|29-08-12, 07:37 AM||#1|
Join Date: May 2001
Location: New England
Peer-To-Peer News - The Week In Review - September 1st, '12
"It is far too easy for the government to seize domain names and hold them for an extended period even when it is unable to make a sustainable case of infringement." – Sherwin Siy
"I can’t wait for the day when I can sleep in and watch movies and go to the pub instead of analyzing malware and pondering the state of the global cybersurveillance industry." – Morgan Marquis-Boire
"I know that he has been arrested." – Ola Salomonsson
September 1st, 2012
Pirate Bay Founder Arrested in Cambodia
Peter Vinthagen Simpson
Gottfrid Svartholm Warg, one of the founders of the file sharing website The Pirate Bay has been arrested in Cambodia after an international warrant was issued following a conviction in Sweden for copyright violations.
"I know that he has been arrested," his former defence counsel Ola Salomonsson told the Aftonbladet daily.
The Swedish foreign ministry has confirmed only that a Swedish man "in his thirties" has been arrested in Phnom Penh.
In April 2009, the Stockholm District Court convicted Svartholm Warg, along with co-founders Peter Sunde, Fredrik Neij and financier Carl Lundström, of facilitating copyright violations.
Each man was sentenced to one year in prison. They were also ordered to pay a total of 30 million kronor ($4.4 million) in damages.
All four appealed their sentences, and in November 2010 the Svea Court of Appeal uphold the convictions, with the exception of Svartholm Varg who failed to turn up at the hearing because of illness.
After failing to request his appeal be heard, the guilty verdict came into force in October 2011 and when Svartholm Warg failed to turn up for prison at the appointed time on April 18th 2012, an international warrant was put out for his arrest.
All three of Svartholm Warg's fellow Pirate Bay-founders had the jail terms of their sentences reduced from those initially handed down by the lower court, with Neij being sentenced to 10 months in prison, Sunde to eight months and Lundström to four months.
In addition, the court of appeal increased the compensation the defendants are required to pay up to 46 million kronor ($6.57 million).
The Swedish Supreme Court (Högsta Domstolen), announced in February that it would not grant the right to appeal in the case, meaning the appeal's court sentence would stand.
Fredrik Neij in May took his case to the European Court of Human Rights, claiming his conviction violates his freedom of speech.
Neij lives in Laos and according to media reports has recently sought the return of his Swedish passport in order for him to travel with his wife to Thailand for the birth of their third child.
Peter Sunde meanwhile currently lives in Germany and according to a blog post penned by him in July, he has confirmed that an application for a pardon has been rejected.
The Pirate Bay case gained broad international attention and despite repeated attempts to close it down, the popular file sharing site remains in operation.
LEAKED! TPP: The Son of ACTA Will Oblige America and Other Countries to Throw Out Privacy, Free Speech and Due Process for Easier Copyright Enforcement
The Trans-Pacific Partnership is the son of ACTA, a secretive copyright and trade treaty being negotiated by the Pacific Rim nations, including the USA and Canada. As with ACTA, the secretive negotiation process means that the treaty's provisions represent an extremist corporate agenda where due process, privacy and free expression are tossed out the window in favor of streamlined copyright enforcement. If this passes, America will have a trade obligation to implement all the worst stuff in SOPA, and then some. The Electronic Frontier Foundation's Carolina Rossini and Kurt Opsahl explain:
TPP article 16.3 mandates a system of ISP liability that goes beyond DMCA standards and U.S. case law. In sum, the TPP pushes a framework beyond ACTA and possibly the spirit of the DMCA, since it opens the doors for:
* Three-strikes policies and laws that require Internet intermediaries to terminate their users’ Internet access on repeat allegations of copyright infringement
* Requirements for Internet intermediaries to filter all Internet communications for potentially copyright-infringing material
* ISP obligations to block access to websites that allegedly infringe or facilitate copyright infringement
* Efforts to force intermediaries to disclose the identities of their customers to IP rightsholders on an allegation of copyright infringement.
Incredibly, it gets worse:
If the copyright maximalists have their way, the TPP will include a “side-letter,” an agreement annexed to the TPP to bind the countries to strict procedures enabling copyright owners to insist material are removed from the Internet. This strict notice-and-takedown regime is not new—in 2004, Chile rejected the same proposal in its bi-lateral trade agreement with the United States. Without the shackles of the proposed requirements, Chile then implemented a much more balanced takedown procedure in its 2010 Copyright Law, which provides greater protection to Internet users’ expression and privacy than the U.S. Digital Millennium Copyright Act (DMCA)’s copyright safe harbor regime.
Instead of ensuring due process and judicial involvement in takedowns, the TPP proposal encourages the spread of models that have been proven inefficient and have chilling unintended consequences, such as the HADOPI Law in France or the DMCA.
FileSonic Cyberlocker Offline after Piracy Complaints
FileSonic has become the latest cyberlocker service to go offline.
The service used to be one of the most popular file-sharing sites, but had restricted its members' ability to access other's uploads after the Megaupload arrests.
TorrentFreak, which first reported the news, said FileSonic's pages had become unreachable on Wednesday.
It follows the closure of Oron, another file-sharing site. Both services were being sued by a pornography company.
Miami-based Flava Works had accused the two products of profiting from piracy and acting to "induce and assist" their members to infringe copyrighted materials.
Neither FileSonic nor the current owner of the domain name, Renovatio Management, could be reached for comment at this time.
FileSonic's logo used to boast it was "the world's best file-sharing site" and at its peak was in the top 10 most visited services of its kind.
Google's Transparency Report shows the search giant alone had received requests to remove more than 151,000 search result links to alleged pirated material hosted by FileSonic since May 2011.
Warner Bros, NBC Universal, Microsoft and the BPI - which represents UK music publishers - were among those to have sent in complaints.
Flava Works filed its lawsuit in July complaining about FileSonic's "reward program" which paid users if their uploads proved popular with its premium-rate members.
By that point FileSonic had already discontinued the scheme. It took the action shortly after the US seized its rival Megaupload's equipment in January.
It also added a notice to its home page saying: "All sharing functionality on FileSonic is now disabled. Our service can only be used to upload and retrieve files that you have uploaded personally."
The move effectively made links to FileSonic-hosted files useless and precipitated a sharp drop in the number of people using the site.
FileSonic's apparent closure adds to a list of other file-sharing sites that have been shut down or restricted over recent months.
They include BitTorrent tracker Demonoid going offline; UKNova removing its torrent links; the closure of Surfthechannel.com and imprisonment of its owner; and court orders forcing ISPs (internet service providers) to block access to The Pirate Bay and Newzbin.
"It's becoming more difficult for file-sharing sites to operate without getting into trouble both from the authorities and also lawsuits from copyright owners," Ernesto Van Der Sar, editor of TorrentFreak told the BBC.
"Anyone looking to find a particular pirated blockbuster movie or other popular file online can still do so, but some of the e-books and more obscure content are becoming harder to find, and reward programs - offering uploaders cash for their activity - are less common."
Despite this trend Kim Dotcom, founder of Megaupload, has recently said he intends to create a new service despite the US's continued efforts to extradite him and his former co-workers from New Zealand.
"We are building a massive global network," he wrote on Twitter earlier this week.
"All non-US hosters will be able to connect servers & bandwidth. Get ready."
For its part, the BPI has said that it would oppose any service that heavily relied on copyright infringement, but would be willing to help sites shift away from "illegal downloading".
"File hosting services need to be more proactive in ensuring they are not hosting illegal content," said its chief executive Geoff Taylor.
"We can help them do this. Moreover, if they are ready to implement business models that fairly reward musicians and labels, then we are willing to partner with them so they can host and distribute music legally."
UKNova TV Catch-Up Site Removes Links After Copyright Threat
Summary: The site, which had a ban on the sharing of commercially-available content, has drastically scaled back its operations after a cease and desist order from the Federation Against Copyright Theft
The UKNova website has stopped letting users share links to copies of UK TV shows, apparently after legal threats from the copyright enforcement body FACT.
UKNova users — many of whom live outside the country and used the service to catch up on television they were otherwise unable to see — reported on Monday that they had been messaged by the UKNova administrators about the threat from the Federation Against Copyright Theft.
"UKNova is being forced to change. We have been issued with a 'cease and desist' order by FACT," the message began.
"Despite our efforts to cooperate with the UK media companies, FACT have stated: 'ALL links or access to content provided by UKNova are infringing, unless it can be proven that explicit permission from the copyright holder for that content has been obtained'."
ZDNet UK has been unable to get verification of this claim from FACT itself, as Monday is a public holiday in the UK.
UKNova had a strict policy against the sharing of pay-TV content and "television or radio programme [content] that is available for purchase worldwide from retailers, on CD, DVD or video".
The site was in some ways similar to the doomed SurfTheChannel, in that it directed users to content rather than hosting the content itself. SurfTheChannel proprietor Anton Vickerman was jailed for four years earlier this month, after a private prosecution brought about by FACT.
Vickerman's sentence was for conspiracy to defraud, not for copyright infringement. UKNova asserted that it was not a money-making operation, soliciting donations only to keep its servers going, but it seems such precedents were enough to convince UKNova to back down.
"Whilst we believe that they are wrong both legally and morally on account of the strong 'no commercial content' stance that we have always taken, we are not in a position to be able to risk lengthy and costly court battles to prove this," the proprietors wrote.
"Therefore we have no other option but to close down the trackers. It has not been an easy decision to take, but it is apparently our only option. The forums will remain open for business as usual. Torrents and their associated pages will disappear over the next few hours."
A report on UKNova's scaling-back on TorrentFreak suggested that FACT's missive was adorned with the names of BSkyB and the Premier League, which helped the site's proprietors decide to back down.
DOJ Drops Charges Against Websites Seized for 17 Months
The judge ordered two sports-streaming websites to be returned to their owner
The U.S. Department of Justice has dropped its case against two Spanish websites that stream sports events nearly 17 months after U.S. Immigration and Customs Enforcement seized the sites and shut them down for alleged copyright violations.
In a one-page brief to the U.S. District Court for the Southern District of New York on Wednesday, U.S. Attorney Preet Bharara of the district said his office had dropped the case against Rojadirecta.com and Rojadirecta.org. ICE seized the two sites on Jan. 31, 2011, and the DOJ asked the court to order that Puerto 80 Projects, the owner of the sites, forfeit the sites to the U.S. government.
Judge Paul Crotty agreed on Wednesday to dismiss the case and return the websites to Puerto 80.
Bharara's office offered little explanation for the dismissal, although Puerto 80 had fought the forfeiture. "As a result of certain recent judicial authority involving issues germane to the [case], and in light of the particular circumstances of this litigation, the government now seeks to dismiss its amended forfeiture complaint," Bharara's office wrote in a letter to the judge. "The decision to seek dismissal of this case will best promote judicial economy and serve the interests of justice."
Earlier this month, Puerto 80 filed a court brief pointing to an Aug. 2 ruling by the U.S. Seventh Circuit Court of Appeals, which said linking to streaming videos hosted elsewhere on the Internet did not encourage or assist copyright infringement.
Puerto 80 had also argued that a Spanish court had found the websites to be legal. A lawyer for the company wasn't immediately available for comment, nor was a representative of ICE.
The Rojadirecta seizures, along with the yearlong seizure of music site Dajaz1.com, show the problems with ICE's copyright seizure methods, said Sherwin Siy, vice president of legal affairs for digital rights group Public Knowledge.
"It is far too easy for the government to seize domain names and hold them for an extended period even when it is unable to make a sustainable case of infringement," Siy said in an email. "These sorts of abuses are likely to continue until there are adequate safeguards to assure accountability."
Megaupload Will Return As ‘Massive Global Network,’ Says Kim Dotcom
It has been more than seven months since Megaupload was shut down for violating anti-piracy law by hosting copyrighted material, and Kim Dotcom is beginning to make grandiose claims about a relaunch of his site. He announced more of the new site's planned features over Twitter on Tuesday.
"MEGA will return. Bigger. Better. Faster. Free of charge & shielded from attacks. Evolution!" tweeted the founder of Megaupload. Dotcom also posted, "We are building a massive global network. All non-US hosters will be able to connect servers [and] bandwidth. Get ready."
As a precaution, the new operation will not be taking any data from users within the United States. The new standards are an attempt to keep the MEGA network of sites from becoming targets of American entertainment industry organizations.
Torrent Freak says these statements would have been written off had they come from anyone else, but Dotcom's reputation carries weight. "With enthusiasm, energy and positivity coming out of his every pore, there is something about the larger-than-life German [Dotcom] that inspires confidence that these were not casual off-the-cuff remarks," writes the BitTorrent news site.
"Developers get ready. The Mega API will provide incredible powers," Dotcom tweeted on Tuesday. "Our API and your Mega tools will change the world."
File sharing won't be the only tool available on the new MEGA sites, Dotcom promises. In his stream of tweets, he invited participation from developers of file managers and people who work with email and fax tools, VOIP and video apps; early API access will be granted to participating parties.
Megaupload was seized last January, and Dotcom and three other employees were arrested in the U.S. and New Zealand. The arrests were based on "accusations that they facilitated millions of illegal downloads of films, music and other content, costing copyright holders at least $500 million in lost revenue," according to a USA Today article from Jan. 20.
The Megaupload founder was released after the New Zealand High Court ruled that the raid on his mansion was illegal. On June 28, the NZ Herald reported it was found that "warrants used did not adequately describe the offences to which they were related."
USA Today also reports that Megaupload earned Dotcom $42 million in 2011 alone. The list of websites under the Mega moniker before the shutdown included the direct download site Megaupload, the video hosting website Megavideo, the image hosting website Megapix, the live-stream video site Megalive, the audio hosting service Megabox and a video streaming site exclusively for pornography called Megaporn.
Dotcom's statements come as a relief to media pirates, still in disbelief of the Demonoid shutdown in July. What started as a typical DDoS attack turned into a Ukrainian government takeover, leaving users of the semi-private BitTorrent site with little hope.
There is speculation that Demonoid will once again make a comeback. The site is known for its past resilience, even when pressed by foreign governments to shut down their operation.
Other BitTorrent sites like the Pirate Bay remain intact, but that could change at any time. Popular sites that deal in the distribution of copyrighted materials are coming under scrutiny due to the efforts of media groups like the MPAA and RIAA.
Usenet – What Have You Become?
Usenet is 32 years old. You’d be forgiven for thinking that it’s a near-dead, cobweb-covered discussion forum platform, but actually it’s more popular today than ever before, and it’s thriving as an alternative to Bittorrent. Yes, people are using it for piracy, which in itself is not particularly remarkable. What is interesting, though, is the software that has sprung up around it. Do a little digging and you’ll find loads of slick UIs and services that are on a par with their commercial counterparts.
• Usenet itself: anyone can post anything to a usenet group (provided it’s configured to accept binaries) and the servers then sync with each other around the globe. It’s decentralised by design – invented in an environment where business models and copyright were not a concern.
• Sabnzbd: this little app manages the downloading process similar to a Bittorrent client. What’s different is that you can send it jobs remotely via RSS. So, if a friend tells you about a new show you haven’t heard of, you can whip out your iPhone and bookmark the show using a usenet search engine. The search engine then puts your bookmark into an RSS feed that sabnzbd will pick up and start downloading onto your home computer. Since it’s RSS you can give that feed URL to other people and they’ll end up with the same files as you, so you can share the same experiences. An amazingly simple way to ‘do’ social. Apparently, with a bit of tinkering Sabnzbd can run on the $25 Rasberry Pi along with XBMC which you can see here has an impressively polished UI.
• CouchPotato: so far what I’ve described is sort of similar to Netflix but a lot more illegal. CouchPotato is where it gets interesting. Once installed along with a Userscript, CouchPotato adds a “want” button to any page on IMDB, even if the movie is not yet released. When a user hits the button, CouchPotato patiently scans usenet for a matching file at the user’s specified quality level (e.g. Blu-ray). Again, this UI is also pretty impressive.
• Sickbeard & Headphones: these apps do pretty much the same thing as CouchPotato but for TV shows and music.
So why am I writing about this? Pirates will go to any lengths to get something for free, right? Well, actually, No. That’s the most fascinating thing. It costs about $20-35 US Dollars a month for Giganews usenet subscription, and they claim to have over 10 million subscribers worldwide (they’re just one of many different providers). Seriously.
So let’s just break that down. It’s expensive. It’s illegal. It’s a crazy hassle to set up. You’re at risk of being sued for a lot of money and maybe even loosing your home internet connection. Once you’ve got it all up and running, you’ve got something that’s basically as slick as Netflix. So what does it give you that Netflix doesn’t offer? You get one thing – the ability to watch stuff on very same day it’s released, regardless of the publisher or region.
Does this tell us people will do anything to save a bit of cash? No. It’s telling us that people will do almost anything to get same-day releases – and that they’re willing to both pay wads of cash and break the law at the same time to get them. Sure, they’re not paying enough and the money is going to the wrong people, but that’s not the point. This is blazingly clear evidence that Usenet piracy is a response to an availability problem – something that the studios could easily solve if they put their minds to it.
Studio business models aside, it’s amazing that people have managed to cobble together such a well crafted, seamless user-experience on top of a 1980s technology. On the other hand, maybe we should shed a tear for the loss of everything that Usenet used to stand for – a democratic, open discussion forum that was the heart and soul of the internet for many years before the web even existed.
Jury in Apple v. Samsung Goofed, Damages Reduced -- Uh Oh. What's Wrong With this Picture?
Late in the process yesterday at the Apple v. Samsung trial, when the parties and the judge were reviewing the jury verdict form, Samsung noticed that there were, indeed, inconsistencies in the jury's verdict form, a possibility Samsung anticipated. Here's the jury's Amended Verdict Form, amended to fix the mistakes. Here's the original. Here's the note the jury sent to the judge when told to fix the inconsistencies. What are they, they asked? "Please let the jury know," they wrote in the only note ever sent in their deliberations, "of the inconsistencies we are supposed to deliberate on."
In two instances, results were crazily contradictory, and the judge had to have the jury go back and fix the goofs. As a result the damages award was reduced to $1,049,343,540, 1 down from $1,051,855,000. For just one example, the jury had said one device didn't infringe, but then they awarded Apple $2 million for inducement. In another they awarded a couple of hundred thousand for a device they'd ruled didn't infringe at all. This all was revealed by The Verge in its live blog coverage:
The jury appears to have awarded damages for the Galaxy Tab 10.1 LTE infringing — $219,694 worth — but didn't find that it had actually infringed anything....A similar inconsistency exists for the Intercept, for which they'd awarded Apple over $2 million
Intercept: "The jury found no direct infringement but did find inducement" for the '915 and '163 utility patents. If a device didn't infringe, it would be rather hard for a company to induce said non-existant infringement.
Obviously, something is very wrong with this picture. The Verge also reported that the jury foreman, who is a patent holder himself [this appears to be his patent, "Method and apparatus for recording and storing video information"], told court officials that the jury didn't need the answer to its question to reach a verdict:
The foreman told a court representative that the jurors had reached a decision without needing the instructions.
That's why I don't think this jury's ruling will stand, among other reasons.
I thought it wise to highlight this, because I saw this morning that some missed seeing it. For example, James Niccolai at PCWorld quotes a "legal expert" who clearly didn't:
"It's surprising they came back so quickly, given that it was a complicated case and very complicated verdict form, but that said, it looks like they were thoughtful about it and they did their job," said Roy Futterman, director at DOAR Litigation Consulting and a clinical psychologist who works on trial strategies and the mindset of jurors.
"One sign of that is that the verdicts were consistent, they held together -- they voted one way on infringement and another way on invalidity; it all tells the same big story," he said.
That's in an article titled "Quick Verdict in Apple Trial Doesn't Mean Jury Shirked Its Duty, Expert Says." If the jury instructions are as long and complex as they were in this case, a quick verdict can indeed mean it shirked its duty. For example, if the jury rushed so much it assigned $2 million dollars to Apple, and then had to subtract it because there was no infringement, it raises a valid question: what was the basis for any of the damages figures the jury came up with? If they had any actual basis, how could they goof like this? Was there a factual basis for any of the damages figures?
Time will tell, but keep in mind that one of the plays you'll see next will likely be a Rule 50(b) motion by Samsung, and that's the one where you ask the judge for various relief on the basis that no reasonable jury could find what it did find on the evidence presented. Here's Google's still pending Rule 50(b) motion for judgment as a matter of law in the Oracle v. Google case, to give you an idea of what they look like. As you can see, you can ask for victory across the board or just on one part of what the jury decided.
This story is far from over, in other words, and while Apple's CEO, Tim Cook, waxed philosophical about the trial, and saying that it was about values, not money, one important US value is that the jury fulfill its responsibilities, one of which is to read and make sure they understand and follow the jury instructions they are given. I believe Cook would agree that trials are supposed to be fair, with everyone doing their part. If this jury thought they knew the right result without instructions, and if they hurried so much they made glaring mistakes, and they did, and all in Apple's favor, something isn't right in this picture. As the legal blog, Above the Law expressed it:
Here’s the thing, ladies and gentlemen of the Apple v. Samsung jury: It would take me more than three days to understand all the terms in the verdict! Much less come to a legally binding decision on all of these separate issues. Did you guys just flip a coin?
If it would take a lawyer three days to make sure he understood the terms in the form, how did the jury not need the time to do the same? There were 700 questions, remember, and one thing is plain, that the jury didn't take the time to avoid inconsistencies, one of which resulted in the jury casually throwing numbers around, like $2 million dollars for a nonfringement.
Come on. This is farce.
Professor Michael Risch points out an even worse inconsistency:
How did the Galaxy Tab escape design patent infringement? This was the only device to be preliminarily enjoined (on appeal no less), and yet it was the one of the few devices to be spared the sledgehammer. And, by the way, it looks an awful lot like an iPad. Yet the Epic 4G, a phone I own (uh oh, Apple’s coming after me) — which has a slide out keyboard, a curved top and bottom, 4 buttons on the bottom, the word Samsung printed across the top, buttons in different places (and I know this because I look in all the wrong places on my wife’s iTouch), a differently shaped speaker, a differently placed camera, etc. — that device infringes the iPhone design patents....
Relatedly, the ability to get a design patent on a user interface implies that design patent law is broken. This, to me, is the Supreme Court issue in this case. We can dicker about the “facts” of point 2, but whether you can stop all people from having square icons in rows of 4 with a dock is something that I thought we settled in Lotus v. Borland 15 years ago. I commend Apple for finding a way around basic UI law, but this type of ruling cannot stand.
This is the second lawyer I've seen predicting this case will go all the way to the US Supreme Court. He also compliments Groklaw for having "not only really detailed information, but really accurate information, and actual source documents. That combination is hard to find." Thank you.
Tokyo Court Gives Win to Samsung After US Loss
A court in Tokyo has ruled that Samsung Electronics did not infringe on patents held by Apple, a victory for the South Korean company.
The patent was related to transferring media content between devices.
It comes after Samsung lost a key patent case in the US last week and was ordered to pay more than $1bn (£664m) in damages.
This is one of many cases brought to courts around the world by the two smartphone market leaders.
"We welcome the court's decision, which confirmed our long-held position that our products do not infringe Apple's intellectual property," said Samsung in a statement to the BBC.
Tokyo District Judge Tamotsu Shoji dismissed the case filed by Apple in August, finding that Samsung was not in violation of Apple patents related to synchronising music and video data between devices and servers.
On 24 August, a US court ruled Samsung had infringed Apple patents for mobile devices, including the iPhone and iPad.
The company has vowed to continue to fight against Apple saying it will appeal against the US ruling.
Apple is now seeking a ban on sales of eight Samsung phones in the US market.
On 6 December, US District Judge Lucy Koh, who presided over the initial trial, will hear Apple's plea for an injunction against the Samsung phones, although it does not include the most recent Samsung phone to hit the market, the Galaxy S3.
HTC Has 'No Intention' to Settle with Apple, Say Reports
HTC remains defiant, at least publicly, in the wake of the ruling against Samsung in the U.S.
HTC's chairperson said that the company has no intention of settling with Apple, according to Asia-based reports.
The report appeared in Wednesday's Digitimes and other Asia-based publications, which cite comments from Cher Wang, chairperson of HTC.
HTC "has great skills in innovation and has the confidence to face legal lawsuits with Apple," the Digitimes report says, attributing those comments to Wang.
She also said that the $1 billion jury verdict against Samsung in the U.S. "does not mean the failure of the entire Google Android ecosystem."
HTC has been mired in a legal battle of its own with Apple for a number of years now. Back in March 2010, for example, Apple sued HTC over iPhone patents. More than a year after that, an initial ruling by the International Trade Commission came down in Apple's favor.
HTC has been suing Apple, as well.
The Digitimes story also mentioned that HTC will likely introduce at least three new models in the coming weeks, including the HTC One X+ with a 5-inch touch screen and support for 4G LTE.
The Coming Civil War over General Purpose Computing
Even if we win the right to own and control our computers, a dilemma remains: what rights do owners owe users?
This talk was delivered at Google in August, and for The Long Now Foundation in July 2012. A transcript of the notes follows.
I gave a talk in late 2011 at 28C3 in Berlin called "The Coming War on General Purpose Computing"
In a nutshell, its hypothesis was this:
• Computers and the Internet are everywhere and the world is increasingly made of them.
• We used to have separate categories of device: washing machines, VCRs, phones, cars, but now we just have computers in different cases. For example, modern cars are computers we put our bodies in and Boeing 747s are flying Solaris boxes, whereas hearing aids and pacemakers are computers we put in our body.
• This means that all of our sociopolitical problems in the future will have a computer inside them, too—and a would-be regulator saying stuff like this:
"Make it so that self-driving cars can't be programmed to drag race"
"Make it so that bioscale 3D printers can't make harmful organisms or restricted compounds"
Which is to say: "Make me a general-purpose computer that runs all programs except for one program that freaks me out."
But there's a problem. We don't know how to make a computer that can run all the programs we can compile except for whichever one pisses off a regulator, or disrupts a business model, or abets a criminal.
The closest approximation we have for such a device is a computer with spyware on it— a computer that, if you do the wrong thing, can intercede and say, "I can't let you do that, Dave."
Such a a computer runs programs designed to be hidden from the owner of the device, and which the owner can't override or kill. In other words: DRM. Digital Rights Managment.
These computers are a bad idea for two significant reasons. First, they won't solve problems. Breaking DRM isn't hard for bad guys. The copyright wars' lesson is that DRM is always broken with near-immediacy.
DRM only works if the "I can't let you do that, Dave" program stays a secret. Once the most sophisticated attackers in the world liberate that secret, it will be available to everyone else, too.
Second, DRM has inherently weak security, which thereby makes overall security weaker.
Certainty about what software is on your computer is fundamental to good computer security, and you can't know if your computer's software is secure unless you know what software it is running.
Designing "I can't let you do that, Dave" into computers creates an enormous security vulnerability: anyone who hijacks that facility can do things to your computer that you can't find out about.
Moreover, once a government thinks it has "solved" a problem with DRM—with all its inherent weaknesses—that creates a perverse incentive to make it illegal to tell people things that might undermine the DRM.
You know, things like how the DRM works. Or "here's a flaw in the DRM which lets an attacker secretly watch through your webcam or listen through your mic."
I've had a lot of feedback from various distinguished computer scientists, technologists, civil libertarians and security researchers after 28C3. Within those fields, there is a widespread consensus that, all other things being equal, computers are more secure and society is better served when owners of computers can control what software runs on them.
Let's examine for a moment what that would mean.
Most computers today are fitted with Trusted Platform Module. This is a secure co-processor mounted on the motherboard. The specification of TPMs are published, and an industry body certifies compliance with those specifications. To the extent that the spec is good (and the industry body is diligent), it's possible to be reasonably certain that you've got a real, functional, TPM in your computer that faithfully implements the spec.
How is the TPM secure? It contains secrets: cryptographic keys. But it's also secure in that it's designed to be tamper-evident. If you try to extract the keys from a TPM, or remove the TPM from a computer and replace it with a gimmicked one, it will be very obvious to the computer's owner.
One threat to TPM is that a crook (or a government, police force or other adversary) might try to compromise your computer — tamper-evidence is what lets you know when your TPM has been fiddled with.
Another TPM threat-model is that a piece of malicious software will infect your computer
Now, once your computer is compromised this way, you could be in great trouble. All of the sensors attached to the computer—mic, camera, accelerometer, fingerprint reader, GPS—might be switched on without your knowledge. Off goes the data to the bad guys.
All the data on your computer (sensitive files, stored passwords and web history)? Off it goes to the bad guys—or erased.
All the keystrokes into your computer—your passwords!—might be logged. All the peripherals attached to your computer—printers, scanners, SCADA controllers, MRI machines, 3D printers— might be covertly operated or subtly altered.
Imagine if those "other peripherals" included cars or avionics. Or your optic nerve, your cochlea, the stumps of your legs.
When your computer boots up, the TPM can ask the bootloader for a signed hash of itself and verify that the signature on the hash comes from a trusted party. Once you trust the bootloader to faithfully perform its duties, you can ask it to check the signatures on the operating system, which, once verified, can check the signatures on the programs that run on it.
Ths ensures that you know which programs are running on your computer—and that any programs running in secret have managed the trick by leveraging a defect in the bootloader, operating system or other components, and not because a new defect has been inserted into your system to create a facility for hiding things from you.
This always reminds me of Descartes: he starts off by saying that he can't tell what's true and what's not true, because he's not sure if he really exists.
He finds a way of proving that he exists, and that he can trust his senses and his faculty for reason.
Having found a tiny nub of stable certainty on which to stand, he builds a scaffold of logic that he affixes to it, until he builds up an entire edifice.
Likewise, a TPM is a nub of stable certainty: if it's there, it can reliably inform you about the code on your computer.
Now, you may find it weird to hear someone like me talking warmly about TPMs. After all, these are the technologies that make it possible to lock down phones, tablets, consoles and even some PCs so that they can't run software of the owner's choosing.
Jailbreaking" usually means finding some way to defeat a TPM or TPM-like technology. So why on earth would I want a TPM in my computer?
As with everything important, the devil is in the details.
Imagine for a moment two different ways of implementing a TPM:
Your TPM comes with a set of signing keys it trusts, and unless your bootloader is signed by a TPM-trusted party, you can't run it. Moreover, since the bootloader determines which OS launches, you don't get to control the software in your machine.
You tell your TPM which signing keys you trust—say, Ubuntu, EFF, ACLU and Wikileaks—and it tells you whether the bootloaders it can find on your disk have been signed by any of those parties. It can faithfully report the signature on any other bootloaders it finds, and it lets you make up your own damn mind about whether you want to trust any or all of the above.
Approximately speaking, these two scenarios correspond to the way that iOS and Android work: iOS only lets you run Apple-approved code; Android lets you tick a box to run any code you want. Critically, however, Android lacks the facility to do some crypto work on the software before boot-time and tell you whether the code you think you're about to run is actually what you're about to run.
It's freedom, but not certainty.
In a world where the computers we're discussing can see and hear you, where we insert our bodies into them, where they are surgically implanted into us, and where they fly our planes and drive our cars, certainty is a big deal.
This is why I like the idea of a TPM, assuming it is implemented in the "certainty" mode and not the "lockdown" mode.
If that's not clear, think of it this way: a "war on general-purpose computing" is what happens when the control freaks in government and industry demand the ability to remotely control your computers
The defenders against that attack are also control freaks—like me—but they happen to believe that device-owners should have control over their computers
Both sides want control, but differ on which side should have control.
Control requires knowledge. If you want to be sure that songs can only moved onto an iPod, but not off of an iPod, the iPod needs to know that the instructions being given to it by the PC (to which it is tethered) are emanating from an Apple-approved iTunes. It needs to know they're not from something that impersonates iTunes in order to get the iPod to give it access to those files.
If you want to be sure that my PVR won't record the watch-once video-on-demand movie that I've just paid for, you need to be able to ensure that the tuner receiving the video will only talk to approved devices whose manufacturers have promised to honor "do-not-record" flags in the programmes.
If I want to be sure that you aren't watching me through my webcam, I need to know what the drivers are and whether they honor the convention that the little green activity light is always switched on when my camera is running.
If I want to be sure that you aren't capturing my passwords through my keyboard, I need to know that the OS isn't lying when it says there aren't any keyloggers on my system.
Whether you want to be free—or want to enslave—you need control. And for that, you need this knowledge.
That's the coming war on general purpose computing. But now I want to investigate what happens if we win it.
We could face a interesting prospect. This I call the coming civil war over general purpose computing.
Let's stipulate that a victory for the "freedom side" in the war on general purpose computing would result in computers that let their owners know what was running on them. Computers would faithfully report the hash and associated signatures for any bootloaders they found, control what was running on computers, and allow their owners to specify who was allowed to sign their bootloaders, operating systems, and so on.
There are two arguments that we can make for this:
1. Human rights
If your world is made of computers, then designing computers to override their owners' decisions has significant human rights implications. Today we worry that the Iranian government might demand import controls on computers, so that only those capable of undetectable surveillance are operable within its borders. Tomorrow we might worry about whether the British government would demand that NHS-funded cochlear implants be designed to block reception of "extremist" language, to log and report it, or both.
2. Property rights
The doctrine of first sale is an important piece of consumer law. It says that once you buy something, it belongs to you, and you should have the freedom to do anything you want with it, even if that hurts the vendor's income. Opponents of DRM like the slogan, "You bought it, you own it."
Property rights are an incredibly powerful argument. This goes double in America, where strong property rights enforcement is seen as the foundation of all social remedies.
This goes triple for Silicon Valley, where you can't swing a cat without hitting a libertarian who believes that the major — or only — legitimate function of a state is to enforce property rights and contracts around them.
Which is to say that if you want to win a nerd fight, property rights are a powerful weapon to have in your arsenal. And not just nerd fights!
That's why copyfighters are so touchy about the term "Intellectual Property". This synthetic, ideologically-loaded term was popularized in the 1970s as a replacement for "regulatory monopolies" or "creators' monopolies" — because it's a lot easier to get Congress to help you police your property than it is to get them to help enforce your monopoly.
Here is where the civil war part comes in.
Human rights and property rights both demand that computers not be designed for remote control by governments, corporations, or other outside institutions. Both ensure that owners be allowed to specify what software they're going to run. To freely choose the nub of certainty from which they will suspend the scaffold of their computer's security.
Remember that security is relative: you are secured from attacks on your ability to freely use your music if you can control your computing environment. This, however, erodes the music industry's own security to charge you some kind of rent, on a use-by-use basis, for your purchased music.
If you get to choose the nub from which the scaffold will dangle, you get control and the power to secure yourself against attackers. If the the government, the RIAA or Monsanto chooses the nub, they get control and the power to secure themselves against you.
In this dilemma, we know what side we fall on. We agree that at the very least, owners should be allowed to know and control their computers.
But what about users?
Users of computers don't always have the same interests as the owners of computers— and, increasingly, we will be users of computers that we don't own.
Where you come down on conflicts between owners and users is going to be one of the most meaningful ideological questions in technology's history. There's no easy answer that I know about for guiding these decisions.
Let's start with a total pro-owner position: "property maximalism".
How would that work in practice? Through some combination of an initialization routine, tamper evidence, law, and physical control. For example, when you turn on your computer for the first time, you initialize a good secret password, possibly signed by your private key.
Without that key, no-one is allowed to change the list of trusted parties from which your computer's TPM will accept bootloaders. We could make it illegal to subvert this system for the purpose of booting an operating system that the device's owner has not approved. Such as law would make spyware really illegal, even moreso than now, and would also ban the secret installation of DRM.
We could design the TPM so that if you remove it, or tamper with it, it's really obvious — give it a fragile housing, for example, which is hard to replace after the time of manufacture, so it's really obvious to a computer's owner that someone has modified the device, possibly putting it in an unknown and untrustworthy state. We could even put a lock on the case.
I can see a lot of benefits to this, but there downsides, too.
Consider self-driving cars. There's a lot of these around already, of course, designed by Google and others. It's easy to understand, how, on the one hand, self-driving cars are an incredibly great development. We are terrible drivers, and cars kill the shit out of us. It's the number 1 cause of death in America for people aged 5-34.
I've been hit by a car. I've cracked up a car. I'm willing to stipulate that humans have no business driving at all.
It's also easy to understand how we might be nervous about people being able to homebrew their own car firmware. On one hand, we'd want the source to cars to be open because we'd want to subject it to wide scrutiny. On the other hand, it will be plausible to say, "Cars are safer if they use a locked bootloader that only trusts government-certified firmware".
And now we're back to whether you get to decide what your computer is doing.
But there are two problems with this solution:
First, it won't work. As the copyright wars have shown up, firmware locks aren't very effective against dedicated attackers. People who want to spread mayhem with custom firmware will be able to just that.
What's more, it's not a good security approach: if vehicular security models depend on all the other vehicles being well-behaved and the unexpected never arising, we are dead meat.
Self-driving cars must be conservative in their approach to their own conduct, and liberal in their expectations of others' conduct.
This is the same advice you get in your first day of driver's ed, and it remains good advice even if the car is driving itself.
Second, it invites some pretty sticky parallels. Remember the "information superhighway"?
Say we try to secure our physical roads by demanding that the state (or a state-like entity) gets to certify the firmware of the devices that cruise its lanes. How would we articulate a policy addressing the devices on our (equally vital) metaphorical roads—with comparable firmware locks for PCs, phones, tablets, and other devices?
After all, the general-purpose network means that MRIs, space-ships, and air-traffic control systems share the "information superhighway" with game consoles, Arduino-linked fart machines, and dodgy voyeur cams sold by spammers from the Pearl River Delta.
And consider avionics and power-station automation.
This is a much trickier one. If the FAA mandates a certain firmware for 747s, it's probably going to want those 747s designed so that it and it alone controls the signing keys for their bootloaders. Likewise, the Nuclear Regulatory Commission will want the final say on the firmware for the reactor piles.
This may be a problem for the same reason that a ban on modifying car firmware is: it establishes the idea that a good way to solve problems is to let "the authorities" control your software.
But it may be that airplanes and nukes are already so regulated that an additional layer of regulation wouldn't leak out into other areas of daily life — nukes and planes are subject to an extraordinary amount of no-notice inspection and reporting requirements that are unique to their industries.
Second, there's a bigger problem with "owner controls": what about people who use computers, but don't own them?
This is not a group of people that the IT industry has a lot of sympathy for, on the whole.
An enormous amount of energy has been devoted to stopping non-owning users from inadvertently breaking the computers they are using, downloading menu-bars, typing random crap they find on the Internet into the terminal, inserting malware-infected USB sticks, installing plugins or untrustworthy certificates, or punching holes in the network perimeter.
Energy is also spent stopping users from doing deliberately bad things, too. They install keyloggers and spyware to ensnare future users, misappropriate secrets, snoop on network traffic, break their machines and disable the firewalls.
There's a symmetry here. DRM and its cousins are deployed by people who believe you can't and shouldn't be trusted to set policy on the computer you own. Likewise, IT systems are deployed by computer owners who believe that computer users can't be trusted to set policy on the computers they use.
As a former sysadmin and CIO, I'm not going to pretend that users aren't a challenge. But there are good reasons to treat users as having rights to set policy on computers they don't own.
Let's start with the business case.
When we demand freedom for owners, we do so for lots of reasons, but an important one is that computer programmers can't anticipate all the contingencies that their code might run up against — that when the computer says yes, you might need to still say no.
This is the idea that owners possess local situational awareness that can't be perfectly captured by a series of nested if/then statements.
It's also where communist and libertarianis principles converge:
• Friedrich Hayek thought that expertise was a diffuse thing, and that you were more likely to find the situational awareness necessary for good decisionmaking very close to the decision itself — devolution gives better results that centralization.
• Karl Marx believed in the legitimacy of workers' claims over their working environment, saying that the contribution of labor was just as important as the contibution of capital, and demanded that workers be treated as the rightful "owners" of their workplace, with the power to set policy.
For totally opposite reasons, they both believed that the people at the coalface should be given as much power as possible.
The death of mainframes was attended by an awful lot of concern over users and what they might do to the enterprise. In those days, users were even more constrained than they are today. They could only see the screens the mainframe let them see, and only undertake the operations the mainframe let them undertake.
When the PC and Visicalc and Lotus 1-2-3 appeared, employees risked termination by bringing those machines into the office— or by taking home office data to use with those machines.
Workers developed computing needs that couldn't be met within the constraints set by the firm and its IT department, and didn't think that the legitimacy of their needs would be recognized.
The standard responses would involve some combination of the following:
• Our regulatory compliance prohibits the thing that will help you do your job better.
• If you do your job that way, we won't know if your results are correct.
• You only think you want to do that.
• It is impossible to make a computer do what you want it to do.
• Corporate policy prohibits this.
These may be true. But often they aren't, and even when they are, they're the kind of "truths" that we give bright young geeks millions of dollars in venture capital to falsify—even as middle-aged admin assistants get written up by HR for trying to do the same thing.
The personal computer arrived in the enterprise by the back door, over the objections of IT, without the knowledge of management, at the risk of censure and termination. Then it made the companies that fought it billions. Trillions.
Giving workers powerful, flexible tools was good for firms because people are generally smart and want to do their jobs well. They know stuff their bosses don't know.
So, as an owner, you don't want the devices you buy to be locked, because you might want to do something the designer didn't anticipate.
And employees don't want the devices they use all day locked, because they might want to do something useful that the IT dept didn't anticipate.
This is the soul of Hayekism — we're smarter at the edge than we are in the middle.
The business world pays a lot of lip service to Hayek's 1940s ideas about free markets. But when it comes to freedom within the companies they run, they're stuck a good 50 years earlier, mired in the ideology of Frederick Winslow Taylor and his "scientific management". In this way of seeing things, workers are just an unreliable type of machine whose movements and actions should be scripted by an all-knowing management consultant, who would work with the equally-wise company bosses to determine the one true way to do your job. It's about as "scientific" as trepanation or Myers-Briggs personality tests; it's the ideology that let Toyota cream Detroit's big three.
So, letting enterprise users do the stuff they think will allow them to make more money for their companies will sometimes make their companies more money.
That's the business case for user rights. It's a good one, but really I just wanted to get it out of the way so that I could get down to the real meat: Human rights.
This may seem a little weird on its face, but bear with me.
Earlier this year, I saw a talk by Hugh Herr, Director of the Biomechatronics group at The MIT Media Lab. Herr's talks are electrifying. He starts out with a bunch of slides of cool prostheses: Legs and feet, hands and arms, and even a device that uses focused magnetism to suppress activity in the brains of people with severe, untreatable depression, to amazing effect.
Then he shows this slide of him climbing a mountain. He's buff, he's clinging to the rock like a gecko. And he doesn't have any legs: just these cool mountain climbing prostheses. Herr looks at the audience from where he's standing, and he says, "Oh yeah, didn't I mention it? I don't have any legs, I lost them to frostbite."
He rolls up his trouser legs to show off these amazing robotic gams, and proceeds to run up and down the stage like a mountain goat.
The first question anyone asked was, "How much did they cost?"
He named a sum that would buy you a nice brownstone in central Manhattan or a terraced Victorian in zone one in London.
The second question asked was, "Well, who will be able to afford these?
To which Herr answered "Everyone. If you have to choose between a 40-year mortgage on a house and a 40-year mortgage on legs, you're going to choose legs"
So it's easy to consider the possibility that there are going to be people — potentially a lot of people — who are "users" of computers that they don't own, and where those computers are part of their bodies.
Mmost of the tech world understands why you, as the owner of your cochlear implants, should be legally allowed to choose the firmware for them. After all, when you own a device that is surgically implanted in your skull, it makes a lot of sense that you have the freedom to change software vendors.
Maybe the company that made your implant has the very best signal processing algorithm right now, but if a competitor patents a superior algorithm next year, should you be doomed to inferior hearing for the rest of your life?
And what if the company that made your ears went bankrupt? What if sloppy or sneaky code let bad guys do bad things to your hearing?
These problems can only be overcome by the unambiguous right to change the software, even if the company that made your implants is still a going concern.
That will help owners. But what about users?
Consider some of the following scenarios:
• You are a minor child and your deeply religious parents pay for your cochlear implants, and ask for the software that makes it impossible for you to hear blasphemy.
• You are broke, and a commercial company wants to sell you ad-supported implants that listen in on your conversations and insert "discussions about the brands you love".
• Your government is willing to install cochlear implants, but they will archive everything you hear and review it without your knowledge or consent.
Far-fetched? The Canadian border agency was just forced to abandon a plan to fill the nation's airports with hidden high-sensitivity mics that were intended to record everyone's conversations.
Will the Iranian government, or Chinese government, take advantage of this if they get the chance?
Speaking of Iran and China, there are plenty of human rights activists who believe that boot-locking is the start of a human rights disaster. It's no secret that high-tech companies have been happy to build "lawful intercept" back-doors into their equipment to allow for warrantless, secret access to communications. As these backdoors are now standard, the capability is still there even if your country doesn't want it.
In Greece, there is no legal requirement for lawful intercept on telcoms equipment.
During the 2004/5 Olympic bidding process, an unknown person or agency switched on the dormant capability, harvested an unknown quantity of private communications from the highest level, and switched it off again
Surveillance in the middle of the network is nowhere near as interesting as surveillance at the edge. As the ghosts of Messrs Hayek and Marx will tell you, there's a lot of interesting stuff happening at the coal-face that never makes it back to the central office.
Even "democratic" governments know this. That's why the Bavarian government was illegally installing the "bundestrojan" — literally, state-trojan — on peoples' computers, gaining access to their files and keystrokes and much else besides. So it's a safe bet that the totalitarian governments will happily take advantage of boot-locking and move the surveillance right into the box.
You may not import a computer into Iran unless you limit its trust-model so that it only boots up operating systems with lawful intercept backdoors built into it.
Now, with an owner-controls model, the first person to use a machine gets to initialize the list of trusted keys and then lock it with a secret or other authorization token. What this means is that the state customs authority must initialize each machine before it passes into the country.
Maybe you'll be able to do something to override the trust model. But by design, such a system will be heavily tamper-evident, meaning that a secret policeman or informant can tell at a glance whether you've locked the state out of your computer. And it's not just repressive states, of course, who will be interested in this.
Remember that there are four major customers for the existing censorware/spyware/lockware industry: repressive governments, large corporations, schools, and paranoid parents.
The technical needs of helicopter mums, school systems and enterprises are convergent with those of the governments of Syria and China. They may not share ideological ends, but they have awfully similar technical means to those ends.
We are very forgiving of these institutions as they pursue their ends; you can do almost anything if you're protecting shareholders or children.
For example, remember the widespread indignation, from all sides, when it was revealed that some companies were requiring prospective employees to hand over their Facebook login credentials as a condition of employment?
These employers argued that they needed to review your lists of friends, and what you said to them in private, before determining whether you were suitable for employment.
Facebook checks are the workplace urine test of the 21st century. They're a means of ensuring that your private life doesn't have any unsavoury secrets lurking in it, secrets that might compromise your work.
The nation didn't buy this. From senate hearings to newspaper editorials, the country rose up against the practice.
But no one seems to mind that many employers routinely insert their own intermediate keys into their employees' devices — phones, tablets and computers. This allows them to spy on your Internet traffic, even when it is "secure", with a lock showing in the browser.
It gives your employer access to any sensitive site you access on the job, from your union's message board to your bank to Gmail to your HMO or doctor's private patient repository. And, of course, to everything on your Facebook page.
There's wide consensus that this is OK, because the laptop, phone and tablet your employer issues to you are not your property. They are company property.
And yet, the reason employers give us these mobile devices is because there is no longer any meaningful distinction between work and home.
Corporate sociologists who study the way that we use our devices find time and again that employees are not capable of maintaining strict divisions between "work" and "personal" accounts and devices.
America is the land of the 55-hour work-week, a country where few professionals take any meaningful vacation time, and when they do get away for a day or two, take their work-issued devices with them.
Even in traditional workplaces, we recognized human rights. We don't put cameras in the toilets to curtail employee theft. If your spouse came by the office on your lunch break and the two of you went into the parking lot so that she or he could tell you that the doctor says the cancer is terminal, you'd be aghast and furious to discover that your employer had been spying on you with a hidden mic.
But if you used your company laptop to access Facebook on your lunchbreak, wherein your spouse conveys to you that the cancer is terminal, you're supposed to be OK with the fact that your employer has been running a man-in-the-middle attack on your machine and now knows the most intimate details of your life.
There are plenty of instances in which rich and powerful people — not just workers and children and prisoners — will be users instead of owners.
Every car-rental agency would love to be able to lo-jack the cars they rent to you; remember, an automobile is just a computer you put your body into. They'd love to log all the places you drive to for "marketing" purposes and analytics.
There's money to be made in finagling the firmware on the rental-car's GPS to ensure that your routes always take you past certain billboards or fast-food restaurants.
But in general, the poorer and younger you are, the more likely you are to be a tenant farmer in some feudal lord's computational lands. The poorer and younger you are, the more likely it'll be that your legs will cease to walk if you get behind on payments.
What this means is that any thug who buys your debts from a payday lender could literally — and legally — threaten to take your legs (or eyes, or ears, or arms, or insulin, or pacemaker) away if you failed to come up with the next installment.
Earlier, I discussed how an owner override would work. It would involve some combination of physical access-control and tamper-evidence, designed to give owners of computers the power to know and control what bootloader and OS was running on their machine.
How would a user-override work? An effective user-override would have to leave the underlying computer intact, so that when the owner took it back, she could be sure that it was in the state she believed it to be in. In other words, we need to protect users from owners and owners from users.
Here's one model for that:
Imagine that there is a bootloader that can reliably and accurately report on the kernels and OSes it finds on the drive. This is the prerequisite for state/corporate-controlled systems, owner-controlled systems, and user-controlled systems.
Now, give the bootloader the power to suspend any running OS to disk, encrypting all its threads and parking them, and the power to select another OS from the network or an external drive.
Say I walk into an Internet cafe, and there's an OS running that I can verify. It has a lawful interception back-door for the police, storing all my keystrokes, files and screens in an encrypted blob which the state can decrypt.
I'm an attorney, doctor, corporate executive, or merely a human who doesn't like the idea of his private stuff being available to anyone who is friends with a dirty cop.
So, at this point, I give the three-finger salute with the F-keys. This drops the computer into a minimal bootloader shell, one that invites me to give the net-address of an alternative OS, or to insert my own thumb-drive and boot into an operating system there instead.
The cafe owner's OS is parked and I can't see inside it. But the bootloader can assure me that it is dormant and not spying on me as my OS fires up. When it's done, all my working files are trashed, and the minimal bootloader confirms it.
This keeps the computer's owner from spying on me, and keeps me from leaving malware on the computer to attack its owner.
There will be technological means of subverting this, but there is a world of difference between starting from a design spec that aims to protect users from owners (and vice-versa) than one that says that users must always be vulnerable to owners' dictates.
Fundamentally, this is the difference between freedom and openness — between free software and open source.
Now, human rights and property rights often come into conflict with one another. For example, landlords aren't allowed to enter your home without adequate notice. In many places, hotels can't throw you out if you overstay your reservation, provided that you pay the rack-rate for the rooms — that's why you often see these posted on the back of the room-door
Reposession of leased goods — cars, for example — are limited by procedures that require notice and the opportunity to rebut claims of delinquent payments.
When these laws are "streamlined" to make them easier for property holders, we often see human rights abuses. Consider robo-signing eviction mills, which used fraudulent declarations to evict homeowners who were up to date on their mortgages—and even some who didn't have mortgages.
The potential for abuse in a world made of computers is much greater: your car drives itself to the repo yard. Your high-rise apartment building switches off its elevators and climate systems, stranding thousands of people until a disputed license payment is settled.
Sounds fanciful? This has already happened with multi-level parking garages.
Back in 2006, a 314-car Robotic Parking model RPS1000 garage in Hoboken, New Jersey, took all the cars in its guts hostage, locking down the software until the garage's owners paid a licensing bill that they disputed.
They had to pay it, even as they maintained that they didn't owe anything. What the hell else were they going to do?
And what will you do when your dispute with a vendor means that you go blind, or deaf, or lose the ability to walk, or become suicidally depressed?
The negotiating leverage that accrues to owners over users is total and terrifying.
Users will be strongly incentivized to settle quickly, rather than face the dreadful penalties that could be visited on them in the event of dispute. And when the owner of the device is the state or a state-sized corporate actor, the potential for human rights abuses skyrockets.
This is not to say that owner override is an unmitigated evil. Think of smart meters that can override your thermostat at peak loads.
Such meters allow us to switch off coal and other dirty power sources that can be varied up at peak times.
But they work best if users — homeowners who have allowed the power-company to install a smart-meter — can't override the meters. What happens when griefers, crooks, or governments trying to quell popular rebellion use this to turn heat off during a hundred year storm? Or to crank heat to maximum during a heat-wave?
The HVAC in your house can hold the power of life and death over you — do we really want it designed to allow remote parties to do stuff with it even if you disagree?
The question is simple. Once we create a design norm of devices that users can't override, how far will that creep?
Especially risky would be the use of owner override to offer payday loan-style services to vulnerable people: Can't afford artificial eyes for your kids? We'll subsidize them if you let us redirect their focus to sponsored toys and sugar-snacks at the store.
Foreclosing on owner override, however, has its own downside. It probably means that there will be poor people who will not be offered some technology at all.
If I can lo-jack your legs, I can lease them to you with the confidence of my power to repo them if you default on payments. If I can't, I may not lease you legs unless you've got a lot of money to begin with.
But if your legs can decide to walk to the repo-depot without your consent, you will be totally screwed the day that muggers, rapists, griefers or the secret police figure out how to hijack that facility.
It gets even more complicated, too, because you are the "user" of many systems in the most transitory ways: subway turnstiles, elevators, the blood-pressure cuff at the doctor's office, public buses or airplanes. It's going to be hard to figure out how to create "user overrides" that aren't nonsensical. We can start, though, by saying a "user" is someone who is the sole user of a device for a certain amount of time.
This isn't a problem I know how to solve. Unlike the War on General Purpose Computers, the Civil War over them presents a series of conundra without (to me) any obvious solutions.
These problems are a way off, and they only arise if we win the war over general purpose computing first
But come victory day, when we start planning the constitutional congress for a world where regulating computers is acknowledged as the wrong way to solve problems, let's not paper over the division between property rights and human rights.
This is the sort of division that, while it festers, puts the most vulnerable people in our society in harm's way. Agreeing to disagree on this one isn't good enough. We need to start thinking now about the principles we'll apply when the day comes.
If we don't start now, it'll be too late.
IBM Creating Pocket-Sized Watson in $16 Billion Sales Push
IBM researchers are working on incorporating Watson capabilities in smart phones, Bloomberg Business Week reports.
Bernie Meyerson, IBM’s vice president of innovation, envisions a voice-activated Watson that answers questions, like a supercharged version of Apple’s Siri personal assistant. A farmer could stand in a field and ask his phone, “When should I plant my corn?” He would get a reply in seconds, based on location data, historical trends and scientific studies.
Finding additional uses for Watson is part of IBM’s plan to tap new markets and boost revenue from business analytics to $16 billion by 2015.
The next version, dubbed “Watson 2.0,” would be energy- efficient enough to work on smartphones and tablets.
The challenge for IBM is overcoming the technical obstacles to making Watson a handheld product, and figuring out how to price and deliver it. Watson’s nerve center is 10 racks of IBM Power750 servers running in Yorktown Heights, New York, that have the same processing power as 6,000 desktop computers. Even though most of the computations occur at the data center, a Watson smartphone application would still consume too much server power for it to be practical today.
It also takes a while for Watson to do the “machine learning” necessary to become a reliable assistant in an area. Researchers also need to add voice and image recognition to the service so that it can respond to real-world input, said Katharine Frase, vice president of industry research at Armonk, New York-based IBM.
With Watson, IBM aims to tackle more complex questions than Apple’s Siri. The program will be able to understand oncology well enough to advise doctors on diagnosis and prescriptions, said Martin Kohn, IBM’s chief medical scientist. One iPad application for Watson — a health-care program developed with a Columbia University professor — is being used to demonstrate its medical capabilities for prospective IBM customers.
As the technology is improved, a mobile Watson could become an extension of services that IBM already offers to business customers such as WellPoint, the second-biggest U.S. health insurer. The move fits into a broader push to promote analytics software, which helps customers diagnose problems and spot patterns in everything from infant mortality to South American floods. IBM agreed to buy Kenexa Corp. for about $1.3 billion yesterday as part of the effort.
In one potential scenario, a patient accesses Watson via a mobile device to explain symptoms in natural language. The person then gets several recommendations for what might be happening, listed in order of the computer’s confidence. The patient and a doctor both have access to Watson, which would securely access the patient’s medical records, letting it make adjustments to an answer depending on factors like pregnancy or diabetes, Kohn said.
Apple Rejects App That Tracks U.S. Drone Strikes
Christina Bonnington and Spencer Ackerman
It seemed like a simple enough idea for an iPhone app: Send users a pop-up notice whenever a flying robots kills someone in one of America’s many undeclared wars. But Apple keeps blocking the Drones+ program from its App Store — and therefore, from iPhones everywhere. The Cupertino company says the content is “objectionable and crude,” according to Apple’s latest rejection letter.
It’s the third time in a month that Apple has turned Drones+ away, says Josh Begley, the program’s New York-based developer. The company’s reasons for keeping the program out of the App Store keep shifting. First, Apple called the bare-bones application that aggregates news of U.S. drone strikes in Pakistan, Yemen and Somalia “not useful.” Then there was an issue with hiding a corporate logo. And now, there’s this crude content problem.
Begley is confused. Drones+ doesn’t present grisly images of corpses left in the aftermath of the strikes. It just tells users when a strike has occurred, going off a publicly available database of strikes compiled by the U.K.’s Bureau of Investigative Journalism, which compiles media accounts of the strikes.
iOS developers have a strict set of guidelines that must be adhered to in order to gain acceptance into the App Store. Apps are judged on technical, content and design criteria. As Apple does not comment on the app reviews process, it can be difficult to ascertain exactly why an app got rejected. But Apple’s team of reviewers is small, sifts through up to 10,000 apps a week, and necessarily errs on the side of caution when it comes to potentially questionable apps.
Apple’s original objections to Drones+ regarded the functionality Begley’s app, not its content. Now he’s wondering if it’s worth redesigning and submitting it a fourth time.
“If the content is found to be objectionable, and it’s literally just an aggregation of news, I don’t know how to change that,” Begley says.
Begley’s app is unlikely to be the next Angry Birds or Draw Something. It’s deliberately threadbare. When a drone strike occurs, Drones+ catalogs it, and presents a map of the area where the strike took place, marked by a pushpin. You can click through to media reports of a given strike that the Bureau of Investigative Reporting compiles, as well as some basic facts about whom the media thinks the strike targeted. As the demo video above shows, that’s about it.
It works best, Begley thinks, when users enable push notifications for Drones+. “I wanted to play with this idea of push notifications and push button technology — essentially asking a question about what we choose to get notified about in real time,” he says. “I thought reaching into the pockets of U.S. smartphone users and annoying them into drone-consciousness could be an interesting way to surface the conversation a bit more.”
But that conversation may not end up occurring. Begley, a student at Clay Shirky’s NYU Media Lab, submitted a threadbare version of Drones+ to Apple in July. About two weeks later, on July 23, Apple told him was just too blah. “The features and/or content of your app were not useful or entertaining enough,” read an e-mail from Apple Begley shared with Wired, “or your app did not appeal to a broad enough audience.”
Finally, on Aug. 27, Apple gave him yet another thumbs down. But this time the company’s reasons were different from the fairly clear-cut functionality concerns it previously cited. “We found that your app contains content that many audiences would find objectionable, which is not in compliance with the App Store Review Guidelines,” the company e-mailed him.
It was the first time the App Store told him that his content was the real problem, even though the content hadn’t changed much from Begley’s initial July submission. It’s a curious choice: The App Store carries remote-control apps for a drone quadricopter, although not one actually being used in a war zone. And of course, the App Store houses innumerable applications for news publications and aggregators that deliver much of the same content provided by Begley’s app.
Wired reached out to Apple on the perplexing rejection of the app, but Apple was unable to comment.
Begley is about at his wits end over the iOS version of Drones+. “I’m kind of back at the drawing board about what exactly I’m supposed to do,” Begley said. The basic idea was to see if he could get App Store denizens a bit more interested in the U.S.’ secretive, robotic wars, with information on those wars popping up on their phones the same way an Instagram comment or retweet might. Instead, Begley’s thinking about whether he’d have a better shot making the same point in the Android Market.
Software Meant to Fight Crime Is Used to Spy on Dissidents
Morgan Marquis-Boire works as a Google engineer and Bill Marczak is earning a Ph.D. in computer science. But this summer, the two men have been moonlighting as detectives, chasing an elusive surveillance tool from Bahrain across five continents.
What they found was the widespread use of sophisticated, off-the-shelf computer espionage software by governments with questionable records on human rights. While the software is supposedly sold for use only in criminal investigations, the two came across evidence that it was being used to target political dissidents.
The software proved to be the stuff of a spy film: it can grab images of computer screens, record Skype chats, turn on cameras and microphones and log keystrokes. The two men said they discovered mobile versions of the spyware customized for all major mobile phones.
But what made the software especially sophisticated was how well it avoided detection. Its creators specifically engineered it to elude antivirus software made by Kaspersky Lab, Symantec, F-Secure and others.
The software has been identified as FinSpy, one of the more elusive spyware tools sold in the growing market of off-the-shelf computer surveillance technologies that give governments a sophisticated plug-in monitoring operation. Research now links it to servers in more than a dozen countries, including Turkmenistan, Brunei and Bahrain, although no government acknowledges using the software for surveillance purposes.
The market for such technologies has grown to $5 billion a year from “nothing 10 years ago,” said Jerry Lucas, president of TeleStrategies, the company behind ISS World, an annual surveillance show where law enforcement agents view the latest computer spyware.
FinSpy is made by the Gamma Group, a British company that says it sells monitoring software to governments solely for criminal investigations.
“This is dual-use equipment,” said Eva Galperin, of the Electronic Frontier Foundation, an Internet civil liberties group. “If you sell it to a country that obeys the rule of law, they may use it for law enforcement. If you sell it to a country where the rule of law is not so strong, it will be used to monitor journalists and dissidents.”
Until Mr. Marquis-Boire and Mr. Marczak stumbled upon FinSpy last May, security researchers had tried, unsuccessfully, for a year to track it down. FinSpy gained notoriety in March 2011 after protesters raided Egypt’s state security headquarters and discovered a document that appeared to be a proposal by the Gamma Group to sell FinSpy to the government of President Hosni Mubarak for $353,000. It is unclear whether that transaction was ever completed.
Martin J. Muench, a Gamma Group managing director, said his company did not disclose its customers. In an e-mail, he said the Gamma Group sold FinSpy to governments only to monitor criminals and that it was most frequently used “against pedophiles, terrorists, organized crime, kidnapping and human trafficking.”
In May, Mr. Marquis-Boire, 32, of San Francisco, and Mr. Marczak, 24, of Berkeley, Calif., volunteered to analyze some suspicious e-mails sent to three Bahraini activists. They discovered all the e-mails contained spyware that reported back to the same command-and-control server in Bahrain. The apparent use of the spyware to monitor Bahraini activists, none of whom had any criminal history, suggested that it had been used more broadly.
Bahrain has been increasingly criticized for human rights abuses. This month, a 16-year-old Bahraini protester was killed in what activists said was a brutal attack by security forces, but which Bahrain’s government framed as self-defense.
The findings of the two men came as no surprise to those in the field. “There has been a clear increase in the availability of penetrating cyberattack tools,” said Sameer Bhalotra, President Obama’s former senior director for cybersecurity who now serves as the chief operating officer of Impermium, a computer security firm. “These were once the realm of the black market and intelligence agencies. Now they are emerging more and more. The problem is that it only requires small changes to apply a surveillance tool for attack, and in this case it looks like dissidents were targeted.”
Since publishing their findings, Mr. Marquis-Boire and Mr. Marczak have started receiving malware samples from other security researchers and from activist groups that suspected they may have been targets. In several cases, the two found that the samples reported back to Web sites run by the Gamma Group. But other samples appeared to be actively snooping for foreign governments.
A second set of researchers from Rapid7, of Boston, scoured the Internet for links to the software and discovered it running in 10 more countries. Indeed, the spyware was running off EC2, an Amazon.com cloud storage service. Amazon did not return requests for clarification, but Mr. Marczak and Mr. Marquis-Boire said the server appeared to be a proxy, a way to conceal traffic.
Mr. Marquis-Boire said a Turkmenistan server running the software belonged to a range of I.P. addresses specifically assigned to the ministry of communications. It is the first clear-cut case of a government running the spyware off its own computer system. Human Rights Watch recently called Turkmenistan one of the “world’s most repressive countries” and warned that dissidents faced “constant threat of government reprisal.”
Ms. Galperin of the Electronic Frontier Foundation said, “Nobody in their right mind would claim it is O.K. to sell surveillance to Turkmenistan.”
The Gamma Group would not confirm it sold software to Turkmenistan. A military attaché at the Turkmenistan Embassy in Washington refused to comment.
Mr. Muench, who for the last month has repeatedly denied that the researchers had pinpointed the company’s spyware, sharply reversed course Wednesday.
In a statement released less than an hour after the researchers published their latest findings, Mr. Muench said that a Gamma Group server had been broken into and that several demonstration copies of FinSpy had been stolen.
By Thursday afternoon, several of the FinSpy servers began to disappear, Mr. Marczak said. Servers in Singapore, Indonesia, Mongolia and Brunei went dark, while one in Bahrain briefly shut down before reincarnating elsewhere. Mr. Marquis-Boire said that as he traced spyware from Bahrain to 14 other countries — many of them “places with tight centralized control” — he grew increasingly worried about the people on the other end.
Four months in, he sounds like a man who wants to take a break, but knows he cannot just yet: “I can’t wait for the day when I can sleep in and watch movies and go to the pub instead of analyzing malware and pondering the state of the global cybersurveillance industry.”
EFF Sues to Get Secret Court Rulings Showing Feds Violated Spy Law
The Electronic Frontier Foundation sued the government Thursday demanding a judge order the feds to release documents allegedly showing the National Security Agency unlawfully surveilled Americans’ e-mails and telephone calls.
Specifically the EFF wants the government to make public a secret court ruling that found that the feds had broken a 2008 wiretapping law that was intended to legalize President George W. Bush’s warrantless wiretapping program.
The public first learned of that ruling thanks to three damning statements U.S. Sen. Ron Wyden (D-Oregon) obtained national security clearance to make public. Wyden, a member of the Senate Intelligence Committee, presumably learned of the lawbreaking in briefings from the intelligence community.
The statements concerned alleged abuses of the FISA Amendments Act, a 2008 law that allows the government to conduct widespread e-mail and phone surveillance inside the United States, without probable-cause warrants, targeting people or groups “reasonably believed to be located outside the United States to acquire foreign intelligence information.” In other words, the government can collect all e-mails and phone calls from the United States to Lebanon, so long as the target is a suspected terrorist group in Lebanon. If the government collects e-mails that are sent by people believed to be American, the person’s identity is supposed to be given a pseudonym or “minimized.”
The government is required to get approval from a secret court known as the Foreign Intelligence Surveillance Court or FISC for both wide-net and targeted surveillance performed inside the United States.
Here are the statements Wyden was authorized to divulge:
• “A recent unclassified report noted that the [FISC] has repeatedly held that collection carried out pursuant to the FISA Section 702 minimization procedures used by the government is reasonable under the Fourth Amendment.”
• “It is also true that on at least one occasion the [FISC] held that some collection carried out pursuant to the Section 702 minimization procedures used by the government was unreasonable under the Fourth Amendment.”
• “I believe that the government’s implementation of Section 702 of FISA has sometimes circumvented the spirit of the law, and on at least one occasion the [FISC] has reached this same conclusion.”
In short, Wyden is trying to say that the NSA has found a way to collect a ton of information on Americans and sift through it in a way that he considers to be illegal. And, in at least one secret decision by a secret court, judges agree with him.
On July 26, the EFF sought documents under a Freedom of Information Act claim to support Wyden’s statements, including classified FISA court opinions, reports and any documents connected to congressional briefings about the topic. The government did not forward any documents, so the EFF sued in federal court in the District of Columbia.
Kathleen Turner, the legislative director at the Office of the Director of National Intelligence, told Wyden in a letter authorizing his statements that the FISA court’s opinions are classified.
She also told Wyden that “The government has remedied these concerns and the FISC has continued to approve the collection as consistent with the statute and reasonable under the Fourth Amendment.”
The FISA Amendments Act, expiring at year’s end, authorizes the government to electronically eavesdrop on Americans’ phone calls and e-mails without a probable-cause warrant so long as one of the parties to the communication is outside the United States. The communications may be intercepted “to acquire foreign intelligence information.”
The FISA Amendments Act, which the Obama administration said was its top intelligence priority, generally requires the Foreign Intelligence Surveillance Court to rubber-stamp terror-related electronic surveillance requests that ensnare Americans’ communications. The government does not have to identify the target or facility to be monitored. It can begin surveillance a week before making the request, and the surveillance can continue during the appeals process if, in a rare case, the secret FISA court rejects the surveillance application.
Committees in the House and Senate have agreed to reauthorize the act for up to five years. No floor votes have been taken.
Researchers Hack Brainwaves to Reveal PINs, Other Personal Data
Don’t you dare even think about your banking account password when you slap on those fancy new brainwave headsets.
Or at least that seems to be the lesson of a new study which found that sensitive personal information, such as PIN numbers and credit card data, can be gleaned from the brainwave data of users wearing popular consumer-grade EEG headsets.
A team of security researchers from Oxford, UC Berkeley, and the University of Geneva say that they were able to deduce digits of PIN numbers, birth months, areas of residence and other personal information by presenting 30 headset-wearing subjects with images of ATM machines, debit cards, maps, people, and random numbers in a series of experiments. The paper, titled “On the Feasibility of Side-Channel Attacks with Brain Computer Interfaces,” represents the first major attempt to uncover potential security risks in the use of the headsets.
“The correct answer was found by the first guess in 20% of the cases for the experiment with the PIN, the debit cards, people, and the ATM machine,” write the researchers. “The location was exactly guessed for 30% of users, month of birth for almost 60% and the bank based on the ATM machines for almost 30%.”
To detect the first digit of the PIN, researchers presented the subjects with numbers from 0 to 9, flashing on the screen in random order, one by one. Each number was repeated 16 times, over a total duration of 90 seconds. The subjects’ brainwaves were monitored for telltale peaks that would rat them out.
The EEG headsets, made by companies such as Emotiv Systems and NeuroSky, have become increasingly popular for gaming and other applications. For the study, the researchers used the Emotiv Epoc Neuroheadset, which retails for $299.
The researchers — Ivan Martinovic of Oxford University; Doug Davies, Mario Frank, Daniele Perito, and Dawn Song of UC Berkeley; and Tomas Ros of the University of Geneva — analyzed P300 peaks, an important component of event-related potentials — electrical potentials that happen after the user is presented with a stimulus.
The P300 “occurs approximately 300 milliseconds after an event happens,” said Frank, a postdoctoral researcher at Berkeley, in a phone interview with Wired. “The potential arises if you already prime your thoughts toward a particular event…. An attacker could try to prime the thoughts of the victim towards a particular secret that a victim has in mind. For instance, if you know the face of some person, you might be able to observe a brainwave pattern that is evidence of the user thinking about the face.”
Emotiv and NeuroSky both have “app stores,” where users of the devices can download third-party applications. The applications use a common API for access to the EEG device.
“In the case of the EEG devices, this API provides unrestricted access to the raw EEG signal,” write the researchers. “Furthermore, such applications have complete control over the stimuli that can be presented to the users.”
The researchers envision a scenario in which a potential malicious attacker could write “brain spyware” to harvest private information from the user, which could be legitimately downloaded as an app.
“We simulated a scenario where someone writes a malicious app, the user downloads it and trusts the app, and actively supports all the calibration steps of the device to make the software work,” said Frank. In these seemingly innocuous calibration steps, which are standard for most games and other applications using the headsets, there could be the potential to harvest personal information.
“We realized that these devices are becoming increasingly popular — maybe in five, 10 years, it’s very likely that many households will have one,” Frank said. “At the same time, you can use all kinds of third-party apps for these devices. In this setting, as security researchers, we identified that there is a potential to make some bad stuff, to turn this technology against the user.” He said, however, that there was no immediate threat in using the devices. But the experiments devised by the researchers point to the devices’ darker potential.
“The simplicity of our experiments suggests the possibility of more sophisticated attacks,” write the researchers, warning that “with the ever-increasing quality of devices, success rate of attacks will likely improve.”
Assange Expects to Stay in Embassy for Up to a Year
Julian Assange expects to remain holed up in Ecuador's London embassy for up to a year as the two countries struggle to resolve a diplomatic row over the controversial WikiLeaks founder.
Assange took shelter in the embassy in June after exhausting all appeals against extradition to Sweden, where he is wanted for questioning over sexual assault allegations. Earlier this month Ecuador granted him asylum.
Assange has denied any wrongdoing and said he fears Sweden will hand him over to the United States, where he could face prosecution over the release of a trove of leaked Iraq and Afghanistan war reports and diplomatic cables.
"I believe this will be resolved in six to 12 months," the 41-year-old Australian said in an interview with Ecuadoran television held inside the embassy and broadcast in dubbed-over Spanish.
"The situation will be resolved either through diplomacy or an unusual event in the world that no one can predict, like a war against Iran, the election in the United States, or the Swedish government dropping the case," he said.
"I expect the last scenario is the most likely one," he added, according to the Spanish translation.
Earlier this week, Ecuador's leftist President Rafael Correa said the case could take years to resolve and depended on London and Stockholm.
He said there were three ways to resolve the diplomatic impasse: either Britain and Sweden could guarantee that Assange won't be sent to a third country, Swedish prosecutors could question him in the Ecuadoran embassy, or British authorities could allow him to leave without arresting him.
Republicans Call for Crackdown on Pornography
The Republican Party is calling for a crackdown on pornography in a move that could pit social conservatives against hotel operators, television providers and other businesses that profit from the sale of sexually explicit material.
As they prepare to nominate Mitt Romney as their presidential candidate for the November 6 election, Republicans have added language to their official platform that anti-smut activists said would encourage the federal government to step up prosecution of pornography involving adults.
"Current laws on all forms of pornography and obscenity need to be vigorously enforced," the platform says, according to a draft obtained by Reuters. Republicans are planning a Tuesday vote on the document, a nonbinding statement of principles that tackles everything from monetary policy to abortion.
Though previous Republican platforms have called for increased prosecution of child pornography, this appears to be the first time that the party has called for a crackdown on sexually explicit material involving adults - a multi-billion-dollar industry.
Obscenity has been notoriously difficult to define in a legal context. The Supreme Court in 1973 held that to be obscene, material must depict sex in a manner that offends contemporary community standards and is devoid of artistic or scientific value.
Adult obscenity cases have been exceedingly rare over the past 20 years. Though the administration of George W. Bush promised a crackdown, only the most extreme forms of pornography have been targeted.
Anti-pornography activist Patrick Trueman said the language in the Republican platform would bolster a broader push against the type of sexually explicit material that is sold by convenience stores, by hotels via pay-per-view television programming, and satellite and cable TV providers.
The widespread availability of Internet pornography has made it harder for a generation of young men to find intimacy with their wives, he said.
"It's a growing problem for men in their 20s," Trueman said. "It's changed the way their brain maps have developed. This is the way they get sexually excited."
According to Trueman's group, Romney promised earlier this year that he would push for "strict enforcement" of obscenity laws, as well as the broader use of blocking software to screen out Internet porn.
Trueman and other social conservatives criticized Romney during his 2008 bid for having served on the board of directors of hotel operator Mariott International, which sold sexually explicit content in its hotel rooms. Mariott announced last year that it would gradually stop providing pay-per-view "adult" material.
The Internet research firm TopTenReviews estimated that adult pornography revenues through magazines, the Internet and video sales and rentals totaled $9.4 billion in 2006.
(Editing by Leslie Adler)
U.S. Gynecologists Alarmed by Plastic Surgery Trend
Trained as a gynecologist and reconstructive surgeon, Dr. John Miklos calls himself a "medical tailor," specializing in surgery to reshape a woman's private parts.
The Atlanta surgeon, who has performed gynecological surgery for nearly 20 years, cites cases of patients who say their sexual response improved after vaginoplasty, a procedure to surgically tighten a vagina stretched by childbirth or aging.
"Women come to me and say they don't have the urge to have sex anymore because they don't feel anything," Miklos said. "I guarantee that if a man didn't feel anything, he wouldn't have sex either."
Female genital cosmetic surgery is a small segment of the U.S. plastic surgery market, but it is growing, with thousands of women estimated to undergo such procedures every year. That growth comes despite a warning from the American College of Obstetricians and Gynecologists (ACOG), in a 2007 notice to member physicians, that strongly questioned the medical validity and safety of female genital cosmetic surgery. Earlier this year the group debated the trend at its annual meeting in San Diego.
"None of these procedures have proven effectiveness, and there is potential for harm," Dr. Cheryl Iglesia, a Washington, D.C., gynecologist and former ACOG committee member, wrote in an editorial published in the June issue of Obstetrics and Gynecology. "Women are being misled or are confused about what is normal," she wrote -- and about what constitutes a condition that can actually be helped through treatment.
Critics say the trend is the latest service aimed at women pursuing an impossible ideal of physical perfection, hyped by Internet pornography and advertising by surgeons who may not explain all the risks, such as infections, scarring, pain and the loss of the very sensations some patients seek to enhance.
"Even when women are told of potential complications, like insensitivity of the clitoris ... they still may be unstoppable if they have the notion that they need a younger-looking or more perfect or more desirable vulva," said Harriet Lerner, a psychologist specializing in women's issues.
More than 2,140 U.S. women underwent "vaginal rejuvenation" last year, according to the American Society for Aesthetic Plastic Surgery. The International Society of Aesthetic Plastic Surgeons put the U.S. total at nearly 5,200 in 2010. Experts note such figures do not include the many procedures done by gynecologists.
ACOG not only points to the risks of genital surgery but also emphasizes that female sexual response is driven by psychological factors rather than genital appearance. The group has asked its members to be aware of how they might unwittingly influence a patient to consider surgery.
In practices across the country, doctors say more women, from teenagers to those in their late 70s, want to discuss the procedures, which can cost between $2,500 and $12,000 and are usually not covered by insurance.
"I tell every patient you are normal the way you are," said Miklos, who each year performs as many as 180 labiaplasties to cut back the skin flaps surrounding the vaginal opening. "I would never suggest that they get one. What is the right size of a nose, or a chin? That's up to the individual. It's her right to decide."
FROM REPAIR TO AESTHETICS
Corrective gynecological surgery has been available for decades, including procedures to alleviate incontinence or sagging of the vaginal canal after childbirth. In the 1990s surgeons began offering procedures that promised the improved aesthetics, self-esteem and confidence associated with nose jobs or other plastic surgeries.
"One side was longer than the other side. ... It was something that bothered me," said Kari, a 36-year-old labiaplasty patient of Beverly Hills, California, plastic surgeon Fardad Forouzanpour. (She did not want to give her last name.) "It makes me more comfortable. I like the way that it looks."
She said her boyfriend was not involved in her decision, but she did "look at a few Playboys here and there."
One patient, who did not want to use her name, said she had surgery because she hated the look of her labia, even though her husband had no problem with her appearance.
Other procedures include creating a new hymen for "revirgination" and "G-spot amplification," which involves injecting the area in the front wall of the vagina with collagen or another filler to enhance sexual gratification. In some cases, patients may not leave satisfied. One way Miklos seeks clients is by running a website called botchedlabia.com, where women who have already experienced complications can get advice on revisions.
Surgeons say many patients have been influenced by images of the waxed, buffed or surgically altered genitals of porn actresses.
"They see these porn stars who have things done, and they look so nice and clean-cut," said Forouzanpour, who does 15 to 25 labiaplasties a month. "It is normal to have some extra skin, or some discoloration."
While studies have shown some social advantages to plastic surgery that improves a person's overall appearance in public, like a nose job or face-lift, there is no data showing the benefits of altering one's genitals.
"The ethical question is: How much are you playing on women's insecurities?" Dr. Iglesia said. "Women are getting very much duped into thinking there is a standard look for the vulva."
By all measures, Miklos has thrived on his expertise. Along with partner Dr. Robert Moore, he now has practices in Atlanta, Georgia and Beverly Hills. He says he tries to stay away from procedures with more dubious outcomes.
For example, surgery claiming to enhance the "G-spot," which may play a role in sexual arousal, raises red flags as no controlled studies have been done, or are likely to be done, to show whether it has any effect.
"I don't routinely do them. People ask for them, but I don't want someone to pay $1,000 and have high hopes," Miklos said. "People get upset when there is no response."
(Editing by Michele Gershberg)
A Digital Music Option Thrives, Though Quietly
The digital music company Spotify, which uses free song streams to lure people to paid subscriptions, has earned the music industry’s approval by making money from listeners who might otherwise use their computers to download songs illegally.
In its shadow, another service, Muve Music, has quietly built one of the largest subscriber bases in the business by going after a part of the market that most digital companies have largely ignored: people who may not have computers at all.
Muve, a phone-based music plan sold through Cricket Wireless, offers unlimited song downloads for $10 a month, tucked inconspicuously into a customer’s monthly cellphone bill, which ranges from $55 to $65. In many ways its users defy the conventional profile of a digital music consumer. They are young and urban, yes, but instead of a laptop or a tablet, they use a phone for everything. Most earn less than $35,000 a year and lack credit cards, so they prefer Cricket’s month-to-month cash plan.
Since its introduction in January 2011, Muve has signed up 600,000 users, putting it in the league of Rhapsody, which has about one million subscribers, and Spotify. (Spotify has four million paying users in 15 countries, but has not said how many of those are in the United States.) And Muve is poised for another growth spurt with a new line of phones that the company believes could bring in millions of new users.
“Cricket’s customer is young, is ethnic, and tends to be middle and lower income,” said Jeff Toig, the senior vice president of Muve Music. “This is not a segment of the market that the major technology companies innovate for.”
Cricket, which has six million subscribers and is a subsidiary of Leap Wireless, will announce on Wednesday the introduction of a line of Android phones for $50 to $70 a month. These plans automatically include Muve, and are in addition to the Samsung, Huawei, HTC and other models on which Muve is an option. (In June, Cricket also began selling iPhones, but those do not include Muve.)
The major companies see Muve as a way to develop loyal customers in an area that had been an industry blind spot. Each month, Cricket says, Muve users download more than 70 million songs and spend more than 30 hours listening. By comparison, Pandora users listen for an average of about 20 hours each month.
“It’s a case study for how you execute a bundled music service,” said Stephen Bryan, executive vice president for digital strategy and business development at the Warner Music Group.
Among Muve’s advantages are that its primary customers — young, urban minorities — are some of the heaviest users of the Internet on cellphones. According to a study in June by the Pew Internet and American Life Project, blacks and Hispanics are more likely than whites to consider the phone their primary means of going online.
As part of Muve’s music licensing deal, a portion of the $10 monthly fee is earmarked for royalties, and divided among record companies according to each label’s share of downloads. Neither Cricket nor the labels would say exactly how much of that $10 goes to royalties, but it has been estimated by analysts and others to be $3 to $5.
For labels eager to license their music every way possible, that amounts to a steady income stream, if a small one compared with the hundreds of millions of dollars labels receive each year from retail giants like iTunes.
“Exploring these new opportunities and new methods of consumption is the one thing that’s enabling the music industry to weather the storm of piracy,” said Rob Wells, president for global digital business at the Universal Music Group.
But some analysts doubt Muve’s long-term potential. The service signed up 500,000 users in its first year, but halfway into its second it has gained only an additional 100,000. Cricket itself — a tiny competitor to giants like Verizon and AT&T, which each have around 100 million customers — lost 289,000 subscribers in its second quarter, the company reported recently. The company is hoping Muve and its new Android plans will help turn that around.
Walter Piecyk, an analyst with BTIG Research, said that Muve would have difficulty holding onto customers as Cricket moves its customers from the more basic feature phones into Android and other kinds of smartphones.
“They’re trying to increase the monthly bills of customers by selling them smartphones,” Mr. Piecyk said. “The challenge with that is that with smartphones you’ve got more choices for musical services. So they’re going to face increased competition with more mainstream music alternatives as they push their customers into smartphones.”
While bundling digital music services with phone or Internet plans has become common throughout the world, it is still relatively rare in the United States. Rhapsody, for example, is available as a $10 surcharge from MetroPCS, another small carrier that offers month-to-month plans with no long-term contracts. For Cricket, the Muve service, promoted heavily in its marketing and at its stores, has become an important way to distinguish itself from its competitors.
“This is providing an experience and more value to customers,” S. Douglas Hutcheson, the chief executive of Leap, said in an interview. “As we look at how to get sustained growth in the business, I think we’ve come up with an innovative, desirable way to do that, that’s something beyond just dropping to ever-lower prices.”
Lawyers Make Big Money from File-Sharers
A student in the US has been slapped with a $675,000 (539,000 euros) fine for illegally uploading music. German law firms now specialize in file-sharing to take advantage of the lucrative source of revenue.
The US Supreme Court has recently rejected 25-year-old Joel Tenenbaum's appeal against his $675,000 (539,000 euros) fine, leaving the Boston University graduate student with little legal recourse. Tenenbaum admitted to illegally uploading 30 songs to the Internet in 2003, when he was 16 years old. That's $22,500 per song, including songs by famous rock bands such as Nirvana, Green Day and Incubus.
Big record companies have begun doggedly pursuing file-sharers such as Tenenbaum, people who download music from the Internet illegally and then upload the illicit songs to websites where other users can download them. The case of Tenenbaum serves as a stark warning to file-sharers everywhere.
File-sharers as felons?
Such draconian punishments are shocking to many observers, though the era is long gone when illegally downloading and uploading music was considered a trivial offense. Some particularly outraged critics claim that file sharers receive harsher punishments than rapists.
"I wouldn't go that far," Christian Solmecke, a lawyer and specialist in copyright infringement, told DW. "One look at the German law book shows that rape is punished harder. Rape carries a punishment of at least two years imprisonment. With copyright infringements, fines are the norm."
Solmecke's law firm specializes in copyright infringement and even offers a hotline that people can call if they have received a written warning from the music or film industry. At the moment, the law firm represents 16,000 clients accused of pirating.
The 30-year-old Timo (name changed by editor) has run into problems with the music industry. His case is ongoing, so he has asked not to be identified by his real name. Timo has a large collection of music on his computer and has occasionally uploaded a song - for friends.
A law firm sent Timo a letter on behalf of a major record company. The letter accused him of uploading songs by a moderately successful artist to the Internet for free.
"The letter was pre-printed," Timo told DW. "The signature was a color copy."
The letter also included a long list of similar cases and the resulting sentences.
"Apparently they wanted me to see who I was dealing with," Timo said. He was also asked to sign a form pledging that he would no longer illegally download and upload songs. If the signee breaks that pledge, he or she can be prosecuted.
"Before signing such a document, you should always seek legal advice from a lawyer who specializes in the field," Solmecke said. Under no circumstance should you ignore the letter, he said, but instead should find a way to reformulate it.
That's what Timo did. He promised in writing, without making any sort of legal recognition of guilt, that he would no longer make the songs in question available on the Internet. He subsequently did not hear anything from the law firm or the record company for three years. The statute of limitations in this case lasts three years.
But now, just as the three-year deadline approaches, Timo has begun receiving bills for legal fees from the law firm on a regular basis. In the past few weeks, the fees have risen to extraordinary levels, much higher than what was originally demanded.
"The big joke of it all is that I didn't even have the record that they were talking about," Timo said. "I don't know it at all."
Many law firms in Germany now specialize in sending these written warnings on behalf of music companies. With tens of thousands of cases currently open, it's a quick way to make easy money for them.
Many alleged file-sharers submit to payment claims too quickly or sign ominous statements, while others agree to settlements that are much too high. For the courts, it is often difficult to find out whether the law firms even discuss the demands in the letters with the clients they are representing.
Mistakes also happen regularly. Sometimes the IP address, behind which an alleged file-sharer is supposedly hiding, is not correct. As a consequence, many Internet users fall under suspicion for no good reason.
"In general, one can say that the amount of money that is demanded in these warning letters is far too high," Solmecke said. "The payment claims from the German music industry are not as high as in the US, but the total costs from an unsuccessful legal procedure can still amount to up to 10,000 euros."
In Germany, the courts also decide on a case-by-case basis, with a broad range of punishments at their disposal.
"It ranges from 15 euros per song to 300 euros per song," Solmecke said. "When music albums are being shared, the amount can rise to several thousand euros. Then there are also the legal fees."
Through the back door
But why does somebody who uploads 12 songs have to pay a fine of thousands of euros?
When someone uploads music into an Internet file-sharing network, they are legally required to pay licensing fees, which does not happen during file-sharing. The copyright owner thereby loses money, particularly when the album in question is successful in the charts.
With the warning letters, the record companies can recoup some of the money that they otherwise would not have received. For the courts, it's difficult to calculate exactly how much the music company would have made if the shared record had been bought. After all, nobody knows how many people would have actually bought the music.
Lawyers these days are earning a lot of money from file-sharing cases, either by sending warning letters or helping their clients escape the justice system with just minimal financial damage. Many law firms are enjoying a veritable gold rush as they begin to specialize in copyright law to take advantage of the huge profits. The German parliament, the Bundestag, has long been considering how to cap the costs so that the warning letters aren't so lucrative - so far without any results.
Meanwhile, the artists who Timo allegedly hurt by uploading their songs most likely do not know the extent to which their record labels and a few lawyers go in order to make a couple of hundred euros. Under certain circumstances, the artists might even be happy when a person like Timo does a little advertising for them in the Internet. But Timo says he did not willingly advertise for the artist he's accused of wronging.
"Of course I listened to it once," Timo said. "It was complete garbage."
Patrick Foster, Former Times Journalist, Arrested Over Hacking Of NightJack Blogger's Emails
A journalist was arrested on Wednesday on suspicion of computer hacking.
The 28-year-old man, understood to be the former Times journalist Patrick Foster, was held at his north London home on Wednesday morning.
It is understood the arrest relates to a Scotland Yard investigation into the hacking of the email account of Lancashire detective Richard Horton in 2009 which unmasked him as the author of the anonymous NightJack blog.
Foster is 11th person to be arrested by detectives from Operation Tuleta, the Metropolitan Police investigation of breaches of privacy, which is running alongside the phone-hacking scandal investigation, Operation Weeting.
He was also arrested on suspicion of conspiracy to pervert the course of justice.
A Scotland Yard spokesman said: "Officers from Operation Tuleta, the investigation into criminal breaches of privacy including computer hacking which is being carried out in conjunction with MPS phone hacking inquiries, arrested a man in North London this morning, 29 August.
"The 28-year-old man, a journalist, was arrested at his home address at approximately 7am for suspected offences under the Computer Misuse Act 1990 and suspected conspiracy to pervert the course of justice, contrary to the Criminal Law Act 1977."
He was being questioned at a North London police station.
Second Accused LulzSec Hacker Arrested in Sony Pictures Breach
A second suspected member of the clandestine hacking group LulzSec was arrested on Tuesday on charges he took part in an extensive computer breach of Sony Pictures Entertainment, the FBI said.
Raynaldo Rivera, 20, of Tempe, Arizona, surrendered to U.S. authorities in Phoenix six days after a federal grand jury in Los Angeles returned an indictment charging him with conspiracy and unauthorized impairment of a protected computer.
If convicted, Rivera faces up to 15 years in prison.
The indictment, unsealed on Tuesday, accuses Rivera and co-conspirators of stealing information from Sony Corp's Sony Pictures' computer systems in May and June 2011 using an "SQL injection" attack against the studio's website, a technique commonly employed by hackers.
The indictment said Rivera then helped to post the confidential information onto LulzSec's website and announced the intrusion via the hacking group's Twitter account.
While Rivera was the only person named in the indictment, the FBI said his co-conspirators included Cody Kretsinger, 24, a confessed LulzSec member who pleaded guilty in April to federal charges stemming from his role in the Sony attack.
Following the breach, LulzSec published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony, and publicly boasted of its exploits.
"From a single injection we accessed EVERYTHING," the hackers said in a statement at the time. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"
Authorities have said the Sony breach ultimately cost the company more than $600,000.
LulzSec, an underground group also known as Lulz Security, is an offshoot of the international hacking collective Anonymous and has taken credit for such cyber incursions on a number of government and private sector websites.
The latest indictment says Rivera, who went by the online nicknames of "neuron," "royal" and "wildicv," is suspected of using a proxy server in a bid to conceal his Internet Protocol, or IP, address, and avoid detection.
Court documents revealed in March that an Anonymous leader known as Sabu, whose real name is Hector Monsegur, had pleaded guilty to hacking-related charges and provided information on his cohorts to the FBI.
That same month, five other suspected leaders of Anonymous, all them alleged to be LulzSec members as well, were charged by federal authorities with computer hacking and other offenses.
An accused British hacker, Ryan Cleary, 20, was indicted by a federal grand jury in June on charges related to LulzSec attacks on several media companies, including Sony Pictures.
Kretsinger, who pleaded guilty to the same two charges now facing Rivera, is slated to be sentenced on October 25. A federal prosecutor said he would likely receive substantially less than the 15-year maximum prison term carried by those offenses.
Anonymous and its offshoots focused initially on fighting attempts at Internet regulation and the blocking of free illegal downloads but have since taken aim at the Church of Scientology, global banking and other targets.
Anonymous, and LulzSec in particular, became notorious in late 2010 when they launched what they called the "first cyber war" in retaliation for attempts to shut down Wikileaks.
(Editing by Cynthia Johnston and Lisa Shumaker)
How I Cracked My Neighbor's WiFi Password Without Breaking A Sweat
Readily available tools make cracking easier.
Last week's feature explaining why passwords are under assault like never before touched a nerve with many Ars readers, and with good reason. After all, passwords are the keys that secure Web-based bank accounts, sensitive e-mail services, and virtually every other facet of our online life. Lose control of the wrong password and it may only be a matter of time until the rest of our digital assets fall, too.
Take, for example, the hundreds of millions of WiFi networks in use all over the world. If they're like the ones within range of my office, most of them are protected by the WiFi Protected Access or WiFi Protected Access 2 security protocols. In theory, these protections prevent hackers and other unauthorized people from accessing wireless networks or even viewing traffic sent over them, but only when end users choose strong passwords. I was curious how easy it would be to crack these passcodes using the advanced hardware menus and techniques that have become readily available over the past five years. What I found wasn't encouraging.
First, the good news. WPA and WPA2 use an extremely robust password-storage regimen that significantly slows the speed of automated cracking programs. By using the PBKDF2 key derivation function along with 4,096 iterations of SHA1 cryptographic hashing algorithm, attacks that took minutes to run against the recent LinkedIn and eHarmony password dumps of June would require days or even weeks or months to complete against the WiFi encryption scheme.
What's more, WPA and WPA2 passwords require a minimum of eight characters, eliminating the possibility that users will pick shorter passphrases that could be brute forced in more manageable timeframes. WPA and WPA2 also use a network's SSID as salt, ensuring that hackers can't effectively use precomputed tables to crack the code.
That's not to say wireless password cracks can't be accomplished with ease, as I learned firsthand.
I started this project by setting up two networks with hopelessly insecure passphrases. The first step was capturing what is known as the four-way handshake, which is the cryptographic process a computer uses to validate itself to a wireless access point and vice versa. This handshake takes place behind a cryptographic veil that can't be pierced. But there's nothing stopping a hacker from capturing the packets that are transmitted during the process and then seeing if a given password will complete the transaction. With less than two hours practice, I was able to do just that and crack the dummy passwords "secretpassword" and "tobeornottobe" I had chosen to protect my test networks.
Brother, can you spare a deauth frame?
To capture a valid handshake, a targeted network must be monitored while an authorized device is validating itself to the access point. This requirement may sound like a steep hurdle, since people often stay connected to some wireless networks around the clock. It's easy to get around, however, by transmitting what's known as a deauth frame, which is a series of deauthorization packets an AP sends to client devices prior to it rebooting or shutting down. Devices that encounter a deauth frame will promptly rejoin an affected network.
Using the Silica wireless hacking tool sold by penetration-testing software provider Immunity for $2,500 a year, I had no trouble capturing a handshake established between a Netgear WGR617 wireless router and my MacBook Pro. Indeed, using freely available programs like Aircrack-ng to send deauth frames and capture the handshake isn't difficult. The nice thing about Silica is that it allowed me to pull off the hack with a single click of my mouse. In less than 90 seconds I had possession of the handshakes for the two networks in a "pcap" (that's short for packet capture) file. My Mac never showed any sign it had lost connectivity with the access points.
I then uploaded the pcap files to CloudCracker, a software-as-a-service website that charges $17 to check a WiFi password against about 604 million possible words. Within seconds both "secretpassword" and "tobeornottobe" were cracked. A special WPA mode built-in to the freely available oclHashcat Plus password cracker retrieved the passcodes with similar ease.
It was the neighborly thing to do
Cracking such passcodes I had set up in advance to be guessed was great for demonstration purposes, but it didn't provide much satisfaction. What I really wanted to know was how much luck I'd have cracking a password that was actually being used to secure one of the networks in the vicinity of my office.
So I got the permission of one of my office neighbors to crack his WiFi password. To his chagrin, it took CloudCracker just 89 minutes to crack the 10-character, all-numerical password he used, although because the passcode wasn't contained in the entry-level, 604 million-word list, I relied on a premium, 1.2 billion-word dictionary that costs $34 to use.
My fourth hack target presented itself when another one of my neighbors was selling the above-mentioned Netgear router during a recent sidewalk sale. When I plugged it in, I discovered that he had left the eight-character WiFi password intact in the firmware. Remarkably, neither CloudCracker nor 12 hours of heavy-duty crunching by Hashcat were able to crack the passphrase. The secret: a lower-case letter, followed two numbers, followed by five more lower-case letters. There was no discernible pattern to this password. It didn't spell any word either forwards or backwards. I asked the neighbor where he came up with the password. He said it was chosen years ago using an automatic generation feature offered by EarthLink, his ISP at the time. The e-mail address is long gone, the neighbor told me, but the password lives on.
No doubt, this neighbor should have changed his password long ago, but there is a lot to admire about his security hygiene nonetheless. By resisting the temptation to use a human-readable word, he evaded a fair amount of cutting-edge resources devoted to discovering his passcode. Since the code isn't likely to be included in any password cracking word lists, the only way to crack it would be to attempt every eight-character combination of letters and numbers. Such brute-force attacks are possible, but in the best of worlds they require at least six days to exhaust all the possibilities when using Amazon's EC2 cloud computing service. WPA's use of a highly iterated implementation of the PBKDF2 function makes such cracks even harder.
Besides changing the password every six months or so and not using a 10-digit phone number, my neighbors could have taken another important step to improve their WiFi security. WPA allows for passwords with 63 characters in them, making it possible to append four or five randomly selected words—"applesmithtrashcancarradar" for instance—that are easy enough to repeat to guests who want to use your wireless network but are prohibitively hard to crack.
Yes, the gains made by crackers over the past decade mean that passwords are under assault like never before. It's also true that it's trivial for hackers in your vicinity to capture the packets of the wireless access point that routes some of your most closely held secrets. But that doesn't mean you have to be a sitting duck. When done right, it's not hard to pick a passcode that will take weeks, months, or years to crack.
With odds like that, crackers are likely to move onto easier targets, say one that relies on the quickly guessed "secretpassword" or a well-known Shakespearean quote for its security.
Time Warner Cable Invests $25M to Build 1Gbps Fiber Network
Time Warner Cable is following Google's lead with a 1Gbps fiber network in New York City, except Time Warner will focus on business customers and it hasn't yet announced pricing.
Time Warner Cable announced Tuesday a $25 million investment to expand its fiber broadband network to businesses in New York City.
The new fiber network will be built in Brooklyn as well as to parts of Manhattan such as the Financial and Flatiron districts. Last year, Time Warner and the city of New York reached a franchise agreement in which Time Warner said it would expand its fiber network to areas that don't currently have access.
The new service will offer speeds up to 1 gigabit per second, the company said in a press release (not yet available online). The company will target companies that have high data needs, such as design firms and technology companies.
Businesses in the newly revitalized Brooklyn Navy Yard have already seen the benefits of an upgraded and fast fiber network from Time Warner Cable. Time Warner is also building a second Time Warner Learning Lab in Brooklyn at the Navy Yard. This facility provide the public with free access to computers and high-speed Internet. The facility will be part of the Navy Yard's onsite Employment Center.
Time Warner's move to improve its network and expand fiber to underserved parts of the city is part of a bigger technology initiative from New York City Mayor Michael Bloomberg. The city also has agreements with Verizon Communications, Cablevision Systems, and AT&T to improve broadband services via fiber and Wi-Fi.
AT&T has built several public Wi-Fi hotspots for its customers. And Verizon Wireless has been deploying its Fios fiber network to residents and businesses throughout the five boroughs of the city.
Time Warner's announcement comes as technology giant Google is building out its fiber network in parts of Kansas City, Missouri and Kansas City, Kansas. Google launched Google Fiber last month. charging customers $70 a month for 1Gbps downloads and uploads, plus 1 terabyte of data storage.
Time Warner hasn't announced its pricing yet. But unlike Time Warner, Google's service is geared toward consumers as well as business users. Google is building the network in an effort to spur innovation in broadband and to push other providers to increase the speed of their networks.
"There is a bottleneck right now in residential access where people are only getting speeds of 5Mbps," Ken Lo, general manager for Google Access said in an interview following the launch of the network.
And even though he didn't say so directly, he made the point that the Google Fiber network can be seen as a challenge to what broadband providers have offered in the past.
"The last time we doubled the speed of broadband a whole new market evolved and spurred tremendous growth in the Internet," he said. "We don't want incremental change. Offering you a 10Mbps service and edging it to 50Mbps and then 100Mbps, that's not what drives real innovation. We need to do something in a big way that will take a material step in performance."
It will be interesting to see how Time Warner prices its 1Gbps service and whether the company will upgrade other parts of its network to provide fast broadband services to residents throughout the city.
Doctor Who Goes Back in Time to Beat TV Pirates
Australian broadcaster ABC is sending Doctor Who back in time. It is putting episodes online just after they premiere in the UK, hoping viewers will turn away from pirated copies.
Some people just can’t wait. Delaying syndicated broadcasts of TV shows to overseas territories often gives eager viewers a window in which to download unauthorised episodes encoded in their country of origin.
But now Australian broadcaster ABC is aiming to beat the pirates by satisfying demand from one of the most avid groups of fans.
It will place online episodes of the upcoming seventh series of Doctor Who just 50 minutes after they end up in the UK (announcement).
Although the September 1 season opener won’t air on Australian television until September 8, by placing the episodes on its iview catch-up service just after UK transmission ends, ABC will eliminate the week-long opportunity pirated copies have previously had to gain viewer share.
Typically, shows are added to catch-up services only after their broadcasters’ linear TV transmission.
ABC1 controller Brendan Dahill (via News.com.au):
“Piracy is wrong, as you are denying someone their rights and income for their intellectual property. The fact that it is happening is indicative that as broadcasters we are not meeting demand for a segment of the population.
“So as broadcasters we need to find convenient ways of making programs available via legal means to discourage the need for piracy.”
Of course, this won’t stop ripped encodings from being made or circulated. But ABC, by super-serving Doctor Who fans (the episodes will go online at 5.10am on a Sunday following UK transmission), will likely gather to its official channel an audience renowned for wanting to see its favourite show as soon as possible.
ABC has previously experimented with placing its legal drama, Rake, on iview before TV transmission.
News.com.au: “This is the first time a big blockbuster TV show will air in full on an Australian online player within hours of its official release elsewhere.”
Until next week,
Current Week In Review
Recent WiRs -
August 25th, August 18th, August 11th, August 4th
Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.
"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black
Thanks For Sharing
|Thread Tools||Search this Thread|
|Thread||Thread Starter||Forum||Replies||Last Post|
|Peer-To-Peer News - The Week In Review - July 16th, '11||JackSpratts||Peer to Peer||0||13-07-11 06:43 AM|
|Peer-To-Peer News - The Week In Review - July 9th, '11||JackSpratts||Peer to Peer||0||06-07-11 05:36 AM|
|Peer-To-Peer News - The Week In Review - January 30th, '10||JackSpratts||Peer to Peer||0||27-01-10 07:49 AM|
|Peer-To-Peer News - The Week In Review - January 16th, '10||JackSpratts||Peer to Peer||0||13-01-10 09:02 AM|
|Peer-To-Peer News - The Week In Review - December 5th, '09||JackSpratts||Peer to Peer||0||02-12-09 08:32 AM|