P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 16-12-15, 08:33 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - December 19th, '15

Since 2002


































"The answer appears to be that they're lying to us." – Lauren Weinstein






































December 19th, 2015




Marco Rubio Pushes to Block Low-Cost, High-Speed Broadband
Lee Fang

In a rare senatorial act, full-time Republican presidential candidate Marco Rubio joined with a handful of fellow legislators on Friday in an attempt to block local municipalities from undercutting big telecom companies by providing cheap, fast internet service.

Rubio, who is raising campaign cash from the telecom industry for his presidential campaign, fired off a letter to the Federal Communications Commission asking the agency to allow states to block municipal broadband services.

The letter was the latest salvo in a long-running effort by the major telecom companies to outlaw municipal broadband programs that have taken off in cities such as Lafayette, Louisiana, and Chattanooga, Tennessee, because they pose a threat to a business model that calls for slow, expensive internet access without competition.

In Chattanooga, for instance, city officials set up a service known as “The Gig,” a municipal broadband network that provides data transfers at one gigabit per second for less than $70 a month — a rate that is 50 times faster than the average speed American customers have available through private broadband networks.

AT&T, Cox Communications, Comcast, and other broadband providers, fearing competition, have used their influence in state government to make an end-run around local municipalities. Through surrogates like the American Legislative Exchange Council, the industry gets states to pass laws that ban municipal broadband networks, despite the obvious benefits to both the municipalities and their residents.

That’s why the FCC has become involved. The agency stepped in to prevent states from crushing municipal broadband and released a rule this year that allows local cities to make the decision on their own.

As a result, telecom companies are furiously lobbying the FCC, litigating the rule in court, and leaning on GOP lawmakers to pressure the agency to back down. As the Daily Dot reported, the letter released by Rubio and other senators expresses “serious concern” about the FCC rule. “The FCC is promoting government-owned networks at the possible expense of private sector broadband providers … who have made strides to deploy networks throughout the country,” Rubio and seven other Republican senators wrote.

Rubio’s presidential campaign has relied heavily on AT&T lobbyist Scott Weaver, the public policy co-chair of Wiley Rein, a law firm that also is helping to litigate against the FCC’s effort to help municipal broadband. As one of Rubio’s three lobbyist-bundlers, Weaver raised $33,324 for Rubio’s presidential campaign, according to disclosures.

Rubio’s campaign fundraising apparatus is also managed in part by Cesar Conda, a lobbyist who previously served as Rubio’s chief of staff. Registration documents show that Conda now represents AT&T.
https://theintercept.com/2015/12/14/...eed-broadband/





Regulators Want to Talk to AT&T, Comcast and T-Mobile About Sponsored Data
Brian Fung

Federal regulators have asked AT&T, Comcast and T-Mobile to meet with them to discuss a growing and controversial business tactic: Offering Americans access to certain online services, such as Netflix or Spotify, without those services eating away at their monthly data caps.

Tom Wheeler, the chairman of the Federal Communications Commission, told reporters Thursday that his office has sent letters to the companies to "make sure we are informed as to what is going on."

He added quickly that the meetings are not a prelude to an investigation or legal action by the FCC.

"Let me be real clear: These were 'let's get informed' " letters, Wheeler said. The agency also said Thursday that it would be inviting others, such as consumer groups and industry associations, to meet with officials as well. Here are the letters for AT&T, Comcast and T-Mobile, which lay out a deadline of January 15.

The corporate practice of exempting partner websites or services from data caps — known in many cases as "zero-rating" — has the potential to help consumers get more use out of their monthly data plans. But critics have alleged that such arrangements can put smaller businesses at a disadvantage, particularly if they cost them money, and could tilt the online marketplace toward larger, more powerful companies.

Determining which side is right is up to the FCC, whose recent net neutrality rules empower it to examine carriers' practices on a case-by-case basis. AT&T and T-Mobile have long experimented with zero-rating. Verizon said this month that it would soon begin a limited trial of sponsored data, which could roll out more widely next year. Comcast has said that its own, proprietary streaming TV service — appropriately named Stream TV — will not count against consumers' data caps if they have one.

Comcast said Thursday that it is "happy to cooperate" with the FCC's fact-finding mission.

"We are reviewing the letter and will respond as appropriate," said Michael Balmoris, a spokesman for AT&T. "We remain committed to innovation without permission and hope the FCC is, too."

T-Mobile said it is looking forward to talking to the FCC about its zero-rating program.

"We believe it is absolutely in line with net neutrality rules," said Tim O'Regan, a company spokesman.
https://www.washingtonpost.com/news/...ponsored-data/





Now Merged, AT&T and DirecTV Raise TV Rates in Perfect Unison
Karl Bode

Directly on the heels of AT&T raising prices for AT&T U-Verse customers, now AT&T-owned DirecTV is not-coincidentally rolling out some new price hikes of its own. Several DirecTV users this week wrote in to say they've been receiving e-mails from DirecTV directing them to this memo and pricing detail sheet posted to the DirecTV website. The website and e-mail note that most base packages, channel bundles, and premium channels will be seeing price hikes ranging from $2 to $8 per month.

The company says it's also raising its "TV fee," which the DirecTV website states "allows us to keep our monthly fees low." Users will also be seeing a slight bump in their regional sports network fees.

"Exceeding your expectations is at the core of everything we do," DirecTV (AT&T) tells its customers. "And we understand that getting maximum value is a top priority, which is why we work diligently to keep costs under control. However, due to higher costs of programming, an adjustment in the price of our programming packages is necessary."

You may recall that AT&T justified their $69 billion acquisition of DirecTV by claiming their combined market power would result in more leverage in programming negotiations and lower costs. Cost savings that pretty clearly won't be getting passed on to consumers. Rate hikes for both AT&T U-Verse and DirecTV customers will take effect January 28.

Again, you can find the full breakdown of all DirecTV rate hikes here (pdf).
https://www.dslreports.com/shownews/...-Unison-135907





Inside Netflix’s Plan to Boost Streaming Quality and Unclog the Internet (Exclusive)

The company is on a quest to re-encode its entire catalog
Janko Roettgers

Over the past few months, Netflix has dared some of its employees in its Los Gatos offices with a special kind of challenge: Two TVs mounted side-by-side were playing the same TV show episode. One was coming straight from Netflix’s existing service, the other was based on a new bandwidth-saving technology that the company has been working on for four years. Anyone capable of pointing out the difference could win a bottle of champagne. But in the end, even eagle-eyed employees had to give up, and the prize went unclaimed.

Encouraged by these results, as well as months of additional testing, Netflix now has begun to embark on one of the biggest changes to its streaming technology since it launched its online video service in 2007. If all goes according to plan, the switch could help consumers get better-looking streams while also saving up to 20 percent of data — which is significant in North America, where Netflix usage single-handedly accounts for more than a third of all data consumed during peak times, and an even bigger deal in all those countries with relatively slow internet speeds that the company is looking to enter in 2016.

‘My Little Pony’ Is Not the Same as ‘The Avengers’

Netflix has been working on this new technology since 2011, when members of its video algorithms team realized that they had gotten it all wrong. Like practically everyone else in the online video world, Netflix had been preparing its video files for streaming based on the bandwidth available to consumers. Some Netflix subscribers were accessing the service with slow DSL connections, others had faster cable connections, and a lucky few were already online with super-fast fiber speeds.

Based on these use cases, Netflix’s video algorithms team had developed a number of quality levels, or recipes, as they’re called in the world of video encoding. Each video file on Netflix’s servers was being prepared with these same recipes to make multiple versions necessary to serve users at different speeds. At the lowest end was a file encoded with a bitrate of 235 kbps, which would work even on very slow connections, but also only deliver a resolution of 320 by 240 pixels. Somewhere in the middle was a 1750 kbps file for a resolution of 1280 by 720, and the best quality was a 5800 kbps version for a great-looking 1080p experience.

Netflix’s service has been dynamically delivering these versions based on a consumer’s bandwidth needs, which is why the quality of a stream occasionally shifts in the middle of a binge-watching session. But across its entire catalog of movies and TV shows, the company has been using the same rules — which didn’t really make sense. “You shouldn’t allocate the same amount of bits for ‘My Little Pony’ as for ‘The Avengers,’” explained Netflix video algorithms manager Anne Aaron.

That’s because a show like “My Little Pony” is not at all like the ‘Avengers’ — especially to a computer in charge of preparing media files for streaming. Animated shows like “My Little Pony” can be reproduced with relatively little data. An animated sky, for example, tends to be filled with the same shade of blue, and an animated pony that just stands around talking isn’t very complex to a computer either. The “Avengers” on the other hand is full of fast-paced action, which plays out in front of cityscapes and other environments with lots of visual details. And, of course, explosions, rubble, smoke, and lots of it. Or as video engineers like to call it: noise. “Noise is hard to encode,” said Aaron.

It’s a much more complex movie, at least from a purely visual perspective. This means that Netflix’s encoding servers have to work a lot harder to get it down to the same file sizes as they do with “My Little Pony,” leading to more compression and possibly more visible artifacts at low bitrates. That’s why in 2011, Netflix’s video algorithm engineers realized that they shouldn’t apply the same encoding rules to these two very different titles. “A one-size-fits-all model doesn’t give you the most optimal quality,” said Aaron.

Instead, they decided that each title should get its own set of rules. This allows the company to stream visually simple videos like “My Little Pony” in a 1080p resolution with a bitrate of just 1.5 Mbps. In other words: Even someone with a very slow broadband or mobile internet connection can watch the animated show in full HD quality under the new approach. Previously, the same consumer would have just been able to watch the show with a resolution of 720*480, and still used more data.

But Netflix’s new per title approach doesn’t just improve things for animated TV shows. Fans of other fare are also set to benefit, and see significant bandwidth savings when streaming the highest quality 1080p video. Netflix’s video algorithms team set up a test for Variety in its offices in Los Gatos last week, streaming two episodes of “Orange is the New Black” in 1080p on two TVs mounted side-by-side, similar to the tests the company has been doing with its employees. The images on both TVs looked virtually identical — but one streamed with 5800 kbps, using Netflix’s legacy encoding scheme, whereas the other displayed the show with 4640 kbps. The difference? 20 percent in bandwidth savings.

Each episode of a TV show can have different settings

Over the past couple of years, Netflix’s video algorithm engineers have worked on perfecting this more flexible approach towards video encoding. Initially, they assumed that they would just have to categorize all of their titles to develop new encoding rules for animated shows, action movies, slow indie dramas and so forth. But they quickly realized that no two indie movies are alike, and that there can even be considerable visual differences within a season of the same TV show. “Each episode could be very different,” said Aaron. The result is a true title-by-title approach, where every single movie and TV show episode gets its own encoding settings.

In recent months, Netflix has been silently testing the new encoding scheme by sending out streams with new and improved bitrates and resolutions to randomly selected customers. The company did keep a close eye on completion rates and streaming duration, but it also wanted to make sure that all devices out in the field were able to deal with the new bitrates.

Separately, Netflix has been testing the new and improved videos in person both with its own employees as well as with a number of customers. And earlier this month, Netflix quietly added a first batch of videos encoded with the new per-title approach to its catalog. Beginning with some of the most popular videos, the company aims to have a thousand re-encoded titles in its catalog by the holidays, and complete the entire process by the end of Q1 2016.

Movies are re-encoded while you’re asleep

This whole endeavor couldn’t have been possible without some considerable technical advances. First of all, Netflix needed a good way to analyze the visual quality of a video file when encoded with different settings. The company doesn’t really talk about the size of its catalog, but it’s fair to assume that the entirety of its catalog, including all TV show episodes, movies and trailers across all of its markets around the world is in the six digits, and new titles are constantly added.

It’s impossible for Netflix’s employees to visually inspect every single one of these videos in all available resolutions and bitrates. That’s why Netflix partnered with researchers at the University of Southern California, the University of Nantes and the UT Austin to develop technology to automate this process.

But knowing which quality would be best for a video and actually redoing Netflix’s entire catalog are still two very different things. The company has been using two tricks to make this approach even more efficient and prepare itself for the massive re-encoding project: It cuts every title into numerous slices, making it possible for multiple servers to crunch away on it at the same time, significantly speeding up encoding.

Netflix has long used cloud computing instead of its own data centers to run its service, and the encoding is also done on Amazon’s web services. However, the sheer amount of computing power necessary for a redo of its entire catalog is still significant, even in a cloud world where capacity can be added on demand. That’s why Netflix is shifting around its encoding jobs on the server instances it rents from Amazon to make use of any idle time. Netflix’s Amazon servers may help you to binge on “Jessica Jones” in the evening, but at night, when everyone is asleep, those very same servers are busy re-encoding the company’s catalog.

New markets require better-looking videos at lower speeds

Netflix’s new per-title approach is good news for its subscribers, who now get to watch many of the service’s videos with a better quality while saving bandwidth at the same time. But it could be an even bigger deal for phone and cable companies and the internet at large.

Netflix is now responsible for 37 percent of all internet traffic going into people’s homes in North America during those peak times when everyone is in front of their TVs, according to recent data from Sandvine. Reducing that amount of data by up to 20 percent could help to alleviate internet bottlenecks. “We want to be good stewards of the internet,” said Aaron.

Netflix’s impact on the internet has been a bit of a touchy subject in the past. Cable companies like Comcast and Time Warner Cable wanted Netflix to reimburse them for sending so much traffic to their customers. Netflix argued that this would amount to double billing because those customers are already paying for their service. The internet companies disagreed, and a public stand-off temporarily led to Netflix speeds going down for many customers. In the end, Netflix gave in and agreed to pay up. But as the company is expanding around the world, similar issues are likely to pop up again. Anything that helps Netflix to slow down the growth of its traffic is likely going to make things a lot easier for the company.

What’s more, many of Netflix’s future markets have much slower internet speeds. Netflix has said that it wants to be in all countries around the world by the end of 2016. Expanding to India, Africa and the Middle East in many cases means taking a mobile-first approach, or dealing with much slower wired internet speeds. Both will benefit significantly from the new encoding scheme, which will allow Netflix to deliver better-looking videos at slower speeds.

Once Netflix’s video algorithms team is done with re-encoding the existing catalog, it already has a number of new challenges ahead. There is 4K, and there are a number of other ways to improve image quality, including higher frame rates and HDR.

And then there is another crazy idea that could require the company to re-encode the entire catalog all over again: After finding the best setting for each single video, Aaron’s team is now thinking about even encoding each scene of a movie or TV show with different settings to account for higher information density during fight scenes and lower demands during slow moments of introspection.

For Netflix employees, this could mean more chances to finally win that unclaimed champagne bottle.
https://variety.com/2015/digital/new...ty-1201661116/





Alexandria vs LBRY - Which Will be the File Sharing Application of the Next Generation?
Luke Parker

BitTorrent is starting to show it's age. Not only is it less user-friendly than people have come to expect in a media-consumption application these days, but better network infrastructure like IPFS is starting to become available, which is capable of much faster downloads.

Although BitTorrent is more popular than ever, so are the paid services that it competes with, like Netflix and Hulu. These newer services are easy to use, and download times are so good that we often forget that they're downloading at all.

Since there is clearly a market for users that appreciate super-simple interfaces and no waiting, more than they do free content, several developers are trying and improve upon the whole concept of file sharing, doing whatever it takes to make it as smooth and speedy as possible.

Now that cryptocurrencies are in the mix, there's also the added third dimension of publishing to consider. File-sharing systems like BitTorrent always lacked the ability to pay for downloads, up until a recent project called JoyStream. The service was the first of it’s kind, incentivizing torrents with bitcoin. Unfortunately, the project still isn't finished, and it still looks a lot like BitTorrent by dealing with tracker links.

Authors, directors, and artists who would like to use this kind of platform to sell their content will likely find that the potential viewership is no larger than the current viewership available through BitTorrent. They can also make much more money selling their content through iTunes or Amazon, even while paying the listing fees, at least for now.

Some of these problems prompted the developers behind Alexandria and LBRY to step up and create their next-generation publishing platforms. Both are fully decentralized applications, that accept bitcoin for content, and make it easier than ever to find the content you're looking for. Both have far higher speeds than the old BitTorrent network, providing instant streaming of even high-definition video, much like Netflix does.

Both allow the sharing of any type of file or media, and have redesigned the ugly 'tracker' system from BitTorrent. This does away with the need for tracker websites that can be taken down, like the Pirate Bay. Both allow for cryptocurrency payments to access content, which allows publishers to start seriously considering using either of these platforms to sell their content through. Unfortunately, both are also unfinished, and neither supports TOR for user privacy yet.

Alexandria was the first to go public, back in April. Their client application is already working, on multiple operating systems, but there is very little content on it yet, and the upload process is still incomplete.

What it does offer is a dashboard that is far prettier and more useful than anything BitTorrent ever had:

Once connected to the peer-to-peer network, the search bar and filters can find any media shared across the network. Since it uses IPFS to store the files, it always chooses the shortest path between you and a copy of the file that you're looking for. The result is media that can start playing the second you hit one of those play buttons.

Alexandria allows all kinds of free and paid content, and paying tiny fractions of a bitcoin for other users to seed the content makes it easily accessible. You can also store (seed) it locally too, for free.

Where it gets really interesting is when you want to charge for your content. There will be many options for people to demo and buy content, such as a free option to hear a few seconds of a song, a set price for a high-quality stream but no download, and then separate prices for downloads at different qualities. You can also elect to let people consume your content if they agree to download and seed your content for a certain period of time, an option called “pin to play.”

Although Bitcoin is the primary currency used by Alexandria, the system has also integrated the cryptocurrency florincoin. Florincoin's blockchain allows for more data storage per transaction than the bitcoin blockchain, so they use it to store the content index data, the pointers telling your application where the file you're searching for is kept.

It turns out that this information was a little too large to keep on the bitcoin blockchain, which left them with the painless choice of adding another currency to Alexandria, and they've done so well; even adding a florincoin wallet and the ability to trade bitcoins for florincoins in the app with no fees.

Although there is no official word on how Alexandria will deal with the piracy of copyrighted content, the developers of this open source application appear to have no love for Intellectual Property laws. At the same time, they currently have no plans to support TOR for anonymity either.

You can browse Alexandria's content right now, without downloading anything, by visiting here, and if you want to help beta test it, the download site is here. Although the official release date hasn't been named yet, the developers have said that testers will be able to upload their own content very soon.

Meanwhile, LBRY, pronounced “library,” arrived in September, and the dev team recently released a working client application, although only for Linux users.

The LBRY system is very different from Alexandria and BitTorrent, including the fact that it has its own blockchain to mine. The platform also encrypts all content, letting the publisher hold onto the private key, while the public key allows you to view the content, and can be sold or given away for free.

Perhaps the most interesting difference is the naming system, which works a lot like the internet's Domain Naming System (DNS).

In much the same way you would register a domain name for your website that starts with an “http://”, in LBRY, you would register a name for each piece of content that you want to share, and those start with “lbry://”.

The idea is that web browsers will eventually read those links automatically, so that you can simply click on an URL like “lbry://wonderfullife” in order to watch the movie 'It's a wonderful life.”

While at first this reservation only naming convention appears to create issues with the ownership of a lbry:// name, the LBRY team very carefully built this feature upon the Nobel-prize winning theory of economist Ronald Coase, in order to derive the most efficient price point possible for delivering the correct content to each viewer.

Unfortunately, it appears that this efficient price will not be paid for in bitcoins. LBRY's founders have decided to use an alternative cryptocurrency called “Library credits” (LBC). The projects Director, Jeremy Kauffman, told Brave New Coin “our entire ability to exist as a company involves LBRY credits holding value.”

There are three different ways to earn LBC in the system. Hosts can provide disk space for other people's encrypted chunks of content, while Miners can secure balances and metadata. Publishers should earn the most, if they have high-quality content that others are searching for, and charge an efficient fee to view it.

Piracy of copyrighted content is handled in much the same was as Alexandria. The application is open source, with no central party to fine, but they are taking every step they can to avoid copyright lawsuits being flung their way, and have already hired an IP lawyer.

Linux users can get their hands on LBRY here, and at the time of this writing, you can even earn 1,000 LBC for testing it out and telling their developers how it worked for you.

Both Alexandria and LBRY have their strengths and weaknesses, and perhaps both will find a niche and thrive. Without accepting bitcoins, however, LBRY could have a very hard time convincing users to buy and use an additional currency. Meanwhile, Alexandria has a clear lead in development. No matter which succeeds, we can all look forward to new ways for publishers to distribute content.
http://bravenewcoin.com/news/alexand...xt-generation/





Copyright Tribunal Slaps Pandora with 20 Percent Rate Increase

A little-known panel of judges determines what Internet radio must pay.
Joe Mullin

Internet radio services like Pandora will have to pay more to artists and their representative groups, according to a decision released today by the Copyright Royalty (CRB). The basic per-song rates paid by Pandora will go from $.0014 per song, or 14 cents per 100 songs played, to $.0017. That's slightly more than a 20 percent increase.

The $.0017 rate will remain in effect for all of 2016 and then may increase according to the Consumer Price Index, a common measure of inflation, through 2020. At that point, the CRB will make another rate decision.

Today's decision resolves a long legal fight in which Pandora was asking to pay a lower rate of $.0011. SoundExchange, which distributes money to record labels and artists, wanted the rate to nearly double to $.0025 per stream.

The decision applies to all Internet radio providers, of which Pandora is the largest. Its competitors like iHeartRadio will have to pay the same rate.

The CRB is a little-known three judge panel that makes decisions critical to the economics of Internet radio. Currently, Pandora pays a bit more than a tenth of a penny for each track that gets streamed: again, $.0014 per stream or 14 cents per 100 songs played.

The $.0017 rate will only apply to "non-subscription" services—Pandora's basic ad-supported radio, in other words. A higher rate of $.0022 will apply for Pandora subscribers, who don't hear ads, and other "subscription" services. Pandora has said about 95 percent of its listeners choose the free ad-supported option.

The copyright decision doesn't apply to online music services where users can choose songs, like Spotify or Apple Music. Those services negotiate rates directly with the music labels. It's only "non-interactive" radio-like services that have rates determined by the Copyright Royalty Board.

Nearly half of Pandora's revenue already goes to paying copyright royalties, most of that going to record labels. The company's executives and lawyers have argued it can't afford to pay more. The company competes with terrestrial radio, which pays nothing at all to musical performers or record labels, an exemption that the music industry has been fuming about and trying to change for a long time.

Pandora Chief Financial Officer Michael Herring told the The New York Times last week that he expected the judges to "come out with a rate that is reasonable, that is in the ballpark of about what Pandora is paying today."

The market reacted well to the moderate increase, with Pandora stock up 19 percent in after-hours trading.

The CRB will release a full written determination explaining the ruling only after the parties have had a chance to review it and scrub out confidential information from the public version.

Pandora's high royalty payments haven't stopped it from making major acquisitions lately. Last month, it purchased the assets of erstwhile competitor Rdio for $75 million. In October, Pandora bought ticket purveyor Ticketfly for $450 million.

The Internet radio company recently made a concession in another legal dispute when it agreed to pay $90 million to record labels for streaming pre-1972 songs. Those songs aren't covered by federal copyright, but copyright owners successfully made the argument that the older tunes still require payment under various state-level copyrights.

UPDATE: Pandora has put out a press release responding positively to the rate assessment. “This is a balanced rate that we can work with and grow from. The new rate structure will enable continued investment by Pandora to drive forward a thriving and vibrant future for music,” said Pandora CEO Brian McAndrews. "This decision provides much-needed certainty for both Pandora and the music industry. We are moving full-steam ahead with our ambitious plan to continue to build the world’s most powerful music discovery platform."

The Pandora response also notes that the subscriber rate actually went down from $.0025 to $.0022, so Pandora's "blended" rate increased by about 15 percent.
http://arstechnica.com/tech-policy/2...rate-increase/





Comcast to Pay $26 Million for Illegally Dumping Old Equipment
Bob Egelko

Comcast has agreed to pay nearly $26 million to settle claims by the state and Alameda County that the company routinely and illegally dumped hazardous electronic equipment into local landfills and failed to shred records that contained customers’ names, addresses and phone numbers.

Investigators found that since 2005, the cable company’s dispatch and warehouse facilities throughout California had been sending used remote controls, modems, amplifiers and other electronic gear to landfills that were not supposed to receive them, Attorney General Kamala Harris’ office said Tuesday in announcing the settlement. The refuse also included sensitive customer information that should have been shredded first, Harris’ office said.

“Comcast’s careless and unlawful hazardous waste disposal practices jeopardized the health and environmental well-being of California communities and exposed their customers to the threat of identity theft,” Harris said in a statement.

She said Comcast had cooperated since being notified of the investigation in 2012 and improved its disposal practices, while agreeing to hire an independent auditor to monitor its compliance over the next five years.

“We have devoted considerable time and resources toward our environmental compliance and have taken a number of steps to improve our practices,” said Comcast spokesman Bryan Byrd.

Harris and Alameda County District Attorney Nancy O’Malley have won settlements against several California retailers over their disposal of electronic wastes and other hazardous materials. Their cases include a $23.8 million settlement with AT&T last year and a $16.6 million agreement with Walgreens in 2012.

The Comcast settlement includes $19.85 million in civil penalties and costs, $3 million to fund environmental and consumer protection and enforcement, $2.4 million for public service announcements on proper waste disposal over four years, and at least $700,000 to improve the company’s practices.

The settlement awaits approval by an Alameda County Superior Court judge.
http://www.sfgate.com/bayarea/articl...ng-6703107.php





Music Publisher Gets $25 Million Jury Verdict Against Cox in Trailblazing Piracy Case

The Internet service provider loses a closely watched trial in Virginia.
Eriq Gardner

On Thursday, a federal jury in Virginia delivered a $25 million verdict in favor of BMG Rights Management against Cox Communications in a landmark piracy case that tested an Internet service provider's responsibilities for the copyright infringing actions of its users.

The verdict came after a weeklong trial set in motion after U.S. District Judge Liam O'Grady denied summary judgment for Cox, ruling in November that the ISP's failure to reasonably implement a repeat-infringer policy meant it couldn't have safe harbor under the Digital Millennium Copyright Act. Today's decision could make it more likely that in the future, copyright pirates are kicked off the Internet.

BMG, which controls rights to works by David Bowie, Bruno Mars, Frank Ocean and many other artists, brought the lawsuit after its agent Rightscorp found Cox to be less than cooperative in attempts to send demand letters to individual pirates. BMG objected to what it called Cox's "under the table policy purporting to terminate repeat infringers while actually retaining them as high-speed Internet customers."

Although Rightscorp detected 1.847 million instances of infringement and collected more than 150,000 copies of copyrighted works downloaded directly from Cox subscribers, according to testimony presented at trial, there was 1,397 copyrighted works in contention in the lawsuit.

That means that the $25 million verdict amounts to about $18,000 for each song infringed.

According to the verdict form (read here), the jury found Cox liable for contributory copyright infringement after also finding the plaintiff proved that Cox's users used the service to directly infringe the copyrights. Notably, the jury also ruled that Cox's infringements were willful. The ISP was able to beat back a separate claim for vicarious infringement. The judge allowed the case to be determined by the jury after denying the parties' motions for judgments as a matter of law.

The judge's earlier pre-trial rulings seem likely to be appealed as the case has been closely watched by leading entertainment industry trade associations and other tech companies with the potential of shaping how ISPs deal with copyright abuses on their systems.

Cox is also facing a lawsuit from its insurer aiming to escape the tab in this BMG case due to "Cox's business policy and practice of ignoring and failing to forward infringement notices and refusing to terminate or block infringing customers' accounts."

BMG was represented by attorneys at Steptoe & Johnson. Partner Michael Allan, who served as lead counsel, says, "We believe this decision sends a message to ISPs that they have a responsibility to act upon and limit the massive copyright infringement using their networks that has been brought to their attention by copyright owners."
http://www.hollywoodreporter.com/thr...million-849829





Court Throws Out Dallas Buyers Club Piracy Case
Harry Tucker

A scene from the Oscar-winning film Dallas Buyers Club Photo Credit: Anne Marie Fox / Focus Features

The Federal Court has dismissed an attempt by a major film studio to access the private details of thousands of iiNet customers who they believed had illegally shared copies of the movie Dallas Buyers Club.

Justice Nye Perram dismissed the Dallas Buyers Club LLC case against iiNet entirely unless an appeal is made by February 16, in a potentially landmark ruling on movie piracy in Australia.

DBC LLC had been attempting to get the names of over 4000 iiNet account holders it was accusing of illegally sharing the Dallas Buyers Club film.

Dallas Buyers Club LLC was originally granted access in April to the 4726 iiNet account holders that have been accused of sharing the film over torrent networks. However Justice Perram put a stay on the order until the studio satisfied him with how they would communicate the alleged infringement to account holders and paid a $600,000 bond.

His biggest fear was a tactic known as speculative invoicing, where the company issues a demand for a sum of money that is often much more than they are actually owed and threaten legal action if the money isn’t paid. The alleged offender usually has no idea what they owe and pay the money to avoid legal costs.

DBC LLC eventually came back in August with their proposed method of communication, including a letter and a telephone call where they would ask for personal details of the offender, including their annual salaries. They would then seek damages for the following:

– The cost of a single copy of the film had it been authentically downloaded;
– A claim for an amount based on each person who had accessed the uploaded film;
– A claim for punitive damages depending on how many copies of non-DBC copyrighted works had been downloaded by each infringer;
– and a claim for damages relating to the costs of obtaining to user’s details.

Justice Perram refused to lift the stay and gave new conditions, including the need to pay a $600,000 bond for access to the account names.

Last week the company claimed it would now only ask for the cost of an individual license fee, as well as damages for its court costs. They also said they would also only pay $60,000 bond in exchange to having access to just 472 names initially.

Each person would have received the same claim amount, rather than claim based on individual circumstance proposed before.

However, DBC LLC was trying to claim costs for a worldwide non-exclusive distribution agreement, which Justice Parram did not agree on, writing in his judgement:

That factual debate was whether any BitTorrent infringers would have sought to negotiate a worldwide non-exclusive distribution agreement with DBC to authorise their uploading activities or whether infringers would have pursued other courses of action, for example, whether instead they would have rented the Film and paid $4.99 for the pleasure. On this factual question, I concluded that DBC’s contention was wholly unrealistic; indeed, I went so far as to describe it as ‘surreal’.

After ruling that the the license fee requests, as well as damage costs were unrealistic, Justice Parram said, ““Some finality must now be brought to these proceedings.”

“What I will do is make a self-executing order which will terminate the proceedings on Thursday 11 February 2016 at noon, unless DBC takes some step before then,” it was then ruled.
http://www.businessinsider.com.au/co...y-case-2015-12





Congress Drops All Pretense: Quietly Turns CISA Into A Full On Surveillance Bill
Mike Masnick

Remember CISA? The "Cybersecurity Information Sharing Act"? It's getting much, much worse, with Congress and the administration looking to ram it through -- in the process, dropping any pretense that it's not a surveillance bill.

As you may recall, Congress and the White House have been pushing for a "cybersecurity" bill, for a few years now, that has never actually been a cybersecurity bill. Senator Ron Wyden was one of the only people in Congress willing to stand up and directly say what it was: "it's a surveillance bill by another name." And, by now, you should know that when Senator Wyden says that there's a secret interpretation of a bill that will increase surveillance and is at odds with the public's understanding of a bill, you should to listen. He's said so in the past and has been right... multiple times.

Either way, a version of CISA passed the House a while back, with at least some elements of privacy protection included. Then, a few months ago it passed the Senate in a much weaker state. The two different versions need to be reconciled, and it's been worked on. However, as we noted recently, the intelligence community has basically taken over the process and more or less stripped out what few privacy protections there were.

And the latest is that it's getting worse. Not only is Congress looking to include it in the end of year omnibus bill -- basically a "must pass" bill -- to make sure it gets passed, but it's clearly dropping all pretense that CISA isn't about surveillance. Here's what we're hearing from people involved in the latest negotiations. The latest version of CISA that they're looking to put into the omnibus:

1. Removes the prohibition on information being shared with the NSA, allowing it to be shared directly with NSA (and DOD), rather than first having to go through DHS. While DHS isn't necessarily wonderful, it's a lot better than NSA. And, of course, if this were truly about cybersecurity, not surveillance, DHS makes a lot more sense than NSA.

2. Directly removes the restrictions on using this information for "surveillance" activities. You can't get much more direct than that, right?

3. Removes limitations that government can only use this information for cybersecurity purposes and allows it to be used to go after any other criminal activity as well. Obviously, this then creates tremendous incentives to push for greater and greater information collection, which clearly will be abused. We've just seen how the DEA has regularly abused its powers to collect info. You think agencies like the DEA and others won't make use of CISA too?

4. Removes the requirement to "scrub" personal information unrelated to a cybersecurity threat before sharing that information. This was the key point that everyone kept making about why the information should go to DHS first -- where DHS would be in charge of this "scrub". The "scrub" process was a bit exaggerated in the first place, but it was at least something of a privacy protection. However, it appears that the final version being pushed removes the scrub requirement (along with the requirement to go to DHS) and instead leaves the question of scrubbing to the "discretion" of whichever agency gets the information. Guess how that's going to go?

In short: while before Congress could at least pretend that CISA was about cybersecurity, rather than surveillance, in this mad dash to get it shoved through, they've dropped all pretense and have stripped every last privacy protection, expanded the scope of the bill, and made it quite clear that it's a very broad surveillance bill that can be widely used and abused by all parts of the government.

There is still some hesitation by some as to whether or not this bill belongs in the omnibus bill, or if it should go through the regular process, with a debate and a full vote on this entirely new and different version of CISA. So, now would be a good time to speak out, letting your elected officials and the White House know that (1) CISA should not be in the omnibus and (2) that we don't need another surveillance bill.

In the meantime, if Congress were actually serious about cybersecurity, they'd be ramping up the acceptance and use of encryption, rather than trying to undermine it.
https://www.techdirt.com/articles/20...nce-bill.shtml





Congress Approves Surveillance Legislation Tucked Into Budget Package

Obama signs bill that one senator says has "unacceptable surveillance provisions."
David Kravets

Congress on Friday adopted a $1.15 trillion spending package that included a controversial cybersecurity measure that only passed because it was slipped into the US government's budget legislation.

House Speaker Paul Ryan, a Republican of Wisconsin, inserted the Cybersecurity Information Sharing Act (CISA) into the Omnibus Appropriations Bill—which includes some $620 billion in tax breaks for business and low-income wage earners. Ryan's move was a bid to prevent lawmakers from putting a procedural hold on the CISA bill and block it from a vote. Because CISA was tucked into the government's overall spending package on Wednesday, it had to pass or the government likely would have had to cease operating next week.

Sen. Ron Wyden, a Democrat of Oregon, said the CISA measure, which backers say is designed to help prevent cyber threats, got even worse after it was slipped into the 2,000-page budget deal (PDF, page 1,728). He voted against the spending plan.

“These unacceptable surveillance provisions are a black mark on a worthy package that contains the biggest tax cut for working families in decades, an accomplishment I fought for in weeks of negotiations,” Wyden said in a statement. “Unfortunately, this misguided cyber legislation does little to protect Americans’ security and a great deal more to threaten our privacy than the flawed Senate version. Americans demand real solutions that will protect them from foreign hackers, not knee-jerk responses that allow companies to fork over huge amounts of their customers’ private data with only cursory review."

The CISA part of the spending package gives corporate America legal immunity when sharing consumers' private data about hacks and digital breaches with the Department of Homeland Security. The DHS can then funnel that information to other agencies, including the NSA and FBI, which can use that information for surveillance purposes.

Rep. Justin Amash, a Republican of Michigan, said the CISA language was tucked into the spending package to keep members of Congress in the "dark."

The President Barack Obama administration said he would sign the spending bill. The CISA language lines up with the president's priorities, which include a mandate that private companies take "reasonable efforts" to remove personal information unrelated to a cyber threat.

Rep. Zoe Lofgren, a Democrat from California, voted against the spending plan. "I was unable to vote for the Omnibus spending bill today because it included an extraneous provision purported to facilitate cybersecurity information sharing that—in effect—will function as a surveillance tool," she said in a statement.

The House voted Friday 316 to 113. The Senate later voted 65-33.

The National Retail Federation applauded the spending bill's passage, including the CISA provisions.

"Sharing information on cyber threats will create an atmosphere of community vigilance that will ensure that consumers' sensitive data is kept safe,” David French, the group's spokesman said.
http://arstechnica.com/tech-policy/2...udget-package/





Carly Fiorina Says Government Needs a Way to 'Work Around' Encryption
Patrick Howell O'Neill

Carly Fiorina wants the government to be able to "work around" encryption to aid intelligence agencies and law enforcement in thier investigations, she told Breitbart News on Monday.

The Republican presidential candidate and former HP CEO shifted the focus of her campaign to national security two days before the last Republican debate of 2015.

"One of the places we need help is to deal with all of these encrypted communications," she said. "You can’t outlaw encryption. Encryption protects American consumers from identity theft, and all the rest of it. But we have to be able to work around it where necessary to give our investigators the information they need. I’d ask the private sector’s help in that."

Senior U.S. officials and lawmakers recently reignited the debate over encryption in the wake of terrorist attacks in Paris, California, and elsewhere that have been linked to the Islamic State. No evidence has been presented linking encryption to those attacks, but congressional committees are preparing encryption hearings, and officials like FBI Director James Comey are saying that tech companies can do more to help investigators.

None of the people pushing for so-called "backdoors" in encryption will say that they want to "outlaw" strong encryption entirely, but some, like Sen. Dianne Feinstein (D-Calif.) and Sen. Richard Burr (R-N.C.), are seeking ways to "pierce" encryption for investigative purposes.

Encryption is the technology that encodes data so that only authorized parties can read it. You encounter encryption every day when you log into bank and email accounts through secured (HTTPS) connections, as well as when you buy products on ecommerce sites like Amazon.

Fiorina and some senior law-enforcement officials strongly object to the new "end-to-end" encryption protecting Apple iOS and Android devices. Both Google and Apple have begun enabling this unbreakable encryption by default, locking away users' data from even the phone and software manufacturers.

Tech companies, security engineers, and privacy advocates fiercely reject attempts to backdoor encryption, arguing that proposals to "pierce" it will make the entire Internet far less safe. This debate is known as the "crypto wars."

Many civil-liberties groups point out that, even if Congress passes anti-encryption legislation, that will not solve the problem, because, as Comey himself admitted last week, "Encryption is always going to be available to the sophisticated user.”

Fiorina recognized this dilemma. “We need to engage the private sector in an unprecedented way again because we’re at war of a different kind,” she said. “I know this community. I know this industry. I know these people. I will engage them.”

Comey told Congress last week that the FBI is discussing encryption with the tech industry, warning them about the "public safety and national security risks" of encryption.

Fiorina enters Tuesday night's Republican debate in sixth place, according to most national polls, in a marked decline from her brief rise and fall in September.
http://www.dailydot.com/politics/car...pto-wars-2016/





Law Enforcement is Using a 226-Year-Old Law to Force Tech Companies to Unlock Mobile Phones

The government is increasingly relying on an 18th-century law to compel third parties to unlock mobile devices and circumvent an important public debate about its right to do so.
Eliza Sweren-Becker, Esha Bhandari

The ACLU, along with the ACLU of Northern California and the Stanford Center for Internet and Society, filed a Freedom of Information Act request today seeking records related to the government’s use of the All Writs Act to force device manufacturers to unlock mobile devices and give law enforcement access to the data stored on them. We filed this FOIA request so that the public can know the full extent of the government’s use of this statute to seek such extraordinary authority.

After years of secrecy, the battle over when law enforcement can force device manufacturers and other technology companies to bypass the security measures on their products is finally playing out in court. Last month, Apple challenged the government’s attempt to get a court order compelling Apple to unlock and make available personal data stored on a passcode-protected iPhone. The government argued that the All Writs Act authorizes such an order, but as we argued in an amicus brief we filed, it does no such thing. The All Writs Act permits a court to issue an order to give effect to a prior lawful order or an existing grant of authority, and has been used for such things as ordering a prisoner be brought before a court. The Act does not allow a court to invest law enforcement with investigative tools that Congress has not authorized — like the extraordinary and unconstitutional conscription of a third party into obtaining information the third party does not possess or control.

While the power the government seeks in Apple’s case is troubling, it’s even more troubling to consider that the government, by its own admission, has invoked it successfully in at least 70 cases.

We know little to nothing about those 70 cases, which is why we’re filing the FOIA request. The government has sought individual, often sealed orders in unrelated cases, creating a patchwork of public and non-public documents that are difficult to track down and identify. When we submitted our amicus brief, we were aware of only three cases in which the government had applied for and obtained an order under the All Writs Act to compel a third party to unlock a mobile device. In its brief, the government cited three additional cases in which it had obtained similar orders. But for each case the government cited as a prototypical example of its use of the All Writs Act to compel Apple to unlock a device, the public had little or no notice that the government sought and obtained such an order. Even for the six known cases, many documents — including the government’s reasons and justifications — remain under seal.

This secrecy is especially insidious because the government has used the All Writs Act to get what it wants without regard to the current public debate about whether tech companies should be required to build technological “backdoors” into secure devices. Given that this debate is ongoing and robust, and that even the Obama administration previously publicly shelved its pursuit of legislation mandating the creation of backdoors, law enforcement’s shortcut by way of the All Writs Act should be scrutinized.

The American people deserve to know more about the government’s parallel and largely hidden effort to implement a policy that co-opts technology companies into law enforcement work.
https://www.aclu.org/blog/speak-free...-mobile-phones





Why Governments Lie About Encryption Backdoors
Lauren Weinstein

Despite any firm evidence to suggest that the terrorist attackers in Paris, in San Bernardino, or at the Planned Parenthood center in Colorado used strong (or perhaps any) encryption to plan their killing sprees, government authorities around the planet -- true to the long-standing predictions of myself and others that terrorist attacks would be exploited in this manner -- are once again attempting to leverage these horrific events into arguments for requiring "backdoor" government access to the encryption systems that increasingly protect ordinary people everywhere.

This comes despite the virtual unanimity among reputable computer scientists and other encryption experts that such "master keys" to these encryption systems that protect our financial and ever more aspects of our personal lives would be fundamentally weakened by such a government access mechanism, exposing us all to exploits both via mistakes and purposeful abuse, potentially by governments and outside attacks on our data.

It's difficult -- one might say laughable -- to take many of these government arguments seriously even in the first place, given the gross incompetence demonstrated by the U.S. government in breaches that exposed millions of citizens' personal information and vast quantities of NSA secrets -- and with similar events occurring around the world at the hands of other governments.

But there are smart people in government too, who fully understand the technical realities of modern strong encryption systems and how backdoors would catastrophically weaken them.

So why do they continue to argue for these backdoor mechanisms, now more loudly than ever?

The answer appears to be that they're lying to us.

Or if lying seems like too strong a word, we could alternatively say they're being "incredibly disingenuous" in their arguments.

You don't need to be a computer scientist to follow the logic of how we reach this unfortunate and frankly disheartening determination regarding governments' invocation of terrorism as an excuse for demanding crypto backdoors for authorities' use.

We start with a fundamental fact.

The techniques of strong, uncrackable crypto are well known. The encryption genies have long since left their bottles. They will not return to them, no matter how much governments may plead, cajole, or threaten.

In fact, the first theoretically unbreakable crypto mechanisms reach back at least as far as the 19th century.

But these systems were only as good as the skill and discipline of their operators, and errors in key management and routine usage could create exploitable and crackable weaknesses -- as they did in the case of the German-used "Enigma" system during World War II, for example.

The rise of modern computer and communications technologies -- desktops, smartphones, and all the rest -- have allowed for the "automation" of new, powerful encryption systems in ways that make them quite secure even in the hands of amateurs, and as black hat hacking exploits have subverted the personal data of millions of persons, major Web and other firms have reacted by deploying ever more powerful crypto foundations to help protect these environments that we all depend upon.

Let's be very, very clear about this. The terrorist groups that governments consistently claim are the most dangerous to us -- al-Qaeda, ISIL (aka ISIS, IS, Islamic State, or Daesh), the less talked about but at least equally dangerous domestic white supremacist groups, and others -- all have access to strong encryption systems. These apps are not under the control of the Web firms that backdoor proponents attempt to frame as somehow being "enemies" of law enforcement -- due to these firms' enormously justifiable reluctance to fundamentally weaken their systems with backdoors that would expose us all to data hacking attacks.

What's more -- and you can take this to the bank -- ISIL, et al. are extraordinarily unlikely to comply with requests from governments to "Please put backdoors into your homegrown strong crypto apps for us? Pretty please with sugar on it?"

Governments know this of course.

So why do they keep insisting publicly that crypto backdoors are critical to protect us from such groups, when they know that isn't true?

Because they're lying -- er, being disingenuous with us.

They know that the smart, major terrorist groups will never use systems with government-mandated backdoors for their important communications, they'll continue to use strong systems developed in and/or distributed by countries without such government mandates, or their own strong self-designed apps.

So it seems clear that the real reason for the government push for encryption backdoors is an attempt not to catch the most dangerous terrorists that they're constantly talking about, but rather a selection of "low-hanging fruit" of various sorts.

Inept would-be low-level terrorists. Drug dealers. Prostitution rings. Free speech advocates and other political dissidents. You know the types.

That is, just about everybody EXCEPT the most dangerous terrorist groups that wouldn't go near backdoored encryption systems with a ten foot pole, yet are the very groups governments are loudly claiming backdoor systems are required to fight.

Now, there's certainly a discussion possible over whether or not massively weakening crypto with backdoors is a reasonable tradeoff to try catch some of the various much lower-level categories of offenders. But given the enormous damage done to so many people by attacks on their personal information through weak or improperly implemented encryption systems, including by governments themselves, that seems like an immensely difficult argument to rationally make.

So our logical analysis leads us inevitably to a pair of apparently indisputable facts.

Encryption systems weakened by mandated backdoors would not be effective in fighting the terrorists that governments invoke as their reason for wanting those backdoors in the first place.

And encryption weakened by mandated backdoors would put all of us -- the ordinary folks around the planet who increasingly depend upon encrypted data and communications systems to protect the most intimate aspects of our personal lives -- at an enormous risk of exposure from data breaches and associated online and even resulting physical attacks, including via exploitation from foreign governments and terrorist groups themselves.

Encryption backdoors are a gleeful win-win for terrorists and a horrific lose-lose for you, me, our families, our friends, and for other law-abiding persons everywhere. Backdoors would result in the worst of the bad guys having strong protections for their data, and the rest of us being hung out to dry.

It's time to permanently close and lock the door on encryption backdoors, and throw away the key.

No pun intended, of course.

Be seeing you.

--Lauren--
I have consulted to Google, but I am not currently doing so.
My opinions expressed here are mine alone.

http://lauren.vortex.com/archive/001137.html





Newly Discovered Hack has U.S. Fearing Foreign Infiltration
Evan Perez and Shimon Prokupecz

A major breach at computer network company Juniper Networks has U.S. officials worried that hackers working for a foreign government were able to spy on the encrypted communications of the U.S. government and private companies for the past three years.

The FBI is investigating the breach, which involved hackers installing a back door on computer equipment, U.S. officials told CNN. Juniper disclosed the issue Thursday along with an emergency security patch that it urged customers to use to update their systems "with the highest priority."

The concern, U.S. officials said, is that sophisticated hackers who compromised the equipment could use their access to get into any company or government agency that used it.

One U.S. official described it as akin to "stealing a master key to get into any government building."

The breach is believed to be the work of a foreign government, U.S. officials said, because of the sophistication involved. The U.S. officials said they are certain U.S. spy agencies themselves aren't behind the back door. China and Russia are among the top suspected governments, though officials cautioned the investigation hasn't reached conclusions.

It's not yet clear what if any classified information could be affected, but U.S. officials said the Juniper Networks equipment is so widely used that it may take some time to determine what damage was done.

A senior administration official told CNN, "We are aware of the vulnerabilities recently announced by Juniper. The Department of Homeland Security has been and remains in close touch with the company. The administration remains committed to enhancing our national cybersecurity by raising our cyber defenses, disrupting adversary activity, and effectively responding to incidents when they occur."

Juniper Networks' security fix is intended to seal a back door that hackers created in order to remotely log into commonly used VPN networks to spy on communications that were supposed to be among the most secure.

Juniper said that someone managed to get into its systems and write "unauthorized code" that "could allow a knowledgeable attacker to gain administrative access."

Such access would allow the hacker to monitor encrypted traffic on the computer network and decrypt communications.

Juniper sells computer network equipment and routers to big companies and to U.S. government clients such as the Defense Department, Justice Department, FBI and Treasury Department. On its website, the company boasts of providing networks that "US intelligence agencies require."

Its routers and network equipment are widely used by corporations, including for secure communications. Homeland Security officials are now trying to determine how many such systems are in use for U.S. government networks.

Juniper said in its security alert that it wasn't aware of any "malicious exploitation of these vulnerabilities." However, the alert also said that attackers would leave behind no trace of their activity by removing security logs that would show a breach.

"Note that a skilled attacker would likely remove these entries from the log file, thus effectively eliminating any reliable signature that the device had been compromised," the Juniper security alert said. If encrypted communications were being monitored, "There is no way to detect that this vulnerability was exploited," according to the Juniper security alert.

According to a Juniper Networks spokeswoman's statement, "Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices. We also reached out to affected customers, strongly recommending that they update their systems."

U.S. officials said it's not clear how the Juniper source code was altered, whether from an outside attack or someone inside.

The work to alter millions of lines of source code is sophisticated. The system was compromised for three years before Juniper uncovered it in a routine review in recent weeks.

Juniper said it was also issuing a security fix for a separate bug that could allow a hacker to launch denial-of-service attacks on networks.
http://www.cnn.com/2015/12/18/politi...ack/index.html





EFF, Access Now, and the White House Sat Down to Talk About Encryption: The Details
Rainey Reitman

In the public battle for strong encryption, EFF has championed the voice of everyday Internet users. After all, if we can’t rely on the security of our digital communications, how can the Web continue to grow and thrive?

Now the fight has moved to the Oval Office. EFF, Access Now, over a dozen nonprofits and tech companies, and over 100,0000 concerned Internet users joined forces to ask President Obama to stand up for uncompromised encryption.

We definitely got his attention.

In response, representatives of the White House publicly promised to meet with us and solicited even more feedback from the public. After some crossed wires about the meeting, EFF got in contact with White House representatives and we had a long phone conversation with them on Friday.

Here’s an overview of that conversation: what we said, what they said, and what we asked for. Note that these are just general ideas that were shared, not actual quotes from anybody at the meeting.

Our main concerns

We were very clear with the White House that EFF and Access Now are tired of having the same conversation. We’ve fought long and hard in the courts of law and public opinion to ensure that strong encryption is a mainstay of our networked world, and we’ve been successful. Whatever you call it—“strong” “robust,” or “uncompromised” encryption—it already exists, and it’s here to stay.

And yet, nearly 20 years after EFF’s seminal court case establishing computer code as a form of constitutionally protected speech, the government is still weighing whether and how to force technology companies to create special backdoors. Here is why we urged the White House to put this conversation to bed for good:

Undermining encryption is dangerous and technically infeasible. Leading security experts published a report this year stating emphatically that undermining encryption—whether through a “front door” or a “back door”—would have dire consequences. In fact, doing so would pose “grave security risks, imperil innovation on which the world’s economies depend, and raise more thorny policy issues than we could have imagined when the Internet was in its infancy.”

We went one step further in our conversation with the White House. We called the debate laughable. It is laughable to suggest that you can create a method for legally sanctioned access and decryption of data that could be safe from abuse by hackers and other malicious actors. It is laughable to the technical community, to academics who have studied the issue, and to the ever-growing community of tech-savvy Internet users worldwide.

Undermining encryption would be ineffective. For years, a handful of law enforcement officials have been touting the idea that backdoors would help boost American security. The problem is, they’re wrong. Compromising the security of our communication tools would affect Internet users across the United States and worldwide, and create an online environment none of us could truly trust. But it wouldn’t do much to stop bad actors, who would simply move overseas or avoid products from American companies that may be subject to government pressure.

America is setting the stage for Internet policy worldwide. If we expect privacy and security for Americans’ communications from foreign governments like China and Russia, then we need to lead the way by showing that democratic countries do not force technology companies to build backdoors. After all, if a tech company will create special access for U.S. law enforcement, how will it be able to refuse other governments?

That’s not just theoretical. We have countless examples of foreign governments seeking access to user content, including the communications of American citizens. In fact, EFF is representing one such American seeking to defend the privacy of his communications against the Ethiopian government.

Strong crypto saves lives. It’s true that we need strong crypto to safeguard everything from indiscrete photos to online shopping transactions. But let’s not forget that for many people, strong crypto is a matter of life or death. Activists across the globe rely on uncompromised security to communicate and coordinate in authoritarian regimes, where doing so could risk life, liberty, and the safety of family members. That’s why the U.N. Special Rapporteur for Freedom of Expression has called on states to promote encryption, rather than undermine it.

The State Department has also long recognized that giving people access to strong security is consistent with American values and helps promote democracy inside repressive regimes. That’s why the State Department has promoted and sponsored secure communication tools for years.

Pressure is pressure, whether it’s official or not. FBI Director Comey knows he’ll face an uphill battle in attempting to pass any legislation that would mandate backdoors in our communications. So instead of accomplishing its agenda publicly, law enforcement seems to be using its own backdoors to get backdoors: we’ve heard stories of law enforcement officers putting private pressure on companies to undermine encryption, using overblown rhetoric and unsubstantiated claims around national security.

The fact is, the American people and our elected officials have rejected proposals to mandate backdoors. The FBI and other three letter agencies should heed the democratic process, and not try to pressure companies behind closed doors into undermining encryption on the government’s say-so.

People care about encryption. In talking to the White House, we also made clear that we have seen an outpouring of support and concern from Internet users on this issue. People care about encryption. They care about basic security for the Web and for the tools we use to communicate. Increasingly, Internet users recognize that a threat to encryption is a threat to the future of the Web. We can’t expect people to trust and rely on products that are known to be compromised, and we can’t expect the digital age to thrive when our technology is riddled with government-mandated security vulnerabilities.

The Snowden revelations began a new era for digital privacy. Millions of people are now aware of NSA surveillance of the Internet, and countless people worldwide are aware that American technology companies were implicated in those leaks. There’s a move toward stronger, more secure, end-to-end encryption of communications in transit and full disk encryption of devices. That’s why we’ve seen the growing popularity of secure tools like Signal, tech companies like Apple beefing up security, and newsrooms moving to adopt tools like Secure Drop.

People aren’t just worried about NSA surveillance. Data breaches are a serious concern. In 2015, there have been over 190 data breaches of sensitive consumer records (Social Security numbers and bank account details). The Privacy Rights Clearinghouse tallies 159,374,310 sensitive consumer records exposed this year. These include significant breaches of government systems, like the millions of records of the Office of Personnel Management, which analysts have noted could have been mitigated by basic security hygiene like encryption.

It’s no wonder that over 100,000 people signed the petition demanding Obama stand up for strong encryption. The idea that the Internet ought to be secure is mainstream.

The White House response

Representatives of the White House seemed to listen attentively, but shared little about their thoughts. They maintained that President Obama’s position has not changed in the last few months. While they seemed well aware of our concerns about the technical infeasibility of inserting backdoors, they didn’t necessarily share them. That worried us a great deal.

We have heard that the White House is interested in hearing from others, both members of the Save Crypto campaign as well as everyday Internet users. We’re asking people who care about this issue to speak out using the White House’s online form.

Our requests

We wrapped up the meeting by making a few very specific requests of the White House. We believe the White House is likely to issue an official response to the petition before the end of the year, and we’ll be looking at these 7 criteria to judge that response:

1. The response to the petition should come from the president himself, not from his press staff or others within the administration.
2. The response to the petition should clarify that when the president says he supports “strong encryption,” this includes end-to-end encryption for data in transit, free from any back door, front door, or any other way for any third party—including the service provider itself—to read the content. For data at rest, it means secure encrypted storage that's only accessible to the user. Key escrow, split-key schemes, and other means of allowing third party access are not compatible with “strong encryption.”
3. The response to the petition should state that the president will oppose any legislative efforts to restrict access to strong encryption.
4. The response to the petition should also direct all parts of the executive branch to cease any activities inconsistent with this position.
5. The response to the petition should clarify that while educating companies and working with them to respond to lawful process is to be expected, no part of the executive branch will demand, coerce, pressure, or condition any benefit on a provider designing or modifying a system or tool to permit third party access to content.
6. The response to the petition should state that the president supports the continued efforts by the State Department to support those building cryptographic tools to protect communities facing repression around the world. This could be done as part of continued support for the Internet Freedom position first articulated by Secretary of State Clinton.
7. We believe that the administration should reach out to other groups that supported the petition. While EFF and Access Now were the leaders, there are many other groups who participated and should have the opportunity to give input.

Your voice can make a difference in this debate. Please share your thoughts with President Obama today.
https://www.eff.org/deeplinks/2015/1...yption-details





'I Want to Join the NSA. What Do You Think of That?'

A West Point student told Cory Doctorow that he wants to work in cybersecurity. But is joining the NSA the best way to help improve digital civil rights?
Cory Doctorow

In September, I spent a day at the United States military academy at West Point, an elite, 213-year-old academic institution. I’d been invited to lecture by the Army Cyber Institute, a new academic department that focuses on cybersecurity and policies related to the military implications of attacking and defending electronic infrastructure.

It’s not my usual speaking gig. I grew up as an organiser in the anti-nuclear-weapons movement; my experience of the military mostly revolves around protesting outside bases, not being invited inside them. West Point was the first military audience I’d ever addressed, yet I’d heard that they have used my young-adult novel Little Brother, which concerns net-savvy kids in San Francisco who form an underground movement to resist Homeland Security incursions on civil liberties following a terrorist attack.

West Point is an American oddity: a leafy, ancient (by US standards) campus on a lazy river with academic standards to match any Big Ten or Ivy League university, but with a student body that is far more likely to come from racial minorities and poor people than any of America’s notoriously high-ticket educational institutions. I’ve done teaching stints at American universities where annual tuition ran to $50,000, and the contrasts between the student body at those schools and West Point could be the subject of a dissertation on American history, sociology, race relations or economics.

The school is built in a revolutionary war river fortress. Its stone battlements and vaulted halls filled with ancient cannon and oil paintings of past leaders feel distinctly Commonwealth, similar to the halls of the University of Toronto or Queen’s University in Kingston, Ontario – educational institutions that date back to the era in which Americans and Canadians alike saw themselves as Britons.

My lecture hall featured several hundred young men and women in identical pixellated modern camouflage – a nightmare for someone mildly faceblind like me, who relies upon clothing differences to tell strangers apart. They listened with as much attention as I’d expect from an undergraduate audience – in other words, a few kids in the back fell asleep after a night’s cramming (or, possibly, drinking), while their keener colleagues down front took copious notes and asked good, difficult questions.

The West Point bookstore was much like the bookstores at America’s top academic institutions too, split between selling logoed merchandise to visiting families and textbooks to students, with some discretionary reading around the edges (military biographies and histories featuring heavily here). I signed books for the students, and had each one sign my gift copy of Bugle Notes – a small, hardbound book that new West Pointers are issued upon arrival and expected to commit to memory.

After my lecture I spent an hour in the bookstore, shaking hands with students, discussing their areas of study and their thoughts on my lecture. One kid held back to the very end, and once the others had gone, he approached me with a mixture of shyness and belligerence.

He shook my hand and quietly told me that after graduation he wanted to work for the NSA – and what did I think of that?

I asked him why. He reminded me that I’d just lectured for an hour on the ways that bad tech policy has turned the internet and its connected devices into a potential dystopian nightmare where all of us are vulnerable to attacks to our livelihoods and even our lives. He’d seen how his family used the internet, and he knew just how many risks they were taking, even if they didn’t. The NSA was America’s cybersecurity bulwark, and he wanted to work for them because he wanted to use his technical skills to keep his family, and his country, safe.

“What about the illegality in the NSA, its abuse of powers?” I asked.

He had a good answer: “If no one who cares about civil rights and the law joins the NSA, how will they improve?”

People who work for the US government have to be careful about the Edward Snowden story. Technically, they’re not supposed to read or pass on classified material, even if it’s on the front page of the national newspapers. So I said: “I suppose you haven’t read much about Snowden, but you should, even if it’s just the profiles in magazines like Rolling Stone.

“Snowden was gung-ho,” I explained. “He was part of a multigenerational military family. He tried to join the special forces at first, and if he hadn’t broken both his legs in basic training, he wouldn’t have ended up in intelligence. But he did, and he was one of their best and brightest. He was an undercover spy for the CIA in Switzerland, worked for the NSA and its contractors all over the world, and was recognized as one of their top IT specialists.

“He carried around a copy of the Bill of Rights, sent whistleblower notes up the chain of command, disrupted meetings to argue that what they were being asked to do was against the law. After literally years of this, he was so frustrated that he literally risked a firing squad to go public with what he knew, and ended up in seemingly permanent exile in an autocratic basket-case state, Russia, where he is in constant peril.

“The question is, what do you plan on doing that he didn’t do? What different tack or tactic have you thought of that he didn’t try? What theory do you have that supports the idea that you’ll make a difference? Because as much as I love the idea of a difference being made, unless you have a theory about how you’ll succeed where he failed, you’re setting yourself up to fail, too.”

I could see that one land. He went quiet and thoughtful, then asked what I thought he should do.

We talked about the State Department’s projects to protect privacy and anonymity online, like the Tor project, and the new work that the National Institute on Standards and Technology was doing to recover from the NSA’s program of sabotage on its standards. I told him that his government had a lot of initiatives that needed good people to help truly improve the security of cyberspace.

He told me he’d think about it, and I believe him. Because America does have a cybersecurity problem – but the NSA is part of it.
http://www.theguardian.com/us-news/2...edward-snowden





The Moral Failure of Computer Scientists

In the 1950s, a group of scientists spoke out against the dangers of nuclear weapons. Should cryptographers take on the surveillance state?
Kaveh Waddell

Computer scientists and cryptographers occupy some of the ivory tower’s highest floors. Among academics, their work is prestigious and celebrated. To the average observer, much of it is too technical to comprehend. The field’s problems can sometimes seem remote from reality.

But computer science has quite a bit to do with reality. Its practitioners devise the surveillance systems that watch over nearly every space, public or otherwise—and they design the tools that allow for privacy in the digital realm. Computer science is political, by its very nature.

That’s at least according to Phillip Rogaway, a professor of computer science at the University of California, Davis, who has helped create some of the most important tools that secure the Internet today. Last week, Rogaway took his case directly to a roomful of cryptographers at a conference in Auckland, New Zealand. He accused them of a moral failure: By allowing the government to construct a massive surveillance apparatus, the field had abused the public trust. Rogaway said the scientists had a duty to pursue social good in their work.

He likened the danger posed by modern governments’ growing surveillance capabilities to the threat of nuclear warfare in the 1950s, and called upon scientists to step up and speak out today, as they did then.

I spoke to Rogaway about why cryptographers fail to see their work in moral terms, and the emerging link between encryption and terrorism in the national conversation. A transcript of our conversation appears below, lightly edited for concision and clarity.

* * *

Kaveh Waddell: Why should we think of computer science as political—and why have many considered it to be apolitical, for so long?

Phillip Rogaway: I think that science and technology are inherently political, and whether we want to think about it that way or not, it’s the nature of the beast. Our training as scientists and engineers tends to deemphasize the social positioning of what we do, and most of us scientists don’t give a whole lot of thought to how our work impacts society. But it obviously does.

It’s not something easily taught, either. I’ve taught an ethics and technology course myself, for several years, and the students are not predisposed to get the message that things technological are also political. We tend to analyze what we’re working on from a very self-directed perspective. [We focus on] how it impacts us and how it impacts the small group or the company with which we’re dealing, and the broader social influences of what we do aren’t usually on the horizon.

Waddell: What led you to understand the political implications of your own work?

Rogaway: I myself had been thinking increasingly in these terms when the Snowden revelations came out. Those revelations made me confront more directly our failings as a community to have done anything effectual about stemming this transition of the Internet to this amazing tool for surveilling entire populations.

Waddell: In your paper, you compare the debate over nuclear science in the 1950s to the current debate over cryptography. Nuclear weapons are one of the most obvious threats to humanity today—do you think surveillance presents a similar type of danger?

Rogaway: I do. It’s of a different nature, obviously. The threat is more indirect and more subtle. So with nuclear warfare, there was this visually compelling and frightening risk of going up in a mushroom cloud. And with the transition to a state of total surveillance, what we have is just the slow forfeiture of democracy.

Waddell: Who else in the wider class of scientists—besides nuclear scientists, besides computer scientists—has this level of political responsibility?

Rogaway: I think this holds for all scientists and engineers. Very few of us are doing something so esoteric that it’s unlikely to end up connected to the social well-being. If you’re going to exclude people, maybe pure mathematicians, for example. But we live in an age of technology, and what scientists and other technologists do reshapes the character of our world.

Waddell: Are there any other historical examples of scientists acting according to moral principles rather than pursuing pure academic inquiry?

Rogaway: I allude to a couple of others in the paper. Rachel Carson [a scientist and environmental activist] is a nice example. There are activist scientists; they’re not a popular breed, but they exist. The Indian activist-physicist—Vandana Shiva, the seed activist—is one of the most prominent activist-physicists, frankly.

There is a tradition, especially in physics, of activism. But computer scientists have not tended to be active in the political sphere. I do think there were some during the “Star Wars” debates—some computer scientists who were questioning the viability of building the kind of system that Reagan was envisioning, and saying that this was really far beyond the capabilities of contemporary computer science. So it’s certainly not unheard of for scientists to be playing a role here.

Waddell: What is it about physicists that makes them particularly likely to be involved in this sort of thing?

Rogaway: I do think it’s a legacy of the experience of the Manhattan Project. I think we in some ways live the continuation of our histories, and that’s something that’s been internalized among many physicists.

And I give the example that, at my own university, how the physicists were the only group outside of the humanities to call for the chancellor’s resignation in the aftermath of the pepper-spray incident. Somehow, that wasn’t surprising to me. My colleagues in the physics department say that these kinds of questions are routinely discussed, and I don’t think that’s true in engineering departments in general.

Waddell: Is there any inherent danger in politicizing an academic discipline? I think a lot of people are drawn by the fact that academia allows this curiosity-based inquiry. Is there anything that can go wrong when politics comes in?

Rogaway: My sense is that politics is there, whether one acknowledges it or not. When you have an ostensibly apolitical department, but you scratch beneath the covers and discover that three-quarters of the faculty are funded by the Department of Defense, well, in fact that’s not apolitical. That is very much working in support of a particular ethos, and one simply hasn’t called it forth.

Waddell: Does tenure have a role to play here? Does tenure help academics focus on socially important goals, or does it divorce them from reality?

Rogaway: In principle, the tenure process should free academics who have already been tenured to venture out and question matters in a way that could offend power. In practice, it doesn’t seem relevant. By the time a faculty member is tenured, it’s likely that his or her way of seeing the world will have already been so set that they’re very unlikely to become political at that point if they haven’t been already.

Waddell: You’ve criticized the typical law-enforcement framing of what the FBI director James Comey likes to call the “going-dark problem.” Explaining the risks of strong encryption, he testified this week in front of the Senate Judiciary Committee, saying that “encryption is part of terrorist tradecraft now.” What do you think of this sort of framing?

Rogaway: In the talk that I gave [this week], I described two utterly different framings of what surveillance is about: the law-enforcement framing, and the surveillance-studies-style framing. James Comey has come out repeatedly with these sort of talking points from the law-enforcement framing. I don’t believe they ultimately stand up to close scrutiny.

It involves a whole bunch of related beliefs, starting with the fact that privacy and security are in opposition with one another, and that there are all these “bad guys” out there, and technology has been a boon to them, because now they have encryption at their disposal.

“We run the risk of going dark.” That’s the phrase that James Comey uses. A world of dark, locked closets. I think the entire framing is this sort of discourse in fear, to make people believe that we need this almost father figure to protect us, and that we’re going to have to give up some civil liberties to do so, but that’s somehow for the social good.

I don’t think any of it ultimately makes sense, starting from the beginning, that privacy and security are routinely in opposition to one another, and going on through the presumed effectiveness of denying the population access to effective privacy tools, that that will somehow help in a fight against terrorism.

I don’t think terrorism has much to do with the mass-surveillance issue at all. This is a convenient storyline to be weaving in the present day, but the NSA’s own mission statement says that they’re there to serve their customers. And while some of those customers are interested in terrorism, other NSA customers have completely unrelated interests, and I don’t think that surveilling is particularly aimed at confronting terrorism. It wouldn’t be effective even if it were.

Anyone who really wants to encrypt their communication is going to find a method for doing so, whether it’s bundled with mass-market products or not. When you make encryption harder to get for ordinary people, you don’t deny it to terrorists. You just make the population as a whole insecure in their daily communications.

Furthermore, law enforcement has an extraordinary set of tools available to them now. An unprecedented set of capabilities, both for law enforcement and intelligence services. These aren’t somehow the dark times for either law enforcement or intelligence. These are the times of extraordinary information. Nowhere in history has it been so easy to learn so much about everybody. So, in some sense, we’re really talking about protecting the smallest remnants of remaining privacy.

Waddell: There’s no question that terrorists are using technology to their benefit. Should computer scientists be doing anything about this?

Rogaway: Criminals are always going to use technology to their benefit, just as ordinary people are going to attempt to do so. I don’t believe that anyone is going to change that basic truth. Fortunately, criminal behavior has never been such a drag on society that it’s foreclosed entire areas of technological advance.

Waddell: You touch on a few recommendations for academics who are looking to be more involved, to get people to care—morally—about their role in blocking mass surveillance. Should morality be a criterion of hiring?

Rogaway: I think that when you’re hiring faculty members at a public university, that it’s fair game to ask them what their social views are, their views of social responsibility of scientists. I think you have to be careful in how you do this that you’re not applying some kind of political test, that the candidates’ political opinions match up with your own.

But part of the purpose of the public university, land-grant universities like my own, is to serve the public welfare. And if a faculty candidate doesn’t believe that that’s a part of the purpose of his or her work at all, then I think that that’s not appropriate.

But again, I think one has to be quite careful in how this is applied, that it doesn’t become some sort of political test. There’s a wide range of ideologies that are perfectly consistent with being a scientist or a faculty member. But one kind of ideology that to me is not consistent is to say, “What I do has no impact, and I have no responsibilities.” Because that’s just not true.

Waddell: What about the issue of funding? The fact that so much of the money for the work that academics do comes from the parts of the government that are involved in surveillance—is there a way around that?

Rogaway: Faculty members can decide what funding they will or will not seek. But it’s very rare for a faculty member to say, “I’m not going to accept DoD funding,” for example. I think that viewpoint should be more common, actually. That some people should say, “I won’t accept from this agency, I don’t agree with their institutional goals.”

Waddell: Is that a practical proposition?

Rogaway: It’s perfectly practical, in the sense that you can be a successful faculty member without accepting DoD funding. You won’t have as many students, you won’t be able to support as large a research group. And in some areas of computer science, and I’m sure in some areas more broadly, the vast majority of funding may be from the DoD.

I remember speaking to a computer architect, asking if there was any person in computer architecture he was aware of that wouldn’t take DoD money, and he said there was not. And he didn’t really believe that such a person could exist and be successful in the field, as there is no access to adequate resources just from the [National Science Foundation], say.

In my own area, cryptography, I think one can do fine living just on NSF money. But you won’t have a group of 10 students, or something.

Waddell: The paper and the talk you gave are pretty critical of your colleagues in the field. How have they taken the criticism since you presented the paper?

Rogaway: I’ve received a great deal of feedback, and almost all of it has been positive. Even from faculty members whose research is kind of directly impinged. So I believe the thoughts expressed in the piece exist as a kind of undercurrent in lots of people’s thinking. It’s just uncommon to give voice to them. I’ve received a great many positive emails and thanks and essentially no negative ones. Maybe those people just aren’t talking, I don’t know!

Waddell: What do you think is the moral role of journalism and the media in covering these issues?

Rogaway: First of all, I think journalism is quite threatened by the possibility of being continually surveilled. It’s surprising to me that journalists aren’t fighting harder to ensure that they have good and easy access to the tools for privacy.

Perhaps it’s an indication of the decline of investigative journalism, the number of people that are really doing investigative journalism, that journalists aren’t more up in arms about revelations, for example, that many journalists are being surveilled, and it’s probably beyond the technical capabilities of most of your potential sources to actually avert modern surveillance.

And in a world in which journalists are denied access to sources that can speak up free of fear of governmental intrusion, I think this shuts down an enormously important aspect of what makes democracy work. I don’t think you can have a healthy democracy without healthy journalism, and I don’t think you have healthy journalism without the ability to conduct a private conversation.

And that includes not just what you’re saying, but whom you’re saying it to. If every contact a journalist makes—and the weight of that contact: the number of minutes, the frequency, and such—is something that hundreds of thousands of analysts can get from a Google-like search tool, I think that this makes serious investigative journalism effectively impossible.
http://www.theatlantic.com/technolog...cience/420012/





MIT Creates Untraceable Anonymous Messaging System Called Vuvuzela

Researchers are still looking for a Tor alternative
Catalin Cimpanu

Scientists at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) have created an anonymous messaging system, in the same category as Tor, I2P, and HORNET, which takes a different approach to relaying messages between two parties.

The system, dubbed Vuvuzela after the infamous plastic horn used at the FIFA Football World Cup Finals in South Africa 2010, is currently in its incipient stages, but security researchers are lauding its unique technique.

Unlike Tor, which hides messages with several layers of encryption for sending them through random servers on the Internet, Vuvuzela takes a different approach, one that uses less encryption, but a lot of dummy traffic.

Vuvuzela, as described by the four researchers who created it, takes messages they receive from a sender and stores them inside a memory address on one of its many interconnected servers, called mailboxes.

Vuvuzela relies on dummy traffic to hide the real connections

Before it's decided where to store its content, the message goes through different servers, which send out dummy traffic to all interconnected users.

The server notifies the recipient that there's a message for them, the user then goes to retrieve it, also passing through different mailboxes to get at the message's location. When a connection is made through one of these mailboxes by a recipient searching for their message, each of these servers sends out dummy network packets on the network.

With so much fake traffic, and with senders and recipients moving past their destinations to intentionally create even more fake traffic after they've left or retrieved the actual message, you can only imagine how much data an attacker would have to sniff out before getting a clue of who's talking to whom.

MIT researchers claim that attackers can even infiltrate more than half of its mailbox network, but if at least one mailbox server is left intact, users will be able to safely communicate because of all the fake traffic.

First test shows promising results but a 44-second latency

A test Vuvuzela network was set up, using Amazon's EC2 servers and 1 million simulated users. First results showed that Vuvuzela managed to exchange over 15,000 messages per second, with a latency of 44 seconds. Yes, the latency is big, but this was the first test.

"We believe these results are encouraging, since they indicate Vuvuzela can scale to a reasonable number of users, and its latency may be acceptable for email-like messaging or chat," the researchers said about the first test.

An intro into Vuvuzela's internal structure can be read in the Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis paper by MIT researchers Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich.
http://news.softpedia.com/news/mit-c...a-497537.shtml





Congresswoman Asks Feds Why They Pressured a Library to Disable Its Tor Node
Joshua Kopstein

A Congresswoman from California is questioning Department of Homeland Security officials who put pressure on a local public library to take down the relay node it had set up for the anonymity network Tor.

You may recall back in September, when the Kilton Public Library in Lebanon, New Hampshire briefly disabled its Tor relay after meeting with local police, who had received a tip from agents with Homeland Security's investigations branch warning that the network can be used by criminals. Relay nodes act as the middle points of the Tor network, whose layers of encryption allow activists, journalists, human rights workers, and average citizens (and, yes, criminals) to access the Internet anonymously. The more nodes, the faster the network becomes.

The fearmongering backfired spectacularly: the Lebanon library unanimously voted to restore its Tor relay and announced plans to convert it into a Tor exit node, one of the essential gateways which provides the last “hop” allowing Tor users to anonymously connect to Internet sites and services. More than a dozen other libraries around the U.S. also piled on, declaring their intention to run Tor nodes of their own in defiance.

Now Congresswoman Zoe Lofgren is asking just what the hell compelled the DHS to intervene.

“While the Kilton Public Library’s board ultimately voted to restore their Tor relay, I am no less disturbed by the possibility that DHS employers are pressuring or persuading public and private entities to discontinue or degrade services that protect the privacy and anonymity of US citizens,” Lofgren wrote in a letter addressed to DHS chief Jeh Johnson.

She goes on to pose several questions about the incident, including whether the intervention was the result of official DHS policy or a lone actor and whether the agency has similarly pressured anyone to stop providing privacy services in the past. Lofgren also asks the agency to provide “copies of any DHS policy, guidance, or memo that discusses either deterring or supporting the use of privacy protection services by public entities, private entities, or individuals.”

The letter assigns no due date, so there’s no telling when Lofgren will get her answers. But given that Tor was originally a US government project (and still receives some federal funding) it’s probably in DHS’ best interest to respond.

The DHS isn't the only US agency discouraging the use of privacy tools lately. Earlier this week, FBI director James Comey suggested that companies like Apple and WhatsApp offering end-to-end encryption be forced to change their business model, so that they'll be able to hand over unencrypted communications when the feds come knocking.

So far, these efforts to pressure people into not offering strong encryption and privacy services haven't really had teeth – but there's no doubt US law enforcement and intelligence agencies will keep trying.
http://motherboard.vice.com/read/con...e-its-tor-node

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

December 12th, December 5th, November 28th, November 21st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 05:58 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)