P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 11-11-15, 08:26 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - November 14th, '15

Since 2002


































"These bad ideas should die at T-Mobile before they turn the internet into just another zone of total corporate control." – T.C. Sottek


"[W]e wasn’t there to hurt innocent people, just the government." – Cracka


"The fact that you have my cellphone number is really harassment, and I'm going to report it." – Deena Bennett, DEA Wiretap Unit






































November 14th, 2015




Silence is Golden: China Tightens Screws on Online Music

China is tightening control of online music, paying particular attention to content and jacking up already tight censorship of the Internet.

From Jan. 1, companies offering online music should police content before making it available, the Ministry of Culture said on its website. China's three biggest Internet companies, Alibaba Group Holding Ltd, Tencent Holdings Ltd and Baidu Inc all have music streaming platforms.

This edict is the latest strike in a multi-year campaign to "cleanse" both the Internet and culture more broadly of material the ruling Communist Party might deem a threat to China's stability. The country already operates what experts say is one of the world's most sophisticated online censorship mechanisms.

Baidu declined to comment. Alibaba and Tencent were not available for immediate comment.

The self-censorship system for music mirrors those currently in place at Internet companies, which employ large teams to scour the firms' websites and apps and eradicate sensitive material.

Academics and censorship experts say the self-policing, with punitive measures for failure to remove "harmful" content, encourages companies and individuals to be conservative and censor more than may be necessary, in order to avoid punishment.

Despite the crackdown, music industry professionals say that China is becoming an increasingly important market, especially as music streaming gains popularity and a growing middle-class pays for high-quality services.

The government has been trying to shake off the country's image as a market notorious for rampant music and entertainment piracy, issuing new regulations and punishments for offenders.

The ministry also asked online music platforms to submit information about their music to government officials from April 1.

In August, the ministry banned a list of 120 songs from being distributed online because they were "morally harmful".

A large chunk of the songs were made by a handful of hip-hop artists, mirroring Western countries' moral panic over rap in the 1990s and early 2000s.

(Reporting by Paul Carsten; Editing by Nick Macfie)
http://uk.reuters.com/article/2015/1...0SY19120151109





In the Stream of Internet Radio, Music Stations Hold Their Own
Nick Wingfield

Internet radio was supposed to squash small FM music stations like KEXP. Someone forget to tell that to KEXP, the little station that has helped start the careers of big music acts like the Lumineers and Macklemore and Ryan Lewis.

Last week John Richards, the morning D.J. at KEXP, walked through the station’s gleaming new headquarters not far from the Space Needle. It is a $15 million project intended to further the station’s evolution into a brick-and-mortar music programmer for the Internet age.

As workers put the finishing touches on the soaring public performance space near the building’s entrance, Mr. Richards pointed to a corner that will eventually have a cafe and another that will house a record store. A large soundproof window provided an aquarium-like view into the booth that Mr. Richards and other D.J.s will begin broadcasting from next month.

“It’s like ‘Star Trek’ in here,” Mr. Richards said, inspecting the electronic consoles, microphones and computer displays inside the booth.

Music fans live in a time of plenty, when nearly every song for any musical taste can be listened to in an instant over the Internet, from Spotify, Pandora and dozens of other sources. Satellite and commercial radio crowd the airwaves with further options for discovering new music and listening to the old.

And yet a handful of nonprofit music stations like KEXP with roots in college radio have never been doing better. They are using the Internet to reach bigger audiences around the globe, adding to their video programming and seeking to become in-person destinations for fans.

Most of all, they are trying to stand out with their music programming, with genre-hopping mixes selected by D.J.s rather than software or dictated by program directors at commercial radio chains.

The abundance of music and methods of distribution has increased demand for human tour guides for all of it.

“There’s so much music out there, so many places to go,” said Roger LaMay, general manager of WXPN, a public music station in Philadelphia, and chairman of the board of National Public Radio. “But finding curation from a trusted source is a lifeline for most music lovers who don’t have the time or wherewithal to sift through it all on their own.”

An excerpt from a well-known KEXP show dedicated to the Beastie Boys album “Paul’s Boutique.”

KCRW, a public radio station in Southern California, is another tastemaker. At the end of next year, the station plans to move out of its basement studio beneath the cafeteria of Santa Monica College to a $48 million facility with a public performance space.

“The thing that has helped KEXP and KCRW is we’re not traditional radio,” said Jennifer Ferro, the president of KCRW. “We’re really building this tribe of people that are interested in music discovery and curious about the world.”

Even Apple has cottoned to this approach, introducing a human element into its Apple Music service with Beats 1, a live, Internet-only radio station anchored by Zane Lowe, a former BBC radio D.J., and other musical tastemakers.

KEXP has made thematic narratives for music junkies, rather than pop hits, one of its specialties. In July, it dedicated 12 hours to a meticulous deconstruction of “Paul’s Boutique,” the seminal Beastie Boys album, in which it played every track on the album along with the original songs that they sampled. Music fans raved on social media.

Next month, it plans to devote the same amount of time to playing all of the songs that borrow a famous drum riff from “Funky Drummer,” a classic James Brown song that features a commonly sampled solo by the percussionist Clyde Stubblefield. Breakdowns of the samples in classic De La Soul and Public Enemy albums are planned for next year, Mr. Richards said.

“They are a hybrid of a lot of different radio stations, but ultimately they’re their own thing,” said Jonathan Poneman, co-founder of Sub Pop Records, who was a D.J. at the station in the 1980s when it went by a different name, KCMU. “They still are fundamentally the renegade station they were when they started.”

The station’s D.J.s are walking Wikipedias of musical trivia, not commercial radio personalities who seem to have had one too many espressos. Mike McCready, the lead guitarist for the rock band Pearl Jam, singled out for praise a show in which Kevin Cole, a KEXP D.J., played songs from all of the bands that were inspired by being in the audience of an early show by the Sex Pistols, an influential punk rock band.

KEXP doesn’t have anything like the tens of millions of listeners of an Internet channel like Pandora, and probably never will. It reaches about 206,000 listeners a week, just over a quarter of whom stream the station over the Internet. That’s more than three times its audience 15 years ago. New York is the second-biggest source of online listeners, after the Seattle-Tacoma area.

As a nonprofit, it doesn’t have to chase ears like its commercial rivals. KEXP receives about half of its annual $6 million cash operating budget from listener pledges, while the rest comes from grants, corporate underwriting and other sources.

KEXP has significantly expanded its audience through its YouTube channel, which features sessions with musicians at its studios and at music festivals around the world. It posted more than 500 such videos last year and its channel has about 743,000 viewers a week.

Its most popular video, with nearly 30 million views, showed a kinetic Macklemore and Ryan Lewis, the Seattle hip-hop duo, performing “Can’t Hold Us” four years ago, when they were on the cusp of mainstream stardom. “That was a moment we knew something was special,” Mr. Richards said.

While its audience can’t compare in size to its digital rivals, the station is revered by many influential fans.

“I am listening to @kexp and @loserboy on @iHeartRadio and I am LOVING it!” Jimmy Fallon, the “Tonight Show” host, tweeted last month. (@loserboy is the Twitter handle of Mr. Richards, and iHeartRadio is an app from the radio conglomerate of the same name for listening to radio stations over the Internet).

Wesley Schultz, the guitarist and lead singer for the Lumineers, the Denver folk rock band, said Mr. Richards played his band’s song “Ho Hey” twice a day, back to back, for a week during his show in 2012.

“It started making waves for our band that we would never have anticipated,” Mr. Schultz said, adding that he listens to the station every morning. “All these people started finding our music through this station.”

For almost 10 years, KEXP has broadcast sessions with bands playing at a music festival in Reykjavík, Iceland (Mr. Cole was broadcasting from there last week). In 2010, KEXP filmed a video of a recently formed band, Of Monsters and Men, performing their song “Little Talks” in the living room of one of the band members. The song went on to be a quadruple platinum seller, said Heather Kolker, the band’s manager, who credited KEXP with raising their profile.

“It lifted them out of the mass of things going on that year,” she said.

In the cramped, rundown offices that KEXP currently occupies in Seattle, one bathroom is out of order and the station has bought a portable boat toilet in case the remaining one breaks down. The station’s small recording studio is decorated with cheap black curtains and Christmas lights.

Its new headquarters are palatial in comparison, with a laundry facility, showers and storage lockers to make the place more comfortable for touring bands. KEXP will record video of live sessions with bands in a new $500,000 performance space, which has a viewing area for about 75 people.

“We barely call ourselves a radio station,” said Mr. Richards. “We do so much more than that. We see ourselves as a media organization, a community organization.”
http://www.nytimes.com/2015/11/09/te...their-own.html





Fast Broadband for All by 2020 Pledged by David Cameron

All UK homes and businesses will have access to "fast broadband" by 2020, David Cameron has pledged.
BBC

The PM is to introduce a "universal service obligation" for broadband, giving the public a legal right to request an "affordable" connection.

It would put broadband on a similar footing to other basic services such as water and electricity.

Labour said it meant "another five years on the broadband back-burner" for those struggling with their service.

In 2010, the coalition government promised the UK would have the best superfast broadband in Europe by 2015.

Then, in 2012, a pledge was made by then-Culture Secretary Jeremy Hunt that the UK would have "the fastest broadband of any major European country" by 2015.

He defined high-speed broadband as offering a download speed of greater than 24 megabits per second (Mbps). Communications regulator Ofcom defines it as 30Mbps.

'Fundamental right'

Mr Cameron's latest announcement is aimed at ensuring consumers have access to a broadband connection with a speed of at least 10Mbps, no matter where in the country they live or work.

"Access to the internet shouldn't be a luxury, it should be a right - absolutely fundamental to life in 21st Century Britain," he said.

Mr Cameron, who is expected to set out further details next week, added: "Just as our forebears effectively brought gas, electricity and water to all, we're going to bring fast broadband to every home and business that wants it.

"We're getting Britain - all of Britain - online, and on the way to becoming the most prosperous economy in the whole of Europe."

Officials said that more than 83% of homes and businesses in Britain currently have access to a superfast broadband connection - 24Mbps - with that number set to rise to 95% by 2017.

Culture Minister Ed Vaizey told BBC Radio 4's Today programme: "We want to upgrade the universal service obligation to provide fast broadband speeds of 10Mbps for the very hardest to reach homes and businesses. Those at the end of the line, the last 5% that we are desperate to get to.

"So we're putting in place this regulation, that we're going to consult on at the beginning of next year, to make sure that if you're in that last 5%, you can demand, and you'll get it."

Chi Onwurah, shadow minister for culture and the digital economy, said the government needed to set out how the new pledge would be funded and when consumers would "actually see the benefits".

"Five years after abandoning Labour's fully-funded commitment to universal broadband, the government's "superfast" broadband rollout is still being hit with delays and at the mercy of a single provider," she said.

Record criticised

The government has already given BT £1bn to extend broadband to some rural areas, although its record has been criticised, BBC reporter Rob Young says.

It is unclear whether more taxpayers' money will be available for this latest ambition, he adds.

BT says faster universal broadband needs to be "commercially viable". Virgin Media has argued against state subsidies.

In September, BT hit back at rivals calling for its break-up, as it announced a strategy to make the UK the fastest broadband nation.

It revealed plans to connect 10 million homes to ultrafast broadband (300-500Mbps) by the end of 2020 and raise the minimum broadband speed for homes that cannot get fibre to 5-10Mbps.
http://www.bbc.com/news/uk-34753331





Leaked Comcast Memo Reportedly Admits Data Caps Aren't About Improving Network Performance

Public relations would also prefer that you stop calling it a data cap
Dante D'Orazio

Comcast is unleashing its PR machine to try to manage the controversy around its home broadband data caps. After recently expanding its "trial" 300GB monthly data cap in several cities around the Southeastern US, it looks like public relations circulated a memo to customer service representatives telling them how to discuss the new plans. That memo has now reportedly leaked online, courtesy of a Comcast employee on Reddit.

In it, Comcast admits what many have long suspected: its data caps have nothing to do with network congestion. In a section on best practices when explaining why Comcast is expanding its data caps, representatives are told [emphasis added]:

Do say: "Fairness and providing a more flexible policy to our customers."

Don't say: "The program is about congestion management." (It is not.)

Of course, "fairness" doesn't quite explain it, either. If data caps don't improve network reliability or performance, why does Comcast now see the need to charge customers more for the same data they've been using for years? Since there's such scarce competition in the US cable industry, the answer is likely quite simple: because Comcast can.

"PR: unleashed"

Under the new plans, depending on region, customers can opt to pay an extra $30 to $35 per month to unlock unlimited internet access. Subscribers who don't sign up for such a plan will automatically be charged $10 for an additional 50GB if they exceed their limit. Caps start at 300GB for standard internet plans, while they max at 600GB for the company's "Extreme" tier.

The timing is also particularly opportune: while the vast majority of Comcast customers currently use less than 300GB per month, internet usage is set to drastically increase as video streaming (especially in 4K) becomes more and more central to home entertainment. This allows Comcast to set the policy without ruffling too many feathers, and by the time users need those 300GB, the company hopes, it'll just be standard to pay for more data.

Oh, and Comcast PR would prefer if you didn't call it a data cap — since you can pay more to bypass the 300GB limit, it's a "data usage plan" like those ones your wireless carrier charges you for. Comcast maintains in the documentation that "we do not limit a customer's use of the internet in any way at or above 300GB" since it no longer throttles its users. However, that only makes sense if you don't count surcharges and fees as limiting your internet experience.

""Do not address these items with the customer." "

The company's also spinning the trial 300GB cap somehow as a positive. Service reps, according to the leaked document, are told to say that "Customers in trial markets had their data usage plan increased to 300GB." Since subscribers in non-trial markets aren't getting charged at all for extra data, that might seem nonsensical, but Comcast has it figured out on a technicality. See, in officially-sanctioned PR-speak, customers in non-trial markets don't have unlimited data, they "have a 250GB data usage plan, although we are not currently enforcing this policy."

There are also a few other interesting details in the leaked documents, including the company's policy for dealing with customers who use certain buzzwords that Comcast doesn't like. If a customer utters the words "net neutrality," or dares to ask about what is and isn't counted under the data cap, they'll get transfered to a different customer service team. Calls will also be escalated if customers make "observations about how Xfinity services are or are not counted relative to third party services." Representatives are instructed "not address these items with the customer" according to the documentation. Historically, Comcast's own internet streaming services, like its Xfinity app for Xbox, have not counted against caps, while competing services like Netflix do.

Data caps aren't new for Comcast, though they are rare at other major US cable companies. In 2012, the company announced that it was dropping its 250GB hard data cap on home broadband customers. Comcast said at the time that the caps would eventually be replaced with the system that is now being more widely trialled around the country.

Disclosure: Comcast is a minority investor in Vox Media, The Verge's parent company.
https://www.theverge.com/smart-home/...ork-congestion





Comcast Keeps Scolding Me For Calling Its Top Lobbyist A Lobbyist
Karl Bode

Last summer I noted that Comcast's PR department pretty consistently now sends me snotty e-mail "corrections." Not about any of the thousands of articles Techdirt or I have written about the company's abysmal customer service, punitive usage caps, ridiculously high prices, or obnoxiously anti-competitive behavior mind you, but to scold me for one and only one thing: calling the company's top lobbyist a lobbyist.

You see, despite the fact that Comcast Executive Vice President David Cohen spends the majority of his time trying to influence state and federal regulators (he was the lead salesman of the NBC and Time Warner Cable mergers), Comcast calls him the company's "Chief Diversity Officer." That's because updated 2007 lobbying reporting rules require that if an employee spends more than 20% of their time lobbying in DC, they have to register with the government as a lobbyist, detail their travel with lawmakers, and more fully outline their contributions to politicians and their myriad foundations.

As a result, Cohen -- and thousands of other lobbyists -- simply started calling themselves something else. And ever since Comcast started complaining, I've of course felt compelled to refer to him as a lobbyist as often as possible. I did so again last week when I wrote a blog entry noting that Cohen saw a notable contract extension and pay raise despite his failure to get the company's Time Warner Cable deal approved. Not too surprisingly, Comcast spokesperson Sena Fitzmaurice was quick to reach out and scold me, for what I believe is now the third time:

"I know I may be not worth asking, but could you use factual information in your pieces? It is factually incorrect to say that “David Cohen spend the lion’s share of his time pushing Comcast in policy circles just like any other lobbyist.” That is just not true. To be true, David would have to spend the lion’s share of his time in Washington, DC – which he doesn’t. It would have the be the lion’s share of his responsibilities which it isn’t. Your belittling of the serious time he devotes to his Chief Diversity Officer duties is insulting, it isn’t tap dancing around a legal rule. Our workforce is 59% diverse, our 2014 hires were 69% diverse, and David expends considerable time to his commitment as Chief Diversity officer."

And while the Comcast HR department's dedication to diversity is admirable, Cohen's primary claim to "diversity" fame is his creation of "Internet Essentials," a piece of regulator bait Cohen used to seal the NBC Universal deal to the FCC and DOJ. Crafted as a merger condition by Comcast itself, Internet Essentials is supposed to offer low-income users who qualify for the nation's school lunch program $10 broadband for a limited time. Of course when initially released, the poor people Cohen so adores actually protested on the streets of Philadelphia, arguing that the project was a PR stunt that, in reality, was hard to qualify and sign up for.

Cohen and Comcast use Internet Essentials as a public relations and lobbying weapon to highlight the company's incredible altruism at every conceivable opportunity. Cohen's cherub-esque visage can often be seen standing among smiling children at what's an endless series of PR junkets. That I doubt the purity of these efforts by arguably the least-liked company in America is most likely some kind of defect in my character, I'll be the first to admit.

But Fitzmaurice continued, lecturing me on the fact that Comcast actually did a wonderful job at adhering to the more than 150 flimsy NBC merger conditions, most of which Comcast itself created:

"Further, your continued insistence that Comcast hasn’t adhered to the more than 150 conditions of the NBCUniversal transaction by the FCC and the DOJ consent decree belies the facts. In the nearly 5 years since the transaction was concluded, the FCC has taken 1 action on a merger condition, and that was over 3 years ago. That means the FCC has not had enforcement issues with about 150 other conditions. That hardly seems like “failed utterly to adhere to merger conditions.” Other than on that one issue of standalone broadband marketing, which was resolved and the consent decree on that issue itself has expired, the FCC and the DOJ have not taken actions on violations of conditions or the consent decree."

And that's technically true. The only wrist slap Comcast got was a $600 million fine from the FCC for hiding a $50 a month standalone broadband option it had promised to offer. But the fact that the FCC couldn't be bothered to enforce the NBC merger conditions says more about the FCC than anything else. And indeed, the lion's share of the conditions Comcast pats itself on its back for adhering to were utterly hollow, including things like adding "1,500 more titles to Comcast’s on-demand offerings for children." Most of these show pony suggestions were suggested by Comcast because the company had already planned to accomplish them anyway as a matter of course, like expanding its broadband network to 400,000 additional homes.

Subsequent investigations found that Comcast violated the most meaningful conditions and was never held accountable for them, including promises not to meddle in the management of co-owned Hulu. And to reiterate, the company's star NBC merger condition was so "successful" it resulted in public protests in the streets of Philadelphia. And indeed, numerous news outlets reported that Comcast's failure to adhere to NBC Universal deal conditions played a major role in their rejection of the Time Warner Cable merger, causing regulators to even consider additional punishment beyond deal rejection. So yeah, factual information and all that.

After explaining this all to Comcast (again) I reminded the company I'm using the dictionary definition of the word lobbyist, and it may want to contact Random House and Merriam Webster with any future concerns. Still, I'm happy to use the powers of the Streisand effect and pen a blog post each and every time the company's PR representatives feel like scolding me for semantic bullshit. There's certainly a lot more to be said about the nation's utterly pathetic lobbying rules that let most lobbyists like Cohen tap dance over, under, and around political influence reporting requirements.
https://www.techdirt.com/articles/20...lobbyist.shtml





T-Mobile is Writing the Manual on How to Fuck Up the Internet

Yes, John Legere, it is a net neutrality problem
T.C. Sottek

The internet is still in trouble, and now we know how it’s going to get worse.

T-Mobile has just announced "Binge On," a deal that gives customers unlimited access to Netflix, HBO Go, ESPN, Showtime, and video from most other huge media brands (but not YouTube!). It’s just like T-Mobile’s "Music Freedom" promotion, which gives customers unlimited high-speed data, as long as they’re listening to music from Spotify, Google Play Music, or one of T-Mobile’s other partners. It sounds like a sweet deal, and many customers will benefit! But it’s dangerous for the internet. When John Herrman writes that the next internet is TV — and you should believe him — this is part of how we get there. You know that viral picture that shows ISP internet bundles being sold as cable packages? That’s basically what’s happening here, except it’s more difficult to stop because, as the FCC might say, there’s "no obvious consumer harm" in giving people free stuff.

Of course, "free" isn’t really free, is it? This scheme is called "zero rating," and people like Susan Crawford have been warning us for a while about the risk it poses for the open internet. The only reason Binge On and Music Freedom sound like such a great pro-consumer deal is because the top four mobile ISPs — Verizon, AT&T, Sprint, and T-Mobile — have manufactured a market based completely on artificial scarcity. For years ISPs have clamored about a mobile data crunch that never materialized to justify data caps and outrageous prices, and wouldn’t you know it, now they have the solution. After years of aggressively trying to cull the herd of people who still remember the meaning of the word "unlimited," they’re rebranding it as something special and new. It’s, like, so un-carrier, man.

Even the landline ISPs are using the same spin now, because their siblings in the mobile business have perfected the art of squeezing customers for access to data. Comcast, likely terrified of losing margins in the TV business, is experimenting with ways to arbitrarily tax its broadband customers by offering them "unlimited" data plans. These caps have nothing to do with network congestion and everything to do with collecting as much rent as possible from tenants who often have no choice.

Verizon is so desperate to impart the logic of limitation that it now offers data plans in "small, medium, large, extra large, and extra-extra large" sizes. Each metaphor is more inane and unnecessary than the last, but it doesn’t really matter, because only a few companies really own the internet, and they succeed most when they cooperate without acting like they’re cooperating. It’s all as meaningless as the wireless puffery about who's "most reliable." The only reason T-Mobile's plan makes sense is because it exists in this world of hollow language and artificial constraints.

T-Mobile CEO John Legere today claimed that the mobile industry has collected $45 billion from customers who "overbought" data they didn’t need to use. He wants you to think T-Mobile is blowing this model of theft up, but it’s actually just playing the same game as everyone else. That doesn't mean T-Mobile is trying to gouge customers, but BingeOn is bad for different reasons. It's bad for net neutrality.

Binge On is bad because it gives T-Mobile too much power. It’s really that simple. And yes, it’s bad for net neutrality. If net neutrality has a core idea, it’s that regular people ought to be in charge of the internet — especially since the internet is mostly just people. That means companies like T-Mobile shouldn’t be picking winners and losers, even if customers appear to be winning in the short term. And there are definitely going to be losers. Legere insists that anybody who wants to be a part of Binge On can be, as long as they meet T-Mobile’s technical specifications. It’s not clear what those specifications are yet, though Legere used words like "optimized video" and "DVD quality or better." But that just sounds a lot like another type of managed network: cable television.

"This is not a net neutrality problem," Legere insisted on stage today at his company’s Uncarrier X event. "This is similar to Music Freedom. It’s free!" Free, free, free.

It's not clear if Legere understands what net neutrality means. To understand why free is a problem, we need to look at net neutrality in the context of the scarcity the ISPs have created. Consider T-Mobile and Sprint’s basic "unlimited" data plans: each technically include unlimited data, but only 1GB at 4G speeds. (T-Mobile announced today it had "amped" that minimum plan to 2GB.) As soon as you reach that cap, you’re kicked down to 2G speeds which are basically unusable for most things worth doing on the internet. When I was on T-Mobile’s 1GB plan before it announced Music Freedom, I nearly used my entire data allowance listening to Google Play Music on a one-way bus ride from New York to DC. But since T-Mobile now gives me all that data for "free," it’s a huge competitive advantage against T-Mobile’s rivals. It’s too bad the cost is competition at large.

Remember when Netflix accused Comcast and other ISPs of holding their customers hostage for payment? Netflix paid up, and depending on who you ask, it looks like the ISPs won big time. But Netflix also won! Despite arguments that Netflix was an underdog, it’s doing huge business, and it’s going to be fine. Netflix is not the problem — it’s even going to enjoy unlimited access to customers as part of Binge On, along with all the other big media brands that were called out by name today at T-Mobile's event. It’s the next Netflix that’s going to suffer. Or maybe even just the next website. Have you noticed that all these zero-rating programs privilege video and sound? What about everything else? The network isn't open if this kind of discrimination exists.

One of the worst possible worlds for the internet is one in which suits at companies like Comcast or T-Mobile have to meet in a boardroom before you’re allowed to experience something without limits. That future looks more and more likely as media companies, technology companies, and telecommunications companies become more tightly integrated in complicated layers of cartel-style ownership — the same way the TV business has operated for decades.

So Binge On is a bad idea. It gives T-Mobile too much power in deciding winners and losers on the internet, and it gives other ISPs incentive to adopt similar measures to stay competitive. Worse, its spin as a pro-consumer benefit obscures the manipulation of the broadband market that’s happening right under our noses. John Legere even breathlessly talked trash about Verizon "curating" what people should watch under Go90, even though he’s basically doing the same thing with a different name.

It’s the FCC’s job to scrutinize Binge On and other zero-rating services, but the agency hasn’t done anything about it yet. When the FCC’s new net neutrality rules debuted this year, the Music Freedom plan was called a "lesser concern" because it posed no obvious harm to customers. But the harm is obvious — it transfers power from consumers and small companies to gatekeepers.

Next time you see a gold-plated Monster cable at Best Buy, remember that we’re living in a new Gilded Age whose stark inequalities are often masked by corporate spin and demagoguery. If there’s one thing you need to know to understand the shape of things to come — and that definitely includes the internet — it’s that the rich are getting richer and more powerful, and fast. There’s no conspiracy theory here, just hard data about who owns what. The thing we conveniently call the internet, which is really just varying combinations of you, and me, and the phones and wires and media that are all connected by them, are owned and operated by very few people. Those people are going to keep making a lot of decisions for you, both because they can and because they think they know best. And they’re going to try to sell you on the idea that it’s good for you.

John Legere loves to brag about how much he’s disrupting the industry. "Dumb and dumber are really gonna lose their shit over this one," Legere said today, talking about AT&T and Verizon. "The other guys can’t keep up." In this case, we really hope the other guys don’t keep up. These bad ideas should die at T-Mobile before they turn the internet into just another zone of total corporate control.

The truly simple solution is to just offer unlimited data access for everything. But maybe T-Mobile is content to just keep playing the barking dog in AT&T and Verizon's backyard.
https://www.theverge.com/2015/11/10/...em-john-legere





F.C.C. Sides With Hot Spots, and Hospitality Industry Feels a Chill
Martha C. White

Fed up with Internet charges that can range into six figures, more meeting planners are instead using mobile hot spots to connect at conferences and conventions. But their efforts have at times been stymied, when the venues have electronically blocked the transmissions.

The Federal Communications Commission has recently been intervening in this high-tech game of cat and mouse. Last week, the commission proposed a $718,000 fine against M. C. Dean, the company that provides Internet services at the Baltimore Convention Center, over accusations that the company blocked Wi-Fi hot spots, as well as a $25,000 fine against Hilton Worldwide Holdings for what the agency called “apparent obstruction of an investigation” into Wi-Fi blocking.

“Clearly the F.C.C. has taken a legal position,” said Bjorn Hanson, clinical professor at the Preston Robert Tisch Center for Hospitality and Tourism at New York University.

Last year, the commission fined Marriott International $600,000, then issued a warning in January that blocking hot spots in hotels and “other commercial establishments” was illegal. In August, the agency levied a $750,000 fine against Smart City Holdings, a company that manages Internet services in 28 convention centers. Consumers have a right, the commission said, to use hot spot technology like smartphones and wireless routers like MiFi without interference.

“It puts meeting planners in a better spot, because they know the F.C.C. is behind them,” said Eric Bracht, a senior consultant of audiovisual operations at the consulting company Electro-Media Design Limited. “Now they have some backup.”

In response, the hospitality industry has countered that the commission has overstepped its authority and has given poor guidance about how companies are allowed to manage their Internet connectivity. Wi-Fi networks created by hot spots, industry officials contend, are less secure and can interfere with their in-house networks.

M. C. Dean said in a statement it planned to challenge the fine, and it and Hilton have said they disagree with the agency’s recent decisions. Marriott and Smart City also issued statements after their settlements, maintaining that they had broken no laws.

“From our point of view, we don’t believe that M. C. Dean has done anything to deliberately deceive our customers,” said Peggy Daidakis, executive director of the Baltimore Convention Center.

The hospitality industry has plenty to lose. While business travelers grumble about having to pay $15 or $20 a night for Wi-Fi access at upscale hotels, those charges are a drop in the bucket compared with what event planners pay for Internet access in hotel conference space and convention centers.

Mr. Hanson estimated that hotels in the United States collected as much as half a billion dollars in revenue from Internet charges last year.

“I did a meeting a few years ago in a convention center,” said Donna Jarvis-Miller, director of membership and events for the American Public Human Services Association, who said the initial quote for Internet service gave the association sticker shock.

“It was close to $30,000, and that was just to buy out just a section of the convention center we were in,” she said. Now, Ms. Jarvis-Miller said, she brings in her own hot spot network for a small fraction of the cost. “They’ve offered to discount it deeply, but I’m always able to bring it in for less than what they’re offering,” she said of her attempts to negotiate with hotels and convention centers.

Even that lofty sum is a relative bargain, though, compared with what some high-tech event producers pay. For the Consumer Electronics Show, which brings about 175,000 people to three convention facilities in Las Vegas every January, the bill for Internet access tops half a million dollars — and that does not include what the show’s 3,600-plus exhibitors spend if they need individual connections in their booths.

“It is expensive and each city has different rates,” said Karen Chupka, a senior vice president for the Consumer Electronics Association.

Factors influencing the rate include what kind of technology is available and how recently it was added, she said, especially if the building is a public facility — as many convention centers are — that is required to choose its technology provider though a bidding process.

Ms. Chupka said technological factors like how much hard-line connectivity a group needs in addition to Wi-Fi also affects how much a venue will charge. Although Wi-Fi might work fine for checking email or conducting a brief product demonstration, activities that demand more bandwidth or more security, like transmitting a live broadcast or running credit cards, still often require wired Internet access.

Since many convention centers outsource functions like their network management, it can be harder for planners to haggle down the price of Internet access, but the arrangement spares the center from having to finance technological upgrades and might provide it with a commission as well.

“This last year, we’ve invested about $600,000 just upgrading our access points,” Ms. Daidakis said. “I don’t have it, as a city agency,” she said, whereas M. C. Dean can afford to make those kinds of big capital investments.

“Basically, you’re looking at six figures or more to wire up the place, and every couple of years you’ll probably want to do another low six-figure upgrade,” said Ben Yalow, a recently retired information technology professional with experience setting up and configuring networks in hotels and convention centers.

“It is one thing convention centers are looking at and trying to figure out how they can continue with the demand, because the demand is only growing,” Ms. Chupka of the Consumer Electronics Association said.

Ms. Daidakis said the Baltimore Convention Center received a 35 percent commission on the Internet services that M. C. Dean sold to customers. It is money that the center, which runs at a deficit, needs, she said. “We have to make up the gap between revenue and expenses, and we’re looking at our business partners.”

The upshot is that planners either negotiate down to an amount they can afford or throw up their hands and go the hot spot route. Ms. Daidakis acknowledged that most of the nonprofit trade association clients the center hosts did receive a discount on the published rates for access, usually about 25 percent or more.

Hospitality industry experts predicted that the F.C.C.’s recent actions would force event facilities to become more competitive in their pricing, so as not to lose out entirely on the Internet revenue stream.

“The Wi-Fi hot spots are certainly going to be more prevalent as people realize they can use them,” Mr. Bracht said. “Since the F.C.C. has come down on the side of the consumer, access will be a lot more discussed,” and negotiations will become more commonplace.

“I think the long-term solution is going to be that convention centers and hotels drop their prices down to someplace reasonable,” Mr. Yalow said. “They’re not going to make money off this the way they used to.”
http://www.nytimes.com/2015/11/10/bu...n-centers.html





Own a Vizio Smart TV? It’s Watching You

Vizio, one of the most popular brands on the market, is offering advertisers “highly specific viewing behavior data on a massive scale.”
Julia Angwin

TV makers are constantly crowing about the tricks their smart TVs can do. But one of the most popular brands has a feature that it’s not advertising: Vizio’s Smart TVs track your viewing habits and share it with advertisers, who can then find you on your phone and other devices.

The tracking — which Vizio calls “Smart Interactivity” — is turned on by default for the more than 10 million Smart TVs that the company has sold. Customers who want to escape it have to opt-out.

In a statement, Vizio said customers’ “non-personal identifiable information may be shared with select partners … to permit these companies to make, for example, better-informed decisions regarding content production, programming and advertising.”

Vizio’s actions appear to go beyond what others are doing in the emerging interactive television industry. Vizio rivals Samsung and LG Electronics only track users’ viewing habits if customers choose to turn the feature on. And unlike Vizio, they don’t appear to provide the information in a form that allows advertisers to reach users on other devices.

Vizio’s technology works by analyzing snippets of the shows you’re watching, whether on traditional television or streaming Internet services such as Netflix. Vizio determines the date, time, channel of programs — as well as whether you watched them live or recorded. The viewing patterns are then connected your IP address - the Internet address that can be used to identify every device in a home, from your TV to a phone.

IP addresses can increasingly be linked to individuals. Data broker Experian, for instance, offers a “data enrichment” service that provide “hundreds of attributes” such as age, profession and “wealth indicators” tied to a particular IP address.

Vizio recently updated its privacy policy to say it has begun providing data about customers’ viewing habits to companies that “may combine this information with other information about devices associated with that IP address.” The company does not promise to encrypt IP addresses before sharing them.

Cable TV companies and video rental companies are prohibited by law from selling information about the viewing habits of their customers. However, Vizio says that those laws - the Video Privacy Protection Act and cable subscriber protections - don’t apply to its business.

Vizio hopes its new tracking forays will provide a boost to the thin profit margins it earns in the competitive television manufacturing business. In an October filing for an initial public offering, Vizio touted its ability to provide “highly specific viewing behavior data on a massive scale with great accuracy.”

The company said in its filing that revenues from its viewing data business are not yet significant. But people familiar with the company said that Vizio has begun working to combine its viewing data with information about users that it gets from data broker Neustar.

Neustar declined to comment about the relationship, but said the company does not handle or distribute viewing information about Vizio users.

A spokeswoman for Tapad, a company that helps identify users across their many devices, said that its contracts prevent it from sharing the name of the companies it works with.

An Experian spokeswoman said, “We currently do not have a relationship with Vizio.”
https://www.propublica.org/article/o...s-watching-you





Court Says Tracking Web Histories Can Violate Wiretap Act
Andy Greenberg

Federal courts have long given the government leeway to surveil and collect so-called “non-content” data—records of the senders and recipients of calls and emails, for instance, rather than contents of those communications. But an unlikely case involving Google may mean the government will be required to get a warrant before it sucks up one type of that metadata: the detailed history of an individual’s web browsing.

On Tuesday the third circuit court of appeals issued a ruling in a long-running class action lawsuit against Google and two media firms, who are all accused of circumventing cookie-blocking technologies in browsers to track users’ web histories. In the ruling, the appeals court agreed with a lower court, which dismissed the plaintiffs’ claims that Google and the other defendants had violated laws like the Wiretap Act, the Stored Communications Act, and the Computer Fraud and Abuse Act by collecting users’ web browsing information. (Though the ruling does reverse the dismissal of a different claim that the defendants violated the California constitution, which will now proceed in the lawsuit.) But despite those decisions and perhaps more importantly, the court was careful to make another point: That merely tracking the URLs someone visits can constitute collecting the contents of their communications, and that doing so without a warrant can violate the Wiretap Act. And that’s an opinion that will apply not just to Google, but to the Justice Department.

“This is a pretty big deal for law enforcement,” says Jonathan Mayer, a Stanford fellow in computer science and law whose research into Google’s circumvention of cookie-blocking technology helped to spark the class action as well as the search giant’s $17 million settlement with 37 states on the issue. “The punchline is that if the FBI or any law enforcement agency wants to to look at your web history, they’ll have to get a warrant for a wiretap order,” which requires proving a tougher standard of “probable cause” to a judge than would be necessary for collecting mere metadata.

The URLs that a web user visits, the court explained, can in fact qualify as content and thus require a warrant to surveil.

In their ruling, the panel of three appellate judges found that Google and its co-defendants hadn’t violated the Wiretap Act because they were a “party” to the communications rather than a third-party eavesdropper—the users were visiting their websites when the cookies were installed. But the judges took special pains to make clear that the defendants hadn’t been let off because their cookie-blocking circumvention technique was only collecting metadata from users, rather than the content of their communications. The URLs that a web user visits, the court explained, can in fact qualify as content and thus require a warrant to surveil. “If an address, phone number, or URL is instead part of the substantive information conveyed to the recipient, then by definition it is ‘content,'” the ruling reads. “[Due to] the information revealed by highly detailed URLs…we are persuaded that—at a minimum—some queried URLs qualify as content.”

A visit to “webmd.com,” for instance, might count as metadata, as Cato Institute senior fellow Julian Sanchez explains. But a visit to “www.webmd.com/family-pregnancy” clearly reveals something about the visitor’s communications with WebMD, not just the fact of the visit. “It’s not a hard call,” says Sanchez. “The specific URL I visit at nytimes.com or cato.org or webmd.com tells you very specifically what the meaning or purport of my communications are.”

In fact, Sanchez says that the Department of Justice already officially states that it seeks a warrant when it collects URLs from a suspect’s web history. The judges in the Google case also cite a formerly secret Foreign Intelligence Surveillance court ruling that also found that URLs could count as content as well as metadata. But Sanchez argues that the new, more public ruling nonetheless helps to cement that precedent and prevent the DOJ from changing its policy. The ruling could also stop lower-level law enforcement from warrantlessly collecting web history.

The ruling could also be a first step toward erasing the metadata/content distinction for other types of communications, too. Sanchez argues that email can also blur that line, since an internet service provider might only know the mail server an email is being sent to, and the specific address of the recipient might be considered the “contents” of that message. “It’s not as though there’s a clean divide between the envelope and the stuff inside,” Sanchez says. “It’s more like an onion with different layers of metadata.”

The whole idea of metadata being more subject to surveillance may be becoming obsolete. Since Edward Snowden first revealed that the NSA was collecting the metadata of all Americans’ phone calls under the 215 provision of the Patriot Act, a court has ruled that practice unconstitutional, and even ordered that it be ceased immediately earlier this week.

Tuesday’s ruling could be another step in erasing the notion that collecting “just metadata” is still kosher in the internet age. “It’s telling that the the court felt it was important to clarify where the law is on this,” he says. “I think we’ll remember this as an important part of the story of how the metadata distinction went away.”
http://www.wired.com/2015/11/court-s...e-wiretap-act/





Microsoft Unveils German Data Plan to Tackle US Internet Spying
Murad Ahmed and Richard Waters

Microsoft will allow foreign customers to hold data in new European facilities designed to shield customers from US government surveillance, in one of the most drastic corporate responses yet to the American internet spying scandal.

On Wednesday, the US software company said it was setting up new data centres in Germany that will be under the control of Deutsche Telekom, the German telecommunications group. The legal and technical arrangement is intended to put the data of European government and business customers, along with millions of citizens, out of reach from US authorities.

“These new data centre regions will enable customers to use the full power of Microsoft’s cloud in Germany . . . and ensure that a German company retains control of the data” said Satya Nadella, chief executive of Microsoft, at a press conference in Berlin.

Technology analysts say it is a “watershed moment”, describing the manoeuvre as the first time a major US tech group had accepted its inability to protect customer data from US governmental over-reach.

Microsoft’s initiative could have a ripple effect across the industry, creating a tough new privacy standard that customers may soon also demand from other “cloud computing” providers such as Google, Amazon and Oracle.

Silicon Valley groups are struggling to regain the trust of European customers in the wake of disclosures by NSA whistleblower Edward Snowden about widespread internet surveillance by US intelligence agencies.

In response, US tech groups have moved to build data centres in European countries. But many of the region’s customers remain unsatisfied that these efforts alone can protect against snooping.

“I think Microsoft have come to the conclusion that they can’t get away from being a US company,” says Carsten Casper, analyst at Gartner, the research group. “I find that more honourable than others who try to move their data centres to Europe to appease customers, but how good is it to have data centres in those countries if you can access it from abroad with no particular problem?”

Analysts say Microsoft’s concession could complicate negotiations between US and EU politicians on a new transatlantic data sharing pact known as “Safe Harbour”. Talks have been faltering for months over the thorny political issue of surveillance.

Under Microsoft’s German arrangement, T-Systems, a Deutsche Telekom subsidiary, will operate two new data centre facilities in the country that will open for business in late 2016. They will be used solely to house information on Microsoft European customers, who will also be asked to pay more to store data in this way.

But T-Systems will act as a “trustee” of the facilities, with Microsoft insisting its employees will have no access to the data held at the facilities without the German company’s permission.

The companies believe this arrangement means Microsoft will not have to respond to governmental demands for information held in these data centres, forcing official requests to go through German authorities instead.

Germany’s data protection laws, enforced by powerful privacy watchdogs, are considered to be among the continent’s strictest.

The trustee solution is also a response to Microsoft’s legal battle against an order from a New York court, which is trying to force the software group to hand US authorities emails from a US citizen stored on a Microsoft server in Ireland.

Brad Smith, Microsoft’s general counsel, has made the case a centrepiece of the company’s pushback against intrusive government demands for personal information, pledging to take the case to the US Supreme Court if necessary.

Executives at rival technology companies are concerned about the implications of the high-profile case because of the precedent it will set in the running of their businesses. Microsoft’s German plan would address this issue, should it lose the case.

But Paul Miller from Forrester Research says the trustee model is also likely to come under legal attack in the US.

“As with all new legal approaches, we don’t know it is watertight until it is challenged in court,” he says. “Microsoft and T-Systems’ lawyers are very good and say its watertight. But we can be sure opposition lawyers will look for all the holes.”

Last month, Europe gave a stinging rebuke to the transatlantic digital alliance, scrapping a 15-year pact that allowed US tech companies to ship personal information about European citizens wholesale to the US.

The European Court of Justice decision to invalidate the “Safe Harbour” agreement has left thousands of businesses scrambling to change their legal footing to avoid breaking the law. Europe’s data protection authorities have given companies until January to find alternative data transfer agreements.

The US and EU are working to secure a new Safe Harbour treaty but analysts say Microsoft’s decision may strengthen the resolve of EU diplomats who are holding out for stronger assurances over whether citizens data will be subsumed into the US surveillance regime.

“I think it will put pressure on negotiators trying to reach a new transatlantic privacy agreement,” says Mr Casper. “There’s a new piece in the puzzle now.”
http://www.ft.com/cms/s/0%2F540a296e...619fa707c.html





This Snooper’s Charter Makes George Orwell Look Lacking in Vision

The new surveillance bill renders the citizen transparent to the state, putting every one of us under suspicion. It would serve a tyranny well
Heather Brooke

When the Home Office and intelligence agencies began promoting the idea that the new investigatory powers bill was a “climbdown”, I grew suspicious. If the powerful are forced to compromise they don’t crow about it or send out press releases – or, in the case of intelligence agencies, make off-the-record briefings outlining how they failed to get what they wanted. That could mean only one thing: they had got what they wanted.

So why were they trying to fool the press and the public that they had lost? Simply because they had won.

Privacy is starting to seem like a very 20th-century anomaly | David Shariatmadari

I never thought I’d say it, but George Orwell lacked vision. The spies have gone further than he could have imagined, creating in secret and without democratic authorisation the ultimate panopticon. Now they hope the British public will make it legitimate.

This bill is characterised by a clear anti-democratic attitude. Those in power are deemed to be good, and are therefore given the benefit of the doubt. “Conduct is lawful for all purposes if …” and “A person (whether or not the person so authorised or required) is not to be subject to any civil liability in respect of conduct that …”: these are sections granting immunity to the spies and cops.

The spies’ surveillance activities are also exempt from legal due process. No questions can be asked that might indicate in any legal proceeding that surveillance or interception has occurred. This is to ensure the general public never learn how real people are affected by surveillance. The cost of this exemption is great. It means British prosecutors can’t prosecute terrorists on the best evidence available – the intercepts – which are a key part of any prosecution in serious crime cases worldwide.

Those without power – eg citizens (or the more accurately named subjects) – are potentially bad, and therefore must be watched and monitored closely and constantly. The safeguards mentioned in the bill are there to benefit the state not the citizen. The criminal sanctions aren’t so much to stop spies or police abusing their powers, but rather to silence critics or potential whistleblowers. That’s clear because there is no public interest exemption in the sweeping gagging orders littered throughout the bill. The safeguards for keeping secure the massive troves of personal data aren’t there so much to protect the public but to stop anyone finding out exactly how big or invasive these troves are or how they were acquired. Again, we know this because there is no public interest exemption.

While the concerns of the state dominate, those of the citizen are nowhere to be seen. There is almost no mention in the bill of the privacy and democratic costs of mass surveillance, nor of seriously holding the state to account for the use and abuse of its sweeping powers.

The adjectives used to describe the “stringent application process” (for warrants) or the “robust safeguards” and “world class scrutiny” are doing the heavy lifting of conveying the robustness of the regime. The reality is quite different.

Not everything needs a warrant. Our digital lives can be accessed after authorisation within the agency itself. No judicial approval necessary.

In addition, business owners would have to contend with the man from MI5 ordering that they create new databases or monitoring tools. If companies don’t keep these, they’ll have to create them and face a criminal offence if they fail to put in place security measures to “protect against unlawful disclosure”. Possibly the state may compensate them for all this, possibly not. It’s up to a minister.

Business owners will not be able to speak out about this to anyone, even their employees, or appeal to any court or legal authority. Their only recourse appears to be to appeal to the secretary of state: what sort of independent adjudication will they get from that office?

Companies can be legally compelled by the security services to hack their customers’ equipment. The immensely worrying power to acquire bulk personal datasets, means there’s nothing to stop the entire NHS being used in service of spying. After all, why not? I’m sure there are useful leads that could be mined from our health records. If avoiding risk at all costs is the goal then why allow any personal freedom or privacy at all? The reason we do is because the concentration of power in the state is the most dangerous threat of all.

There are two types of transparency: downwards – where the ruled can observe their rulers, as codified in Freedom of Information Acts – and upwards, where those at the bottom are made transparent to those at the top, such as by state surveillance. Democracy is characterised by transparency downwards, tyranny by the opposite. It is telling that at the same time this government is seeking to undermine the Freedom of Information Act, it has introduced an investigatory powers bill that puts us all under the spotlight of suspicion.
http://www.theguardian.com/commentis...-george-orwell





Broadband Bills Will Have to Increase to Pay for Snooper's Charter, MPs Are Warned

ISPs tell Commons select committee that £175m budgeted by government for implementation will not cover ‘massive costs’ of collecting everyone’s data
Alex Hern

Consumers’ broadband bills will have to go up if the investigatory powers bill is passed due to the “massive cost” of implementation, MPs have been warned.

Internet service providers (ISP) told a Commons select committee that the legislation, commonly known as the snooper’s charter, does not properly acknowledge the “sheer quantity” of data generated by a typical internet user, nor the basic difficulty of distinguishing between content and metadata.

As a result, the cost of implementing plans to make ISPs store communications data for up to 12 months are likely to be far in excess of the £175m the government has budgeted for the task, said Matthew Hare, the chief executive of ISP Gigaclear.

Hare and James Blessing, the chair of the Internet Service Providers’ Association (ISPA), also warned the science and technology committee on Tuesday of the technical challenges the government would face in implementing the bill.

Hare said: “On a typical 1 gigabit connection we see over 15TB of data per year passing over that connection … If you say that a proportion of that is going to be the communications data, it’s going to be the most massive amount of data that you’d be expected to keep in the future.

“The indiscriminate collection of mass data is going to have a massive cost,” he added.

When asked by Labour’s Jim Dowd MP whether it would be feasible to comply with the collection regime, Blessing said that ISPs would “find it very feasible – with an infinite budget”.

“The bill appears to be limiting the amount of funds available to a figure that we don’t recognise would be suitable for the entire industry to do it,” he said, adding that “the ongoing costs of looking after the data … will have to come out of price-rises”. The government’s proposal to pay for the up-front equipment costs would not cover ongoing expenses such as power or cooling, Blessing told MPs.

For Hare, the other major problem is that separating “metadata” from “content”, as the law mandates for the purposes of mass surveillance, is a very difficult technical challenge.

‘The bill appears to be limiting the amount of funds available to a figure that we don’t recognise would be suitable for the entire industry to do it,’ said chair of the Internet Service Providers’ Association, James Blessing. Photograph: Philip Toscano/PA

For a simple connection like a phone call, the difference is easy: information like the number dialled and length of the call is clearly metadata, while the audio transmitted over the line is clearly content. But for a typical internet user, a number of different services are being used at any one time, and they all blur the lines between the two categories.

“The web isn’t a single application, that’s the fundamental problem I’ve got,” Hare said. He outlined a common scenario: “A teenager is currently playing a game using Steam, that’s not a web application … and then they’re broadcasting the game they’re playing using something called Twitch. They may well also be doing a voice call where they’re shouting at their friends, and those are all running simultaneously. At any one time any of those services could drop in, drop out, be replaced.”

John Shaw, the vice president of product management at British security firm Sophos, added another concern from his industry: that other requirements in the bill could scare custom away from the UK.

The law incorporates language which requires communications service providers to obey government requests for building ongoing technical capability for the enactment of interception warrants, including by removing “electronic protection” from their communications.

Shaw warned that “for UK-based companies that serve non-UK customers, there’s some evidence, from what is happening to Microsoft right now in the US, that that can really undermine the trust of non-UK customers” in the ability of the British companies to do their work without government interference.

Hare added: “if I was a software business, I would be very worried my customers would not buy my software, because [they] would be worried that there was a backdoor built into this software that would allow the UK to look into my software”.

While the so-called “technical capability” clauses are similar to those already on the books through 2000’s Ripa legislation, Shaw warned that the definitions applied in the new bill had the potential to expand the remit far beyond traditional ISPs. Other technology firms have told the Guardian that the clause could effectively end strong encryption in the UK.

Meanwhile, in a presentation in Brazil, the UN’s special rapporteur on privacy, Joe Cannataci, attacked the government’s defence of the data-collection aspects of the bill.

“One of the most misleading comments I have heard about this,” he said, “is one which said we don’t really have to worry about it, because all we are doing is giving our security services the same powers they have today over our telephone. Which sounds OK at first, but it’s not, because it takes it completely out of context.”
http://www.theguardian.com/technolog...ill-mps-warned





Tor Project Claims FBI Paid University Researchers $1m to Unmask Tor Users
Zeljka Zorz

Have Carnegie Mellon University researchers been paid by the FBI to unmask a subset of Tor users so that the agents could discover who operated Silk Road 2.0 and other criminal suspects on the dark web?

Tor Project Director Roger Dingledine believes so, and says that they were told by sources in the information security community that the FBI paid at least $1 million for the service.

"The Tor Project has learned more about last year's attack by Carnegie Mellon researchers on the hidden service subsystem. Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes," he wrote in a blog post published on Wednesday.

The post is a reaction to details revealed by Motherboard's Joseph Cox, who pointed out a paragraph in a motion filed by the defense in the court case against Brian Farrell, a staff member on Silk Road 2.0.

"On October 12, 2015, the government provided defense counsel a letter indicating that Mr. Farrell's involvement with Silk Road 2.0 was identified based on information obtained by a 'university-based research institute' that operated its own computers on the anonymous network used by Silk Road 2.0,” it said.

Farrell's defense counsel tried to get more details about this, "to determine the relationship between the 'university-based research institute' and the federal government, as well as the means used to identify "Mr. Farrell on what was supposed to operate as an anonymous website."

"To date, the government has declined to produce any additional discovery," the defense counsel concluded.

The name of the institute is not mentioned anywhere in the documents, but there is circumstantial evidence that points to Carnegie Mellon University.

According to the documents, the attack against tor happened between January and July 2014. A Tor security advisory published on July 30th explained what happened, and speculated (and partly confirmed) that the attacks were mounted by researchers who were scheduled to give a talk about a cheap user deanonymizing attack at Black Hat 2014.

The talk was pulled on 21 July, and the Carnegie Mellon researchers never confirmed that they were behind the attack, nor did the university confirm these most recent speculations.

"There is no indication yet that they had a warrant or any institutional oversight by Carnegie Mellon's Institutional Review Board. We think it's unlikely they could have gotten a valid warrant for CMU's attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once," noted Dingledine.

"Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users," he pointed out.

"This attack also sets a troubling precedent: Civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities. If academia uses 'research' as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute. Legitimate privacy researchers study many online systems, including social networks — If this kind of FBI attack by university proxy is accepted, no one will have meaningful 4th Amendment protections online and everyone is at risk."
http://www.net-security.org/secworld.php?id=19097





Justice Officials Fear Nation's Biggest Wiretap Operation May Not Be Legal
Brad Heath and Brett Kelman

Federal drug agents have built a massive wiretapping operation in the Los Angeles suburbs, secretly intercepting tens of thousands of Americans' phone calls and text messages to monitor drug traffickers across the United States despite objections from Justice Department lawyers who fear the practice may not be legal.

Nearly all of that surveillance was authorized by a single state court judge in Riverside County, who last year signed off on almost five times as many wiretaps as any other judge in the United States. The judge's orders allowed investigators — usually from the U.S. Drug Enforcement Administration — to intercept more than 2 million conversations involving 44,000 people, federal court records show.

The eavesdropping is aimed at dismantling the drug rings that have turned Los Angeles' eastern suburbs into what the DEA says is the nation's busiest shipping corridor for heroin and methamphetamine. Riverside wiretaps are supposed to be tied to crime within the county, but investigators have relied on them to make arrests and seize shipments of cash and drugs as far away as New York and Virginia, sometimes concealing the surveillance in the process.

The surveillance has raised concerns among Justice Department lawyers in Los Angeles, who have mostly refused to use the results in federal court because they have concluded the state court's eavesdropping orders are unlikely to withstand a legal challenge, current and former Justice officials said.

"It was made very clear to the agents that if you're going to go the state route, then best wishes, good luck and all that, but that case isn't coming to federal court," a former Justice Department lawyer said. The lawyer and other officials described the situation on the condition of anonymity because they were not authorized to discuss the department's internal deliberations.

Federal agents often prefer to seek permission to tap phones from state courts, instead of federal courts, because the process is generally faster and less demanding than seeking approval through the Justice Department. In addition, California law allows them to better conceal the identities of confidential informants they rely on to help investigate drug rings. Over the past decade, drug agents have more than tripled their use of wiretaps, mostly by using state court orders.

DESERT SUN

How Riverside County became America's drug pipeline

Wiretaps — which allow the police to secretly monitor Americans' communications — are among the most intrusive types of searches the police can conduct, and federal law imposes strict limits on when and how they can be used. The law requires that police use wiretaps only after they have run out of other tools to build a case.

In Riverside, the authorities' use of that last-ditch tool quadrupled over the past four years. Last year alone, Riverside County prosecutors and a local judge approved 624 wiretaps, far more than any other jurisdiction in the United States, according to records compiled by the federal court system. Nearly all were tied to drug investigations.

"Those numbers — the totals, and just the size of some of those wiretaps — are huge red flags for us," said Dave Maass, an investigative researcher for the Electronic Frontier Foundation. "When there's this amount of secrecy it starts to raise serious concerns about accountability for electronic interceptions."

Because wiretap orders are sealed, there is no way to know precisely how many of them were sought by the DEA and the local officers it deputized to work on a drug task force. Some of the taps were sought by local police officers and officers in neighboring counties. Prosecutors acknowledged, however, that the drug agency plays a leading role in the wiretapping. The county's former district attorney, Paul Zellerbach, who presided over the rapid rise in wiretapping there before he left office in January, said the drug agency was "a significant player."

Riverside County's new district attorney, Mike Hestrin, said he found out about the county's wiretap numbers not long after taking office after other prosecutors approached him to suggest he look into the matter. He was concerned by what he found.

Hestrin said in an interview that he made a "series of reforms" to how wiretaps are handled, which he said will lead to fewer taps in the future. He said he personally evaluates new wiretap requests and insists that each one now must "have a strong investigative nexus" to the county. Asked if that had been the case in previous years, Hestrin replied: "You're going to have to extrapolate that."

Hestrin said prosecutors "follow the law to the letter" when seeking wiretaps, but he would not discuss the details. "This is an area of our law, an area of our law enforcement, where we can't be totally transparent, in the same way that the federal government can't be totally transparent about the massive intelligence operations they run," he said.

DEA officials said it should not come as a surprise that so much of their surveillance work happens in the area around Riverside — a vast expanse of suburbs and desert east of Los Angeles, crisscrossed by freeways that have become key shipping routes for drugs moving from Mexico to the United States and for cash making the return journey.

"There are organizations here and we're working these organizations and we're trying to stay abreast of the technology and all the different ways these organizations are operating," said Stephen Azzam, the associate special agent in charge of DEA's Los Angeles division.

On paper, agents' choice of state court over federal should not matter: Federal law sets a minimum standard for police to obtain a wiretap, even when they are seeking one from a state-court judge. And California courts have repeatedly said the state's wiretaps are sufficient.

But current and former Justice Department officials said prosecutors in Los Angeles repeatedly told the drug agency that they would not accept cases based on state-court wiretaps – and those from Riverside County in particular – because they believed the applications being approved by state judges fell short of what the federal law requires. Prosecutors were particularly concerned that the DEA was seeking state-court wiretap orders without adequately showing that it had first tried other, less intrusive, investigative techniques.

"They'd want to bring these cases into the U.S. Attorney's Office, and the feds would tell them no (expletive) way," a former Justice Department official said.

The result was that even seemingly significant drug cases stayed out of federal court.

In December, for example, court records show DEA agents and local detectives in South Gate, Calif., near Los Angeles, used a state-court wiretap to target a man named Omar Salazar, who the DEA suspected was tied to a Mexican drug trafficking group. Between searches of Salazar's car and his house, officers seized $76,869.94, a gun and a cache of illegal drugs, including 36 pounds of methamphetamine and 5 pounds of heroin. Investigators found some of the drugs in a safe in Salazar's garage, along with a box of ammunition and probation paperwork from one of his previous arrests.

That should have been enough to build a significant federal case with a long mandatory prison sentence, but that was not what happened. Court records show the Justice Department prosecuted the $76,869.94 in a civil asset seizure case. But it did not prosecute Salazar. Instead, Salazar was booked into jail and released the same day; his lawyer, John Passanante, said he has not been charged as a result of the search. Neither the DEA nor prosecutors would explain why.

PROLIFIC WIRETAPPING

Perhaps the only outward sign that Riverside has become America's most wiretapped place can be found on a deserted floor of the city's courthouse. On a recent Friday afternoon, a handful of officers in scruffy jeans and baseball caps waited there with sealed manila envelopes in their hands. After a few minutes, they disappeared inside Judge Helios Hernandez's locked courtroom for hearings that are closed to the public.

No judge in the United States has been so prolific in authorizing eavesdropping.

Records compiled by the federal courts' administrative office show Hernandez authorized 624 wiretaps that ended last year, and another 339 that ended the year before. Hernandez approved three times more taps than all of the federal judges in California combined last year, and once received more wiretap applications in a day, 17, than most courts do in a year. (The court office counts wires based on when they end, rather than when they begin, to avoid revealing ongoing investigations.) The next-closest court was in Las Vegas, where judges approved 177 wiretaps that ended last year.

California law generally requires that each county court appoint one judge to handle wiretaps. For the past three years, that job fell to Hernandez, who was Riverside's chief narcotics prosecutor before he became a judge. The records do not indicate how many wiretaps, if any, Hernandez turned down.

Hernandez declined to comment through a spokesman.

Riverside County's presiding judge, Harold Hopp, said judges do not decide how many eavesdropping applications are submitted to them; "they have to consider each one on its merits."

The county's wiretap numbers are so high that even investigators who helped supervise eavesdropping there were taken aback. "This can't be right," said Anthony Valente, who, until 2012, commanded the Inland Crackdown Allied Task Force, which uses wiretaps to investigate drug trafficking and gangs in Southern California.

Nearly all of Riverside's wiretaps – about 96% – were related to drug investigations.

Federal records show the taps that ended in 2014 cost more than $18 million. The records do not indicate who paid for them.

The figures are based on reports that judges and prosecutors are required to submit each year to the federal courts' administrative office. The reports include the number of wiretaps judges authorize, and the number of communications – including telephone calls, text messages and other electronic conversations – that investigators intercepted.

Those reports show the overwhelming majority of the more than 2 million communications investigators intercepted last year as a result of Riverside wiretaps had nothing to do with crime. Police are not supposed to record conversations that are not relevant to their investigations.

DEA officials said that the agency conducts its wiretaps wherever their investigations lead them. Its Riverside field office, which covers Riverside and neighboring San Bernardino counties, was responsible for a large share of the agency's methamphetamine and heroin seizures last year; therefore, it's only natural that investigators would focus there. "We don't pick a jurisdiction. We take the enforcement action where it's warranted and where we can do it effectively," DEA spokesman Timothy Massino said.

Nonetheless, Hernandez approved 20 times as many wiretaps as his counterparts in San Bernardino County. DEA officials said they could not explain that difference.

Zellerbach said Riverside's wiretaps multiplied during his tenure because prosecutors and the county's court became more "efficient and effective" in handling surveillance applications and word spread throughout the law enforcement community, bringing still more applications. Eventually, Zellerbach said, he learned the county was among the nation's wiretap leaders. "I thought we were doing a hell of a job," he said.

Zellerbach said the taps yielded significant arrests and seizures. And they paid other dividends. "We liked it because in these difficult economic times, my budget was being cut, and that was a way to somewhat supplement funding for my office," he said in an interview. Prosecutors would not say how much money they received.

Zellerbach said the operation grew under the leadership of an aggressive new lawyer, Deena Bennett, who still heads the wiretap unit today.

Bennett, a one-time contestant on the reality show Survivor, rebuffed attempts to contact her, telling a reporter that "the fact that you have my cellphone number is really harassment, and I'm going to report it."

WIDESPREAD ARRESTS AND SEIZURES

Investigators have used wiretaps in Riverside to seize hundreds of pounds of drugs and millions of dollars in cash. The taps have helped agents pinpoint smuggling tunnels dug beneath the Mexican border and map the inner workings of South American trafficking groups.

But if the taps also produce arrests, they are difficult to find.

Prosecutors seldom make use of state-court wiretaps in the federal courts around Los Angeles. And defense lawyers in Riverside said they only rarely encounter cases with disclosed wiretaps in state court. The county's public defenders handle 40,000 criminal cases a year; no more than five involve disclosed wiretaps, said Steve Harmon, the head of that office.

Instead, court records and interviews with DEA officials and prosecutors show the drug agency has used the fruits of its Riverside wiretaps to help stop and seize shipments of drugs and cash elsewhere in the United States. In some of those cases, agents used wiretaps to identify drug couriers, then tipped off other investigators, who were told to find their own independent evidence to conduct a search. That practice, known within the agency as "parallel construction," is now the subject of an investigation by the Justice Department's inspector general.

"That approach ends up insulating dubious police practices from any kind of judicial review. That's what so pernicious about it," American Civil Liberties union lawyer Nathan Wessler said.

Riverside's District Attorney's Office reported approximately one arrest for every three wiretaps that concluded last year, among the lowest rates of any jurisdiction that conducted more than a handful of taps. That's a sign, Hestrin acknowledged, that many of the wiretaps may be leading to prosecutions in other jurisdictions.

One surfaced last year after a state trooper stopped a tractor trailer on a remote stretch of interstate highway outside Harrisonburg, Va., ostensibly because some of the tiny LED bulbs around its cab had burned out. The trooper, Keith Miller, summoned a drug-sniffing dog, and within minutes, officers had pulled 32 kilograms of heroin and cocaine from compartments in the truck's cab. Federal prosecutors indicted the driver, George Covarrubaiz, on drug possession charges.

Miller testified during a court hearing – later described by a prosecutor as "a high-wire act" – that he had been tipped off by the DEA that the truck might be carrying drugs, but that the burnt-out lights were his "sole reason" for stopping the truck. The problem for prosecutors was that driving without those lights is not illegal in Virginia. The judge hearing the case warned that he was inclined to bar prosecutors from using the seized drugs as evidence because, if driving without the lights was legal, Miller had no valid reason to stop the truck.

So seven months after Covarrubaiz was stopped and sent to jail, the Justice Department returned to court and acknowledged there was more to its investigation. Covarrubaiz, a government lawyer wrote, had been picked up in a "wiretap investigation of a significant California-based drug trafficking organization." Investigators had been monitoring his calls using a tap approved by Hernandez in Riverside County, and agents from the DEA's secretive Special Operations Division had been tracking his truck across the United States. During a 4 a.m. meeting at a nearby hotel, the agents directed Miller to find a reason to stop the truck and search it.

The agents' reports referred to the episode merely as a traffic stop because "that way they didn't have to provide the information for the directed stop later," agent Gregg Mervis later testified.

Justice Department lawyers later said they had intended to reveal the wire all along but had not done so sooner because police had not yet locked up some of the investigation's key targets. In particular, Assistant U.S. Attorney Grayson Hoffman pointed to the truck's owner, Everardo Amador Sr., who he described as "a grave threat to the safety and well-being of the people of the United States."

That's hardly how California police treated Amador, though. Agents arrested him last year on charges that he had illegally possessed drug money – a far less serious charge than the federal narcotics case his driver faced in Virginia. A judge freed him the next day on $5,000 bail, at the prosecutor's request.

Amador's lawyer, Niicolas Estrada, called the Justice Department's characterization "an exaggeration."

Covarrubaiz's lawyer, Randy Cargill, accused the Justice Department in a court filing of an "extraordinary strategy of doling out truth as it sees fit."

In the end, U.S. District Court Judge Michael Urbanski declared himself "singularly unhappy with the way the government has conducted this case." And in March, the Justice Department abandoned it altogether, dismissing the charges against Covarrubaiz. Assistant U.S. Attorney Heather Carlton told Urbanski that prosecutors had "re-evaluated the evidence" and concluded that "it would be best to terminate the investigation."

The rest of her explanation is sealed.
http://www.usatoday.com/story/news/2...rnia/75484076/





U.S. Judge Rules Against NSA in Phone Spying Case
Dustin Volz

A U.S. federal judge on Monday for the first time ordered the National Security Agency to cease collecting the phone call records of a lawyer and his firm, providing an unprecedented but narrow and largely symbolic victory to privacy advocates.

Opponents of mass surveillance cheered the ruling by U.S. District Court Judge Richard Leon, who granted an injunction to bar the NSA from collecting the phone metadata of California attorney J.J. Little and his small legal practice.

Unlike previous rulings against the NSA's program to vacuum up Americans' call data, which was exposed publicly by former NSA contractor Edward Snowden in 2013, Leon's opinion does not grant a stay, meaning it will take effect immediately.

The decision is of little practical consequence because it is so narrow in scope in covering only Little and his firm.

It also comes just weeks before the NSA is scheduled to end its controversial bulk collection program in favor of a more targeted system. That new regime, as mandated by Congress earlier this year, will become active on Nov. 29.

But the ruling's language is forceful and represents a win for civil liberties groups concerned that NSA surveillance is too intrusive.

Leon wrote that the case may be the last court evaluation of the NSA's bulk metadata collection program.

"It will not, however, be the last chapter in the ongoing struggle to balance privacy rights and national security interests under our Constitution in an age of evolving technological wizardry," he wrote.

On Twitter, Snowden cheered the "historic decision" as one that concluded the NSA "violated Americans' privacy rights."

Leon, a conservative judge appointed by former President George W. Bush, has long been among the most vocal judges critical of the NSA's spying practices.

Leon said he did not stay his Monday decision "because it has been almost two years since I first found that the NSA's bulk telephony metadata program likely violates the Constitution."

Other plaintiffs in the case, including conservative activist Larry Klayman, who began the lawsuit, were not included in the ruling, due to issues concerning standing.

A higher court previously rejected Klayman's challenge, saying he could not prove his phone was targeted by the NSA as Snowden's documents only revealed customers of Verizon Business Network Services, which is a subsidiary of Verizon Communications, such as Little, were implicated. Klayman added Little to his case to address the standing concern. (Editing by Kevin Drawbaugh and Bill Trott)
http://www.reuters.com/article/2015/...dqLP4o8edCi.97





NSA Says How Often, Not When, it Discloses Software Flaws
Joseph Menn

The U.S. National Security Agency, seeking to rebut accusations that it hoards information about vulnerabilities in computer software, thereby leaving U.S. companies open to cyber attacks, said last week that it tells U.S. technology firms about the most serious flaws it finds more than 90 percent of the time.

The re-assurances may be misleading, because the NSA often uses the vulnerabilities to make its own cyber-attacks first, according to current and former U.S. government officials. Only then does NSA disclose them to technology vendors so that they can fix the problems and ship updated programs to customers, the officials said.

At issue is the U.S. policy on so-called "zero-days," the serious software flaws that are of great value to both hackers and spies because no one knows about them. The term zero-day comes from the amount of warning users get to patch their machines protectively; a two-day flaw is less dangerous because it emerges two days after a patch is available.

The best-known use of zero-days was in Stuxnet, the attack virus developed by the NSA and its Israeli counterpart to infiltrate the Iranian nuclear program and sabotage centrifuges that were enriching uranium.

Before its discovery in 2010, Stuxnet took advantage of previously unknown flaws in software from Microsoft Corp and Siemens AG to penetrate the facilities without triggering security programs.

A shadowy but robust market has developed for the buying and selling of zero-days, and as Reuters reported in May 2013, the NSA is the world's top buyer of the flaws. The NSA also discovers flaws through its own cyber programs, using some to break into computer and telecommunications systems overseas as part of its primary spying mission.

Some zero-days are worth more than others, depending on such factors as the difficulty in finding them and how widespread the targeted software is. While some can be bought for as little as $50,000, a prominent zero-day broker said this week that he had agreed to pay $1 million to a team that devised a way to break into a fully updated Apple iPhone. Chaouki Bekrar, of the firm Zerodium, told Reuters the iPhone technique would "likely be sold to U.S. customers only," including government agencies and "very big corporations."

Government officials say there is a natural tension as to whether zero-days should be used for offensive operations or disclosed to tech companies and their customers for defensive purposes.

In the wake of revelations by former NSA contractor Edward Snowden and a Reuters report that detailed how the government paid security firm RSA to include NSA-tainted encryption in its software, a White House review panel recommended tilting government policy more towards defense.

President Barack Obama's cybersecurity coordinator, Michael Daniel, then said he had "reinvigorated" the review process that decides what to do about each flaw that comes to government attention. The details of that process remain classified, but interviews show that the changes sharply elevated the role of the Department of Homeland Security, which is responsible for defense and had not previously been at the center of inter-governmental debates on the issue.

After Daniel described the revamped process broadly, the activist Electronic Frontier Foundation sued for documents about it under the Freedom of Information Act.

The most significant release in that case came in September, with an undated and partly redacted 13-page memo outlining how agencies should handle knowledge about software vulnerabilities. The memo states that the NSA's defensive arm, the Information Assurance Directorate, served as the executive secretariat for the process.

HOMELAND SECURITY

A redacted portion of the memo lists the agencies that participated in the process as a matter of course. An unredacted part refers to other agencies that can ask to participate on a case-by-case basis, and the Department of Homeland Security appears in that section, along with the departments of State, Justice, Treasury and Commerce.

Two former White House officials said that the memo referred to the old system, before Daniel reorganized it about a year and a half ago.

In an interview, Daniel told Reuters that DHS was a key part of the new system, which is run by the White House's National Security Council.

"DHS is at the table in the process I'm running," Daniel said.

An NSA spokeswoman referred questions about its policy to the NSC, where a spokesman referred Reuters back to the NSA.

The NSA says on its website that it understands the need to use most flaws for defense.

"In the vast majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest," according to the website.

"But there are legitimate pros and cons to the decision to disclose vulnerabilities, and the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time can have significant consequences.

"Disclosing a vulnerability can mean that we forgo an opportunity to collect crucial foreign intelligence that could thwart a terrorist attack, stop the theft of our nation's intellectual property, or discover even more dangerous vulnerabilities that are being used to exploit our networks."

The agency said: “Historically, NSA has released more than 91 percent of vulnerabilities discovered in products that have gone through our internal review process and that are made or used in the U.S."

It said the rest included some that had already been fixed as well as those held back "for national security reasons."

One former White House official noted that the NSA did not say when the disclosures were made, adding that it would be “a reasonable assumption” to conclude that much of that 91% covers flaws the NSA had already used to gather intelligence before alerting the companies. He also said the figure includes those bought from outside entities. NSA and NSC officials declined to address those assertions.

It is anyone's guess how long the average gap is between offensive use and defensive disclosure, said Denelle Dixon-Thayer, chief legal and business officer of Firefox browser maker the Mozilla Foundation.

The bigger that gap is, the greater the likelihood that other countries or hackers using similar hunting techniques have also discovered it. Even if they haven't, the target of a U.S. cyber attack can detect what technique was used and repurpose it against the U.S. and others.

"If it's disclosed after it's already been executed against, that's a really important question," Dixon-Thayer said.

In the revamped U.S. evaluation process, another former official said that the Department of Homeland Security is often the most vigorous “dove” in the discussions, arguing for disclosures before others find the same flaw and exploit it.

A current official administration official said that the proportion of serious flaws disclosed to vendors did not jump after the NSC took control of the process. "It's still early, but the trend has not significantly changed," the official said.

The growing discussion about U.S. policy on vulnerability disclosure comes as House and Senate leaders prepare to fine-tune three related bills on cybersecurity information-sharing, which are designed to give companies legal protection for reporting attacks to the government.

Mozilla and many other technology companies oppose those bills because they will give the government more information about customers and attacks without requiring the government to give more information to the companies.

Dixon-Thayer said officials could even take what they learn about new techniques from the industry to launch their own attacks instead of helping defenders.

(Reporting by Joseph Menn in Washington; Editing by Jonathan Weber and John Pickering)
http://www.reuters.com/article/2015/...0SV2XQ20151107





A Prominent Ad-Blocker-Blocker Served Malware to Economist Readers
Russell Brandom

One of the web's most prominent anti-ad-blocking tools has been serving malware to Economist readers. In a message to subscribers, The Economist warned that anyone who visited the site between 11:52PM and 12:15AM GMT on Halloween night may have been exposed to malware. The malware was served as a result of a breach at Pagefair, a tool used to circumvent ad blockers.

The Economist was one of roughly 500 publishers affected by the breach, and Pagefair estimates 2.3 percent of users on the sites were affected. The malware itself was a modified version of the otherwise legitimate Nanocore remote-access tool, and Nanocore has since undone any resulting infections by disabling the offending account.

"The damage appears to be limited"

While the damage appears to be limited, the attack is a stark reminder of the security implications of advertising on the web. Pagefair was outspoken in the ad-blocking debate, most notably with a report projecting $22 billion in publisher losses from the blockers in 2015. Pagefair's product offers publishers a way to get around ad-blocking through alternate tracking methods and specific deals with blockers like AdBlock Plus. That system allows publishers to serve ads, but exposes users to the same malvertising attacks that would be possible without an ad-blocker.

While the breach is certainly embarrassing for Pagefair, it's not clear that the damage is any worse than equivalent breaches suffered regularly by ad servers on the web. One attack from last September served millions of malware-laced ads through Doubleclick servers. The attacks also seem to be on the rise: one study found malvertising attacks tripled between June 2014 and February 2015.
https://www.theverge.com/2015/11/6/9...are-ad-blocker





JPMorgan's 2014 Hack Tied to Largest Cyber Breach Ever
Greg Farrell and Patricia Hurtado

The U.S. described a vast, multi-year criminal enterprise centering on hacks of at least nine big financial and publishing firms and the theft of information on 100 million of their customers that fueled a web of stock manipulation, credit-card fraud and illegal online casinos.

Two indictments, unsealed Tuesday, tied three of four suspects to previously reported hacks of JPMorgan Chase & Co., E*Trade Financial Corp., Scottrade Financial Services Inc. and Dow Jones & Co., a unit of News Corp.

Hackers and conspirators in more than a dozen countries generated hundreds of millions of dollars in illicit proceeds on pump-and-dump stock schemes and particularly lucrative online gambling, prosecutors said.

From 2012 to mid-2015, the suspects and their co-conspirators successfully manipulated dozens of publicly traded stocks, sent misleading pitches to clients of banks and brokerages whose e-mail addresses they’d stolen, and profited by using trading accounts set up under fake names, prosecutors said.

Along the way, members of the ring tried to extract nonpublic information from financial corporations, processed payment information for fake pharmaceuticals and fake anti-virus software, falsified passports and took control of a New Jersey credit union, said prosecutors. They used 75 companies and bank and brokerage accounts around the world to launder money, prosecutors wrote. Other alleged offenses include hacking, securities fraud, wire fraud and identity theft.

The global network stretched from Israel to the U.S., with a dozen online casinos and payments that ran through Cyprus, Azerbaijan and Switzerland.

The co-conspirators deceived financial institutions into processing and authorizing payments to and from the casino companies and others, prosecutors wrote in their latest indictment of Gery Shalon, Joshua Aaron and Ziv Orenstein, who they say are at the center of the scheme. Shalon and Orenstein were arrested in Israel in July. Aaron remains at large.

“They colluded with corrupt international bank officials who willfully ignored its criminal nature in order to profit from, as a co-conspirator described it to Shalon, their payment processing ‘casino/software/pharmaceutical cocktail’,” according to the indictment of the three.

Anthony Murgio, who was arrested in Florida in July, was indicted separately for crimes related to a Bitcoin-exchange service and the takeover of a New Jersey credit union to further the business.

Shalon was the leader and self-described “founder” of the sprawling cybercriminal enterprise, which the indictment describes as having hundreds of employees and co-conspirators. In one case, according to the indictment, he boasted that a profitable stock sale was a “small step towards a large empire.”

“We buy them [i.e., stocks] very cheap, perform machinations, then play with them,” Shalon is cited as explaining to a co-conspirator. Responding to the co-conspirator’s rhetorical question about whether buying stocks was popular among Americans, he said: “It’s like drinking freaking vodka in Russia.”

Shalon -- an Israeli citizen who also went by the names Garri Shalelashvili, Phillipe Mousset and Christopher Engeham -- directed hacks to further his market-manipulation and Internet gambling schemes, the indictment said. Shalon concealed at least $100 million in Swiss and other bank accounts, it said.

The new allegations against the four broaden dramatically the scope of a wide-ranging criminal enterprise with hacking at its core. Outlines of the government’s case against the men emerged with their arrest in July, when Shalon, Orenstein and Aaron were implicated in a pump-and-dump scheme.

The three men were linked to hacks of JPMorgan, Fidelity Investments Ltd. and E*Trade, Bloomberg News reported at the time.

The hackers located some 10 million e-mail addresses of customers and stole millions of those from Dow Jones, identified as Victim 8 in the indictment. In October, the company disclosed that its computer systems had been hacked. As part of that disclosure, Dow Jones Chief Executive Officer William Lewis said that some customer payment information may have been compromised -- on no more than 3,500 accounts -- and that it was unknown whether other information had been taken.

A week earlier, Scottrade disclosed that it had been hacked and that information on 4.6 million customers had been taken.

According to the indictment, Shalom and a co-conspirator expanded their efforts to seek material non-public information from firms they were hacking. In one e-mail, they referred to seeking "interesting info" from top managers at Victim 5, a St. Louis brokerage firm now confirmed as Scottrade.

A spokeswoman for Dow Jones said in a statement: "The indictment unsealed today refers to the public disclosure we made on October 9. The government’s investigation is ongoing, and we continue to cooperate with law enforcement."

The hack of Fidelity has been previously reported. The company said it has no indication that any customer accounts, customer information or related systems were affected. E*Trade confirmed it was attacked in late 2013 but declined to provide more information.

“We continue to cooperate with law enforcement in fighting cybercrime,” JPMorgan spokeswoman Trish Wexler said in a statement.

U.S. Attorney Preet Bharara in Manhattan has scheduled a press conference for Tuesday to explain the charges.
http://www.bloomberg.com/news/articl...s-mutual-funds





CIA Email Hackers Return with Major Law Enforcement Breach

Hackers who broke into the personal email account of CIA Director John Brennan have struck again.
Kim Zetter

This time the group, which goes by the name Crackas With Attitude, says it gained access to an even more important target—a portal for law enforcement that grants access to arrest records and other sensitive data, including what appears to be a tool for sharing information about active shooters and terrorist events, and a system for real-time chats between law enforcement agents.

The CWA hackers said they found a vulnerability that allowed them to gain access to the private portal, which is supposed to be available only to the FBI and other law enforcement agencies around the country. That portal in turn, they say, gave them access to more than a dozen law enforcement tools that are used for information sharing.

The hackers wouldn’t identify the vulnerability that gave them access, but one of the hackers, who calls himself Cracka, provided WIRED with a screenshot of one of the systems they accessed called JABS. JABS stands for Joint Automated Booking System, and is a database of arrest records for the US.

Cracka is the same handle of a hacker who spoke with WIRED last month to describe how the same group hacked into the private email account of the CIA director.

This latest breach, if legitimate, is significant because it gives the hackers access to arrest records directly after they have been entered into the system. This would be valuable information for gossip sites and other media outlets interested in breaking stories about the arrest of celebrities and politicians.

More importantly, the system can also include information about arrests that are under court seal and may not be made public for months or years—such as the arrest of suspected terrorists, gang members and drug suspects. Knowledge about these arrests can tip off other members of a terrorist cell or gang to help them avoid capture.

“Just to clear this up,” Cracka tweeted on Thursday about the breach of the JABS database. “CWA did, indeed, have access to everybody in USA’s private information, now imagine if we was Russia or China.”

Sealed arrest records are also quite common in hacker investigations when law enforcement officials quietly arrest an individual, then flip him to work as a confidential informant with agents to capture others.

A former FBI agent confirmed to WIRED that JABS shows “all arrests and bookings no matter the sealing.” But he noted that arrest records in which suspects are charged under seal “will only have limited data,” and sensitive records are sometimes removed from the system to prevent news of an arrest from leaking.

“The records go in but after processing they can be removed if they are sensitive matters,” he said, “or more likely there will be [a] flag when you run a name to contact a specific agency. Hackers might be removed if they are potentially cooperating witnesses or sources.”

He noted, however, that “[i]t takes some serious work or threats to get the records removed.”

The investigation into Silk Road, for example, involved a number of initial arrests that were kept quiet to avoid tipping off other suspects.

Cracka told WIRED that he and his fellow hackers were able to view the JABS arrest record of Jeremy Hammond. Hammond was a hacktivist with Anonymous who is currently serving a 10-year sentence for hacking into Strategic Forecasting in 2011 and stealing 5 million private email messages and 60,000 customer credit card numbers. He told WIRED, however, that they did not access other criminal records.

“[W]e wasn’t there to hurt innocent people, just the government,” he said.

Cracka wouldn’t identify the vulnerability used to access the portal, because he said the hackers are still trying to obtain more information from the system. But, notably, an announcement from Box earlier this year indicated that law enforcement has recently begun using its file-sharing system for transmitting records. It’s not clear if this partnership has some significance to the breach, and Cracka did not not respond when WIRED inquired about Box specifically.

It was through the vulnerable law enforcement portal that the hackers say they also obtained a list of about 3,000 names, titles, email addresses and phone numbers for government employees that they posted to Pastebin on Thursday. The posting, which they indicated was just “Part 1” of a presumably multi-part leak, consisted of a snippet of an alphabetical list of government employees working for the FBI and other federal agencies as well as various local police and sheriff departments around the country. It included job titles, email addresses and phone numbers.

The hackers leaked these contact details yesterday, November 5, which is also known as Guy Fawkes Day, a popular symbolic figure and date that has previously been appropriated by the hacking collective Anonymous.

In addition to the names and contact details of law enforcement agents and the JABS database, the CWA hackers say they had access to law enforcement’s Enterprise File Transfer Service, which the government describes as a web interface for securely sharing and transmitting files. Cracka provided WIRED with a long menu of sensitive tools that appeared on the portal’s main page and to which they presumably had access. The menu includes:

Enterprise File Transfer Service—a web interface to securely share and transmit files.

Cyber Shield Alliance—an FBI Cybersecurity partnership initiative “developed by Law Enforcement for Law Enforcement to proactively defend and counter cyber threats against LE networks and critical technologies,” the portal reads. “The FBI stewards an array of cybersecurity resources and intelligence, much of which is now accessible to LEA’s through the Cyber Shield Alliance.”

DFS Test and eGuardian Training—there was no description for either of these.

IC3—“a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime.”

IDEAFX—a “web-based, file/folder sharing capabilities for cross-organizational teams”

Intelink—a “secure portal for integrated intelligence dissemination and collaboration efforts”

Intelink IM—provides real-time chat between users logged into the law enforcement system.

Justice Enterprise File Sharing—“This application has been created using http://box.com as the base technology and provides cloud hosted capabilities for greater stability and growth for file/folder sharing. It has the ability to transfer files up to 15 GB,” reads the description.

In addition to these, the portal also includes access to:

Special Interest Group—described as a “controlled/structured-access area for specialized organizations or disciplines to share and store information as a means to enhance collaboration with law enforcement, intelligence and emergency management communities.”

Virtual Command Center—a real-time, collaborative tool is used for operations and events that include active shooter incidents, warrants, natural disasters, child abductions, terrorist attacks and threats, as well as something described only as special events. The latter likely includes visits by dignitaries, such as the president or visiting foreign leaders, that require special coordination with local law enforcement agencies.

National Data Exchange, also known as N-DEx—“provides local, state, tribal, and federal criminal justice agencies with a mechanism to nationally share, search, link, and analyze information across jurisdictional boundaries.

National Gang Intelligence Center—a “multi-agency effort that integrates gang information from local, state, and federal law enforcement entities to serve as a centralized intelligence resource for gang information and analytical support.”

Repository for Individuals of Special Concern, also known as RISC—“allows officers on the street to use a
mobile identification (ID) device to perform a ‘lightsout’ rapid search of a limited repository of fingerprint records.”

RISSNET—which provides “timely access to a variety of law enforcement sensitive, officer safety, and public safety resources”

ViCAP Web National Crime Database—“a repository for behavioral and investigative information related to criteria Homicides, Sexual Assaults, Missing Persons, and Unidentified Human Remains cases. Authorized users can click on the ViCAP logo to access the database. All other users can go to the ViCAP SIG to obtain information about gaining access and view various ViCAP documents and resources.”

Active Shooter Resources Page—a clearinghouse for materials available for use by law enforcement agencies and other first responders around the country.

Malware Investigator—an automated tool that “analyzes suspected malware samples and quickly returns technical information about the samples to its users so they can understand the samples’ functionality.”

Homeland Security Information Network, or HSIN—which “provides users with a trusted network to share Sensitive But Unclassified information.”

eGuardian—a “system that allows Law Enforcement, Law Enforcement support and force protection personnel the ability to report, track and share threats, events and suspicious activities with a potential nexus to terrorism, cyber or other criminal activity.”

Cracka told WIRED that he didn’t conduct the hack for fame or laughs.

“[i] just want people to u8nderstnad im NOT and NEVER will be here for fame, im here for my message and thats it,” he wrote WIRED. “[i] just want people to know im doing this for palestine.”

On Thursday he posted several images to Twitter showing Palestinian victims of violence, and also posted a statement to Pastebin explaining his motives.

“I’m the bad guy in the news that’s targeting the US government for funding Israel,” he wrote in the Pastebin message. “Did you know there was over 26,000 civilian deaths due to war-related violence in the Afghanistan war? Did you know the US military bombed an Afghan hospital?…I am standing against the US government for a good reason and I don’t give a fuck what the consequences are, fuck the fame bullshit, I’m here to get my message across and that’s all I’m here for.”

Cracka told WIRED that they don’t currently have plans to leak more information, at least not any time soon.
http://www.wired.com/2015/11/cia-ema...cement-breach/





US Tries, and Fails, to Block “Import” of Digital Data that Violates Patents

3D-printed dental aligners that violate patents relied on "import" of bits.
Jon Brodkin

A federal appeals court panel today struck down an International Trade Commission (ITC) ruling in a patent case that attempted to block electronic transmissions of digital data from overseas.

The ITC’s authority to prevent importation of “articles” applies only to material things, not digital transmissions, the US Court of Appeals for the Federal Circuit ruled. (Consumer advocacy group Public Knowledge posted the ruling’s text.)

“The Commission’s decision to expand the scope of its jurisdiction to include electronic transmissions of digital data runs counter to the ‘unambiguously expressed intent of Congress,’” Chief Circuit Judge Sharon Prost wrote for the court in a 2-1 decision.

"This decision is a big win for the open Internet,” said Charles Duan, director of Public Knowledge’s Patent Reform Project. “By rejecting the ITC's attempt to expand its jurisdiction, the Federal Circuit helps to ensure that Internet users have unfettered access to the free flow of information that has proved so useful for innovation and free expression.”

The case began with Align Technology alleging that ClearCorrect violated patents related to orthodontic appliances known as aligners, which are placed on patients’ teeth in order to straighten them.

ClearCorrect’s process for making the aligners involves facilities in both the US and Pakistan, which is where the digital importation comes in.

“ClearCorrect US scans physical models of the patient’s teeth and creates a digital recreation of the patient’s initial tooth arrangement,” today’s ruling explained. “This digital recreation is electronically transmitted to ClearCorrect Pakistan, where the position of each tooth is manipulated to create a final tooth position.”

ClearCorrect Pakistan then creates digital data models and “transmits these digital models electronically to ClearCorrect US. ClearCorrect US subsequently 3D prints these digital models into physical models.”

This process allegedly violates patents including one that describes a "method for making a predetermined series of dental incremental position adjustment appliances." This method involves obtaining a digital data set of a patient's initial tooth arrangement, creating repositioned tooth arrangements that can be turned into digital data sets, and then using those data sets to make appliances that fit in a patient's mouth and shift tooth positions.

Digital transmissions are not “articles”

The ITC ruled in April 2014 that ClearCorrect infringed Align’s patents. Infringement that occurred in the United States alone was not a violation of Section 337 of the Tariff Act of 1930, which covers “Unfair methods of competition and unfair acts in the importation of articles.”

But the commission decided that it had authority over electronically imported data under Section 337 and that the “importation” of the digital models violated the law.

The ITC pointed to various dictionary definitions of the word “articles” to argue that it could include digital information, but the court rejected the commission’s reasoning.

“We recognize, of course, that electronic transmissions have some physical properties—for example an electron’s invariant mass is a known quantity—but commonsense dictates that there is a fundamental difference between electronic transmissions and ‘material things,’” the court ruling said.

Electronic transmissions “do not pass through United States ports and cannot be excluded by Customs,” the ruling further noted. If the law’s use of the word “articles” really included electronic transmissions of digital data, that “would mean that Congress included an entire set of commodities in the statute without providing a method to curtail their importation.”

Any expansion of the statute should be left to lawmakers, the court decided, writing that “Congress is in a far better position to draw the lines that must be drawn if the product of intellectual processes rather than manufacturing processes are to be included within the statute."

The ITC had stayed its cease and desist order issued to ClearCorrect until the appeal was resolved. Today’s ruling reverses and remands the commission’s decision, with the court concluding that “the Commission does not have jurisdiction over this case.”

The Motion Picture Association of America (MPAA) is disappointed with the ruling. "This ruling, if it stands, would appear to reduce the authority of the ITC to address the scourge of overseas web sites that engage in blatant piracy of movies, television programs, music, books, and other copyrighted works," the group said. The MPAA said it is hoping for an "en banc review," in which the case would be heard by all the judges of the court instead of a three-judge panel.
http://arstechnica.com/tech-policy/2...lates-patents/





FilmOn Loses Against TV Broadcasters in DC

A judge rejects the TV streamer's argument of being entitled to a compulsory license.
Christopher Patey

A D.C. federal judge has ruled that FilmOn is liable for infringing the public performance rights of Fox Television and other major broadcasters and has dealt a blow to the digital streamer's argument that it is entitled to a compulsory license of programming.

The full opinion by U.S. District Judge Rosemary Collyer is currently under seal at the moment so her rationale will remain secret for the time being. But her short order accompanying the opinion and denying FilmOn's motion for summary judgment and granting in part the broadcaster's own motion is public record. In the order, she finds FilmOn X (which allowed network streams) to be an infringement of copyrights while giving FilmOn.TV (an affiliate with a library of shows and movies) and its founder Alki David a pass from liability.

The decision potentially sets up a sequel to the Supreme Court case concerning Aereo, another streamer that was deemed illegal after being likened to an unlicensed cable operator.

That's because last July, a federal judge in California came to the conclusion that the Aereo case supported the idea that if a TV streaming company is like a cable company, FilmOn should potentially be allowed to pay compulsory license fees under Section 111 of the Copyright Act. In that decision, U.S. District Judge George W. Wu wrote that "courts consistently reject the argument that technological changes affect the balance of rights as between broadcasters and retransmitters in the wake of technological innovation."

As Fox pursues an appeal up to the 9th Circuit, FilmOn aimed to get a federal judge over on the East Coast to adopt the same reasoning. The effort before Collyer appears to have been unsuccessful.

So depending on what happens next at the appellate stage, and how the Federal Communications Commission weighs in, the possibility exists that the high court could need to intervene to settle a circuit split.

The FCC's own opinion could be crucial. The agency is weighing a new definition of MVPD ("multichannel video programming distributor") so that it is technology-neutral and covers online video providers as well as cable and satellite operators. In doing so, the agency would likely have to make a determination about what to do about the compulsory license scheme.

UPDATE 11/13: FilmOn has issued a response.

"FilmOn.TV is disappointed with the D.C. court's ruling finding its partner FilmOn X is not entitled to a compulsory copyright license," says the company in a statement. "The real losers are the citizens, for whom free access to the airways that belong to them is once again restrained by a judge's incorrect statutory interpretation favoring big business over technological advancement. The public's right to employ technology to access free-to-air television was at the center of the California court's ruling issued earlier this year. In that case, the Judge Wu applied the plain language of the Copyright Act, finding that FilmOn X may obtain a compulsory license. In light of the conflicting rulings, this may be an issue that is ultimately resolved by the Supreme Court."
http://www.hollywoodreporter.com/thr...ters-dc-839942

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

November 7th, October 31st, October 24th, October 17th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - November 24th, '12 JackSpratts Peer to Peer 0 21-11-12 09:20 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 04:05 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)