have now embraced a form of encryption that will make extremely difficult for law enforcement officials to collect evidence from smartphones in most situations – even when authorities get legally binding search warrants.

“For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement,” said company spokeswoman Niki Christoff. “As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on.”

The move, which Google officials said has been in the works for many months, is the latest in a broad shift by American technology companies to make their products more resistant to government snooping in the aftermath of revelations of National Security Agency spying by former contractor Edward Snowden. Expanded deployment of encryption by Google and Apple, however, will have the largest effect on law enforcement officials, who have long warned that restrictions on their access to electronic devices makes it much harder for them to prevent and solve crimes.

Apple and Google have been engaged in an increasingly pointed competition over the lucrative smartphone market, with Apple in recent weeks portraying the iPhone as a safer, more secure option – despite a recent run of bad publicity over the leak of intimate photos from the Apple accounts of celebrities.

There remain significant differences between how Apple and Google are handling encryption. Apple, which controls both the hardware and software on its devices, will be able to deliver the updated encryption on both new iPhones and iPad and also most older ones, as users update their operating systems with the latest release, iOS 8.

That is likely to happen over the next several weeks, and for those with iOS 8, the encryption will be so secure that the company says it will lack the technical ability to unlock the phones or recover data for anyone -- whether it be for police or even users themselves if they forget their device passcodes. Much data is likely to remain on iCloud accounts, which back up pictures and other data by default for many iPhones and iPads; police with search warrants will still be able to access this information. Users who want to prevent all forms of police access to their information can adjust their phone settings in a way that blocks data from flowing to iCloud.

By contrast, Google does not have the ability to deliver its updated operating system, called the “L-release,” quickly to most users. Several different manufacturers make smartphones and tablets that use the Android operating system, and those devices are sold by many cellular carriers worldwide. This results in what experts call “fragmentation” – meaning there are hundreds of different versions of Android worldwide, many several years old, making it difficult to keep them current with the latest security features.

The newest Android devices will likely ship with default encryption after October, but it will take many months and probably years before most Android devices have encryption by default.
http://www.washingtonpost.com/blogs/...ocking-police/





Justice Sotomayor Says Technology Could Lead to “Orwellian World”

"We are capable of being in that Orwellian world," Supreme Court Justice says.
David Kravets

Supreme Court Justice Sonia Sotomayor says that without proper privacy safeguards, the advancement of technology could lead to a world like the one portrayed in "1984" by George Orwell.

Speaking to Oklahoma City University faculty and students, the justice said Thursday that technology has allowed devices to "listen to your conversations from miles away and through your walls." She added: "We are in that brave new world, and we are capable of being in that Orwellian world, too."

The President Obama appointee also discussed the lack of privacy standards concerning drones.

There are drones flying over the air randomly that are recording everything that’s happening on what we consider our private property. That type of technology has to stimulate us to think about what is it that we cherish in privacy and how far we want to protect it and from whom. Because people think that it should be protected just against government intrusion, but I don’t like the fact that someone I don’t know…can pick up, if they’re a private citizen, one of these drones and fly it over my property.

The justice's remarks about drones comes as California is close to joining 10 other states requiring the police to get a court warrant to surveil with a drone. Those states include Florida, Idaho, Illinois, Indiana, Iowa, Montana, Oregon, Tennessee, Utah and Wisconsin. California's bill is pending, awaiting action from Gov. Jerry Brown.

"If the police send a drone to surveil communities, they should get a warrant to do that," Rebecca Farmer, an American Civil Liberties Union spokeswoman, said in a telephone interview Friday.

These laws, however, have exemptions that allow the authorities to fly drones for a variety of uses. As Slate put it, "California’s drone bill is not draconian. It includes exceptions for emergency situations, search-and-rescue efforts, traffic first responders, and inspection of wildfires. It allows other public agencies to use drones for other purposes—just not law enforcement."

Sotomayor, meanwhile, sits on the nation's highest court that in June unanimously ruled in favor of the public's mobile phone privacy. In an opinion by Chief Justice John Roberts, the court ruled that the authorities generally may not search the mobile phones of those they arrest unless they have a court warrant. The Obama administration and prosecutors from states across the country had lobbied the high court in briefs to allow police officers to be able to search arrestees' gadgets—not just mobile phones—without a warrant.

It was the biggest digital-age privacy decision that the high court had rendered following its 2012 ruling that the authorities generally need warrants to affix GPS trackers to a suspect's vehicle.

Sotomayor, the court's first Hispanic justice, did not mention the Edward Snowden leaks that, by some accounts, shows the use of technology is already being used in an Orwellian manner.

And when the high court got its first chance to look at one aspect of the program, it declined to do so and let stand the government's bulk metadata phone collection program Snowden disclosed.
http://arstechnica.com/tech-policy/2...wellian-world/





No, Snowden’s Leaks Didn’t Help The Terrorists
Murtaza Hussain

Did Edward Snowden’s revelations on NSA surveillance compromise the ability of intelligence agencies to monitor terrorist groups? Contrary to lurid claims made by U.S. officials, a new independent analysis of the subject says no. As reported by NBC:

“.…Flashpoint Global Partners, a private security firm, examined the frequency of releases and updates of encryption software by jihadi groups….. It found no correlation in either measure to Snowden’s leaks about the NSA’s surveillance techniques, which became public beginning June 5, 2013.”

The report itself goes on to make the point that, “Well prior to Edward Snowden, online jihadists were already aware that law enforcement and intelligence agencies were attempting to monitor them.” This point would seem obvious in light of the fact that terrorist groups have been employing tactics to evade digital surveillance for years. Indeed, such concerns about their use of sophisticated encryption technology predate even 9/11. Contrary to claims that such groups have fundamentally altered their practices due to information gleaned from these revelations, the report concludes. “The underlying public encryption methods employed by online jihadists do not appear to have significantly changed since the emergence of Edward Snowden.”

These findings are notable both for empirical rigor through which they ascertained, as well as their contradiction of apparently baseless statements made by high-ranking U.S. officials regarding the impact of the leaks on U.S. national security. This is particularly important as it pertains to the ongoing public debate over the alleged threat of ISIS. In making his case that the danger from ISIS to the United States is “imminent”, Marco Rubio recently claimed that the group has: “…learned a lot about our intelligence-gathering capabilities through a series of disclosures and other sorts of things, and they have become increasingly capable of evading detection.”

Earlier this month former NSA head Michael Hayden also stated, “The changed communications practices and patterns of terrorist groups following the Snowden revelations have impacted our ability to track and monitor these groups”, while Matthew Olsen of the National Counterterrorism Centre would add “Following the disclosure of the stolen NSA documents, terrorists are changing how they communicate to avoid surveillance.”

Olsen went on to say that terrorist groups are, “….moving to more secure communications platforms, using encryption and avoiding electronic communications altogether.” In fact, it’s well known that terrorist groups have employed such tactics as a means to protect their data and communications for years. Correspondingly, it’s difficult to imagine how statements suggesting that such tactics are new developments prompted by Snowden could be made in good faith.

Contrary to official statements and farcical attempts to launder information through pliant media outlets, no substantive case has ever been made that the Snowden revelations have harmed the ability of intelligence agencies to monitor terrorist organizations. The source of this most recent study is notable as it comes from a private security firm whose analysts actually have in past been accused of threat inflation; and yet who nevertheless conclude that the danger from extremist groups has not been materially impacted by the Snowden leaks.

Snowden’s critics have accused his actions of contributing from everything from the rise of ISIS to Russia’s invasion of the Ukraine. Seemingly every possible failure of the U.S. intelligence community has been attributed back to his disclosures, yet upon further analysis these allegations have always been revealed to be unfounded. Now, in an attempt to both build consensus for a new conflict in Iraq and distract from the ongoing erosion of domestic civil liberties, it is again being insinuated that his revelations have aided terrorists and made the United States less secure.

This most recent study is the most comprehensive repudiation of these charges to date. Contrary to lurid claims to the contrary, the facts demonstrate that terrorist organizations have not benefited from the NSA revelations, nor have they substantially altered their behavior in response to them. Despite this, don’t expect to hear any change in the rhetoric of those who have been baselessly insisting otherwise.
https://firstlook.org/theintercept/2...lp-terrorists/





Radical Librarianship: How Ninja Librarians are Ensuring Patrons' Electronic Privacy

Installing TOR

Librarians in Massachusetts are working to give their patrons a chance to opt-out of pervasive surveillance. Partnering with the ACLU of Massachusetts, area librarians have been teaching and taking workshops on how freedom of speech and the right to privacy are compromised by the surveillance of online and digital communications -- and what new privacy-protecting services they can offer patrons to shield them from unwanted spying of their library activity.

It's no secret that libraries are among our most democratic institutions. Libraries provide access to information and protect patrons' right to explore new ideas, no matter how controversial or subversive. Libraries are where all should be free to satisfy any information need, be it for tax and legal documents, health information, how-to guides, historical documents, children's books, or poetry.

And protecting unfettered access to information is important whether that research is done using physical books or online search engines. But now it has become common knowledge that governments and corporations are tracking our digital lives, and that surveillance means our right to freely research information is in jeopardy.

When you know that people are recording what you are doing online or if you know cops, the FBI, the DEA, or ICE could access your library or digital history, chances are you are not going to say or research what you might otherwise. Self-censorship ensues because surveillance chills speech.

Library Patrons Are At Risk

Researching online often means leaving a trail of information about yourself, including your location, what websites you visited and for how long, with whom you chatted or emailed, and what you downloaded and printed. All of these details are all easy to associate with a particular computer user when insufficient privacy protections are in place.

This information is often thoughtlessly collected and stored, allowing government or law enforcement to make requests for library computer records. Meanwhile, companies may already have these records and use them to manipulate your search results and refine their contextual advertising. Worse a government may assert that users have "no reasonable expectation of privacy" when we "hand over" information to companies like Google and Twitter, and thus no constitutional protection against a government's searching of these records.

But libraries need not fully participate in this surveillance; libraries can strive to give users the chance to opt-out.

Librarians Take Action

One of the authors of this article, Alison Macrina, is an IT librarian at the Watertown Free Public Library in Massachusetts, a member of Boston's Radical Reference Collective, and an organizer working to bring privacy rights workshops to libraries throughout the northeast. Librarians know that patrons visit libraries for all kinds of online research needs, and therefore have a unique responsibility in helping keep that information safe. It's not just researchers who suffer; our collective memory, culture, and future are harmed when writers and researchers stop short of pursuing intellectual inquiry.

In addition to installing a number of privacy-protecting tools on public PCs at the Watertown library, Alison has been teaching patron computer classes about online privacy and organized a series of workshops for Massachusetts librarians to get up to speed on the ins and outs of digital surveillance.

It all started with a zine Alison and some cohorts from Radical Reference made as a quick and dirty introduction to basic privacy and security tools. These zines were distributed at two conferences for information professionals: Urban Librarians Unite and Radical Archives.

The zines were a huge hit, and from there, Alison was inspired. She contacted the ACLU of Massachusetts, and invited them to join her in teaching privacy workshops to other librarians all over the state. It was an obvious choice: the ACLU of Massachusetts' Technology for Liberty project has done ground-breaking work on privacy, and the privacysos.org website and blog (run by Kade Crockford) is an incredible resource for privacy news, legislation, and advocacy.

Jessie Rossman, ACLU staff attorney, and Kade Crockford, Director of the Technology for Liberty Project at the ACLU of Mass., worked with Alison to create a three-hour workshop. Offering a broad outline of digital surveillance issues, the legal rights and responsibilities of librarians in Massachusetts, and an online privacy toolkit of software that can be installed on library PCs or taught to patrons in computer classes, the workshop has now been replicated multiple times and more have been scheduled across the state.

Digital Privacy is an Intellectual Freedom Issue

Although many librarians may be understandably new to the topic of online surveillance, information professionals are not new to defending intellectual freedom and the right to read and voice dissenting opinions, as well as the rights of historically marginalized people who continue to be under the most surveillance.

Librarians are known for refusing requests from local law enforcement soliciting details on user browsing and borrowing records. The ALA has counted privacy among its core values since 1939, recognizing it as essential to free speech and intellectual freedom. And the International Federation of Library Associations and Institutions is a signatory on the Thirteen International Principles on the Application of Human Rights to Communications Surveillance. As Kade Crockford puts it, "Perhaps more than anyone in our society, librarians represent the values that make a democracy strong, intellectual freedom foremost among them."

Branching Out

Since attending these workshops, multiple Massachusetts libraries have installed the Tor browser on all of their public PCs. Several libraries are coordinating their own computer privacy classes. Others have installed Firefox with privacy-protecting browser plugins like Disconnect.me, Ad-Block Plus, and The Electronic Frontier Foundation's HTTPS Everywhere and Privacy Badger tools. Still more are setting up Tor middle relays on their libraries' networks. One librarian said that the workshop made her feel "thoroughly empowered...[to] help stop illegal surveillance against my patrons." Amazing.

If you're a patron, share this article with your librarian. If you're a librarian, contact us to get information on how to become more engaged in digital privacy. We've listed some great tools for you to explore and download, so please be in touch and let us know how it goes.

Contact april@eff.org to share your story or request more information, or contact macrina@riseup.net to host the privacy workshop at your library. Together, we'll protect the users and preserve our right to research and learn, unhindered by the pernicious effects of overbroad surveillance. We hope you'll join us.

Alison Macrina and April Glaser
http://boingboing.net/2014/09/13/rad...p-how-nin.html





Comcast Declares War on Tor?
Nathan Wold

If you needed another reason to hate Comcast, the most hated company in America, they’ve just given it to you: they’ve declared war on Tor Browser.

Reports have surfaced (Via /r/darknetmarkets and another one submitted to us) that Comcast agents have contacted customers using Tor and instructed them to stop using the browser or risk termination of service. A Comcast agent named Jeremy allegedly called Tor an “illegal service.” The Comcast agent told its customer that such activity is against usage policies.

The Comcast agent then repeatedly asked the customer to tell him what sites he was accessing on the Tor browser. The customer refused to answer.

The next day the customer called Comcast and spoke to another agent named Kelly who reiterated that Comcast does not want its customers using Tor. The Comcast agent then allegedly told the customer:

Users who try to use anonymity, or cover themselves up on the internet, are usually doing things that aren’t so-to-speak legal. We have the right to terminate, fine, or suspend your account at anytime due to you violating the rules. Do you have any other questions? Thank you for contacting Comcast, have a great day.

How did Comcast know its customers were using Tor in the first place? Because Tor Browser provides online anonymity to its users, This would mean that Comcast is monitoring the online activities of its users, to (among other things) check if they are following their Acceptable Use Policy.

Comcast has previously been listed by the Tor project as a Bad ISP. The users of the Tor project listed Comcast as a bad ISP that is not friendly to Tor. The Tor project cited Comcast’s Acceptable Use Policy for its residential customers which claims to not allow servers or proxies under “technical restrictions.”:

use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network (“PremisesLAN”), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, email, web hosting, file sharing, and proxy services and servers;

A Comcast spokesperson told DeepDotWeb that:

We respect customer privacy and security and would only investigate the specifics of a customer’s account with a valid court order. And if we’re asked by a court to provide customer information, then we ask for a reasonable amount of time to notify the customer so they can decide if they would like to hire a lawyer and if they do, then we turn the case over to them and they proceed with the judge directly and we step away.

However, this statement appears to be at odds with Comcast’s treatment of Ross Ulbricht, alleged Dread Pirate Roberts.

Comcast previously corroborated with the FBI by providing information on alleged Silk Road mastermind Ross Ulbricht’s internet usage. Ulbricht’s legal defense without a warrant. Ulbricht was most certainly never given a warning by Comcast or given time to contact a lawyer before he was arrested in a San Francisco library last October.

Comcast already monitors its customers internet usage to prevent them from downloading pirated media in violation of copyright laws. Under the “Six Strikes” plan, Comcast customers who are caught by Comcast pirating copy-written material are emailed by Comcast and told to cease the activity. Comcast will continue monitoring them, and if they violate the “Six Strikes” plan five more times, their internet service will be terminated.
http://www.deepdotweb.com/2014/09/13...lares-war-tor/





Stop Calling Tor ‘The Web Browser For Criminals’

Instead of being scared of the deep web, we should recognize how we can use it for good.
Jack Smith IV

Yesterday, a rumor surfaced on deep web blog DeepDotWeb that Comcast was going to start blocking users of Tor, an anonymous web browser. Comcast Vice President Jason Livingood immediately and rightfully called bullshit, because for all of its customer service foibles, Comcast knows that preventing people from browsing the Internet anonymously would be a daring infringement on user privacy.

The confusion came to rest shortly after the posting of a Business Insider story called “Comcast Denies It Will Cut Off Customers Who Use Tor, The Web Browser For Criminals.” Besides reaffirming the simple notion that you shouldn’t just believe something you read on a subreddit, the story — which was viewed over 22,000 times — reaffirms the notion that Tor is a tool for evil.

But look at the headlines! Surely “Drug Market ‘Agora’ Replaces the Silk Road as King of the Dark Net” should alarm us, especially when dark net tech like Tor is “Why Terrorists Like Isil Will Always Be One Step Ahead of Us.” Those featured images are pretty scary, too.

In reality, what Tor allows you to do is to browse the Internet anonymously, and access parts of the Internet that are protected from prying eyes. Yes, this means that it is used for criminal activity — sites like Vocativ and Motherboard report almost daily on dark net drug rings, weapons trading and terrorist organizations who use Tor to cloak their identities. But beyond the scary-sounding dark net, there are dozens of use-cases for Tor that have nothing to do with cybercrime.

The Tor Project keeps a running catalogue on their site of many positive benefits of using Tor. Parents use it to protect their children’s browsing habits, journalists use it to protect their communication with vulnerable sources and whistleblowers, and people living under the grip of oppressive regimes use it to explore and express dissident political beliefs. The list goes on and on.

The Tor Project’s executive director Andrew Lewman blames Tor’s bad reputation on the if-it-bleeds-it-leads mentality of the press.

“‘Little Suzie Takes a Bus to School’ isn’t a story unless the bus is hit by a drunk driver, and little Suzie does not make it to school,” Mr. Lewman told Betabeat. “So no one writes a story about when people use Tor for good.”

For example, Mr. Lewman says, no one has written about Tor’s potential as a tool for protecting the identities of people seeking counseling or treatment for drug abuse or domestic violence — people who could use Tor’s protection as a haven for seeking help.

Instead, Tor suffers the same maligned reputation that plenty of new technologies face before they’re more widely understood — or before they begin to make money. It wasn’t long ago that Bitcoin was just a medium for illicit transactions, or that the BitTorrent was just a tool for destroying the music business through piracy.

“Think back to the Internet in the late 80’s, early 90’s,” Mr. Lewman said. “We heard that the Internet was for child-molesters, money laundering, drug dealing and pornography. ‘Who would want to use this Internet thing? It’s only bad!’ That’s where the deep web is now.”

As for Comcast and other Internet service providers, Mr. Lewman doesn’t think they’d ever make the mistake of ever blocking something like Tor, even if it’s just for fear of backlash from the exact parties they’re so worried about.

“I don’t imagine an ISP will come out and say, ‘We’re going to define what’s good, and say that we’re clean, holier than the Pope and more pure than Allah,’ because I guarantee that criminals will just flock to that ISP and exploit it,” he said.

Regardless, fear mongering clouds the discussion of Tor’s unheralded reality: that in an age when our data has the potential to reveal our most vital personal information, there are people who could benefit from a digital safe haven.
http://betabeat.com/2014/09/stop-cal...for-criminals/





BitTorrent’s Encrypted P2P Chat App Bleep Opens To The Public, Adds Mac, Android Clients
Ingrid Lunden

In the rush of new services for consumers that are concerned about their data privacy, make room for another messaging app. Peer-to-peer file distribution service BitTorrent is today announcing the public availability of Bleep — its encrypted P2P chat app for voice calls and texts that is still in alpha — with Mac and Android apps now available to download, in addition to the existing Windows app that was already part of the invite-only, closed alpha.

An iOS app, a BitTorrent spokesperson tells me, is in the works for a future release.

BitTorrent — once more notorious for enabling piracy, now running in less turbulent waters as it courts advertisers and big-name partners — has been one of the more outspoken internet companies on the issue of data privacy these days in the wake of the NSA snooping revelations. Bleep is a product of that position.

BitTorrent says Bleep is fully encrypted end to end, with messages and other data only stored locally on your device. Users also have the ability to delete their message history, “leaving no trace of conversation behind.”

The thinking here is that a chat app built on a distributed, peer-to-peer architecture like the kind that BitTorrent uses is more secure than one built on a cloud-based architecture.

“Cloud-based services store personal information and private moments on servers, making them vulnerable to attacks,”writes Jaehee Lee, a product manager overseeing Bleep, in a blog post. “Privacy should not be up for debate. And privacy should not be hard to achieve.”

One way that Bleep achieves this is through a server-less architecture (which is built around a distributed hash table, or DHT, that Bleep product manager Farid Fadaie says in a technical post is being continually upgraded for better scale while Bleep’s in alpha).

Another is in how consumers can interface with the app: you can sign into the service using your email or mobile number, or you can access your client in incognito mode — “no Personally Identifiable Information is necessary.”

However, if you so choose, you can also import your Google address book contacts, and to invite friends to Bleep via email, SMS, QR code, or a public key. BitTorrent says you can now move an existing account to an Android device and receive inbound messages across all devices.

Bleep itself has been in the works for a year already. The first, closed version of the service, then simply called BitTorrent Chat, was launched in September 2013. Then, earlier this year, the company started to fill in more details, eventually unveiling the Bleep name as it transitioned to an invite-only, closed Alpha for Windows users. (“Bleep” refers to the privacy level of the app — as in, we have no way of knowing or capturing what you say in your messages because everything you say is no more than a “bleep.”)

This latest iteration of Bleep is now open to anyone who wants to try it, Lee writes, while the company continues to receive user feedback from previous and new testers.

The alpha-ness of the app has a few caveats, Lee notes.

It includes the fact that Android users need to set the app to WiFi-only unless you have an unlimited data plan, a temporary measure “while we iron out [issues] related to battery and data-plan.”

Also there are still glitches in terms of porting data between desktop and mobile: you can move a username from desktop to mobile, but not the other way. The messages can be received across all devices but your sent history is not.

And, as before, you cannot have asynchronous communication, with group messages and photos only getting delivered when users are online (similar to a problem that Skype, which had originally been built on an exclusively-P2P architecture, also used to have).

There are also questions around how BitTorrent may eventually choose to turn the service from a useful resource into a business — monetization being a lingering issue around other recently-launched BitTorrent services, such as Bundles (BitTorrent has yet to introduce the pay gates that it has said would become a part of the product).

On the subject of Bleep monetization, BitTorrent tells me that “There are several possibilities, including the potential to license the engine we built for Bleep. But for the time being the focus is on building the best possible serverless communications app possible. In typical Silicon Valley fashion, we’ll evaluate monetization models down the line.”

With services like Wickr, Snapchat, Confide, still-to-come Hemlis and many, many others also tapping into the movement to have more private messaging services, there are also questions of how Bleep may integrate with the wider world of apps. Asked if there are any plans for white-label models to power other apps, along the lines of Wickr’s strategy, or integration with other apps, Bittorent says “Both are in consideration.”

“While we are not announcing any details on monetizing the engine, it can work with any communications application and we are interested in discussing with interested parties,” the spokesperson says.
http://techcrunch.com/2014/09/17/bit...droid-clients/





Navy Guilty of Illegally Broad Online Searches
Tim Hull

Navy investigators regularly run illegally broad online surveillance operations that breach the line against military enforcement of civilian law, a divided 9th Circuit ruled Friday.

One such operation carried out in 2010 by NCIS agent Steve Logan eventually netted Seattle-area resident Michael Dreyer for distributing child pornography.

Using software called RoundUp from his office in Georgia, Logan searched for "any computers located in Washington state sharing known child pornography on the Gnutella file-sharing network," the ruling states.

Logan wrote in a subpoena that he chose Washington because of its large "saturation" of Department of Defense and Navy personnel.

The search hit on at least one computer, which, with the help of an FBI subpoena to Comcast, he discovered was linked to Dreyer's address. Logan's check on Dreyer revealed that while he used to be in the Air Force, he was no longer affiliated with the military.

Nonetheless, NCIS turned its information over to local police, who searched Dreyer's home and found "many videos and images of child pornography," according to the ruling.

Dreyer was convicted and sentenced to 18 years in prison, despite his claim that the evidence against him should have been suppressed as a clear violation of the Posse Comitatus Act (PCA), which generally prohibits the military from getting involved in civilian law enforcement.

A divided appellate panel agreed on Friday, reversing the lower court's dismissal of his motion to suppress the evidence and sending the case back to Seattle.

The 2-1 majority rejected the government's argument that the military is allowed to monitor and search all computers in a state without prior knowledge that a computer's owner is even in the military.

"To accept that position would mean that NCIS agents could, for example, routinely stop suspected drunk drivers in downtown Seattle on the off-chance that a driver is a member of the military, and then turn over all information collected about civilians to the Seattle Police Department for prosecution," wrote Judge Marsha Berzon for the majority.

The panel also warned that the present case suggests that Logan's broad search was not an isolated incident.

"So far as we can tell from the record, it has become a routine practice for the Navy to conduct surveillance of all the civilian computers in an entire state to see whether any child pornography can be found on them, and then to turn over the information to civilian law enforcement when no military connection exists," the ruling states.

"We have here abundant evidence that the violation at issue has occurred repeatedly and frequently, and that the government believes that its conduct is permissible, despite prior cautions by our court and others that military personnel, including NCIS agents, may not enforce the civilian laws."

Writing in dissent, Judge Diarmuid O'Scannlain noted with apparent regret that the majority was the first ever to apply the "exclusionary rule" to violations of the Posse Comitatus Act.

Excluding evidence under the rule should be a "last resort" and done only after consideration of the "social costs," he argued.

"Yet, in a breathtaking assertion of judicial power, today's majority invokes this disfavored remedy for the benefit of a convicted child pornographer," O"Scannlain wrote. "It does so without any demonstrated need to deter future violations of the PCA and without any consideration of the 'substantial social costs' associated with the exclusionary rule."

An NCIS Public Affairs Officer did not immediately respond to request for comment.
http://www.courthousenews.com/2014/09/12/71363.htm





Despite Obama’s Pledge to Curb It, NSA Mass Surveillance Wins Rubber Stamp

Mass surveillance just earned another 90-day blank check, nine months after President Obama promised to rein in the NSA’s spying powers.
Dustin Volz

In the face of congressional inaction, a federal court on Friday renewed an order allowing the government to collect phone records on virtually all calls within the United States.

The Foreign Intelligence Surveillance Court approved the Justice Department's request for another 90-day extension of the National Security Agency's controversial mass surveillance program, exposed publicly last summer by Edward Snowden and authorized under Section 215 of the post-9/11 Patriot Act. The spying authority is next set to expire on Dec. 5.

"Given that legislation has not yet been enacted, and given the importance of maintaining the capabilities of the Section 215 telephony metadata program, the government has sought a 90-day reauthorization of the existing program, as modified by the changes the president announced in January," the Justice Department and Office of the Director of National Intelligence said in a joint statement.

The extension marks the third of its kind since President Obama pledged in January to reform how the NSA spies on Americans during a major policy speech delivered amid withering scrutiny of the nation's intelligence-gathering practices. Obama outlined a series of immediate steps to reform government surveillance and boost transparency, but noted he would wait for Congress to deliver him a bill before ending the bulk collection of U.S. call data.

At the time, Obama said he has asked Attorney General Eric Holder and the intelligence community to devise "options for a new approach" for phone-records surveillance "before the program comes up for reauthorization on March 28." The president added that "during this period, I will consult with the relevant committees in Congress to seek their views and then seek congressional authorization for the new program, as needed."

But attempts at NSA reform on Capitol Hill this year have been slow going. And in the absence of legislation, the courts have now renewed the collection of telephone metadata—the numbers and time stamps of calls but not their actual contents—in March, June, and now September.

Republicans have claimed throughout the year that Obama has overstepped the constitutional bounds of his office, a charge that has even brought a lawsuit from the House of Representatives. But NSA critics have urged Obama to not wait for Congress and simply let the phone-records program lapse. In June, more than two dozen privacy groups sent the president a letter asking him to not renew the program, a decision they said was "solely within the authority of the Department of Justice."

In July, Senate Judiciary Chairman Patrick Leahy introduced the USA Freedom Act, which would effectively end the government's collection and storage of phone metadata and instead require phone companies to retain those records, which intelligence agencies could obtain only after earning court approval for their queries. The measure is a more ambitious proposal of a version of the bill that passed the House in May, and it has accrued support from tech companies, privacy groups, the administration, and Director of National Intelligence James Clapper.

"Congress must ensure that this is the last time the government requests and the court approves the bulk collection of Americans' records," Leahy said in a statement. "This announcement underscores, once again, that it is time for Congress to enact meaningful reforms to protect individual privacy."

In their joint statement, the Justice Department and Office of the Director of National Intelligence endorsed the House version of the USA Freedom Act, noting that "it reflects a reasonable compromise that preserves essential intelligence community capabilities, enhances privacy and civil liberties, and increases transparency." The statement did not directly comment on Leahy's package.

Despite the wide breadth of support for the Freedom Act, the bill is unlikely to earn a vote in the Senate before the midterm elections, and it could be tabled until next year.
http://www.nationaljournal.com/tech/...stamp-20140913





Justice Department Proposal Would Massively Expand FBI Extraterritorial Surveillance
Ahmed Ghappour

A Department of Justice proposal to amend Rule 41 of the Federal Rules of Criminal Procedure would make it easier for domestic law enforcement to hack into computers of people attempting to protect their anonymity on the Internet. The DOJ has explicitly stated that the amendment is not meant to give courts the power to issue warrants that authorize searches in foreign countries—but the practical reality of the underlying technology means doing so is almost unavoidable.

The result? Possibly the broadest expansion of extraterritorial surveillance power since the FBI’s inception.

This post highlights key issues raised by the international aspect of the DOJ proposal, in the attempt to encourage wider public debate before the FBI is granted such expansive powers.

The FBI brand of hacking: Network Investigative Techniques.

Broadly, the term “Network Investigative Techniques,” (NIT) describes a method of surveillance that entails “hacking,” or the remote access of a computer to install malicious software without the knowledge or permission of the owner/operator. Once installed, malware controls the target computer.

The right Network Investigative Technique can cause a computer to perform any task the computer is capable of—covertly upload files, photographs and stored e-mails to an FBI controlled server, use a computer’s camera or microphone to gather images and sound at any time the FBI chooses, or even take over computers which associate with the target (e.g. by accessing a website hosted on a server the FBI secretly controls and has programmed to infect any computer that accesses it).

Network Investigative Techniques are especially handy in the pursuit of targets on the anonymous Internet—defined for the purposes of this post as those using Tor, a popular and robust privacy software, in order to obscure their location (and other identifying information), and to utilize so-called “hidden” websites on servers whose physical locations are theoretically untraceable.

Since Network Investigative Techniques work by sending surveillance software over the Internet (at 9), the physical location of the target computer is not essential to the execution of the search. Indeed, the DOJ proposal is justified as the only reasonable way to confront the use of anonymizing software, “because the target of the search has deliberately disguised the location of the media or information to be searched.” (at 9).

The DOJ Proposal

The proposed amendment addresses a jurisdictional limitation in the current version of Rule 41(b)(1) that prevents a judge from issuing a warrant unless the target is known to be located within her district.

(6) a magistrate judge with authority in any district where activities related to crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside of that district if (A) the district where the media or information is located has been concealed through technological means F.R.Cr.P. Rule 41(b)(6)(A) (proposed) (emphasis added).

The amendment mirrors language setting out the jurisdictional scope of terrorism investigations under Rule 41(b)(3) (emphasized above), but applies to investigations for general crimes:

“The Department’s proposal is intended to clarify that the issuance of such a warrant is proper in other criminal investigations as well” Jonathan J. Wroblewski, director of the Department Justice’s Office of Policy and Legislation, in a memo to the chair of the subcommittee considering the rule change. (at 179).

As for extraterritorial hacking, the DOJ commentary explicitly states that the proposal does not seek power to extend search authority beyond the United States:

In light of the presumption against international extraterritorial application, and consistent with the existing language of Rule 41(b)(3), this amendment does not purport to authorize courts to issue warrants that authorize the search of electronic storage media located in a foreign country or countries. AUSA Mythili Raman, Letter to Committee.

Yet the commentary also articulates a standard of searches that “are within the United States or where the location of the electronic media is unknown.”

Under this proposed amendment, law enforcement could seek a warrant either where the electronic media to be searched are within the United States or where the location of the electronic media is unknown. In the latter case, should the media searched prove to be outside the United States, the warrant would have no extraterritorial effect, but the existence of the warrant would support the reasonableness of the search. AUSA Mythili Raman, Letter to Committee (emphasis added).

The latter standard seems to be a significant loophole in the DOJ’s own formulation of the approach, particularly given the global nature of the Internet. For instance, over 85% of computers directly connecting to the Tor network are located outside the United States. And since (according to the DOJ) each computer’s “unknown location” is virtually indistinguishable from the next, any law enforcement target pursued under this provision of the amendment may be located overseas.

When the FBI finds itself abroad.

The FBI’s extraterritorial authority is nothing new. Indeed, the agency’s extraterritorial responsibilities date back to the mid-1980′s when Congress first passed laws authorizing the FBI to exercise federal jurisdiction overseas when a U.S. national is murdered, assaulted, or taken hostage by terrorists.

The FBI’s extraterritorial activities have generally fallen in line with customary international law, where it is considered an invasion of sovereignty for one country to carry out law enforcement activities within another country without that country’s consent. To that end, the FBI avoids acting unilaterally—relying instead on the United States’ diplomatic relations with other countries and the applicability of any treaties, seeking permission from the host country before deploying personnel, and requesting assistance from local authorities when possible.

Radical departures from current policy.

The DOJ proposal will result in significant departures from the FBI’s customary practice abroad: overseas cyber operations will be unilateral and invasive; they will not be limited to matters of national security; nor will they be executed with the consent of the host country, or any meaningful coordination with the Department of State or other relevant agency.

Under the DOJ’s proposal, unilateral state action will be the rule, not the exception, in the event an anonymous target “prove[s] to be outside the United States.” The reason is simple: without knowing the target location before the fact, there is no way to provide notice (or obtain consent from) a host country until after its sovereignty has been encroached.

Without advanced knowledge of the host country, law enforcement will not be able to adequately avail itself to protocols currently in place to facilitate foreign relations. For example, the FBI will not be able to coordinate with the Department of State before launching a Network Investigative Technique. This puts the U.S. in a position where a law enforcement entity encroaches on the territorial sovereignty of foreign states without coordination with the agency in charge of its foreign relations.

The encroachments that result will be public—bound to arise in the event of a criminal trial. In 2002, for example, Russia’s Federal Security Service (FSB) filed criminal charges against an FBI agent for “illegally accessing” servers in Chelyabinsk, Russia in order to seize evidence against Russian hackers later used in their criminal trial. The FSB was tipped off to the fact when the defendants were indicted in Seattle, Washington.

Reportedly, an FBI press release stated that this was “the first FBI case to ever utilize the technique of extraterritorial seizure of digital evidence.” The FBI accessed the overseas server through the web, using login information it obtained from a suspect in custody.

The next accidental cyber war?

When a state’s sovereignty is encroached upon, its response depends on the nature and intensity of the encroachment. In the context of cyberspace, states (including the United States) have asserted sovereignty over their cyber infrastructure, despite the fact that cyberspace as a whole, much like the high seas or outer space, is considered a “global common” under international law.

To be sure, the FBI’s known arsenal of Network Investigative Techniques, if executed properly, do not rise to the level of a cyber “armed attack”—as defined in Article 51 of the UN Charter—for which a use of (cyber or kinetic) force in response would be permissible. Doing so would require the attack be reasonably expected to cause injury or death to persons or damage or destruction to objects of a significant scale. Forceful responses to cyber attacks below that threshold are only permissible with UN Security Council authorization.

As a general matter, there are no prohibitions on cyber espionage (clandestine information gathering by one state from the territory of another) in international law. Perhaps, then, law enforcement hacking (as with other forms of espionage by organs of the State) will be regulated by the violated state’s domestic criminal law, counterespionage, or other countermeasures. Given the public nature of the U.S. criminal justice system, it is hard to see how the FBI will avoid risk of prosecution (similar to that in the Chelyabinsk incident) if the DOJ proposal is approved.

Too fast too soon.

In light of the above, I would be hesitant to amend Rule 41 at this time without first having a thorough discussion of the potentially far-reaching consequences of the change. The technologies involved are rapidly developing and poorly understood, as are the existing international legal norms that apply to them. It is critical that these issues be approached with comprehensive deliberation (between technologists, policy makers and lawyers) that looks beyond the operational frame.

Nonetheless, if we do amend the Rule, we should certainly take steps to minimize the encroachment on other states’ sovereignty, leaving open the possibility for diplomatic overtures. To that end, the Rule should require Network Investigative Techniques to return only country information at first, prompting the executing FBI agent to utilize the appropriate protocols and institutional devices.

The Rule should also insure that Network Investigative Techniques are used sparingly and only when necessary by requiring a showing similar to that required by the Electronic Communications Privacy Act, namely, that less intrusive investigative methods have failed or are reasonably unlikely to succeed. See 18 U.S.C. § 2518(1)(c)). Another way to do this might be to narrow the class of potential targets, from targets whose location is “concealed through technological means” to those whose location is not “reasonably ascertainable” by less invasive means.

The Rule should also limit the range of hacking capabilities it authorizes. “Remote access” should be limited to the use of constitutionally permissible methods of law enforcement trickery and deception that result in target-initiated access (e.g., requiring the target to click a link contained within a deceptive email in order to initiate delivery and installation of malware). “Search” capabilities should be limited to monitoring and duplication of data on the target (e.g., copying a hard drive or monitoring keystrokes).

The Rule should not authorize drive-by-downloads that infect every computer that associates with a particular webpage, the use of weaponized software exploits in order to establish “remote access” of a target computer, or deployment methods that risk indiscriminately infecting computer systems along the way to the target. Nor should the Rule authorize a “search” method that requires taking control of peripheral devices (such as a camera or microphone).

There are other suggestions, of course. As it stands, the proposed amendment allows the FBI to use a wide array of invasive (and potentially destructive) hacking techniques where it may not be necessary to do so, against a broad pool of potential targets that could be located virtually anywhere.

The public has until Feb. 17, 2015, to comment on the preliminary draft.
http://justsecurity.org/15018/justic...-surveillance/





Bill Would Limit Reach of US Search Warrants for Data Stored Abroad

Bill cuts down Obama administration's position that the world's servers are ours.
David Kravets

Proposed legislation unveiled Thursday seeks to undermine the Obama administration's position that any company with operations in the United States must comply with valid warrants for data, even when that data is stored on overseas servers.

The bipartisan Law Enforcement Access to Data Stored Abroad Act (LEADS Act) comes in response to a federal judge's July decision ordering Microsoft to turn over e-mails stored on its Irish servers as part of a Department of Justice drug investigation. The Department of Justice argued that global jurisdiction is necessary in an age when "electronic communications are used extensively by criminals of all types in the United States and abroad, from fraudsters to hackers to drug dealers, in furtherance of violations of US law." New York US District Judge Loretta Preska agreed, ruling that "it is a question of control, not a question of the location of that information." The decision is stayed pending appeal.

Microsoft, along with a slew of other companies, maintains that the Obama administration's position in the case puts US tech companies into conflict with foreign data protection laws. And it fears that if the court decision stands, foreigners could lose more confidence in US companies' cloud and tech offerings, especially in the wake of the Edward Snowden revelations.

Under the new proposal by Senators Orrin Hatch (R-UT), Chris Coons (D-DE), and Dean Heller (R-NV), the US could still reach into global servers with a US search warrant, but it would be limited to obtaining Americans' data. If the US government wants a foreigner's data stored on foreign servers, it would have to follow the legal process of the nation where the servers reside.

Sen. Coons said that the US government's position in the Microsoft case "hurts our businesses’ competitiveness and costs American jobs."

Microsoft general counsel Brad Smith said the proposed legislation was a "key milestone" that would "strengthen the protection of Constitutional due process rights and limit the extraterritorial reach of search warrants." IBM echoed Smith in a statement, writing, "By introducing this legislation, Congress is taking a positive step to clarify and modernize the legal framework regarding government access to digital data."

The legislation also seeks to strengthen cloud-storage privacy laws in the US. As it now stands, a Reagan-era law allows police to get your e-mail or other cloud-stored content without a warrant, so long as it has been stored on a third-party's servers for at least six months. E-mail left on servers was considered abandoned and ripe for the government's taking, a position that has now been extended to all types of data stored in the cloud.

Adding to the complexity of the issue, a federal appeals court ruled in 2010 that warrants indeed were required for cloud content—prompting many, but not all, US service providers to demand them before releasing data to the authorities.

"Law enforcement agencies wishing to access Americans' data in the cloud ought to get a warrant,” Sen. Coons said.

Privacy advocates are less optimistic about the privacy protections of the LEADS Act, though.

Greg Nojeim, a senior attorney with the Center for Democracy & Technology, said the measure was a step forward for US respect toward data storage laws in other countries. But he worries about how well the bill's ideas would work in practice.

“Despite the bill’s strong elements, we can’t support the LEADS Act because we are concerned about how the provision authorizing long-arm warrants for the accounts of US persons would be administered, and whether we could reasonably expect reciprocity from other nations on such an approach," Nojeim said.
http://arstechnica.com/tech-policy/2...stored-abroad/





The Web Won't Be Safe or Secure Until We Break It

Unless you've taken very particular precautions, assume every Web site you visit knows exactly who you are.
Jeremiah Grossman

The Internet was designed to deliver information, but few people envisioned the vast amounts of information that would be involved or the personal nature of that information. Similarly, few could have foreseen the potential flaws in the design of the Internet—more specifically, Web browsers—that would expose this personal information, compromising the data of individuals and companies.

If people knew just how much of their personal information they unwittingly make available to each and every Web site they visit—even sites they've never been to before—they would be disturbed. If they give that Web site just one click of the mouse, out goes even more personally identifiable data, including full name and address, hometown, school, marital status, list of friends, photos, other Web sites they are logged in to, and in some cases, their browser's auto-complete data and history of other sites they have visited.

Obtaining all this information has been possible for years. Today's most popular browsers, including Chrome, Firefox, Internet Explorer, and Safari, do not offer adequate protection for their users. This risk of data loss seems to run counter to all the recent marketing hype about the new security features and improvements browser vendors have added to their products over the past several years, such as sandboxing, silent and automatic updates, increased software security, and anti-phishing and anti-malware warnings, all of which are enabled by default. While all are welcome advances, the fact is that these features are designed only to prevent a very particular class of browser attacks—those generally classified as drive-by downloads.

Drive-by downloads seek to escape the confines of the browser walls and infect the computer's operating system below with malware. Without question, drive-by-downloads are a serious problem—millions of PCs have been compromised this way when encountering infected Web sites—but they are certainly not the only threat browser users face, especially in an era of organized cybercrime and ultra-targeted online advertising.

The techniques behind attacks that obtain personal information are completely different and just as dangerous as malware, perhaps more so since the solution is far more complicated than just installing antivirus software. These attack techniques have even more esoteric labels such as XSS (cross-site scripting), CSRF (cross-site request forgery), and clickjacking. These types of attacks are (mostly) content to remain within the browser walls, and they do not exploit memory-corruption bugs as do their drive-by download cousins, yet they are still able to do their dirty work without leaving a trace.

These attacks are primarily written with HTML, CSS (Cascading Style Sheets), and JavaScript, so they are not identifiable as malware by antivirus software in the classic sense. They take advantage of the flawed way in which the Internet was designed to work. The result is that these attack techniques are immune to protections that thwart drive-by downloads. Despite the dangers they pose, they receive very little attention outside the inner circles of the Web security industry. To get a clearer picture of these lesser-known attacks, it's important to understand a common Web technology use case.

HTML allows Web developers to include remotely hosted image files on a Web page from any location across the Web. For example, a Web site located at http://coolwebsite/ may contain code such as:

<img src="http://someotherwebsite/image.png">

This instructs a visiting browser to send a Web request to http://someotherwebsite/ automatically, and when returned, to display the image on the screen. The developer may tack on some JavaScript to detect if the image file was loaded successfully or contained an error:

<img src="http://someotherwebsite/image.png" onload="successful()" onerror="error()">

If the image file loaded correctly, then the "successful" JavaScript function executes. If an error occurred, then the error function executes. This code is completely typical and innocuous, but the same functionality can also be leveraged for invasive, malicious ends.

Now, let's say http://coolwebsite/ loaded an image file from http://someotherwebsite/, but that image file is accessible only if the user's browser is currently logged into http://someotherwebsite/. As before:

<img src="http://someotherwebsite/loggedin.png" onload="loggedIn()" onerror="notLoggedIn()">

If the user is logged in, then the image file loads successfully, which causes the executions of loggedIn. If the user is not logged in, then notLoggedIn is executed. The result is an ability to test easily and invisibly whether a visitor is logged in to a particular Web site that a Web developer does not have a relationship with. This login-detection technique, which leverages CSRF, can be applied to online banks, social networks, Web mail, and basically anything else useful to an attacker. The attacker behind http://coolwebsite/ just has to find the URLs that respond in a Boolean state with respect to login.

Next, consider that a malicious Web-site owner might want to go one step further and "deanonymize" a Web visitor, which is to say, learn the visitor's real name. Assume from the previous example that the attacker can determine if the visitor is logged into Twitter, Facebook, Google+, etc. Hundreds of millions of people are persistently logged in to these online services every day. These Web sites, and many like them, are designed that way for convenience.

The next thing an attacker could take advantage of is those familiar third-party Web widgets, such as Twitter's "Follow," Facebook's "Like," and Google's "+1" buttons.

While these buttons may seem innocent and safe enough, nothing really technically prevents Web sites from placing those buttons within an HTML container, such as a div tag, making those buttons transparent, and hovering them just under a Web visitor's mouse pointer. This is done so that when visitors click on something they see, they instead automatically Follow, Like, or +1 whatever else the bad guy wants them to. This is a classic case of clickjacking—an attack seen in the wild every day.

Here's why this flaw in the Internet matters: since the attacker controls the objects behind those buttons, after the user clicks, the attacker can tell exactly "who" just Followed, Liked, or +1'ed on those online services (e.g., Twitter: "User X Followed you." Facebook: "User X Liked Page Y."). To deanonymize the Web visitor, all the attacker needs to do is look at the public profile of the user who most recently clicked. That's when the fun begins for the attacker and trouble begins for the unsuspecting Internet user.

One more longstanding issue, "browser intranet hacking," deserves attention. This serious risk, first discussed in 2006, remains largely unaddressed to this day. Browser intranet hacking allows Web-site owners to access the private networks of their visitors, which are probably behind network firewalls, by using their browsers as a launch point. This attack technique is painfully simple and works equally well on enterprises and home users, exposing a whole new realm of data.

The attack flow is as follows: a Web user visits a malicious Web site such as http://coolwebsite/. That site instructs the visitor's browser to make a Web request to an IP address or host name that the visitor can get to but the attacker cannot, such as 192.168.x.x or any non-routable IP as defined by RFC-1918. Such requests can be forced through the use of IMG tags, as in the earlier example, or also through the use of iframe, script, and link tags:

<iframe src="http://192.168.1.1/" onload="detection()">.</iframe>

Depending on the detectable response given from the IP address, the attacker can use the Web visitor's browser to sweep internal private networks for listening IP Web servers. Locating printers, IP phones, broadband routers, firewalls, configuration dashboards, and more.

The technique behind browser intranet hacking is similar to the Boolean-state detection in the login-detection example. Also, depending on whether the user is logged in to the IP/Hostname, this type of attack can force the visitor's browser to make configuration changes to the broadband router's Web-based interface through well-known IPs (192.168.1.1, 10.10.0.1, etc.) that can be quickly enumerated. The consequences of this type of exploitation can be devastating as it can lead to all traffic being routed though the attacker's network first.

Beyond login detection, deanonymization, and browser intranet hacking are dozens of other attack techniques possible in today's modern browsers. For example, IP address geo-location tells, roughly speaking, what city/town a Web visitor is from. The user-agent header reveals which browser distribution and version the visitor is using. Various JavaScript DOM (Document Object Model) objects make it trivial to list what extensions and plugins are available—to hack or fingerprint. DOM objects also reveal screen dimensions, which provides demographic context and whether the user is using virtualization.

The list of all the ways browser security can be bent to a Web-site owner's will goes on, but the point is this: Web browsers are not "safe"; Web browsers are not "secure"; and the Internet has fundamental flaws impacting user (personal or corporate) security.

Now here's the punch line: the only known way of addressing this class of problem adequately is to "break the Web" (i.e., negatively impact the usability of a significant percentage of Web sites). These issues remain because Web developers, and to a large extent Web users, demand that certain functionality remain available, and that functionality is what makes these attacks possible.

Today's major browser vendors, whose guiding light is market share, are only too happy to comply. Their choice is simple: be less secure and more user-adopted, or be secure and obscure. This is the Web security trade-off—a choice made by those who do not fully understand or appreciate, or are not liable for, the risks they are imposing on everyone using the Web.

Nonstarter Solutions

To fix login detection, a browser might decide not to send the Web visitor's cookie data to off-domain destinations (those different from the hostname in the URL bar) along with the Web requests. Cookies are essential to tracking login state. The off-domain destination could still get the request, but would not know to whom it belonged. This is a good thing for stopping the attack.

Not sending cookies off-domain, however, would break functionality for any Web site that uses multiple hostnames to deliver authenticated content. The approach would break single-click Web widgets such as Twitter's "Follow," Facebook's "Like," and Google's "+1" buttons. The user would be required to perform a second step. It would also break visitor tracking via Google Analytics, Coremetrics, and so on. This is a clear nonstarter from the perspective of many.

To fix clickjacking, Web browsers could ban iframes entirely, or at least ban transparent iframes. Ideally, browser users should be able to "see" what they are really clicking on. Suggesting such a change to iframes, however, is a losing battle; millions of Web sites rely upon them, including transparent iframes, for essential functionality. Notable examples are Facebook, Gmail, and Yahoo! Mail. You don't normally see iframes when they are used, but they are indeed everywhere. That level of breakage is never going to be tolerated.

For browser intranet hacking, Web browsers could prohibit the inclusion of RFC-1918 resources from non-RFC-1918 Web sites. This would essentially create a break point in the browser between public and private networks. One reason that browser vendors say this is not doable is that some organizations actually do legitimately include intranet content on public Web sites. Therefore, because some organizations (which you have never heard of and whose Web sites you'll never visit) have an odd use-case, your browser leaves the private networks you are on, and that of hundreds of millions of others, wide open.

As shocking as this sounds, try looking at the decision not to fix the problem from the browser vendors' perspective. If they break the uncommon use-case of these unnamed organizations, the people within those organizations are forced to switch to a competing "less-secure" browser that allows them to continue business as usual. While the security of all other users increases for the browser that makes the change, that browser vendor loses some fraction of market share.

Security Chasm

The browser vendors' unwillingness to risk market share has led to the current security chasm. Dramatic improvements in browser security and online privacy are held hostage by backward compatibility requirements related to how the Internet was designed. Web-browser vendors compete with each other in trench-style warfare, gaining ground by scratching for a tiny percentage of new users, everyday—users who don't pay them a dime, while simultaneously trying to keep every last user they already have.

It's important to remember that mainstream browsers are essentially advertising platforms. The more eyeballs browsers have, the more ads are delivered. Ads, and ad clicks, are what pay for the whole party. Anything getting in the way of that is never a priority.

To be fair, there was one important win recently when, after years of discussion, a fix was applied to CSS history sniffing. This is the ability of a Web site to uncover the history of other Web sites a user had visited by creating hyperlinks on a Web page and using either JavaScript or CSS to check the color of the link displayed on the screen. A blue link meant the visitor had not been there; purple indicated the user had visited the site. This was a serious privacy flaw that was simple, effective, and 10,000-URLs-per-second fast to execute. Any Web site could quickly know where you banked, shopped, what news you read, adult Web sites frequented, etc.

The problem of CSS history sniffing finally got so bad and became so high profile that roughly 10 years after it first came up, all the major browser vendors finally broke the functionality required for the attack. Many Web developers who relied on the underlying functionality were vocally upset, but apparently this was an acceptable level of breakage from the browser vendors' perspective.

When the breakage is not acceptable, but the issue is still bad, new opt-in browser security features are put forth. They generally have low adoption rates. Prime examples are Content Security Policy, X-Frame-Options, Origin, Strict Transport Security, SSL (Secure Sockets Layer), Secure and HttpOnly cookie flags, etc. Web-site owners can implement these solutions only when or if they want to, thereby managing their own breakage. What none of these features do is to allow Web users to protect themselves, something every browser should enable its users to do. Right now, Web security is in a holding pattern—waiting for the bad guys to cause enough damage—which then should give enough juice to those with the power to take action.

Beyond the Status Quo

The path toward a more secure Web has a few options. We could establish a brand-new World Wide Web, or an area within it. A Web platform designed to be resilient to the current laundry list of problems, however, will forever plague its predecessor. For the moment, let's assume we technically know how to make a secure platform, which is a big if.

The next step would be to convince the developers behind the millions, potentially hundreds of millions, of important Web sites to move over and/or build atop version two. Of course, the promise of a "more secure" platform would not be sufficient incentive by itself. They would have to be offered something more attractive in addition. Even if there were something more attractive, this path would only exchange our backward-compatibility problem for a legacy problem, which is likely to take years, perhaps a decade or more, to get beyond.

There is another path—one that already has a demonstrated model of success in mobile applications. What you find there basically amount to many tiny Web browsers connected to the mobile version of the main Web site. The security benefit provided by mobile platforms such as Apple's iOS and Google's Android is that the applications are isolated from one another in both memory and session state.

For example, if you launched Bank of America's mobile application, logged in, did your banking, and then subsequently launched Facebook's mobile application and logged in, neither app has access to the other app's session, as would be the case in a normal desktop Web browser. Mobile applications have little to no issues regarding login detection, deanonymization, and intranet hacking. If mobile platforms can get away with this level of application and login-state isolation, certainly the desktop world could as well.

By adopting a similar application model on the desktop using custom-configured Web browsers (let's call them DesktopApps), we could address the Internet's inherent security flaws. These DesktopApps could be branded appropriately and designed to launch automatically to Bank of America's or Facebook's Web site, for example, and go no further. Like their mobile application cousins, these DesktopApps would not present an URL bar or anything else making them look like the Web browsers they are on the surface, and of course they would be isolated from one another. Within these DesktopApps, attacks such as XSS, CSRF, and clickjacking would become largely extinct because no cross-domain connections would be allowed—an essential precondition.

DesktopApps would also provide an important security benefit to Chrome, Firefox, Internet Explorer, and Safari. Attacks such as login detection and deanonymization would be severely hampered. Let's say Web visitor X uses only a special DesktopApp when accessing the Web sites of Bank of America, Facebook, or whatever else and never uses the default Web browser for any of these activities. When X is using Chrome, Firefox, or Internet Explorer and comes across a Web site trying to perform login detection and deanomymization, well, X has never logged in to anything important in that browser, so the attacks would fail.

What about intranet hacking? The answer is to break the functionality, as described earlier. Web browsers should not allow non-RFC-1918 Web sites to include RFC-1918 content—at least not without an SSL-style security exception. One or all of the incumbent browser vendors need to be convinced of this. If that mystery company with an odd use-case wants to continue, it should have a special corporate DesktopApp created that allows for it. It would be far more secure as a result, as would we all.

This article has outlined a broad path to fix Web security, but much is left unaddressed about how to roll out a DesktopApp and get the market to adopt such practices. Beyond just the security benefits, other features are needed to make DesktopApps attractive to Web visitors; otherwise there is no incentive for browser vendors to innovate. There's also lobbying to be done with Web-site owners and developers. All of this makes fixing the Internet a daunting task. To get past security and reach our final destination—a world where our information remains safe—we must develop creative solutions and make hard choices.
http://queue.acm.org/detail.cfm?id=2390758





Smartphones Are Used To Stalk, Control Domestic Abuse Victims
Aarti Shahani

We've looked a lot at privacy from the Big Brother standpoint: how the National Security Agency or corporate giants like Google track us online, say for political reasons or to make money from ads.

But there's another kind of privacy concern that is a lot more intimate. You could call it Little Brother, though it's really more like husbands and wives, lovers and exes who secretly watch their partners — from a distance. They are cyberstalking — using digital tools that are a lot cheaper than hiring a private detective.

NPR investigated these tools, also known as spyware, and spoke with domestic violence counselors and survivors around the country. We found that cyberstalking is now a standard part of domestic abuse in the U.S.

Digital Detox At The Shelter

Before we get into how spyware works, let's visit a place that's been transformed by it: a domestic violence shelter — a safe house for mostly women and children. It's run by a group called Next Door, and it's somewhere in the heart of Silicon Valley. I can't tell you exactly where because its location is a secret. (I had to sign an agreement to be let in.)

While the kids are playing with dominoes in the living room, counselor Rosa Navarro takes the newest arrival — a woman who has a little boy — into a quiet office for intake.

And that intake includes digital detox.

Navarro tells the woman that because most cellphones have a tracking system, "your ex can find you that way." She advises her to shut off her GPS and Wi-Fi, and stay away from Facebook.

The woman nods and says, "I don't have Facebook. I just do texting." She knows to be cautious because, she says, family members who work at the sheriff's office and for the police warned her.

Navarro says most of the people who come here don't already know. They're oozing data — from their phones, their tablets, their social media accounts — data that an abuser can access pretty easily.

Smartphones and GPS have transformed domestic violence shelters across the U.S.

NPR surveyed more than 70 shelters — not just in big coastal cities like New York and San Francisco, but also in smaller towns in the Midwest and the South.

We found a trend: 85 percent of the shelters we surveyed say they're working directly with victims whose abusers tracked them using GPS. Seventy-five percent say they're working with victims whose abusers eavesdropped on their conversation remotely — using hidden mobile apps. And nearly half the shelters we surveyed have a policy against using Facebook on premises, because they are concerned a stalker can pinpoint location.

Counselors in St. Paul, Minn., had to call the police when an abuser banged on the safe house doors; he had tracked down his wife using GPS. In Dallas, a woman inside a group therapy session thought her phone was off, but it turns out it was feeding data to her abuser. In Jamaica Plain, Mass., counselors had to help one victim debug her shoes after finding a GPS tracker embedded in them. A few shelters say abusers gave iPhones to their children as a gift, during the parents' separation, in order to track down the mom.

It's About Power, Not Just Privacy

Cindy Southworth, an advocate with the National Network to End Domestic Violence, runs a project focused on technology in domestic abuse.

"The strategy of offenders is to have complete and utter domination and control of their victims," she says. "And so it's not enough that they just monitor the victim. They will then taunt them or challenge them and say, 'Why were you telling your therapist this? Or why did you tell your sister that? Or why did you go to the mall today when I told you couldn't leave the house?' "

Southworth talks about technology and tracking in a distinct way. In the wake of revelations about snooping by the National Security Agency, many people use the word "privacy" to summarize concerns about surveillance. But for her, it's about power.

Surveillance has long been part of domestic violence. Back in the day, abusive partners would have you followed around or wouldn't let you leave the house. Now, from work or from the bar, they can just watch you on a laptop.

"What we're seeing is that technology is now the new tool to perpetuate that surveillance," she says.

How Spyware Works

Spyware is software you can use to track someone else by turning their smartphone, tablet or computer into a spy. Spyware companies offer their software as a service. Like Netflix, it's a pay-as-you-go subscription. But unlike Netflix, it's clearly enabling illegal activity.

Detective Brian Hill with the sheriff's office in Anoka County, Minn., gives me a crash course on one popular brand called mSpy. It costs about $70 for a month or $200 for a year. "Very cheap, considering what it can do," he says.

MSpy is easy to install. The stalker just needs a few minutes alone with the smartphone of the person being stalked. So when they're in the shower, just say: "Hey, honey, I need to use your phone. Tell me the passcode!"

Then, Hill shows me how it works on a smartphone that he's hacked: "It tells you to go to the settings, go to the security and the screen lock, and then tells you to check the box for unknown sources."

MSpy has a step-by-step guide — with screenshots — on how to download the app onto an iPhone or Android device, how to activate it, and then how to delete any visible trace of it. It'll just hang out in a hidden folder, with a nondescript name like "Android.sys." If someone happened to find it, they'd just see the iconic green Android robot and think it's part of the phone's operating system. The app also uses less data than basic text messaging services like WhatsApp, "so mSpy stays under the radar that way," Hill explains.

Now the stalker can monitor the person being stalked, from the website of the spyware company. Hill goes to his laptop and logs into his mSpy account. There's a really nice dashboard to organize all the information you're grabbing — and it's a lot of information, like contacts, call logs, text messages, call recordings (full recordings of entire conversations), photos, video files, and a log of every website visited by the person being stalked.

There's also a keylogger function, to record everything the victim types into his or her smartphone. Say the victim goes to do some online banking at Wells Fargo or Citibank. The stalker can see the website being visited, and the username and password typed in, gaining full online access to the victim's bank account.

And say the victim starts a new relationship. It's going great until suddenly the new person stops calling. Maybe he lost interest. Or maybe the cyberstalker blocked him: "You figured out who the new boyfriend is, or the new girlfriend, whatever it is," Hill explains. "You could type in their phone number, and then it'll restrict that call from ever coming into the phone. It won't allow it."

MSpy also does location tracking. It has a map — kind of like Apple's Find My iPhone — that shows where the victim's smartphone is right now at 1:37 p.m. and the exact route it took to get from Point A to Point B.

And mSpy has one more powerful feature: the eavesdropping function. When the person being stalked gets an incoming call, that very second, their speakerphone gets activated and starts recording. The victim doesn't have to answer the phone. The ringer could even be on mute, so you don't know it's ringing. But whatever conversation is happening in that room — say the victim is talking with her sister or her counselor — the smartphone feeds it back to the stalker.

Marketing: Watch Your Workers And Kids

Ads for spyware companies are all over the Internet. And obviously they don't market their apps as tools for obsessed lovers.

In online videos, they market spyware as a safety product. For example, an ad for PhoneSheriff says: "You can track your child via GPS, and monitor texts for abuse including sexting and bullying."

The companies, which tout hundreds of thousands of subscribers, describe spyware as a legal way to watch your employees or your kids — with their full knowledge — to make sure no one's out of line.

NPR called and emailed mSpy (which is based in London, according to its website), PhoneSheriff (in Jacksonville, Fla.), MobiStealth (in Beverly, Mass.) and StealthGenie (which didn't list a location). We wanted to know: How many subscribers do you have exactly? Have you ever reported a user to law enforcement for suspicious activity? What steps are you taking to prevent abuse?

MSpy responded that every customer signs an agreement acknowledging it's illegal to secretly spy on someone and the company is not liable. None of the other companies responded to NPR's inquiries.

Cindy Southworth, the advocate against domestic violence, says a lot of victims don't realize that it's so easy to be tracked in so many ways. People just think they're going crazy. Southworth says they're not: "What I frequently tell victims is: If you suspect that your ex knows too much, it's entirely possible that all your devices have been compromised."

She says trust your instincts. Trust your gut.
http://www.npr.org/blogs/alltechcons...-abuse-victims





London’s Future Crime Hot Spots Predicted Using Mobile Phone Data

Data mining can spot future crime scenes with an accuracy of 70 per cent, say data scientists

In the 2002 film, Minority Report, the police apprehend criminals by predicting that they are about to commit a crime. Many observers have drawn parallels between this and the modern trend towards “predictive policing”. This is the way a growing number of police forces around the world are using data on past crimes to predict the likelihood of crimes in the future.

And the results have been generally favourable, with several forces claiming that it allows them to allocate resources more effectively. For example, if there have been burglaries in your neighbourhood in the recent past, the algorithm would flag it as a potential future crime scene. And that allows law enforcement organisations to react accordingly, such as patrolling high risk areas rather than low risk ones. The idea is to stop crime before it starts.

But that raises an interesting question. How good can predictive policing become? And what kind of data will police forces use to make these improvements?

Today we get an answer of sorts thanks to the work of Andrey Bogomolov at the University of Trento in Italy and a few pals who have used the daily data from mobile phones to significantly improve the accuracy of crime predictions. “With real crime data from London we obtain an accuracy of almost 70% when predicting whether a specific area in the city will be a crime hotspot or not,” they say.

Here’s how it works. The current systems rely on data such as crime statistics and local demographics. The problem with these statistics is that they are difficult and expensive to gather and not regularly updated.

By contrast, mobile phone operators can collect data about the owners such as their gender, age and so on and then monitor the location of the phones in real time. It’s not hard to imagine that this kind of data might significantly improve the accuracy of crime prediction models.

That’s exactly what Bogomolov and co set out to show. These guys used a dataset about mobile phone users in the centre of London, which they obtained from Telefonica, a European mobile phone company which owns the O2 service in the UK.

This dataset contains all kinds of information about the users: their age, gender, home location and so on. But it also contains their location at various instants in time. To find out whether this could improve crime prediction, Bogomolov and co used the crime statistics and demographics from one period of time to train an algorithm to predict crime rates in the next period of time.

The results were pretty good. In that case, the algorithm was able to predict whether a given area would be a crime hotspot or not in the next month with an accuracy of about 62 per cent.

Then they added the phone data into the mix and used the resulting dataset to retrain the algorithm. That significantly improved the accuracy to 68 per cent. That’s an increase in accuracy of 6 per cent — not revolutionary but still significant.

Their analysis shows that some mobile phone data is more important than others. For example, the data relating to whether or not the phone owner was at home, was particularly strongly correlated with crime patterns.

That’s an interesting result that should help law enforcement authorities use their resources more effectively. “The proposed model could be used to predict new crime occurrence areas that are of similar nature to other well known occurrence areas,” say the team.

It should also help limit the cost of these kinds of predictive systems because conventional demographic data is expensive to gather. By contrast, mobile phone data is extremely cheap.

But there are also issues to guard against. Perhaps the most controversial is privacy. Telefonica says the data sets are entirely anonymised so that it shouldn’t be possible to identify any individual from the data.

If you don’t find that re-assuring, you won’t be alone. There are numerous examples of seemingly anonymised data being used to reveal people’s identities.

And while this approach is place-centric, focusing law enforcement on locations rather than individuals, it’s not hard to imagine authorities taking this kind of approach further by applying crime prediction techniques to the behaviour of individuals.

Perhaps Minority Report wasn’t so far-fetched after all.

Ref: arxiv.org/abs/1409.2983 : Once Upon a Crime: Towards Crime Prediction from Demographics and Mobile Data
https://medium.com/the-physics-arxiv...a-ae869a2e67ab





Google's Doubleclick Ad Servers Exposed Millions of Computers to Malware
Russell Brandom

Last night, researchers at Malwarebytes noticed strange behavior on sites like Last.fm, The Times of Israel and The Jerusalem Post. Ads on the sites were being unusually aggressive, setting off anti-virus warnings and raising flags in a number of Malwarebytes systems. After some digging, researcher Jerome Segura realized the problem was coming from Google's DoubleClick ad servers and the popular Zedo ad agency. Together, they were serving up malicious ads designed to spread the recently identified Zemot malware. A Google representative has confirmed the breach, saying "our team is aware of this and has taken steps to shut this down."

""That's when we thought, something is going on.""

Malware served through ad units (or "malvertising") is nothing new, but this incident is notable because of the unusually broad reach of the attack. "It was active but not too visible for a number of weeks until we started seeing popular sites getting flagged in our honeypots," Segura says. "That's when we thought, something is going on." The first impressions came in late August, and by now millions of computers have likely been exposed to Zemot, although only those with outdated antivirus protection were actually infected.

Zemot is focused on computers running Windows XP, although it can also infect more modern operating systems running on x86 and 64 bit machines. Zemot is designed to bypass a system's security before infecting computers with additional malware, so it's difficult to exactly what effect the attack would have on a system once security had been breached. And while the conditions needed for a successful attack are quite specific, the broad reach of the ads suggests that whoever is behind the attack came away with more than a few successful compromises. "Even if there were only 5% of vulnerable machines," Segura says, "we are still looking at a very large number of infections."
http://www.theverge.com/2014/9/19/65...ers-to-malware





New Data Center Protects Against Solar Storms and Nuclear EMPs

Data loss from an electromagnetic pulse is the bigger worry
Patrick Thibodeau

In Boyers, Pa., a recently opened 2,000-sq.-ft. data center has been purpose-built to protect against an electromagnetic pulse (EMP), either generated by a solar storm or a nuclear event.

The company that built the facility isn't disclosing exactly how the data center was constructed or what materials were used. But broadly, it did say that the structure has an inner skin and an outer skin that use a combination of thicknesses and metals to provide EMP protection.

There are other data centers that protect against electromagnetic pulses, which can be generated by solar storms or high-altitude nuclear blasts. Underground data centers, in particular, advertise this capability. And some vendors offer containers and cabinets that shield IT equipment from EMPs, which can fry circuits.

But there's been little discussion, overall, about whether EMP protection should be a standard risk mitigation feature in data centers.

The two solar storms that began arriving Thursday night aren't strong enough to hurt electronics on the ground, though they could disrupt GPS and radio communications. More than anything, they're a reminder of a risk that is the subject of steady warnings but isn't immediate enough to spur people to do much about it -- though it is real enough to inspire visions of apocalyptic scenarios among Washington policy makers.

Betting against an EMP event is a gamble. On July 23, 2012, a solar super storm released a coronal mass ejection (CME) that passed through the Earth's orbit but missed the Earth itself. It is believed to have been as powerful as the 1859 Carrington Event, a solar storm that disrupted and knocked out the most advanced electronic communications medium of the day, the telegraph.

The perfect solar storm would require a big sun spot cluster and a very rapid CME, and the magnetic field inside the solar storm would have to couple perfectly with the Earth's magnetic field. If that happened, the consequences could be significant, William Murtagh, program coordinator at U.S. Space Weather Prediction Center, said Thursday.

"We're concerned that can happen," he said about the prospect of a major solar storm hitting the Earth. The 2012 solar storm "was very powerful, and some have suggested it would have been on par with a Carrington-level event." But that particular storm was not directed at the Earth, he said.

EMP protection can be built into a data center at very little additional cost, said Kris Domich, president of Cyber Innovation Labs - Professional Services (CIL). The company is the founding member of EMP Grid Services, a recently formed company responsible for the EMP-ready data center in Boyers, Pa. CIL provides infrastructure services.

Domich said the idea for the EMP-resistant data center came from a customer, an insurer, that wanted to protect its data from electromagnetic pulses.

An EMP can "irrevocably destroy" data, said Domich. The magnetic field on a disk that is used to set the data, if not maintained, or if it is abruptly or intensely changed, will wipe out the data, he said.

Lee Kirby, CTO of the Uptime Institute, a data center advisory and research group, said that EMP risks are not high on the list of things that data center managers worry about. But he said that may be more because of the newness of this industry.

"When you look at it from a business justification viewpoint, [EMP protection] gets pushed way down the line, just from a probability point of view," Kirby said.

Nonetheless, he said, the threat of electromagnetic pulses could become a topic of much discussion for data center professionals.

There have been a number of government reports, as well as congressional hearings, detailing the threats posed by EMPs. The idea that an EMP could be generated by a terrorist-sponsored nuclear blast is getting more attention, particularly because of concerns about North Korea and Iran.

A nuclear blast 60 miles up in the atmosphere could expose about 1.5 million square miles of territory to EMP impacts that could, among other things, knock out SCADA systems that help run the infrastructure of electric and water utilities and oil and gas pipeline systems.

The loss of electric power over a substantial period of time is "likely to be catastrophic, and many people may ultimately die for lack of the basic elements necessary to sustain life in dense urban and suburban communities," according to a 2008 U.S. government report that examined the effects of an EMP event.

Repairing the power grid could take four to 10 years, and the economic cost could exceed $2 trillion.

EMPs send out a pulse of energy that can short-circuit electronics in everything from cellphones and computers in cars to enterprise networks. EMP-generating devices are not necessarily nuclear, and they can be built with over-the-counter parts.

Congress has held repeated hearings over the years, particularly since the 9/11 attacks in 2001, and there have been a number of government reports that describe the consequences. But there is no action plan, and the need for EMP protection sits lower on the list of public-sector priorities than increasingly costly infrastructure projects, such as efforts to repair or replace aging bridges, roads and water lines.

The problem may that EMPs are not seen as an immediate threat. According to one government estimate, made by intelligence agencies, a crippling solar geomagnetic storm is unlikely to occur more than once in 100 years.

A U.S. House bill, the Critical Infrastructure Protection Act (HR 3410), requires the government to give more attention to EMP disaster planning and to "proactively educate" the owners of critical infrastructure about the threat of electromagnetic pulses. But it has not advanced beyond a committee in this Congress.
http://www.computerworld.com/article...lear-emps.html





Jack Wayman, Inventor of Consumer Electronics Show, Dies at 92
Paul Vitello

Jack Wayman, a sales executive who saw the future and said it was consumer electronics, organizing the industry’s first trade show in the era of black-and-white television and fighting Hollywood’s endeavor to smother the videocassette-recorder business, died on Aug. 30 in Boulder, Colo. He was 92.

His death was confirmed by the Consumer Electronics Association, an industry trade group he established in 1963 to promote what he saw as a growing demand for consumer-size products from electronics manufacturers.

Mr. Wayman’s title when he founded the group was senior vice president for consumer sales of the manufacturers’ Electronic Industries Association. In practice, he was the industry’s top salesman and chief carnival barker during a sea change in consumer culture.

He organized the first Consumer Electronics Show in 1967, in New York. At the time, the industry’s product line consisted of televisions, radios and phonographs for the most part. By 2012, when he attended his last show at 90, riding in a golf cart, the wares had become a virtual universe of gadgetry capable (theoretically) of connecting everyone on the planet.

Mr. Wayman became widely known to the public in the mid-1970s, when VCRs became popular. He appeared in hundreds of television and newspaper interviews — first as the industry spokesman armed with the soaring sales figures, then as a defender of VCR technology against claims by the film industry that its use violated federal copyright laws.

In the seminal battle that unfolded, Mr. Wayman was the face of VCR-makers, often sparring with Jack Valenti, the president of the Motion Picture Association of America. He testified at congressional hearings in defense of Americans’ right to tape television shows. And in 1984, when the Supreme Court ruled that consumers violated no copyright laws by taping programs for their personal use, he predicted that film studios would reap a windfall in home videocassette sales. He was proved correct.

Norman Jack Wayman was born in Miami on May 12, 1922, the only child of Dora and Jesse Wayman, a prominent Miami developer. He graduated from Davidson College near Charlotte, N.C., and served in Europe during World War II as a combat infantry company commander. The recipient of many medals and two Presidential Citations, he was inducted last year into the French Legion of Honor for service from the Normandy landings until the German surrender.

After the war, Mr. Wayman began taking classes at the Georgetown University School of Foreign Service, then changed career plans. “Guy sitting behind me says: ‘My father’s opening a TV store. Let’s change our classes,’ ” he told The Chicago Tribune in 1992. “I did. That’s when it hit me — electronics fever!”

He was sales manager for a chain of 12 electronics stores and spent 10 years as head of the RCA distributorship in five states around Washington before he was hired in 1962 by the Electronic Industries Association.

Mr. Wayman, who was divorced, is survived by four daughters, Patricia Ann Saunders, Jessica Young, Johanna Philo, and Ariana Barth; one son, Norman Jack Wayman Jr.; 13 grandchildren and 10 great-grandchildren.

Mr. Wayman moved the trade show to Chicago in 1971. By 1989, too big for any one convention center, it had been split into two events — a summer show in Chicago and a winter show in Las Vegas.

He was a tireless salesman. Traveling the country, he gave by his own account 500 interviews a year to trade and general interest publications, ready with facts, figures, bons mots, pronouncements, and a tip on the next big thing.

“We’re moving toward wall-size television screens,” he told The Washington Post in 1982.

He plugged products that made it (car stereos, cordless phones, answering machines, VCRs and personal computers) and those that didn’t (3-D stereo binoculars, hand-held electronic encyclopedias and wristwatch televisions); and apparently posed with them all without fear or favor.

“Cellular phone at my ear?” he asked a photographer at the 1992 show. “Camcorder at my eye? Mickey Mouse talking watch on my wrist? How about a language translator in my breast pocket?”
http://www.nytimes.com/2014/09/18/bu...ies-at-92.html





F.C.C. Revisits Net Neutrality Exemption for Mobile Broadband
Edward Wyatt

High-speed cellular Internet access has been largely exempt from regulations aimed at preventing Internet providers from slowing down or blocking websites and applications. But wireless broadband’s special status is quickly losing support.

On Tuesday, the Federal Communications Commission will hold a round-table discussion to examine whether proposed net neutrality rules should cover mobile broadband. The battle lines will probably be clear: the cellphone companies against nearly everyone else.

Removing the wireless exemption from some net neutrality rules would be a change in the commission’s stance since May, when the regulator laid out a set of proposed rules called “Protecting and Promoting the Open Internet.” In that draft, the newly proposed rules would subject wired Internet service providers to “commercially reasonable practices” of network management.

But in recent weeks, voices calling for wireless broadband to be treated the same as wired services have grown louder.

Last week, Google weighed in, saying such rules “should apply regardless of whether you’re accessing the Internet using a cable connection, a wireless service or any other technology.” Microsoft has similarly said that wireless companies should be subject to the same legal framework as wired connections.

And while speaking last week at the annual convention of CTIA — the Wireless Association, the mobile-phone industry’s largest trade group, Tom Wheeler, the commission’s chairman, highlighted some provocative statistics.

“There have been significant changes in the mobile marketplace since 2010,” he said, referring to the year the commission first passed net neutrality rules, with mobile networks excluded. Those rules were later thrown out by a federal appeals court.

In 2010, 200,000 Americans subscribed to the fastest mobile broadband technology, known as LTE. Now 120 million of them subscribe to it, and 300 million have access to high-speed mobile networks.

“The basic issue that is raised is whether the old assumptions upon which the 2010 rules were based match new realities,” Mr. Wheeler said.

An F.C.C. spokeswoman said Mr. Wheeler’s remarks were not substantially different from what the agency said in the “notice of proposed rule-making” issued in May.

But Gene Kimmelman, president and chief executive of Public Knowledge, a consumer advocacy organization, said he viewed Mr. Wheeler’s comments to the wireless industry group as “a shot across the bow.”

“We’ve sensed for a while the F.C.C. is looking to beef it up on the wireless side,” he said. “There’s less of a difference between wireless and wireline than there was five years ago.” The F.C.C. said it exempted mobile broadband from much of the 2010 regulation because mobile networks faced technical limits on the number of users that could connect to them. The networks were also said to be evolving rapidly and were more subject to competition than fixed broadband networks.

Now, with advanced LTE networks complete, a growing portion of consumers use mobile as their primary method of connecting to the Internet, meaning a wireless exemption would leave those consumers without net neutrality protection.

According to the Pew Research Internet Project, in 2011, blacks and Latinos were more than twice as likely as whites to use mobile phones as their main source of Internet access; people with annual incomes of less than $30,000 also were more than twice as likely to use primarily mobile broadband as people with incomes of more than $50,000.

The wireless companies say that they should continue to be treated differently. Meredith Attwell Baker, a former F.C.C. commissioner who is now the chief executive of the wireless trade group, responded to Mr. Wheeler’s remarks by noting that mobile broadband depends on the public airwaves known as spectrum, which is a finite commodity with limited capacity.

“The growth of smartphones and LTE — and the constant change in our ecosystem — is the clearest evidence we should retain a mobile-specific approach, because it has worked so well for consumers,” Ms. Baker said. “We were already open, always have been, always will be.”

At least a couple of times in recent years, however, the wireless providers have appeared less than fully open.

In July 2012, Verizon Wireless agreed to pay $1.25 million to settle an F.C.C. investigation into whether it was blocking its customers from connecting to an application that allows consumers to use a wireless phone as a modem to connect another device to the Internet, a practice known as tethering.

The F.C.C. was investigating whether Verizon’s conduct violated net-neutrality-like conditions agreed to by the company when it bought a block of spectrum known as the C block.

In August 2012, AT&T said it would not allow customers with unlimited data plans to use Apple’s FaceTime application on its cellular data network. After several public interest groups threatened to file a complaint with the F.C.C. that the company was violating the open-Internet policy, AT&T announced a new policy to support FaceTime use.

Verizon raised eyebrows last week when its chief executive, Lowell C. McAdam, spoke about net neutrality at an investment conference. “Tom Wheeler has said that probably some of those principles should apply to wireless,” he said. “I don’t have any problem with that.”

But a Verizon spokesman said Mr. McAdam was not changing the company’s position, which “supports the open Internet.” The company, the spokesman said, was against applying further net neutrality restrictions to mobile broadband.
http://www.nytimes.com/2014/09/16/te...broadband.html





AT&T’s Fascinating Third-Way Proposal on Net Neutrality
Brian Fung

Imagine an Internet with fast lanes that you -- not your cable company -- controlled.

That's what AT&T is proposing to the Federal Communications Commission in an attempt to bridge the gap between regulation-wary industry groups and net neutrality advocates who want strong government protections for the open Internet.

Net neutrality — the idea that Internet service providers (ISPs) shouldn't speed up, slow down or manipulate consumers' Web traffic — has been the subject of intense lobbying from both sides in recent weeks as we've raced toward a final deadline for public comments at the FCC. Last week, grass-roots groups sent hundreds of thousands of new comments to the agency, with many advocating that chairman Tom Wheeler begin regulating ISPs like telephone companies in an attempt to ban them from charging content companies a special toll to access consumers. (Net neutrality advocates worry that such a system would tilt the Internet economy against startups and small businesses that couldn't afford to pay, and put more money in the hands of large Internet providers.)

The path forward for AT&T's idea — which has been discussed before — is uncertain. Still, it's attracted some cautious approval from consumer groups, in a sign that some are still interested in a compromise amid what's become a major ideological fight in Washington over the future of the Internet.

Here's what AT&T's proposal looks like: In a recent meeting with FCC officials, AT&T's senior vice president for regulatory policy laid out a plan that would allow individual consumers to ask that some applications, such as Netflix, receive priority treatment over other services, such as e-mail or online video games. That's different from the FCC's current proposal, which tacitly allows Internet providers to charge content companies for priority access to consumers but doesn't give the consumers a choice in the matter.

"Such an approach would preserve the ability of Internet service providers to engage in individualized negotiations with [content companies] for a host of services, while prohibiting the precise practice that has raised 'fast lane' concerns," said AT&T in its filing.

AT&T's idea would still allow for commercial deals between companies. But they would have to be arranged as the result of one or more subscriber requests; the ISPs couldn't offer fee-based prioritization just because they wanted to.

Some net neutrality advocates say they're heartened by the proposal.

"I am encouraged that people are coming up with creative solutions and not going to the extreme yes-no position," said Nuala O'Connor, president and chief executive of the Center for Democracy and Technology.

But it's unclear how the proposal would actually be implemented. Would Internet companies pay broadband providers on a per-subscriber basis depending on who asked for priority access? Or would companies such as Netflix pay one single rate for all users on a company's network?

Also ambiguous is whether AT&T's proposal, if adopted, would stand up to a court challenge from opponents. Some believe the idea may be too clever by half. When the FCC's original net neutrality rules were struck down by a three-judge panel in January, the court's opinion said that there would be no way for the FCC to completely ban Internet fast lanes while still regulating Internet providers under Title I of the Communications Act. (Reclassifying ISPs under Title II of the FCC's congressional charter would, according to some advocates, give the FCC the power to ban paid prioritization. Whether that's the case is a whole other debate.)

What AT&T is suggesting is that Wheeler could ban fee-based prioritization of Internet traffic under certain conditions — namely, in cases where customers hadn't asked for it. Presumably under the AT&T proposal, ISPs would advertise heavily to consumers encouraging them to ask for paid prioritization of certain services.

According to Matt Wood, policy director for the consumer advocacy group Free Press, this approach would be promising if it actually prevented what net neutrality advocates fear most — an unequal playing field that favored the largest Internet companies and broadband providers. But Wood is skeptical that the proposal will pass legal muster.

"It's kind of a nice try by AT&T," said Wood, "and we agree with the first premise that if it were user-directed without paid prioritization, that could be okay." But, he added, "it's a complicated word game they're playing."

A close read of the D.C. Circuit court's opinion on net neutrality suggests Wood could have a point. Even if the FCC says that users can tell ISPs to favor some traffic over others, that might still amount to the FCC overstepping its authority to regulate ISPs under Title I.

"A limited exception permitting end users to direct broadband providers to block certain traffic by no means detracts from the common carrier nature of the obligations imposed on broadband providers," the court opinion reads.

In plain English, the FCC isn't allowed to impose "common carrier" obligations on ISPs because they're regulated differently from phone companies. So AT&T's proposal might face some trouble there. But it's a fascinating one, nonetheless.
http://www.washingtonpost.com/blogs/...et-neutrality/





Sorry, AT&T and Verizon: 4Mbps Isn’t Fast Enough for “Broadband”

FCC chairman says Americans shouldn’t subsidize Internet service under 10Mbps.
Jon Brodkin

Contrary to what AT&T and Verizon would have you believe, FCC Chairman Tom Wheeler today said 4Mbps is too slow to be considered broadband and that Internet service providers who accept government subsidies should offer at least 10Mbps.

Last week, we reported on AT&T and Verizon urging the FCC to abandon a proposal that would redefine broadband download speeds from 4Mbps to 10Mbps. If the standard is raised, ISPs that accept government subsidies to build networks in hard-to-reach rural areas would have to provide the higher speed. AT&T and Verizon argued that 4Mbps is good enough, but Wheeler said otherwise today at a hearing in front of the US House Committee on Small Business.

US Rep. Blaine Luetkemeyer (R-MO) pointed to communities with little or no access to high-speed broadband, saying if the minimum speed isn’t high enough, “rural constituents in my district will be left on the wrong side of the digital divide.”

Wheeler responded: “We have proposed increasing the throughput in order to get Universal Service funds from 4Mbps to 10Mbps for precisely the reason that you mentioned, that you can’t have a digital divide. When 60 percent of the Internet’s traffic at prime time is video, and it takes 4 or 5Mbps to deliver video, a 4Mbps connection isn’t exactly what’s necessary in the 21st century. And when you have half a dozen different devices, wireless and other connected devices in a home that are all going against that bandwidth, it’s not enough. What we are saying is we can’t make the mistake of spending the people’s money, which is what Universal Service is, to continue to subsidize something that’s subpar.”

Wheeler said he hopes to “have that issue tidied up” by the end of this year.

The money in question comes from the Connect America Fund, paid for by phone customers through bill surcharges. AT&T and Verizon declined a combined $67.5 million of the funding in 2012, while FairPoint, CenturyLink, and Windstream accepted funding, FierceTelecom reported at the time.

AT&T changed its mind in 2013, deciding to accept $100 million after the FCC made some changes to the program. AT&T said the money would let it “deploy broadband to approximately 129,000 locations that lack any fixed broadband service of at least 768 kbps/200 kbps.”

By accepting that funding, AT&T had to provide at least 4Mbps downstream and 1Mbps upstream to customers who previously had no access to broadband speeds. AT&T was required to deploy service to two-thirds of the locations within two years and to all of them within three years.

The proposed minimum of 10Mbps download speeds (and potentially more than 1Mbps upstream speed) would apply to future grants.

Wheeler discussed several other topics with the House committee today. The FCC needs to promote Internet service competition in areas of the country where it doesn't exist, he said. "Regulation can never be as efficient as competitive innovation," he said. "We must make sure that where broadband competition is unrealistic, we must shoulder the responsibility to promote it."

Earlier this month, Wheeler pointed out in a speech that most Americans have a choice of only two ISPs at speeds of 4Mbps and 10Mbps. At 25Mbps, "there is simply no competitive choice for most Americans," he said.

The FCC is examining whether it should preempt state laws that make it hard for cities and towns to compete against private Internet service providers. The commission is also preparing new network neutrality rules. Consumer advocates have called upon the FCC to reclassify broadband as a "Title II" common carrier service, opening Internet service up to utility-style regulation. The FCC asked the public to weigh in on Title II as part of its net neutrality proceeding but hasn't gone so far as to say that it will reclassify ISPs.

"Title II is very much a topic of conversation and on the table and something we specifically asked for comment on," Wheeler told the House committee.

The FCC received 3.7 million comments about a tentative net neutrality proposal. The commenting period is over, but the FCC hasn't said yet when it will propose final rules.
http://arstechnica.com/business/2014...for-broadband/





Why a Thinly Sourced, Unverified Report About Comcast has the Web in an Uproar
Brian Fung

In the last 24 hours, Comcast has been embroiled in a minor controversy concerning countless subscribers who use Tor, the traffic-anonymizing service designed to hide your Web activity from would-be snoops. According to a report on a Web site known as Deep Dot Web, Comcast has "declared war" on customers who use Tor and is threatening to disconnect their service over a perfectly legitimate activity. Not surprisingly, the accusations have thrown Internet users — many of whom are already predisposed to dislike Comcast — into an uproar.

But don't buy what Deep Dot Web is selling. Comcast is denying the accusations, of course, but the claims are also being rejected by Tor users themselves. Between the unambiguous denunciations coming from Comcast and the thinly-sourced nature of Deep Dot Web's report, it isn't likely that Comcast is doing anything nefarious here.

Citing anonymous sources on a relatively obscure reddit page and at least one complaint shared with Deep Dot Web directly, the report accuses Comcast of telling customers that Tor is an "illegal service" that violates the company's acceptable use policy. Failure to terminate Tor usage, these service reps say, would result in the termination of Comcast service, according to Deep Dot Web.

If you've never used Tor, the service has one basic function: to hide your browsing habits from prying eyes. When using the Tor browser — a specially modified version of Firefox — your traffic doesn't go directly to its destination, but instead gets bounced across multiple intermediaries. When it comes out the other side and continues on, it's almost impossible to tell where (and from whom) the traffic originated. Not even the NSA has figured out how to crack the core Tor infrastructure (as far as we know.)

What Deep Dot Web is implying is that Comcast is monitoring people who use this service and singling them out for special treatment. It's significant not only because these are serious charges, but because it recalls a similar case resolved in 2008 concerning Comcast's throttling of peer-to-peer filesharing services. Back then, the FCC said that Comcast was violating net neutrality by taking action against BitTorrent traffic. Although the incident led an appeals court to rule in Comcast's favor, it kicked off a debate over net neutrality that continues today.

Unlike the BitTorrent case, it doesn't appear that the Comcast actions against Tor are widespread, if they're happening at all. On Monday, the company categorically denied monitoring what users do on its network.

"The report may have generated a lot of clicks, but is totally inaccurate," Comcast exec Jason Livingood wrote in a blog post. "Comcast is not asking customers to stop using Tor, or any other browser for that matter."

Livingood added that he is an occasional Tor user himself.

A Comcast spokesman clarified to The Washington Post that "termination is not a policy… post-BitTorrent, we've been very consistent and clear there's no application or service or any website or protocol that our customers cannot use with their Comcast Internet service."

There are good reasons to be skeptical of Comcast, particularly when the company has itself acknowledged its poor record on customer service. Bashing Comcast is easy and popular, which may be one reason Deep Dot Web's report rose so quickly to the top of reddit Monday morning. (The report is now nowhere to be found on reddit's front page.)

Still, users of Tor themselves quickly dismissed the report in a discussion taking place on an online mailing list.

"Without someone willing to go on the record or more details, I'm going to call bulls**t on this entire blog post," wrote mailing list member Griffin Boyce. "I'm an avid Tor user that runs bridges and hidden services from home. And as a Comcast customer, I've never been contacted for this behavior."

Another user, self-identifying as "Mirimir," chimed in that there was "as yet no evidence" that the allegations against Comcast reflected a change in company policy. "In the worst case, Comcast would be less of a threat to its Tor users than the Great Firewall is to Chinese Tor users," Mirimir wrote, referring to the censorship software that makes certain search results and other content unavailable to Chinese Internet users.

In the United States, the only times when Comcast customers might face action against them is if they've violated copyright law — in which case the government obligates Comcast to notify the customer that they've infringed copyrighted material — or if customers are operating a proxy server for the benefit of the general public. But even in those cases, according to Comcast, service termination is a last resort. Not the first.
http://www.washingtonpost.com/blogs/...-in-an-uproar/





World Wide Web Inventor Slams Internet Fast Lanes: ‘It’s Bribery.’
Brian Fung

A quarter-century ago, Timothy Berners-Lee designed the world's first Web browser and server, kicking off a thing that people started calling the World Wide Web.

In a visit to The Washington Post, on Thursday, Berners-Lee said that system is now in danger from Internet service providers (ISPs) who stand to amass too much power over what was intentionally built as a decentralized network — one where no single actor could dictate outcomes to everyone else.

Berners-Lee pushed back against opponents of net neutrality regulation who argue that applying new rules on ISPs is tantamount to regulating the Internet. There's a difference between regulating providers of broadband and the services that run on top of it, said Berners-Lee. Strong net neutrality rules would help preserve that line dividing the two and limit the incentive of ISPs to meddle in the market for services.

"A lot of congressmen say, 'Well, sign up for the free market' and feel that it's just something you should leave to go by itself," said Berners-Lee. "Well yeah, the market works well so long as nobody prints money. So we have rules, okay? You don't steal stuff, for example. The U.S. dollar is something that everyone relies on. So the government keeps the dollar a stable thing, nobody steals stuff, and then you can rely on the free market."

When Berners-Lee built the Web, he took the telephone wire coming out of his wall, plugged it into his computer and could instantly connect to any other computer. He didn't have to ask his telephone company's permission to introduce a new feature, he said.

But the rules currently being deliberated by the Federal Communications Commission, which would tacitly allow ISPs to charge content companies for priority access to consumers, would change how easily inventors can spread their ideas. In such a future, Berners-Lee warned, new technologies and companies might crop up faster in other countries if services were forced to "bribe" their way to success.

"We need rules," said Berners-Lee. "If businesses are to move here and start here rather than start in Europe or Brazil or Australia — they're going to look around and make sure, 'Oh, does the power stay up?' And they'll look for other things. 'Is the Internet open?' Will they have to effectively bribe their ISPs to start a new service? That's what it looks like from the outside. It's bribery."

To many consumers, "the Internet" is simply the collection of applications and services they use on a daily basis, not the technical equipment and business relationships that help shape the economics of the Web. And to Berners-Lee, that's a good thing: It lets people go on with their lives and keep the rest of the economy running.

"How the technical bit — all the deals about peering all that — is really complicated and difficult," said Berners-Lee. "That is something normal people in the street aren't going to understand — and they shouldn't have to! If you have to start understanding what's happening inside, then the Internet has failed already."
http://www.washingtonpost.com/blogs/...s-its-bribery/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

September 13th, September 6th, August 30th, August 23rd


Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - November 24th, '12 JackSpratts Peer to Peer 0 21-11-12 09:20 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 09:48 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)