P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 10-10-18, 07:00 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - October 13th, ’18

Since 2002


































"One of the major reasons the telecom industry wanted Brett Kavanaugh on the Supreme Court is because this entire battle could rest on his shoulders." – Karl Bode


"We’ve been growing by approximately 50% a year pretty consistently." – Gabriel Weinberg, DuckDuckGo






































October 13th, 2018




One-Third of the World Is Still Pirating Music

Global report says 38 percent of music consumers obtain music illegally, most of them ripping from streams
Amy X. Wang

Innovations on the tech side of music haven’t done much to curtail its piracy problem, according to the International Federation of the Phonographic Industry (IFPI). The organization, which represents the interests of recording industries around the globe, released its 2018 consumer insight report on Tuesday, finding that 38 percent of consumers are obtaining music through illegal means.

The most popular form of copyright infringement is stream-ripping (practiced by 32 percent of all consumers), followed by downloads through cyberlockers or P2P (23 percent) and obtainment via search engines (17 percent); Those results come out of a study that the IFPI conducted, earlier this year, among a representative sample of 16- to 64-year-olds in 18 countries — including the U.K., U.S., Brazil, France, South Africa and South Korea — that make up the vast majority of global music consumption, according to the report. The annual study was also conducted in China and India this year for the first time, but results from those two countries are not included in the “global” figures.

Per the IFPI’s study, stream-rippers cite their primary motive as being able to listen to music offline without paying for a premium subscription. CEO Frances Moore said in a statement accompanying the report that the “evolving threat of digital copyright infringement” is one of the two most significant challenges facing the music industry (the other being the “failure to achieve fair compensation from some user-upload services”) as the music industry continues its path of regrowth. In short: Music is on the upswing again, but it’s still hemorrhaging money. Record labels are taking some legal action, with the most prominent example being the 2016 shutdown of Youtube-mp3, a popular stream-ripping site. Policymakers are also starting to peer more closely at digital music infringement issues this year, particularly in Europe where controversial copyright reforms could soon tighten the reigns on user-generated content platforms like YouTube — but there’s no panacea yet.

“Whilst the scale of copyright infringement has remained at a consistent level in recent years, the type of infringement has evolved alongside the global recording industry,” IFPI tells Rolling Stone, adding that stream-ripping in particular is stifling growth of the legal music market because those users are choosing between illegally scraping music and upgrading to a subscription streaming tier.

According to British anti-piracy company MUSO, 25 percent of all online piracy activity is music-related, accounting for roughly 74 billion visits to piracy sites in 2017, and the demand for unlicensed music is rising in double-digit percentages every year — “certainly not an audience that should be ignored,” MUSO’s CEO Andy Chatterley wrote in an op-ed this summer. Chatterley suggested that the popularity of music piracy might actually pose a “huge revenue opportunity” if artists, labels and distributors think of copyright infringers as “highly intentional and committed fans who are willing to go to any lengths to find the content they desire” and adjust their strategies accordingly.
https://www.rollingstone.com/music/m...ealing-734293/





Pirated Copies Of Super Mario Party Appear Online, Switch Piracy Concerns Continue To Grow

Days before the game's release
Ryan Craddock

Yesterday, pirated versions of the upcoming Super Mario Party were said to have leaked online, once again highlighting Nintendo's struggles against combating piracy on Switch.

According to tech and science site, Motherboard, two different copies of the game have been widely shared across torrent sites, forums, and piracy-focused Discord channels, although it is currently unknown how the game was initially leaked or who was responsible. Motherboard say that it "has independently confirmed that the files being circulated contain a working version of the game, and has seen video of it running on a modified Nintendo Switch".

Apparently, the shared files will only work on a Switch that has already been hacked or modded, but with communities surrounding the hacking scene growing ever stronger, and with Nintendo struggling to combat the issues this presents, it could be all too easy for users to follow suit and grab an illegal copy for themselves.

Nintendo has been taking positive strides towards the combat of illegal ROM sharing lately, with software updates that have included the ability to ban a console from connecting to the internet should it be used for illegal activity, as well as filing lawsuits against several well-known ROM sharing websites, but this new leak proves how far Nintendo still has to go.

Super Mario Party launches officially tomorrow and, if you missed our review, we think the game is "a true return to form". Will you be supporting the game by purchasing a copy tomorrow? Let us know down below.
http://www.nintendolife.com/news/201...ntinue_to_grow





Major Publishers File Second Lawsuit Against ResearchGate

As the American Chemical Society and Elsevier move litigation forward, other academic publishers have opted to collaborate with the academic network platform instead.
Diana Kwon

ResearchGate, a popular networking platform where scientists can post their published work, has a complicated relationship with academic publishers. A number of them have accused the site of illicitly disseminating copyrighted work, and two of these—Elsevier and the American Chemical Society—filed a lawsuit in Germany last year to try to force ResearchGate to change its practices.

The pair has now escalated the legal battle by pursing a second case in the United States. At the same time, some publishers have opted for different approach: choosing to collaboratively address copyright issues with the platform rather than fighting it in court.

“We feel that [ResearchGate] should take responsibility for what they upload and what they allow users to upload,” says James Milne, the spokesperson for the Coalition for Responsible Sharing, a group of publishers that have taken an adversarial stance against ResearchGate. “Their view is, I believe, that they feel that they are just a platform and they have no responsibilities in that context. That’s something that we disagree with.”

ResearchGate, which is a Berlin-based for-profit firm, boasts more than 15 million members and has received millions of dollars in funding from a variety of investors such as the Wellcome Trust, Bill Gates, and Goldman Sachs. Researchers can join the social networking site for free.

For scholarly publishers, the number of paywalled papers made freely available on the website has been an increasing concern. In an attempt to address this problem, an attorney for the International Association of Scientific, Technical, and Medical Publishers (STM), a trade association including more than 150 academic publishers, wrote to ResearchGate last fall urging the site to adopt an automated system that would immediately flag copyright-infringing articles before they’re uploaded, preventing them from appearing publicly on the site.

The social networking site declined this proposal, and shortly after, a group of five publishers—the American Chemical Society (ACS), Brill, Elsevier, Wiley, and Wolters Kluwer—banded together to create the Coalition for Responsible Sharing, noting that it would take formal steps to change ResearchGate’s practices. The coalition, which has expanded to 15 members, has since done two things, says Milne, who is also ACS’s senior vice president. “Elsevier and ACS, as two representative organizations from the coalition, filed a suit in Germany to ask for the courts to address the infringement that we could see,” he tells The Scientist. And all members started sending takedown notices to ResearchGate and its users for articles identified as breeching copyright, he adds.

According to Milne, the first hearing for the German lawsuit took place in mid-April and the next is scheduled to occur later this month.

The legal battle launched by Elsevier and ACS escalated last week (October 2) when the two filed a second claim against ResearchGate with the US District Court in Maryland. In court documents, which were obtained and uploaded by Inside Higher Ed, the publishers allege that the “dissemination of unauthorized copies of [published journal articles] constitutes an enormous infringement of the copyrights owned by ACS, Elsevier, and other journal publishers.”

ACS and Elsevier also claim that the infringing activity is intentional, adding that the platform uses the illegal copies of articles to “grow the traffic to its website, its base of registered users, its digital content, and its revenues and investment.”

ResearchGate declined The Scientist’s request for comment.

Lisa Hinchliffe, a professor and coordinator of information literacy services at the University of Illinois at Urbana-Champaign, says she finds this particular claim problematic. “If you try to upload something to ResearchGate, you’re asked multiple times to confirm that you have the rights to do so,” she says. Rather than intentionally violating copyright, “I believe that for the predominant group of authors, they don’t know that they transferred their copyright to the publisher, and that they’re under terms of sharing that they could never in their wildest dreams imagine.”

Joseph Esposito of Clarke & Esposito, a publishing consultancy firm, notes that one potential reason to sue would be “if you’re in the crosshairs of the rifle,” pointing to the stalemates in negotiations between Elsevier and various European library consortia in Germany and elsewhere. “If you’re deep in the journals business and you find your ability to negotiate with libraries and library consortia has been undermined by these various file-sharing and pirate organizations, then litigation is a good thing to do,” Esposito says. However, he adds, without stopping the activities of Sci-Hub, a pirate site that provides free access to paywalled papers, a victory over ResearchGate won’t do much to address this issue.

A collaborative approach

Some publishers are taking a different approach, collaborating with ResearchGate rather than seeking legal action. This April, Springer Nature, Cambridge University Press (CUP), and Thieme announced that they had forged an agreement with the site to work together to address copyright infringement on the social networking platform.

“While there was a huge amount of our content on ResearchGate that was violating various policies, we could also see that there was something beneficial about social sharing,” says Brigitte Shull, CUP’s senior vice president of academic publishing in the Americas. “We came to the solution that social sharing is a vital part of research, and if it’s done correctly, it can make research more discoverable and impactful.”

According to Shull, CUP will soon be able access ResearchGate with a crawler tool that will identify copyright-infringing content that has been uploaded to the site and provide the ability to monitor data regarding the usage of the publisher’s content. She adds that CUP is currently negotiating an agreement with Digital Science, the technology company that developed the tool, before using it on ResearchGate’s platform. A key difference between this software and the one that the STM initially offered ResearchGate is that this would flag and remove copyright-breaching papers after they are uploaded, rather than before.

“For us, it’s going to be about gaining a better understanding about what’s happening with our content on ResearchGate for the next few months,” Shull says. “Then we’ll be able to decide what the next step might be from there.”

A Springer Nature spokesperson tells The Scientist in an email that the publisher has worked with Digital Science to implement the same tool as CUP, but has not yet used this because it is “working on a different solution with ResearchGate which would benefit both their users and our authors.” (Mareike Bauner, a communications officer at Thieme, tells The Scientist that it is working on a similar tool, but with a different developer.)

Although around two dozen publishers have chosen to actively address copyright issues on ResearchGate using either an adversarial strategy, such a litigation and public rebuke, or a collaborative one, the bulk of publishing organizations have chosen to watch from the sidelines, Hinchliffe says. “Most of them are sitting back and watching these other approaches play out.”
https://www.the-scientist.com/news-o...archgate-64916





Ajit Pai Faces Rare Criticism from GOP Senator on Rural Broadband Failures

Pai promised economic analysis of funding cuts but didn't deliver, Thune says.
Jon Brodkin

US Sen. John Thune (R-S.D.) yesterday blasted the Federal Communications Commission, saying it has failed to prevent budget cuts in funding for rural broadband.

"It has been more than a year since Chairman [Ajit] Pai" and fellow commissioners appeared before the Senate Commerce Committee "and committed to conducting a thorough economic analysis of the impact of USF [Universal Service Fund] funding cuts on broadband deployment in rural areas before allowing any further reduction," Thune said.

But Pai's FCC has failed to keep that promise, Thune said while delivering a statement at a hearing on rural broadband. Thune, the Commerce Committee chairman, continued:

Since that time, however, the cuts resulting from the FCC's budget control mechanism have increased by almost 25 percent. 25 percent!

There has been no economic analysis of what these cuts are doing to rural America—what they are doing to rural jobs, rural economic development, and the ability to live and learn, work, and play in communities like Pierre, South Dakota or Ocean Pointe, Hawaii; Yankton, South Dakota or Yakima, Washington.

The FCC has not conducted an analysis of what insufficient and unpredictable funding is doing to the companies trying to deploy broadband under some of the most difficult circumstances in America. This is simply unacceptable.


"These cuts could cause providers to halt or cancel broadband buildout, reducing the availability of broadband throughout rural America," Thune also said. "This could also cause an increase to the cost of service to those who already receive service, putting at risk investments already made."

Thune and other Republican lawmakers have generally been strong supporters of Pai's deregulatory policies.
Budget limits hinder deployment

Pai says he is planning changes that will fix the budget shortfall, but it's not clear why his FCC hasn't done the economic analysis Thune referred to. As chairman, Pai has promised to "strengthen the role of economics at the FCC."

The cuts Thune complained about have affected the USF's multi-billion-dollar High Cost program, also known as the Connect America Fund, which gives money to carriers to deploy broadband in areas without it. The FCC instituted a new budget control mechanism in 2016 under then-Chairman Tom Wheeler. The mechanism is apparently having unwelcome effects that Thune says Pai has not stopped.

The program budget "has remained static at 2011 levels," and "the current budget limits are hindering rural broadband deployment and harming consumers," Thune and other South Dakota lawmakers wrote in a letter to Pai on Wednesday. In South Dakota, carriers face an $11 million cut over 12 months unless the FCC takes action, they wrote.

Minnesota carriers are facing a $7.6 million funding cut over 12 months, Sen. Amy Klobuchar (D-Minn.) said at the hearing. She described constituents who lack proper telecom access, including a doctor who has to go to a McDonald's parking lot to use Wi-Fi for emergency calls because he has no signal at home. "This shouldn't be happening in the United States of America in the year 2018," she said.

FCC data shows that more than 24 million Americans lack access to high-speed broadband at home, Klobuchar also noted.

Pai deflects blame, promises fix

A spokesperson for Pai blamed the previous administration in a statement to Multichannel News.

"Chairman Thune is right that the last Administration's budget control mechanism has stymied efforts to close the digital divide in rural America," Pai's spokesperson said.

But Pai has been the FCC chairman since January 2017, and his spokesperson's statement did not address Thune's criticism that the FCC failed to do any economic analysis of the cuts over the past year-plus. We asked Pai's office for a direct response to Thune's criticism and will update this story if we get a response.

The Pai spokesperson also told Multichannel News that "Chairman Pai led his colleagues earlier this year to devote an additional $500 million to small, rural carriers that serve their communities."

That FCC order included "$180 million in one-time funding to mitigate the effect of the budget control mechanism for the current funding year adopted by the prior Commission," Pai said at the time.

The problem could be fixed for good within months. Pai's spokesperson told Multichannel News that later this year, he plans to establish a "sufficient and predictable budget so that those in rural communities are not left behind any longer."

Separately, Pai has repeatedly imposed new limits on Lifeline, another Universal Service Fund program that gives telecom subsidies to poor people. The Universal Service Fund is paid for by US residents through surcharges on phone bills.

Thune's criticism of the FCC was not limited to the Universal Service Fund. He also took aim at the FCC's broadband mapping data, which is widely known to be inaccurate.

"Our current maps are insufficient," Thune said. "Without accurate maps, we cannot build out broadband to truly unserved areas."

While senators regularly hold FCC oversight hearings with all commissioners present, the witnesses at yesterday's hearing were from broadband providers and not the FCC. Pai thus didn't have a chance to respond directly to Thune at the hearing.

UPDATE: The FCC responded to Ars but just gave us the same statement given to Multichannel News and said that "the Chairman hopes to resolve the budget issue by the end of the year." The FCC order that added $500 million of funding also asked the public for comment "on whether the budget should be adjusted, among other issues," the FCC said.
https://arstechnica.com/tech-policy/...band-failures/





Oh Look, The FCC Is Lying Again In Its Latest Court Filings On Net Neutrality
Karl Bode

As the FCC gears up for legal battle against the numerous net neutrality lawsuits headed its way, its latest filing with the courts acts as a sort of a greatest hits of the agency's biggest fallacies to date. 23 State AGs have sued the FCC, stating last fall's repeal of net neutrality ignored the law, ignored standard FCC procedure, and ignored the public interest. The FCC’s new filing with the U.S. Court of Appeals (pdf) for the District of Columbia Circuit declares these concerns "meritless," despite indisputible evidence that the FCC effectively based its repeal largely on lobbyist nonsense.

At the heart of the matter sits the Administrative Procedures Act, which mandates that a regulator can't just make a severe, abrupt reversal in policy without documenting solid reasons why. The FCC has some legal leeway to change its mind on policy, but as we've long noted, the FCC's justification for its repeal (that net neutrality was somehow stifling broadband investment) has been proven false. Not just by SEC filings and earnings reports, but by the CEOs themselves, publicly, to investors (who by law, unlike you, they can't lie to).

Unsurprisingly then, the FCC's brief leans heavily on the Supreme Court's 2005 Brand X ruling, which states the FCC has some leeway to shift policy course at its discretion if it has the data to back it up. Also unsurprisingly, the brief goes well out of its way to pretend that ignoring the experts, ignoring the public, and demolishing consumer protections purely at Comcast, Verizon and AT&T's behest is reasonable, adult policy making. And again, the false claim that net neutrality harmed "innovation, investment and broadband deployment" takes center stage:

"While the Commission’s legal analysis alone suffices to support its return to an information service classification and repeal of the 2015 rules, the Commission also offered robust public policy support for its actions. It explained in detail how Title II classification and regulation hampered broadband innovation, investment, and deployment. The Commission accordingly adopted a light-touch approach that relies on transparency, market forces, and enforcement of existing antitrust and consumer protection laws to protect against harmful conduct. This approach, the Commission reasoned, would foster innovation and investment in keeping with the dynamic and evolving nature of the Internet."

Of course the press has noted time and time and time again how these claims of a net neutrality-induced investment apocalypse are absolutely false. Ajit Pai has similarly gone before Congress repeatedly and falsely made the claim anyway, with absolutely zero repercussions thus far. The FCC's claims that its rules embrace transparency are equally hollow, given the agency's replacement transparency provisions are entirely voluntary. And the idea that "market forces" can fix the broken and uncompetitive broadband industry should be laughable to anybody that's experienced Comcast customer service.

Whether the FCC and broadband industry can convince a judge that bogus claims of hampered investment was the honest catalyst of their handout to telecom monopolies sits at the heart of this entire looming legal battle. The FCC and broadband industry will come prepared for battle with an ocean of ISP-funded economist data breathlessly insisting that the broadband industry was devastated by some arguably modest (by international standards) consumer protections. Net neutrality activists, in contrast, will try to argue the FCC was being "arbitrary and capricious" in its aggressive repeal of the rules at industry behest.

One of the major reasons the telecom industry wanted Brett Kavanaugh on the Supreme Court is because this entire battle could rest on his shoulders. Kavanaugh supported the idiotic ISP argument that net neutrality rules somehow violate ISP First Amendment rights (we've dismantled this previously, noting your ISP is not making "editorial" decisions as a network operator). Given ISPs are trying to argue that state and federal oversight is a free speech issue, Kavanaugh's appointment could prove fatal in that regard if this fight makes it to the highest court in the land.

Meanwhile, there should also be some interesting sideshows during this looming legal battle, including discussions of why the FCC made up a DDOS attack, and ignored comment fraud and identity theft during the public comment process, both part of a pretty obvious effort on the FCC's part to downplay the massive, bipartisan public opposition to what the FCC was doing. This is a story about corruption, misinformation, and ignoring the public welfare to the benefit of widely despised telecom monopolies. The FCC, in contrast, desperately wants the courts to believe this was all just adult policy making as usual.
https://www.techdirt.com/articles/20...utrality.shtml





Chinese Police Get Power to Inspect Internet Service Providers

Authorities can enter premises of all companies and entities that provide internet services and look up and copy information relevant to cybersecurity
Nectar Gan

China has issued a new regulation setting out wide-ranging police powers to inspect internet service providers and users, as the government tightens its grip on the country’s heavily restricted cyberspace.

Under the new rule, effective from November 1, central and local public security authorities can enter the premises of all companies and entities that provide internet services and look up and copy information considered relevant to cybersecurity.

The regulation was issued by the Ministry of Public Security last month and released on its website on Sunday. It comes more than a year after a controversial cybersecurity law was introduced that has caused widespread concern among foreign companies operating in China.

Despite its broad scope, the legislation gives few details about implementation, making it all the more difficult for companies trying to avoid its repercussions.

Analysts said the new regulation sheds some light on how the law will be implemented.

“That’s obviously how Chinese laws go. First there is a big concept, then there is a sweeping law, and then implementing regulations will come in to flesh out the details,” said William Nee, a China expert with Amnesty International.

“What this regulation does is in one way … ensure that users aren’t going to become victims of hacking due to company negligence, but it’s also designed to more effectively implement China’s censorship directives and its surveillance state.”

Under the new regulation, police can enter the business sites, machine rooms and offices of internet service providers ranging from internet information providers and internet cafes to data centres.

Police can then require the managers to explain all items they inspect, to look up and copy all relevant information, and they can check how technical measures to safeguard network and information security are running.

Apart from on-site inspections, the police can now also conduct remote detection of any network security vulnerabilities in the companies, but they are required to give them advance notice and make sure it will not disrupt or damage the operations of their networks.

The regulation details what the police will be checking for, a list that includes: whether companies have kept a record of all user register information and their internet logs; if they have taken measures to prevent viruses and hacking; if they have taken precautionary measures against information that is banned from publication or transmission; and if they have provided technical support and assistance to the police in safeguarding national security, investigating terrorist activities or other crimes.

Police can also carry out special inspections during times of “major cybersecurity safeguard tasks”.

Wu Han, a partner at law firm King and Wood Mallesons in Beijing, said the regulation would add to concerns among foreign internet service businesses in China.

“For a business that has just entered a new country, knowing that the country’s police can carry out on-site inspections or remote surveillance on its cyber information – of course it is going to be concerned,” he said.

But Wu added there was not much new in the regulation. “The public security authorities have long conducted similar inspections on cybersecurity, and they have long had the authority to do so,” he said, citing a clause in the police law that says police have the duty to “supervise and manage security and protection work on computer information systems”.

He gave the example of China’s internet police commonly using remote detection to scan for security flaws during major international events.

This week, Nikkei Asian Review reported that the cybersecurity law had been a big challenge for Japanese companies since it came in. “There have been a number of cases where Japanese companies’ bases in Shanghai or Guangzhou have been raided by authorities,” Li Tianyi, vice-president of a Chinese unit of Internet Initiative Japan, told the newspaper.
How cybersecurity and data storage laws could pull the plug on Southeast Asia’s digital economy

Public security authorities are listed as one of the agencies responsible for safeguarding and supervising cybersecurity under the law. It also requires “network operators” to provide public security and state security authorities with technical support and assistance to protect national security, and for criminal investigations.

“But the cybersecurity law is ambiguous on whether such ‘support’ includes passing on user data to the authorities. So under the new regulation, there will be concerns regarding user data privacy,” Wu said. He added that although police can copy information related to cybersecurity during inspections, that does not mean they can take user data from a business site without a legitimate reason.

The regulation states that police officers and police internet security contractors cannot release any private or commercial data they collect to a third party.
https://www.scmp.com/news/china/poli...vice-providers





Apple Tells Congress it Found No Signs of Hacking Attack
Joseph Menn

Apple Inc’s (AAPL.O) top security officer told Congress on Sunday that it had found no sign of suspicious transmissions or other evidence that it had been penetrated in a sophisticated attack on its supply chain.

Apple Vice President for Information Security George Stathakopoulos wrote in a letter to the Senate and House commerce committees that the company had repeatedly investigated and found no evidence for the main points in a Bloomberg Businessweek article published on Thursday, including that chips inside servers sold to Apple by Super Micro Computer Inc (SMCI.PK) allowed for backdoor transmissions to China.

“Apple’s proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity. Nothing was ever found,” he wrote in the letter provided to Reuters.

Stathakopoulos repeated Apple’s statements to the press that it never found malicious chips or vulnerabilities purposely planted in any server or been contacted by the Federal Bureau of Investigation (FBI) about such concerns. He said he would be available to brief Congressional staff on the issue this week.

The letter follows statements on Friday by Britain’s National Cyber Security Centre and on Saturday by the U.S. Department of Homeland Security that those agencies have no reason to doubt denials from Apple and Amazon.com Inc (AMZN.O) that they had discovered backdoored chips.

Bloomberg said on Friday it stood by its story, which was based on 17 anonymous sources. Some allegations were based on fewer accounts or even a single unnamed source, Apple noted in its letter.

A Bloomberg spokeswoman did not immediately respond to questions sent on Sunday.

Reporting by Joseph Menn; Editing by Marguerita Choy
https://www.reuters.com/article/us-c...-idUSKCN1MH0YQ





U.S. Republican Senator Seeks Briefings on Reported China Hacking Attack

The top Republican on the Senate Commerce Committee has asked Apple Inc, Amazon.com Inc and Super Micro Computer Inc for staff briefings about a Bloomberg report that the Chinese government implanted malicious hardware into server motherboards provided by Super Micro.

Senator John Thune said in letters to the chief executives made public on Tuesday that he had sought staff briefings by Oct. 12 from the three companies.

“Allegations that the U.S. hardware supply chain has been purposely tampered with by a foreign power must be taken seriously,” Thune wrote.

The companies did not immediately comment on Tuesday on Thune’s letter. All have denied the report, published by Bloomberg Businessweek on Thursday.

Separately, Republican Senator Marco Rubio and Democratic Senator Richard Blumenthal wrote to Super Micro’s chief executive, Charles Liang, and asked him to provide by Oct. 17 information including when the company first became aware of the report and whether and how it investigated.

“If this news report is accurate, the potential infiltration of Chinese backdoors could provide a foothold for adversaries and competitors to engage in commercial espionage and launch destructive cyber attacks,” the senators said in their letter, which was seen by Reuters.

Apple’s top security officer, George Stathakopoulos, told Thune and other members of Congress in a letter on Sunday that the company had found no sign of suspicious transmissions or other evidence that it had been penetrated in a sophisticated attack on its supply chain.

Stathakopoulos said he would be available for briefings this week.

Reporting by David Shepardson and Patricia Zengerle; Editing by Bill Rigby and Darren Schuettler
https://www.reuters.com/article/us-c...-idUSKCN1MJ2O8





New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom

The discovery shows that China continues to sabotage critical technology components bound for America.
Jordan Robertson and Michael Riley

A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company.

The security expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery following the publication of an investigative report in Bloomberg Businessweek that detailed how China’s intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015.

Appleboum previously worked in the technology unit of the Israeli Army Intelligence Corps and is now co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. His firm specializes in hardware security and was hired to scan several large data centers belonging to the telecommunications company. Bloomberg is not identifying the company due to Appleboum’s nondisclosure agreement with the client. Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that's used to attach network cables to the computer, Appleboum said.

The executive said he has seen similar manipulations of different vendors' computer hardware made by contractors in China, not just products from Supermicro. “Supermicro is a victim -- so is everyone else,” he said. Appleboum said his concern is that there are countless points in the supply chain in China where manipulations can be introduced, and deducing them can in many cases be impossible. “That's the problem with the Chinese supply chain,” he said.

Supermicro, based in San Jose, California, gave this statement: “The security of our customers and the integrity of our products are core to our business and our company values. We take care to secure the integrity of our products throughout the manufacturing process, and supply chain security is an important topic of discussion for our industry. We still have no knowledge of any unauthorized components and have not been informed by any customer that such components have been found. We are dismayed that Bloomberg would give us only limited information, no documentation, and half a day to respond to these new allegations.”

Bloomberg News first contacted Supermicro for comment on this story on Monday at 9:23 a.m. Eastern time and gave the company 24 hours to respond.

Supermicro said after the earlier story that it “strongly refutes” reports that servers it sold to customers contained malicious microchips. China's embassy in Washington did not return a request for comment Monday. In response to the earlier Bloomberg Businessweek investigation, China’s Ministry of Foreign Affairs didn’t directly address questions about the manipulation of Supermicro servers but said supply chain security is “an issue of common concern, and China is also a victim.”

Supermicro shares plunged 41 percent last Thursday, the most since it became a public company in 2007, following the Bloomberg Businessweek revelations about the hacked servers. They fell as much as 27 percent on Tuesday after the latest story.

The more recent manipulation is different from the one described in the Bloomberg Businessweek report last week, but it shares key characteristics: They’re both designed to give attackers invisible access to data on a computer network in which the server is installed; and the alterations were found to have been made at the factory as the motherboard was being produced by a Supermicro subcontractor in China.

Based on his inspection of the device, Appleboum determined that the telecom company's server was modified at the factory where it was manufactured. He said that he was told by Western intelligence contacts that the device was made at a Supermicro subcontractor factory in Guangzhou, a port city in southeastern China. Guangzhou is 90 miles upstream from Shenzhen, dubbed the `Silicon Valley of Hardware,’ and home to giants such as Tencent Holdings Ltd. and Huawei Technologies Co. Ltd.

The tampered hardware was found in a facility that had large numbers of Supermicro servers, and the telecommunication company's technicians couldn’t answer what kind of data was pulsing through the infected one, said Appleboum, who accompanied them for a visual inspection of the machine. It's not clear if the telecommunications company contacted the FBI about the discovery. An FBI spokeswoman declined to comment on whether it was aware of the finding.

AT&T Inc. spokesman Fletcher Cook said, “These devices are not part of our network, and we are not affected.” A Verizon Communications Inc. spokesman said “we’re not affected.”

"Sprint does not have Supermicro equipment deployed in our network," said Lisa Belot, a Sprint spokeswoman. T-Mobile U.S. Inc. didn’t respond to requests for comment.

Sepio Systems’ board includes Chairman Tamir Pardo, former director of the Israeli Mossad, the national defense agency of Israel, and its advisory board includes Robert Bigman, former chief information security officer of the U.S. Central Intelligence Agency.

U.S. communications networks are an important target of foreign intelligence agencies, because data from millions of mobile phones, computers, and other devices pass through their systems. Hardware implants are key tools used to create covert openings into those networks, perform reconnaissance and hunt for corporate intellectual property or government secrets.

The manipulation of the Ethernet connector appeared to be similar to a method also used by the U.S. National Security Agency, details of which were leaked in 2013. In e-mails, Appleboum and his team refer to the implant as their “old friend,” because he said they had previously seen several variations in investigations of hardware made by other companies manufacturing in China.

In Bloomberg Businessweek’s report, one official said investigators found that the Chinese infiltration through Supermicro reached almost 30 companies, including Amazon.com Inc. and Apple Inc. Both Amazon and Apple also disputed the findings. The U.S. Department of Homeland Security said it has “no reason to doubt” the companies’ denials of Bloomberg Businessweek’s reporting.

People familiar with the federal investigation into the 2014-2015 attacks say that it is being led by the FBI's cyber and counterintelligence teams, and that DHS may not have been involved. Counterintelligence investigations are among the FBI's most closely held and few officials and agencies outside of those units are briefed on the existence of those investigations.

Appleboum said that he's consulted with intelligence agencies outside the U.S. that have told him they've been tracking the manipulation of Supermicro hardware, and the hardware of other companies, for some time.

In response to the Bloomberg Businessweek story, the Norwegian National Security Authority said last week that it had been "aware of an issue" connected to Supermicro products since June. It couldn’t confirm the details of Bloomberg's reporting, a statement from the authority said, but it has recently been in dialogue with partners over the issue.

Hardware manipulation is extremely difficult to detect, which is why intelligence agencies invest billions of dollars in such sabotage. The U.S. is known to have extensive programs to seed technology heading to foreign countries with spy implants, based on revelations from former CIA employee Edward Snowden. But China appears to be aggressively deploying its own versions, which take advantage of the grip the country has over global technology manufacturing.

Three security experts who have analyzed foreign hardware implants for the U.S. Department of Defense confirmed that the way Sepio's software detected the implant is sound. One of the few ways to identify suspicious hardware is by looking at the lowest levels of network traffic. Those include not only normal network transmissions, but also analog signals -- such as power consumption -- that can indicate the presence of a covert piece of hardware.

In the case of the telecommunications company, Sepio's technology detected that the tampered Supermicro server actually appeared on the network as two devices in one. The legitimate server was communicating one way, and the implant another, but all the traffic appeared to be coming from the same trusted server, which allowed it to pass through security filters.

Appleboum said one key sign of the implant is that the manipulated Ethernet connector has metal sides instead of the usual plastic ones. The metal is necessary to diffuse heat from the chip hidden inside, which acts like a mini computer. "The module looks really innocent, high quality and 'original' but it was added as part of a supply chain attack," he said.

The goal of hardware implants is to establish a covert staging area within sensitive networks, and that's what Appleboum and his team concluded in this case. They decided it represented a serious security breach, along with multiple rogue electronics also detected on the network, and alerted the client's security team in August, which then removed them for analysis. Once the implant was identified and the server removed, Sepio's team was not able to perform further analysis on the chip.

The threat from hardware implants “is very real,” said Sean Kanuck, who until 2016 was the top cyber official inside the Office of the Director of National Intelligence. He's now director of future conflict and cyber security for the International Institute for Strategic Studies in Washington. Hardware implants can give attackers power that software attacks don’t.

“Manufacturers that overlook this concern are ignoring a potentially serious problem,” Kanuck said. “Capable cyber actors -- like the Chinese intelligence and security services -- can access the IT supply chain at multiple points to create advanced and persistent subversions.”

One of the keys to any successful hardware attack is altering components that have an ample power supply to them, a daunting challenge the deeper into a motherboard you go. That's why peripherals such as keyboards and mice are also perennial favorites for intelligence agencies to target, Appleboum said.

In the wake of Bloomberg's reporting on the attack against Supermicro products, security experts say that teams around the world, from large banks and cloud computing providers to small research labs and startups, are analyzing their servers and other hardware for modifications, a stark change from normal practices. Their findings won't necessarily be made public, since hardware manipulation is typically designed to access government and corporate secrets, rather than consumer data.

National security experts say a key problem is that, in a cybersecurity industry approaching $100 billion in revenue annually, very little of that has been spent on inspecting hardware for tampering. That's allowed intelligence agencies around the world to work relatively unimpeded, with China holding a key advantage.

“For China, these efforts are all-encompassing,” said Tony Lawrence, CEO of VOR Technology, a Columbia, Maryland-based contractor to the intelligence community. “There is no way for us to identify the gravity or the size of these exploits -- we don't know until we find some. It could be all over the place -- it could be anything coming out of China. The unknown is what gets you and that's where we are now. We don't know the level of exploits within our own systems.”

— With assistance by Scott Moritz, and Gwen Ackerman
https://www.bloomberg.com/news/artic...in-u-s-telecom





In a First, a Chinese spy is Extradited to the U.S. after Stealing Technology Secrets, Justice Dept. Says
Ellen Nakashima

In a first, federal agents lured a Chinese government spy to Belgium, where authorities transferred him this week to the United States for prosecution on economic espionage charges, U.S. officials said Wednesday.

Yanjun Xu, a senior officer with China’s Ministry of State Security (MSS), is accused of seeking to steal trade secrets from leading aviation firms, top Justice Department officials said. His capture helps vindicate law enforcement officials who have faced criticism in recent years that indictments of foreign operatives are unlikely to result in the defendants setting foot in a courtroom.

Current and former officials said Xu’s extradition is apparently the first time a Chinese government spy has been brought to the United States to face charges.

The announcement comes as the Trump administration has significantly escalated its rhetoric against China amid a trade war and general worsening of relations between the world powers. Last week Vice President Pence accused Chinese security agencies of masterminding the “wholesale theft of American technology.”

Justice Department officials said the indictment is the latest example of China seeking to develop its economy at the expense of American firms and know-how. Though China has often used computer hacking to filch secrets, this case relied on traditional espionage techniques, including the attempted recruitment of corporate insiders.

“No one begrudges a nation that generates the most innovative ideas and from them develops the best technology,” Assistant Attorney General for National Security John Demers said. “But we cannot tolerate a nation stealing our firepower and the fruits of our brainpower. We will not tolerate a nation that reaps what it does not sow.”

Xu, also known as Qu Hui and Zhang Hui, was charged with conspiring and attempting to commit economic espionage and steal trade secrets from multiple U.S. aviation and aerospace companies. The indictment and complaint were unsealed Wednesday — the same day Xu appeared in federal court in Cincinnati.

“This case shows that federal law enforcement agencies cannot only detect and disrupt espionage, but can also catch its perpetrators,” said U.S. Attorney for the Southern District of Ohio Benjamin C. Glassman.

The MSS is a civilian spy agency responsible for counterintelligence, foreign intelligence and domestic political security. It was implicated in the hack of a U.S. Navy contractor developing undersea warfare capabilities, including secret plans to build a supersonic anti-ship missile for use on U.S. submarines by 2020.

Xu is a deputy division director with the Jiangsu Province Ministry of State Security, a provincial arm of the MSS.

“If not the first, this is an exceptionally rare achievement — that you’re able to catch an espionage operative and have them extradited to the United States,” said John Carlin, a former assistant attorney general for national security. “It significantly raises the stakes for China and is a part of the deterrence program that some people thought would never be possible.”

Beginning in December 2013 and continuing until his April 1 arrest in Belgium, Xu targeted experts working for aeronautics companies inside and outside the United States, including Cincinnati-based GE Aviation, officials said. GE Aviation has spent decades developing its unique jet engines and fan blades.

Xu recruited experts to travel to China, often under the guise of asking them to deliver a university presentation and passing himself off as an official with the Jiangsu Science and Technology Promotion Association.

Xu often exchanged information with individuals at Nanjing University of Aeronautics and Astronautics, one of the top engineering schools in China, which has significant influence over the country’s aerospace industry, according to court documents.

GE Aviation cooperated with the FBI early on in the investigation, which dates back more than a year, officials said. A spokesman for GE said Xu targeted a former employee, characterizing the impact as minimal “thanks to early detection.”

According to the indictment, in March 2017 a deputy director at the university, described as an unindicted co-conspirator, began emailing with an engineer at GE Aviation and asked him to come to China for an “exchange.” In May and June of 2017, the engineer went to China, met Xu, who claimed to be from the science and technology association. The engineer put five corporate documents on his personal laptop, which he brought to the presentation, according to WCPO, an ABC News affiliate in Cincinnati, citing an FBI affidavit for a search warrant in the case.

In February, Xu began discussing with the engineer the possibility of meeting in Europe during one of the engineer’s business trips, the indictment said. Xu asked the engineer to create a directory of files on his work computer and send a copy to him. Impressed, Xu in March asked the engineer if it was possible to “dump” the material from his laptop to a thumb drive when the two met in Belgium, the indictment said.

Belgian authorities cooperated with the investigation, U.S. officials said.

Xu’s case is linked to the arrest last month of Ji Chaoqun, 27, a Chinese citizen living in Chicago, according to individuals familiar with the matter. Ji was accused of passing information on eight Americans to Chinese intelligence officers for possible recruitment.

Ji targeted individuals in science and tech industries, seven of whom worked for or recently retired from U.S. defense contractors. All were naturalized U.S. citizens born in Taiwan or China.

Ji arrived in the United States in 2013 to study electrical engineering at the Illinois Institute of Technology in Chicago, and in 2016 enlisted in the U.S. Army Reserve under a special program to recruit foreigners whose skills are seen as vital to the national interest.
https://www.washingtonpost.com/world...570_story.html





French Police Officer Caught Selling Confidential Police Data On the Dark Web

Police officer also advertised a system to track the location of buyers' gang rivals or spouses based on the telephone numbers.
Catalin Cimpanu

A French police officer has been charged and arrested last week for selling confidential data on the dark web in exchange for Bitcoin.

The officer worked for Direction Générale de la Sécurité Intérieure (DGSI, translated to General Directorate for Internal Security), a French intelligence agency charged with counter-espionage, counter-terrorism, countering cybercrime and surveillance of potentially threatening groups, organizations, and social phenomena.

French authorities did not release the officer's name but said he operated using the pseudonym Haurus on a dark web market known as Black Hand.

The officer stands accused of selling confidential information such as sensitive documents that made their way into the hands of cyber-criminals, Le Parisien reported last week. Investigators believe the criminals to whom Haurus sold the confidential files used them to create forged documents.

French authorities also say the officer advertised a service to track the location of mobile devices based on a supplied phone number. He advertised the system as a way to track spouses or members of competing criminal gangs. Investigators believe Haurus was using the French police resources designed with the intention to track criminals for this service.

He also advertised a service that told buyers if they were tracked by French police and what information officers had on them.

Officials said they tracked down the real-life identity of Haurus after they seized and shut down the Black Hand portal on June 12, earlier this year. They were also able to track down some of the documents put up for sale on the market based on an individual-specific code that's added to official documents and tracks their history.

Haurus was charged on September 26 and arrested two days later in Nanterre, Hauts-de-Seine. He faces up to seven years in prison and a fine of up to a fine of €100,000 / $115,000.

All sorts of goods are available for sale on the dark web, such as hotel guest data, health records, government spyware, US military drone data, and backdoors into PCs and servers. This case stands out because it's usually hackers and cyber-criminals who sell this data and not police officers.
https://www.zdnet.com/article/french...-the-dark-web/





The S.E.C. Dusts Off a Never-Used Cyber Enforcement Tool

The S.E.C. issued a cease-and-desist order against Voya Financial last month for allowing hackers to access social security numbers, account balances and even details of client investment accounts.
Craig A. Newman

Five years ago, the Securities and Exchange Commission adopted a rule requiring investment firms to pay attention to identity theft. It never enforced it — until late last month.

In a cease-and-desist order against Voya Financial Advisors, the investment advisory unit of Voya Financial, the commission used the “Identity Theft Red Flags Rule” to censure the firm for allowing hackers to access social security numbers, account balances and even details of client investment accounts.

The S.E.C.’s action should set off alarm bells for every financial firm and board of directors under the agency’s watch. Most companies are probably not in compliance with the rule and, given the agency’s increased focus on cybersecurity, they should move quickly to address any issues.

The rule — originally part of the Dodd-Frank regulatory overhaul — calls for investment firms to maintain an up-to-date program for preventing identity theft, which should provide “red flags” or other warning signs when hackers might be trying to steal customer information. The rule also requires that a firm’s board of directors or senior leadership team administer the program.

The S.E.C.’s charges in the Voya case were so egregious that it might explain why the agency finally dusted off the rule. In fact, Voya’s violation was deemed “willful” by the commission.

For six days in 2016, cybercriminals called the firm’s helpline and impersonated Voya’s independent investment representatives — the staff members who make up the largest segment of the firm’s work force. Even though Voya’s system flagged some of the telephone numbers used by the hackers as potentially fraudulent, the callers were able to convince Voya’s helpline staff to reset their passwords and provide new ones over the phone, according to the S.E.C.

The intruders used the new passwords to gain access to the personal information of 5,600 customers and create new online customer profiles.

The hackers were able to change customer phone numbers and addresses so account statements and confirmations would be rerouted without triggering a fraud alert. In several instances, hackers used “@yopmail.com,” a disposable email service that lets users create temporary email address, to review incoming emails and then destroy everything, without automated verification messages being sent to the real customer.

Surprisingly, Voya had an identity theft program in place for nearly a decade before the incident, but the program languished. It was never updated and fell far below the requirements of the regulation. It was not approved by the firm’s board of directors or senior leaders, as is required, and was ignored by Voya’s security team.

In the settlement — in which Voya did not admit or deny the charges — the S.E.C. ordered the company to clean up a long list of data security issues. The agency for the first time also mandated a consultant to monitor the company’s compliance with the red flags rule.

It’s likely that few companies and even fewer boards are aware of the rule. Many are familiar with the S.E.C.’s general data safe security regulation and its guidance to public companies about disclosing cybersecurity risks and data breaches. But the red flags rule — for all its timeliness and importance — has been ignored.

Over the past few years, the S.E.C. has made cybersecurity a priority. Earlier this year, it updated its guidance to public companies, telling them to reduce cybersecurity risk factors and improve data breach disclosures. And in April, the S.E.C. pursued its first-ever cybersecurity enforcement action against Yahoo after the company failed to disclose for more than two years that hackers had made off with the personal information of more than 500 million users. Altaba, the company that has since purchased Yahoo, was fined $35 million for the tardy disclosure.

It shouldn’t be surprising, then, that the S.E.C. is toughening its stance on data security issues. Although the S.E.C. only hit Voya with a symbolic $1 million fine, it’s doubtful that the agency will be as forgiving in the future. The penalty could be a mere starting point, with future fines quickly escalating.

The choice for investment firms and their boards is clear: Shore up identity theft programs or risk increasingly serious consequences.
https://www.nytimes.com/2018/10/08/b...sec-cyber.html





Apple Fires Back at Australian Encryption Bill

It calls the legislation 'dangerously ambiguous.’
Kristen Bobst

In a seven-page letter to the Australian government, Apple criticized the country's proposed Access and Assistance Bill 2018. Apple claims, among other complaints, that the legislation raises cybersecurity concerns and give the state power to abuse users' privacy.

Apple stated, "We encourage the government to stand by their stated intention not to weaken encryption or compel providers to build systemic weaknesses into their products." Apple explained its grievances with the bill over six bullet points:

• Overly broad powers that could weaken cybersecurity and encryption
• A lack of appropriate independent judicial oversight
• Technical requirements based only on the government's subjective view of reasonableness and practicability
• Unprecedented interception requirements
• Unnecessarily stifling secrecy mandates
• Extraterritoriality and global impact

Apple's railing against backdoors (which grant law enforcement access to devices) is not a new development, but their continued battle against backdoors is worth noting. In 2016, Apple fought back when the FBI attempted to compel Apple to unlock the San Bernardino shooter's iPhone. Along with privacy concerns, Apple argues the flipside of such backdoor access is potentially handing hackers keys to the castle. Apple said, "There is profound risk of making criminals' jobs easier, not harder. Increasingly stronger — not weaker — encryption is the best way to protect against these threats."

Apple, however, did commend the Australian government for their willingness to work with the company and others, while warning that the bill is still unfit saying, "We appreciate the government's outreach to Apple and other companies during the drafting of this bill. While we are pleased that some of the suggestions incorporated improve the legislation, the unfortunate fact is that the draft legislation remains dangerously ambiguous with respect to encryption and security."

The Australian parliament is accepting submissions to the bill's review until October 12th. TechCrunch uploaded Apple's full statement, which you can read here.
https://www.engadget.com/2018/10/12/...an-encryption/





Pro-Privacy Search Engine DuckDuckGo Hits 30M Daily Searches, Up 50% in a Year
Natasha Lomas

Some nice momentum for privacy-focused search engine DuckDuckGo which has just announced it’s hit 30 million daily searches a year after reaching 20M — a year-on-year increase of 50%.

Hitting the first 10M daily searches took the search engine a full seven years, and then it was another two to get to 20M. So as growth curves go it must have required patience and a little faith in the run up.

A strength of conviction that’s paying off now, though, as usage continues to take off…

DuckDuckGo fun fact: it took us seven years to reach 10 million private searches in one day, then another two years to hit 20 million, and now less than a year later we're at 30 million! Thank you all 😃 #ComeToTheDuckSidehttps://t.co/qlSaz4j9ZH

— DuckDuckGo (@DuckDuckGo) October 11, 2018


Albeit 30M daily searches is still a drop in the ocean vs the at least 3BN+ daily searches that Google handles daily (at least because that metric dates back to 2015).

“We’ve been growing by approximately 50% a year pretty consistently so at a macro level it isn’t too surprising, just the numbers are getting bigger!” founder Gabriel Weinberg tells TechCrunch. “That said it has been even increased on top of that this year, especially in the past two months.

“We are growing everywhere though it is a bit more in the US in the past few months,” he adds.

DDG’s search engine offers a pro-privacy alternative to Google search that does not track and profile users in order to target them with ads.

Instead it displays ads based on the keyword being searched for at the point of each search — dispensing with the need to follow people around the web, harvesting data on everything they do to feed a sophisticated adtech business, as Google does.

DDG says it has been profitable using its non-tracking business model since 2014, also making money from affiliate revenue.

It does not break out active user metrics but earlier this year cited third party estimates which peg its user-base at around 25M.

This year it expanded from its core search product to launch a tracker blocker to address wider privacy concerns consumers have by helping web users keep more of their online activity away from companies trying to spy on them for profit.

It also recently emerged that DDG had quietly picked up $10M in VC funding, which is only its second tranche of external investment.

The company told us this financing would be used to respond to an expanding opportunity for pro-privacy business models, including by tuning its search engine for more local markets and expanding its marketing channels to “have more of a global focus”.

Privacy regulations such as Europe’s General Data Protection Act are likely also helping to put wind in DDG’s sails.

While, in the US, lawmakers are also eyeing drafting federal privacy regulations — which could result in new domestic controls on how companies are able to process people’s information.

Not tracking people in the first place positions DDG’s business to be able to keep on flying regardless of tighter rules incoming.
https://techcrunch.com/2018/10/11/pr...-50-in-a-year/





A Future Where Everything Becomes a Computer Is as Creepy as You Feared
Farhad Manjoo

More than 40 years ago, Bill Gates and Paul Allen founded Microsoft with a vision for putting a personal computer on every desk.

No one really believed them, so few tried to stop them. Then before anyone realized it, the deed was done: Just about everyone had a Windows machine, and governments were left scrambling to figure out how to put Microsoft’s monopoly back in the bottle.

This sort of thing happens again and again in the tech industry. Audacious founders set their sights on something hilariously out of reach — Mark Zuckerberg wants to connect everyone — and the very unlikeliness of their plans insulates them from scrutiny. By the time the rest of us catch up to their effects on society, it’s often too late to do much about them.

It is happening again now. In recent years, the tech industry’s largest powers set their sights on a new target for digital conquest. They promised wild conveniences and unimaginable benefits to our health and happiness. There’s just one catch, which often goes unstated: If their novelties take off without any intervention or supervision from the government, we could be inviting a nightmarish set of security and privacy vulnerabilities into the world. And guess what. No one is really doing much to stop it.

The industry’s new goal? Not a computer on every desk nor a connection between every person, but something grander: a computer inside everything, connecting everyone.

Cars, door locks, contact lenses, clothes, toasters, refrigerators, industrial robots, fish tanks, sex toys, light bulbs, toothbrushes, motorcycle helmets — these and other everyday objects are all on the menu for getting “smart.” Hundreds of small start-ups are taking part in this trend — known by the marketing catchphrase “the internet of things” — but like everything else in tech, the movement is led by giants, among them Amazon, Apple and Samsung.

For instance, Amazon last month showed off a microwave powered by Alexa, its voice assistant. Amazon will sell the microwave for $60, but it is also selling the chip that gives the device its smarts to other manufacturers, making Alexa connectivity a just-add-water proposition for a wide variety of home appliances, like fans and toasters and coffee makers. And this week, both Facebook and Google unveiled their own home “hub” devices that let you watch videos and perform other digital tricks by voice.

You might dismiss many of these innovations as pretty goofy and doomed to failure. But everything big in tech starts out looking silly, and statistics show the internet of things is growing quickly. It is wiser, then, to imagine the worst — that the digitization of just about everything is not just possible but likely, and that now is the time to be freaking out about the dangers.

“I’m not pessimistic generally, but it’s really hard not to be,” said Bruce Schneier, a security consultant who explores the threats posed by the internet of things in a new book, “Click Here to Kill Everybody.”

Mr. Schneier argues that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally. Putting a computer in everything turns the whole world into a computer security threat — and the hacks and bugs uncovered in just the last few weeks at Facebook and Google illustrate how difficult digital security is even for the biggest tech companies. In a roboticized world, hacks would not just affect your data but could endanger your property, your life and even national security.

Mr. Schneier says only government intervention can save us from such emerging calamities. He calls for reimagining the regulatory regime surrounding digital security in the same way the federal government altered its national security apparatus after the Sept. 11, 2001, attacks. Among other ideas, he outlines the need for a new federal agency, the National Cyber Office, which he imagines researching, advising and coordinating a response to threats posed by an everything-internet.

“I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government,” he wrote. But he conceded that government intervention seems unlikely at best. “In our government-can’t-do-anything-ever society, I don’t see any reining in of the corporate trends,” he said.

Those trends are now obvious. It used to be difficult to add internet connectivity to home devices, but in the last few years the cost and complexity of doing so have plummeted. Today, off-the-shelf minicomputers like the Arduino can be used to turn just about any household object “smart.” Systems like the one Amazon is offering promise to accelerate the development of internet-of-things devices even further.

At a press event last month, an Amazon engineer showed how easily a maker of household fans could create a “smart” fan using Amazon’s chip, known as the Alexa Connect Kit. The kit, which Amazon is testing with some manufacturers, would simply be plugged into the fan’s control unit during assembly. The manufacturer also has to write a few lines of code — in the example of the fan, the Amazon engineer needed just a half-page of code.

And that’s it. The fan’s digital bits (including security and cloud storage) are all handled by Amazon. If you buy it from Amazon, the fan will automatically connect with your home network and start obeying commands issued to your Alexa. Just plug it in.

This system illustrates Mr. Schneier’s larger argument, which is that the cost of adding computers to objects will get so small that it will make sense for manufacturers to connect every type of device to the internet.

Sometimes, smarts will lead to conveniences — you can yell at your microwave to reheat your lunch from across the room. Sometimes it will lead to revenue opportunities — Amazon’s microwave will reorder popcorn for you when you’re running low. Sometimes smarts are used for surveillance and marketing, like the crop of smart TVs that track what you watch for serving up ads.

Even if the benefits are tiny, they create a certain market logic; at some point not long from now, devices that don’t connect to the internet will be rarer than ones that do.

The trouble, though, is that business models for these device don’t often allow for the kind of continuing security maintenance that we are used to with more traditional computing devices. Apple has an incentive to keep writing security updates to keep your iPhone secure; it does so because iPhones sell for a lot of money, and Apple’s brand depends on keeping you safe from digital terrors.

But manufacturers of low-margin home appliances have little such expertise, and less incentive. That’s why the internet of things has so far been synonymous with terrible security — why the F.B.I. had to warn parents last year about the dangers of “smart toys,” and why Dan Coats, the director of national intelligence, has identified smart devices as a growing threat to national security.

An Amazon representative told me that the company was building security into the core of its smart technologies. The Connect Kit, the company said, lets Amazon maintain the digital security of a smart device — and Amazon is likely to be better at security than many manufacturers of household appliances. As part of its cloud business, the company also offers a service for companies to audit the security of their internet-of-things services.

The Internet of Things Consortium, an industry group that represents dozens of companies, did not respond to an inquiry.

Mr. Schneier is painting government intervention not as a panacea but as a speed bump, a way for us humans to catch up to the technological advances. Regulation and government oversight slow down innovation — that’s one reason techies don’t like it. But when uncertain global dangers are involved, taking a minute isn’t a terrible idea.

Connecting everything could bring vast benefits to society. But the menace could be just as vast. Why not go slowly into the uncertain future?
https://www.nytimes.com/2018/10/10/t...of-things.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

October 6th, September 29th, September 22nd, September 15th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 07:39 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)