P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 29-05-13, 07:17 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - June 1st, '13

Since 2002


































"We expect to make money from Google Fiber. This is a great business to be in." – Milo Medin


"This could mean the beginning of the end for traditional telephone and cable companies and the beginning of Google becoming more powerful than old RCA and old AT&T combined." – Rob Enderle






































June 1st, 2013




US Entertainment Industry to Congress: Make It Legal For Us to Deploy Rootkits, Spyware, Ransomware and Trojans to Attack Pirates!
Cory Doctorow

The hilariously named "Commission on the Theft of American Intellectual Property" has finally released its report, an 84-page tome that's pretty bonkers. But amidst all that crazy, there's a bit that stands out as particularly insane: a proposal to legalize the use of malware in order to punish people believed to be copying illegally. The report proposes that software would be loaded on computers that would somehow figure out if you were a pirate, and if you were, it would lock your computer up and take all your files hostage until you call the police and confess your crime. This is the mechanism that crooks use when they deploy ransomware.

It's just more evidence that copyright enforcers' network strategies are indistinguishable from those used by dictators and criminals. In 2011, the MPAA told Congress that they wanted SOPA and knew it would work because it was the same tactic used by governments in "China, Iran, the UAE, Armenia, Ethiopia, Saudi Arabia, Yemen, Bahrain, Burma, Syria, Turkmenistan, Uzbekistan, and Vietnam." Now they've demanded that Congress legalize an extortion tool invented by organized criminals.

Additionally, software can be written that will allow only authorized users to open files containing valuable information. If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized user’s computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account. Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved.

It gets better:

While not currently permitted under U.S. law, there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilize a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorized network. Additional measures go further, including photographing the hacker using his own system’s camera, implanting malware in the hacker’s network, or even physically disabling or destroying the hacker’s own computer or network.
http://boingboing.net/2013/05/26/us-...stry-to-c.html





Torrent File-Sharing Services Threaten Content Industry
Bae Ji-sook

Just when the Wild Wild West of online world seemed to have been somewhat tamed with the regulation of Webhard and peer-to-peer services, yet another type of file-sharing service has emerged as a major headache for the content industry.

Armed with anonymity and state-of-the-art technologies, the mushrooming torrent file-sharing service is dealing a huge blow to the local content industry, the Ministry of Culture, Sports and Tourism said Thursday.

According to a team of special investigators within the ministry who investigated 10 torrent file search sites for five months this year, about 3.78 million people were signed up at the 10 sites, where more than 2.3 million illegally shared files were uploaded resulting in 715 million downloads during the period. This cost the cultural content industry an estimated 866 billion won (S$967.3 million) in losses, the ministry said.

The authorities will seek to press charges against 12 operators of the websites and 41 people who uploaded more than 1,000 "seed files" on the websites involved. The violators may face up to five years in prison or fines of up to 150 million won.

Through the illegal downloads, the websites raised online ad revenue on the basis of their heavy traffic while heavy uploaders were often rewarded with cash from the website operators for attracting traffic to their sites, the investigators said.

"More people are using torrent programs with their mobile phones, which increased the number of illegal downloads. We will keep our eyes on copyright infringement through not only torrents, but social media services and other tools," said Kim Ki-hong, a ministry official.

Torrenting allows users to download a file from multiple users simultaneously and thus more rapidly, replacing the traditional peer-to-peer programs that linked users one-on-one for file sharing.

For instance, to share a movie file using a traditional P2P service such as eDonkey or Soribada, a single user shared the file with another user, which could take up to hours for the receiver to download. However, the torrent allows a user to take bits of the file from multiple file holders at the same time, which shortens the download time to less than three minutes for a film. The downloaded file could also be shared with another seeker without additional measures, which eventually makes all torrent programme users a downloader and at the same time, an uploader.

Instead of directly linking an uploader and a downloader, torrent search sites provide seed files, created by an uploader, that contains core information on the location and availability of the desired file. By downloading the intermediary seed file, one can execute the download from an uploader's computer with a tracker programme.

The creative content industry has been fuming over the issue for quite some time. The Film Federation Against Piracy earlier this month investigated 62 torrent file search sites with servers in Korea and found 3.8 million cases of illegal content distribution. These are estimated to have caused more than 84 billion won in damage to the film, TV programme, music, game, computer software and publishing industries.

"Since online files can be distributed internationally, the loss for exports could be tremendous. Moreover, it is a great discouragement to people in the industry, knowing that they will not be rewarded properly for their hard work," said Kim Eui-soo, an official at the federation.

Despite the illegal nature of the torrent activities, officials see no feasible solution that could "legalise" the service by making people pay for the downloads.

The government had previously cut down illegal downloads by requiring P2P operators and data storage service Webhard to register with the Korea Communications Commission, and filing reports on their business activities on a regular basis. The operators also joined hands with the copyright holders and charged the downloaders a fee.

While torrent site operators are held liable for "assisting" in illegal downloads in the UK and the US, downloading a content file for personal use is often overlooked by the authorities in Korea. Moreover, torrent operators typically shut down their service one day and open another one the next day, making it virtually impossible to keep track of them.

"Since files are downloaded bit by bit from different uploaders, it will be difficult for the government or copyright holders to charge a specific person," admitted Bang Hyo-geun, a Korea Copyright Commission official.

"The purpose of the investigation was not to penalise individuals but to raise awareness that anyone using torrent could be a copyright violator," he added.

Kim of the film federation had a different idea. "We could insert a specific code within the file and halt the data sharing once the code is detected," he said. "Or we could take the YouTube case, where people can insert advertisements at the beginning of the programme, guaranteeing profits to the content developers. Both are not easy but we could try," he added.
http://www.asiaone.com/News/Latest%2...31-426406.html





NBC Universal and Warner Bros. Have Asked Google to De-List Mega From Its Search Results
Nick Summers

Warner Bros. and NBC Universal have contacted Google to request that Mega, the file storage and sharing service founded by Kim Dotcom, be removed from all of its search results.

Torrent Freak points to a takedown request filed by NBC Universal on April 24, which claims copyright infringement over the film Mama, directed by Andrés Muschietti.

Warner Bros. filed a similar request on April 15 over the film Gangster Squad. While Mega is listed in the URL list for both Digital Millennium Copyright Act (DCMA) notices, it isn’t featured exclusively. Other prominent file-sharing services, such as Mediafire and Freakshare, are also listed among the thousands of accused infringing links.

Notably, both parties have also asked Google to de-list Mega’s homepage from its search index. As Torrent Freak reports, the basis for this request is a little odd given that the Mega.co.nz landing page itself doesn’t include any file links.

Kim Dotcom, who also founded the file sharing service Megaupload, has hit back at the action reportedly taken by Warner Bros. and NBC Universal. “The Warner Bros. and NBC Universal requests to Google are censoring our entire homepage,” he said. “This is in line with the unreasonable content industry behavior we have experienced for years.”

Dotcom pointed to the takedown of the Megaupload song, requested by Universal Music and the shutdown of the Megaupload site as “the ultimate takedown by the content industry.”

“The constant abuse of takedown rules and the ignorance of DMCA obligations by the content industry are based on the confidence that the current U.S. administration is protecting this kind of behavior,” he added. “The political contract prosecution of Megaupload is the best example.”

Earlier this month two of Dotcom’s lawyers, Robert Amsterdam and Ira P. Rothken, published a white paper defending the Internet entrepreneur against a criminal prosecution issued by the US government.

The document later called on the on the U.S. House Committee on Oversight and Government Reform, as well as the Office of Professional Responsibility of the U.S. Department of Justice, to open an investigation into how the Megaupload prosecution was handled by the U.S. Department of Justice.
http://thenextweb.com/insider/2013/0...earch-results/





Megaupload Founder Wins Access to Evidence Seized in Raid

A New Zealand court granted Megaupload founder Kim Dotcom access on Friday to all evidence seized by police in a 2012 raid, bolstering the Internet entrepreneur's fight against extradition to the United States to face online piracy charges.

Repeating its decision that warrants used in the raid on Dotcom's home were illegal, the High Court ruled that police must provide copies of evidence considered relevant to the U.S. investigation. These include materials forwarded to the Federal Bureau of Investigation.

Any evidence seized in the raid, including computers, hard drives, files, and other materials deemed irrelevant must be returned to the founder of the shuttered file-sharing site.

"The police are to review digital data storage devices and return any to the plaintiffs that contain no relevant material," Justice Helen Winkelmann said in a statement. Police, she said, may retain other storage devices but had to "provide a clone of those devices to the plaintiffs".

Acting on a request from U.S. authorities, New Zealand police arrested Dotcom and three colleagues.

Dotcom's lawyers have argued that lack of access to the seized evidence put them at a disadvantage in defending the German national and his colleagues against extradition.

The United States has launched a criminal investigation into Megaupload, arguing that it facilitated online piracy, and participated in racketeering and money laundering.

Dotcom, who has New Zealand residency, says the site was merely a storage facility for online files and should not be held accountable if stored content was obtained illegally.

An extradition hearing is scheduled for August, but may be delayed due to separate cases linked to another court ruling that unlawful warrants were used in the police raid.

The copyright case could set a precedent for Internet liability laws and, depending on its outcome, may force entertainment companies to rethink their distribution methods.

The U.S. Justice Department says Megaupload cost copyright holders such as movie studios and record companies more than $500 million and generated more than $175 million in criminal proceeds. It described the case as being among the largest ever involving criminal copyright.

Dotcom launched a new file-sharing service, Mega, in January.

(Reporting by Naomi Tajitsu; Editing by Ron Popeski)
http://www.reuters.com/article/2013/...94U07P20130531





BitTorrent Sync Is A Dropbox Killer, Or Maybe Much More Than That
Haydn Shaughnessy

A colleague recently passed on a link to BitTorrent Sync with a note saying he planned on canceling his Dropbox account. Sync is a file storage service, one for very large files. And if you have it, you too might be reconsidering your online file storage strategy.

On the face of it, BitTorrent is cooking up a strong challenger to all those cloud-based, consumer-centric storage solutions that are now taking over the enterprise. Box.Net, Huddle, be on your guard.

But what is BitTorrent really all about? If you’re not a developer or into movie transfers you might not know. So here is a quick run down on BitTorrent and Sync.

BitTorrent is probably best known for moving films around the Internet, though Brett Nishi, Director of Product Management, also points out that the BitTorrent protocol is used by scientists on the Human Genome Project and by those on the Large Hadron Collider, to push data around.

Based in San Francisco, BitTorrent employs only 120 people, which is small when you consider that the user-base accounts for between 20 – 40% of all Internet traffic on a daily basis.

They now have 170 million monthly active users and 40 million daily active users. It makes you wonder why more of us are not talking about them.

The probable answer to that is that BitTorrent is primarily an engineering company, addressing fundamental problems of the Internet. But it is coming out of that shell, specifically with Sync. It is also offering help to build developer skills in distributed storage applications.

Synch is a file storage service built on a distributed architecture. It will do many of the things Dropbox does for you, but for free – it is currently in Alpha. This is how Nishi describes it.

It offers unlimited, secure and fast syncing. There are no file size limits and the speed of transfer is only limited by your Internet connection. With Sync, there is no need to route through the cloud which can slow things down. And because there is no cloud-based server involved, your files are also kept private and stored only on devices you choose.

Sync proved to be very popular in its opening two weeks of the open Alpha over 1 petabyte of data was synced by users. “On a daily basis we have seen that translate to roughly 70 terabytes a day,” says Nishi. So does it present a threat to existing, high growth file storage companies?

We may be in the same space for some users, but BitTorrent Sync is really a very different product that is built in a very different way. We are using the power of distributed architectures to enable faster, more efficient data transfer, and have heard from a lot of users that they want better control over how their valuable data is managed. Speed, size, privacy and control are fundamental to the design and delivery of BitTorrent Sync. We think there is a market for a product that delivers on these values.

Anyone out there with media properties, or who are developing services around media production and distribution, for example in content discovery, the company also has an accelerator program to help developers take advantage of peer to peer technology. See more at the BitTorrent Acceleration program. The program opens up BitTorrent’s innovation lab to new media start-ups.

Maybe Sync is not an out-and-out DropBox killer, but it does look likely to broaden the scope of what we understand by file storage and change what customers expect from file storage services. All that in an area of growing interest for any enterprise, as well as end consumers.
http://www.forbes.com/sites/haydnsha...ore-than-that/





Even New York Times Is Oblivious To Fact That Sharing 'HBO Go' Passwords To Watch 'Game Of Thrones' Breaks Law
Kashmir Hill

This weekend, New York Times tech journalist Jenna Wortham made a confession that could be used to send her to prison for a year or more. What was the startling criminal admission? She uses someone else’s password to sign into the cable-subscriber-only HBO Go app to watch ‘Game of Thrones.’

In the piece headlined, “No TV? No Subscription? No Problem,” Wortham wrote:

[Some friends and I] all had the same plan: to watch the season premiere of “Game of Thrones.” But only one person in our group had a cable television subscription to HBO, where it is shown. The rest of us had a crafty workaround.

She says “crafty.” A federal prosecutor might substitute “illegal” there.

We were each going to use HBO Go, the network’s video Web site, to stream the show online — but not our own accounts. Our behavior — sharing password information to HBO Go, Netflix, Hulu and other streaming sites and services — appears increasingly prevalent among Web-savvy people who don’t own televisions or subscribe to cable.

While Wortham was aware that the companies she contacted for comment about this might not be happy about her accessing their services for free, she seems wholly unaware that the activity was potentially illegal. Just like the many BitTorrenters who have made Game of Thrones the most pirated show on the Internet, Wortham is getting her content in a way that could put her on the wrong side of the law.

After the New York Times got a flood of complaints about Wortham committing piracy by jumping over entertainment providers’ pay walls, New York Times public editor Margaret Sullivan addressed the issue in a column. Strangely Sullivan only addressed the ethics of password-sharing not the legality of the practice, concluding by saying that Wortham might write another column “exploring the ethical issues” and might now instead watch ‘Game of Thrones’ at a bar.

It was left then to Mike Masnick at TechDirt to point out that Wortham had admitted to violating federal laws, including the Computer Fraud and Abuse Act (or CFAA) which has been the target of heated debate given its use in the controversial prosecutions of AT&T iPad hacker Andrew “weev” Auernheimer and public document hacker Aaron Swartz. The CFAA makes it a crime “to obtain without authorization information from a protected computer.” It’s a misdemeanor with a maximum one-year prison sentence. What Wortham describes is unauthorized access, in that it violates the companies’ terms of service.

“[i]f someone is violating Netflix or HBO Go’s TOS to stream they are guilty of a misdemeanor CFAA right off the bat,” says Hanni Fakhoury of the EFF. And if the worth of the stolen information or damage caused in its procurement reaches $5,000 (that’s a lot of HBO episodes!), it could be a felony with multiple potential years of prison time.

HBO Go’s TOS are strict; they say you must be a “subscriber with an account in good standing with an authorized distributor of HBO” to use the app. Netflix is far more lenient in its TOS recognizing that a “household” will share an account. Though it doesn’t define what a “household” means, it does say in all caps that its users can watch Netflix on six different devices, and stream shows on up to two of those devices at the same time.

“It would also probably be a violation of 18 USC 1028, which generally criminalizes identity theft,” says Fakhoury, pointing to the part of the statute that prohibits providing identification to others “that will be used to commit, or to aid or abet, unlawful activity.”

Masnick writes that the problem with the CFAA is that it “criminalize[s] things that most people don’t really think are bad or illegal. That is, they often criminalize someone (or at least make them open to huge civil awards) for the types of things plenty of people do everyday without thinking twice about it.”

Wortham’s confession has led others to come clean, including our own Dave Thier who calls password-swapping “legalish, simple, and very difficult for companies to police.” Actually, it might be better to call it “illegalish” given that, unless the CFAA is reformed, TOS violations are criminal behavior. And it shouldn’t actually be that hard for companies to police; they’re just ignoring the issue for now.

Wortham talked to a representative at HBO who said the network doesn’t see password sharing as a “pervasive problem at this time.” Wortham speculates that part of the reason they’re not policing this is “because they can’t,” with the HBO rep telling her that they “have little ability to track and curtail their customers who are sharing account information.” That seems less believable to me than that Robb Stark is going to survive this season of Game of Thrones.

“It’s extremely unlikely that providers wouldn’t be able to ascertain how many unique browsers/users/ip addresses are logged in via the same user account,” says security researcher Ashkan Soltani. “It’s possible that some of these implementations are not monitoring for these types of events but technically, the ability to do this is afforded by even the most simple of authentication system designs. I think it’s just a factor of how much of a priority it is for a company.”

It sounds like HBO Go is not going after the non-subscribers who are finding their way to subscription content for now. (Not that that necessarily matters in the eyes of the law. Even when JSTOR dropped its case against Aaron Swartz for hacking into its system to download academic papers, federal prosecutors continued to pursue him.) But it’s worth noting that password sharing isn’t a legal grey area, or simply unethical. As the law stands now, the many, many people who are sharing passwords to get their dragon and swords fix are actually committing a misdemeanor — and potentially, with some creative accounting, a felony. That’s even crazier than the justice meted out to Ned Stark.
http://www.forbes.com/sites/kashmirh...aking-the-law/





Vine, Hip-Hop and the Future of Video Sharing: Old Rap Songs and New Copyright Rules
Jeff John Roberts

Is there a reason Vine videos are exactly six seconds long? Yes, and it has a lot to do with high profile court cases that almost destroyed hip hop music.

What does video tool Vine have in common with iconic rappers like the Beastie Boys and the Notorious BIG? More than you think. Like hip-hop, Vine is way to sample and collect culture — and it may have to run the same legal gambit that rappers did a decade ago. If you haven’t tried it, Vine is a tool to make looping, six-second video clips and post them on social media or a website. The company, which is owned by Twitter, launched in January and its videos have already become a part of the Tribeca Film Festival, the U.S. Senate and major marketing campaigns.

A new video mash-up culture

Vine exists because of new smartphone technology but it also replicates older forms of mashup culture. In particular, it mirrors what pioneering hip-hop artists started to do in the 1980s — taking sounds from myriad sources and sharing them through records like Paul’s Boutique and Ready to Die. Those hiphop records are aural tapestries that today stand as monuments to a new form of music and community. In the 2000s, however, Vine screenshotcopyright collectors came along and sued the rappers — resulting in a drawn-out debate over where to draw a line between culture and intellectual property theft. Hip-hop largely prevailed but was damaged in the process. Now, a fight over a Vine video last month suggests history may repeat itself but this time, on the video front. The dispute involved the musician Prince using a law called the DMCA to force Vine to take down six-second concert clips posted by a fan. The fan didn’t oppose Prince’s takedown demand, meaning no one has ruled on whether a six-second clip actually infringes copyright. But if a court did look at the Vine case, the decision process would lead right through hip-hop.

Hip hop, copyright and six second samples

In the 1990s, hip-hop artists called the sounds they use “samples.” Copyright owners, however, called it theft instead and sued the musicians. The conflicts led to important court decisions about music, but whose principles apply equally to Vine. Notorious B.I.G.As the Disco Project explained in a thoughtful analysis of the Prince case, the most relevant precedents involve the Notorious B.I.G. and the Beastie Boys. Both were involved in famous cases involving short samples. In the case of the Notorious B.I.G., a Tennessee court shut down store sales and radio plays of the late rapper’s “Ready to Die” album, and a jury awarded $4 million in damages — all over a three note horn riff. An appeals court, which had earlier written “get a license or do not sample,” upheld the verdict in 2007. As law professor Tim Wu explained at the time, the case and others like it were especially absurd because the copyright owner was not even a musician but a one-man corporation who had obtained the music rights under shady circumstances. Fortunately, in the case of the Beastie Boys, a California appeals court took a more rational approach to the issue and ruled that a six second (the same length as a Vine video!) flute sample on the song “Pass the Mic” didn’t infringe on copyright. The Supreme Court, in 2005, refused to reconsider the decision. The upshot, however, is that today we still don’t know for sure how long a sample can be before it infringes copyright. Twitter declined to comment on whether it believes Vine videos are covered by copyright law’s “fair use” exception, but a source familiar with the company told me that the decision to make the videos six seconds long was not a coincidence.

Chilling our new visual culture

The trouble with Prince’s request to take down the Vine videos is not so much the disappearance of the videos themselves — but instead that Vine and other forms of visual expression could meet the same fate as early hip-hop. Pauls BoutiqueWhen the Beastie Boys released their sample-stuffed 1989 masterpiece, Paul’s Boutique, the law was still in a gray area and no one was suing hip-hop artists. That’s no longer the case. As copyright scholars have explained, the threat of lawsuits and the astronomic cost of clearing samples means, today, no one could make an album like Paul’s Boutique in the first place. And that’s the danger posed by Prince. Right now, we’re enjoying a rich new age of images — everything from Vine videos to BuzzFeed cat GIFs that are shared, recast and then shared again. If lawyers began to throw copyright grenades into this mix, these splendid strains of creativity could be quickly snuffed out. Does this mean that all Vine videos should be fair use? It’s hard to say. People are already using the platform to produce clever and original works of art — the sort of thing copyright law is meant to reward. Likewise, big companies who use Vine for marketing have a case for using intellectual property law to protect their brands. It seems inevitable that these issues will get resolved sooner than later. The biggest task for now, though, is to find a way to do so without resorting to the harsher tools of copyright law, including the $150,000 damage demands that are a common feature of cease and desist letters. Congress is right now reviewing the Copyright Act. The process presents a perfect way to protect and foster this emerging age of visual culture — rather than try to smother it like hip-hop. But let’s give the last word to the rappers (click on the Vine vid below) :
http://gigaom.com/2013/05/25/vine-hi...video-sharing/





Copyright Infringement Accusations Are Subject of New Wave of File-Sharing Lawsuits
Press release

Activity continues in Pennsylvania with sixteen new copyright lawsuits targeting individual internet users, comments copyright attorney Leonard J. French. The defendants are accused of copyright infringement by sharing files via Bittorrent.

File-sharing threats and lawsuits continue in the Eastern District of Pennsylvania as Plaintiff Malibu Media files sixteen new copyright suits between April and May targeting individual internet users, reports attorney Leonard J. French of Bethlehem. The defendants are accused of copyright infringement by allegedly illegally sharing its videos via the Bittorrent protocol.

"File sharing software that makes use of the Bittorrent protocol is susceptible to tracking, making its users a prime target for potential plaintiffs who could see lawsuits as a method of both enforcement and compensation," says Attorney French.

"Though the current copyright law seems to ultimately support these claims, many have deemed some plaintiffs 'copyright trolls', preferring that they would, instead, find alternative ways to increase revenue," notes French.

Attorney French has seen previous tactics from various copyright plaintiffs range from sending letters to making phone calls to filing copyright lawsuits. A potential plaintiff will typically hire an investigator to track file-sharing activity for its copyrighted content. Once the plaintiff and their attorney have enough evidence collected, they may send letters to users' internet service providers or may directly file suit against the users' IP addresses.

Defendants who receive communication from copyright plaintiffs are directed to find an attorney. Notes Attorney French, "These allegations are serious and should not be ignored. It can be very difficult to undo a default judgment because of a failure to respond."

And with the so-called Bellwether trial(2:12-cv-02078-MBB) about to be held in Philadelphia, it seems plaintiff activity will continue in Pennsylvania for now.

The sixteen new Malibu Media lawsuits are docketed in the United States District Court for the Eastern District of Pennsylvania under the following numbers: 2:13-cv-01761-JCJ, 2:13-cv-01762-PBT, 2:13-cv-01763-MAM, 2:13-cv-01764-JD, 2:13-cv-02765-MSG, 2:13-cv-02766-MSG, 2:13-cv-02767-WY, 2:13-cv-02768-PD, 2:13-cv-02769-RB, 2:13-cv-02770-CMR, 2:13-cv-02854-JP, 2:13-cv-02855-MMB, 2:13-cv-02856-JD, 2:13-cv-02857-SD, 2:13-cv-02863-PD, 2:13-cv-02864-HB.

Intellectual Property Attorney Leonard J. French represents clients in a range of copyright, trademark, business, and Internet-related matters. Mr. French serves clients in Pennsylvania: the Lehigh Valley (Allentown, Bethlehem, Easton), Philadelphia, Harrisburg, Scranton, Wilkes-Barre; as well as copyright clients nationally. His office is located in Bethlehem, PA and can be reached at 610-537-3537.
http://www.prweb.com/releases/2013/5/prweb10477247.htm





Copyright Amendment Will Bring Web Filter System to Taiwan
Oiwan Lam

The Taiwan Intellectual Property Office (IPO) [zh] has recently proposed [zh] to amend the Copyright Act and provide legal justification of IP and DNS blocking at the Internet Service Providers (ISPs) level through a black list system. The government claims that the amendment is to stop the illegal sharing of copyright movies and music.

Although IPO has stressed that the Internet service providers will only block overseas online platforms which are “specifically designed for copyright infringement activities” or websites which have “obviously violated copyrights”, such as Megaupload, the authorities will target online platforms that enhance peer-to-peer transmission including Bit Torrent, Foxy, and FTP sharing.

In fact, the Taiwanese government proposal is similar to the United State Bill, Stop Online Piracy Act (SOPA), which has been suspended last year because the civil society believes the legislation threaten online freedom of expression and information flow. Indeed, once the Taiwanese copyright amendment is implemented, the Island will have a Great Firewall mechanism that blocks and filters away “illegal websites” similar to the censorship system across the Strait in mainland China. Many Taiwanese find the proposal backward and contrary to the principle of open society. Blogger, I-Chen Tsai, explained [zh] in Q & A format how the amendment has violated citizen's rights:

問:你是不是想看盜版?
答:不,我從不看盜版院線片,每個月平均進電影院兩次。我想捍衛的是一種價值。
如果今天政府找個理由,不經由法律程序,就能立即封掉任何境外網站。那麼,安個「言論影響國家安全」,就能立刻封掉「想想論壇」 (hosted byAcquia);安個「影響我國傳統市場秩序」,就能封掉「好魚網」(hosted byAmazon);安個「錯誤引導年輕人就業觀念」,就能封掉「Mr. Jamie」(hosted by Media Temple)。
不管你做平台或電子商務,隨時暴露在歸零的危險裡,脖子上永遠架著經濟部的這把刀。你能接受嗎?
安個「侵權影片過多無法管理」,就能封掉 facebook (hosted by facebook);安個「常被使用於傳送非法軟體」,就能封掉 Dropbox (hosted by Dropbox)。你能接受嗎?
這不是「盜不盜版」的問題,這是「侵害人民權益」的問題。

Q: Do you want to see pirated movies?
A: No, I never watch pirated movies and I go to the cinema at least twice a month to see movie. I want to defend a principle.

If today the government finds a reason to get around legal procedure for blocking foreign websites, some other days, it can block Thinking Taiwan [a blog hosting platform] (hosted by Acquia) because it has threatened national security, or block fish.123 [an online shopping platform for fish lovers] (hosted by Amazon) because it has affected our conventional market order; or block Mr.Jamie [a platform for start-ups] (hosted by Media Temple) because it has misled our young people's attitude in their career development.

No matter if you are the operator a platform or commercial business, you will be exposed to the threat of being blocked to zero-visit. The knife of the IPO is up to your throat, can you accept that?

Can you accept the blocking of Facebook (hosted by Facebook) because there are too many infringed movies or the blocking of Dropbox (hosted by dropbox) because it is frequently used for the transmission of illegal software? This is not a copyright infringement issue, it is an issue on the violation of people's rights.


Ching Chiao, the CEO of DotAsia, an operator of top-level domain registry, believed [zh] that the amendment is a setback for democracy and offered an alternative solution:

但是, 封網站就是不對, 就是開民主倒車, 勞民傷財的豬頭政策. 有執行封網站政策的國家聯上的是Intranet, 而不是Internet. 封網站是現代國家邁入鎖國的第一步.

智財局若想以行政命令的方式, 用”管好ISP業者就能防堵侵權內容散佈”的思維, 無非是自亂陣腳, 落入了開民主倒車的困境中. […] 要求ISP以黑名單的方式封堵網站, 短期間可能有效, 長期下來必定會造成用戶體驗不佳, 或是用戶繞過ISP既定的路由模式, 自行訪問被封鎖的站點, 情況就如同大陸的網友進行所謂的”翻牆”來訪問Youtube, Facebook等政治敏感的網站.

智財局其實可以積極地對付侵權網站, 尤其是侵犯到我國著作權人經濟利益的網站. 網站的宿主可能是在台灣境內, 可能是境外. 網站使用的網域名稱可能是.tw, 可能是其他如 .com / .net的國際域名, 這些管理單位都有通報機制, 智財局建立起良好的通報和聯繫機制, 讓國內外業者來配合執法, 每年定期出國開會吸取新知新做法, 遠比替自己要到一個封網站落後國家的臭名來的強.

Blocking websites is wrong, it is a setback for democracy and a stupid policy that wastes people's money. Countries which have implemented ISP-level blocking are turning the Internet into Intranet, the first step for turning a modern country into a self-enclosed country.

If the intellectual property bureau wants to implement the policy with an administrative order under the rationale of “blocking copyright infringement by pressing the ISPs”, it will fall into a trap. […] To request ISPs to block websites according to a blacklist may have some effects in the short run. In the long run, the users will be dissatisfied with their online experience and use circumvention technology to get around ISPs to visit the blocked sites, like what has happened in mainland China, they “jump the Great Firewall” to visit politically sensitive websites such as YouTube and Facebook.

There are other measures that could be utilized by the bureau to fight copyright infringement, in particular if the infringement has harmed Taiwanese copyright holders. Every website has to register under a top level domain, the domains can be .tw (local) or .com / .net (international); all of the top level domain registry has a notice system to communicate with government authorities for law enforcement. The IPO should spend more time communicating with the international communities rather than pushing through a notorious policy for ISP level blocking.


CK Hung, a writer from a collective science blog, PanSci.tw pointed out [zh] that most of the copyright-related legislation in Taiwan are serving US-based copyright holders’ interests and the side product of the blacklist system is the favorite tool of a dictator for censorship:

臺灣的智財法律/檢警體系/教育系統所發生的智財保護政策或重大案件, 從來就是由美國的利益團體在主導的, 從來就不是在服務國內的著作權人。 還記得 Now.in 抄臺事件 嗎? 主導者是 國際著作權權利組織 IFPI。 傷害無辜的獨立創作者不說, 就連正在談權利金的 國內著作權權利組織 MUST 的利益都受到傷害。 請告訴我這個行動保護了國內哪一位創作者的權利?

Most of the policies or incidents related with IP protection in Taiwan has been dominated by US-related interest groups. You still remember the police shutting down music platform Now.in (an online radio and podcast platform) last year? IFPI is behind the incident. The collateral damage has harmed many independent writers and the Music Copyright Society of Chinese Taipei (MUST) [as Now.in has secured initial consensus with MUST for uploading their music online]. Please tell me who in Taiwan can benefit from such kind of incident?

「以 IP 位址或 DNS」 的方式封鎖侵權網站, 這個封鎖黑名單不能公開, 因為一公開就更加替這些網站廣告。 這個清單會一直改變, 因為被封鎖的網站會搬來搬去。 具有這種特性的黑箱作業封鎖清單, 正是獨裁政府最喜歡的言論管制工具。

The blacklist for blocking websites at the IP and DNS level cannot be disclosed or else the list would make them more popular. The list will keep updating as the blocked sites will keep changing their DNS. Authoritarian states love such kinds of blacklists which operate in a black box to help them censor the Internet.

Briian argued [zh] that the policy is against the emerging business model that is based on online sharing:

早就有研究指出盜版的存在對於正版的銷售有相當大的幫助,連台灣一堆唱片公司 […] 都搶著把自家歌手的 MV 搬上 YouTube 讓大家免費欣賞、免費收聽(以前都是網友私自分享的「侵權」行為啊)。而去年紅透全球的 PSY 江南大叔的騎馬舞也都是免費放上網路上讓大家看、讓大家聽,儘管在唱片的銷售方面可能無法 100% 賺到錢,實際上演唱會、商演與其他周邊的銷售,卻讓該公司賺到了以前的模式賺不到的更多的錢。更別說藉由分享的方式可能讓商品擴 及到以前接觸不到的族群或國家、地區。

There is research pointing out that the distribution of pirated copy can enhance the sale of original copy. Even music companies in Taiwan […] now upload their singers MV to YouTube for free consumption (in the past, such kind of sharing was defined as infringement). Last year, PSY's Gangnam Style horse dance became a global hit because of free distribution and consumption online. Although the music company can't take 100 percent of the profit from record sales, it makes a huge amount of profit from PSY's global performance contract and other side products. The free distribution has help the company to extend the market to those countries and regions that cannot be reached before.

Concerned citizens have created an event [zh] in Facebook to gather information and mobilize against the amendment.
http://globalvoicesonline.org/2013/0...tem-to-taiwan/





China Blamed after ASIO Blueprints Stolen in Major Cyber Attack on Canberra HQ

Classified blueprints of the new ASIO headquarters in Canberra have been stolen in a cyber hit believed to have been mounted by hackers in China.

The ABC's Four Corners program has discovered the plans were taken in an operation targeting a contractor involved with building the site.

The stolen blueprints included the building's security and communications systems, its floor plan, and its server locations.

Experts say the theft exposes the spy agency to being spied upon and may be a reason why construction costs have blown out enormously.

Four Corners said the attack came from a server in China, which appears to be the main suspect behind the operation.

Four Corners also found the departments of Defence, Prime Minister and Cabinet, and Foreign Affairs and Trade had all been breached in sustained hacking operations.

The Reserve Bank and the Bureau of Statistics both confirmed recently that they had been the targets of hacking attacks, which they said were unsuccessful.

Federal Attorney-General Mark Dreyfus has declined to say if the breach took place.

"There's a great deal of intelligence material, espionage-related material that we don't comment on," he said.

"The more that is disclosed about what's known about espionage activity in Australia or operational aspects in counter-intelligence, the more that our opponents, people who are engaging in espionage, will know about our capability and know about the methods that we have for detecting espionage or cyber threats."

The director of the Centre for Internet Safety, Alastair MacGibbon, says the Government should be more open about what has happened.

"There have been probably many breaches of Government agencies but we don't have a culture in this country of talking about it," he said.

Professor Des Ball from the Australian National University's Strategic and Defence Studies Centre has told the program the theft of the ASIO building's blueprints is particularly significant.

"Once you get those building plans you can start constructing your own wiring diagrams, where the linkages are through telephone connections, through wi-fi connections, which rooms are likely to be the ones that are used for sensitive conversations, how to surreptitiously put devices into the walls of those rooms," he said.
http://www.abc.net.au/news/2013-05-2...ration/4715960





U.S. and China Agree to Hold Regular Talks on Hacking
David E. Sanger and Mark Landler

The United States and China have agreed to hold regular, high-level talks on how to set standards of behavior for cybersecurity and commercial espionage, the first diplomatic effort to defuse the tensions over what the United States says is a daily barrage of computer break-ins and theft of corporate and government secrets.

The talks will begin in July. Next Friday, President Obama and President Xi Jinping of China, who took office this spring, are scheduled to hold an unusual, informal summit meeting in Rancho Mirage, Calif., that could set the tone for their relationship and help them confront chronic tensions like the nuclear threat from North Korea.

American officials say they do not expect the process to immediately yield a significant reduction in the daily intrusions from China. The head of the United States Cyber Command and director of the National Security Agency, Gen. Keith B. Alexander, has said the attacks have resulted in the “greatest transfer of wealth in history.” Hackers have stolen a variety of secrets, including negotiating strategies and schematics for next-generation fighter jets and gas pipeline control systems.

Nonetheless, a senior American official involved in the negotiations to hold regular meetings said in an interview on Friday that “we need to get some norms and rules.”

“It is a serious issue that cannot simply be swatted away with talking points,” said the official, who noted that the meetings would focus primarily on the theft of intellectual property from American companies. “Our concerns are not limited to that, but that’s what needs urgent attention,” he added.

The Chinese government has insisted it is a victim of cyberattacks, not a perpetrator, and Chinese officials have vigorously denied the extensive evidence gathered by the Pentagon and private security experts that a unit of the People’s Liberation Army, Unit 61398 outside Shanghai, is behind many of the most sophisticated attacks on the United States.

On Saturday, after Defense Secretary Chuck Hagel spoke of a “growing threat of cyberintrusions” at a conference in Singapore, in comments directed at China, a Chinese general gave a tart response saying she doubted the United States’ assurances that its growing military presence in Asia was not directed at China.

While cyberattacks will be a major subject of the talks in Rancho Mirage, at an estate that belonged to Walter Annenberg, the main effort will be to forge a rapport between Mr. Obama and Mr. Xi. American officials hope the estate, known as Sunnylands, which has played host to American presidents and foreign dignitaries dating to Richard M. Nixon, will put both men at ease.

American officials said they have been surprised by the pace at which Mr. Xi, a longtime party functionary who consolidated his grip on power in March, has installed new faces in the Chinese leadership and moved to take greater control over the military, something his predecessor, Hu Jintao, never mastered.

Another main issue at the meeting will be North Korea. American officials, emerging from talks with Mr. Xi and his team, believe that the new Chinese leader has less patience for North Korea and little of the sentimental attachment to its leaders that his predecessors had.

“What’s interesting here is the dog that isn’t barking,” the American official said. The Chinese, he noted, are not urging all sides to resume talks until the North Koreans agree that the objective is removing all nuclear weapons from the Korean Peninsula. “We’re not hearing the soothing mantra of restraint,” he said.

The Chinese have also taken public steps to confront North Korea, like ordering the Bank of China to stop dealing with North Korea’s largest foreign-exchange bank.

“They’re much more open to causing pain to North Korea,” said Jeffrey A. Bader, a top China adviser to Mr. Obama until 2011.

Still, during the latest round of the Korea crisis this spring, Kim Jong-un, the young and largely untested new North Korean leader, made it clear that he had no intention of ever giving up his small arsenal.

Cybersecurity issues loom large between the United States and China because they go to the heart of the economic relationship between the two countries, even more so now that previous sources of friction, like China’s foreign exchange policies, have eased in the last year.

Chinese academics and industrialists say that if China is to maintain its annual economic growth rate of 7 or 8 percent, it needs a steady inflow of new technology. That could make the Chinese reluctant to cut back on the systematic theft of intellectual property.

In return, the Chinese will press the Americans on their use of cyberweapons: while there is no evidence that they have been used against Chinese targets, the sophisticated cyberattacks on Iran’s nuclear program by the United States and Israel are often cited by the Chinese news media and military journals as evidence that Washington, too, uses cyberspace for strategic advantage.

The talks over computer hacking will start as part of the Strategic and Economic Dialogue, an annual meeting of Chinese and American officials on a broad range of issues. But a new working group is being organized on the subject that will meet more frequently, officials say.

Where the talks will lead, however, is unclear: after considerable debate within the Obama administration, officials have concluded that online conflict does not lend itself to the kind of arms control treaties that the United States and the Soviet Union began negotiating 50 years ago. Today, cyberweapons are held by private individuals as well as states, and figuring out where an attack began can be maddeningly difficult.

Another problem, China experts said, is that neither the Americans nor the Chinese are well prepared for a candid discussion of cyberissues. The growth of hacking, and its use in both military and corporate espionage, is a new enough phenomenon that it is not clear how seriously Mr. Xi and other senior Chinese leaders view it.

Tung Chee-hwa, a former chief executive of Hong Kong who has close ties to China’s leaders, said recently that when he raises the American concerns about hacking with senior officials in Beijing, they express puzzlement.

And neither side, experts said, is ready to discuss military espionage, which means the conversation will necessarily focus on the theft of corporate secrets by China-based hackers. On that subject, they said, Mr. Obama needs to be unyielding.

“Obama has got to say, ‘You’ve got a major hacking operation under way in Beijing, you’ve got a major hacking operation under way in Shanghai. This is going to have repercussions if we don’t see changes very quickly,’ ” said Kenneth G. Lieberthal, a China adviser in the Clinton administration who is now at the Brookings Institution.

China and the United States, experts say, could find common ground on the need to stop cyberattacks on critical national infrastructure, like the electrical grid, since it poses such a danger to both countries. “I personally think a bilateral ‘no sabotage’ pledge would be a very good idea,” Mr. Bader said.
https://www.nytimes.com/2013/06/02/w...n-hacking.html





Four-Star General in Eye of U.S. Cyber Storm

Depending on your point of view, U.S. General Keith Alexander is either an Army four-star trying to stave off a cyber Pearl Harbor attack, or he is an overreaching spy chief who wants to eavesdrop on the private emails of every American.

Alexander, 61, has headed the National Security Agency since 2005, making him the longest-serving chief in the history of an intelligence unit so secretive that it was dubbed "No Such Agency." Alexander also runs U.S. Cyber Command, which he helped to create in 2010 to oversee the country's offensive and defensive operations in cyberspace.

The dual role means Alexander has more knowledge about cyber threats than any other U.S. official, since the NSA already protects the most sensitive U.S. data, extracts intelligence from foreign networks and uses wiretaps to track terrorists. But it also puts the general at the center of an intense debate over how much power the government should have to spy on private citizens in the name of protecting national security.

"He's lasted as long as he has because he's focused and he's persistent. I've never heard him yell," said retired four-star general Michael Hayden, who was Alexander's predecessor at the NSA. "He doesn't spread himself too thin. He decides what's important and puts his personal energy into those things."

Raised near Syracuse, New York, Alexander graduated from West Point, the Army's elite training academy, in 1974. He had planned to serve in the military for just five years but got hooked on the work when he served in Germany as an intelligence officer, monitoring what he described as "sensitive issues on the border of East Germany and Czechoslovakia."

After Germany, Alexander held a series of increasingly senior intelligence jobs and spent the first Gulf war as a senior Army intelligence officer in Saudi Arabia. During this time, he also earned four master's degrees, in electronic warfare, physics, business and national security studies.

In 2005, after two years as the Army's top intelligence officer, Alexander was tapped to replace Hayden at the helm of the NSA, where he continued to run a warrantless surveillance program initiated after the September 11, 2001 hijacking attacks.

The program, which bypassed a federal court that authorizes domestic wiretapping, was first revealed late in 2005, sparking lawsuits, congressional hearings, leak investigations and a furor that still dogs the agency - and Alexander - today.

Against this backdrop, his push to expand the NSA's role in domestic cybersecurity has drawn criticism from privacy advocates, and sometimes put Alexander at odds with the White House and the Department of Homeland Security, according to current and former officials.

Alexander had wanted the NSA to control a government security program to aid non-military companies against cyber threats, but others at DHS insisted - and ultimately prevailed - on civilian control of the project, these officials said.

Jane Holl Lute, who stepped down this month as No. 2 at DHS, said she has had intense conversations with Alexander about the roles of their two agencies in improving cyber security. She declined to detail any differences of opinion, but said they were all judgment calls and she respected the general.

"He pushed up his hill, and I pushed up mine, and what we came to was essentially two sides of the same hill," Lute said.

"We didn't always call balls and strikes the same way. That does not mean he wasn't trying to get it right," she said. "I would challenge anyone who would question his integrity."

HEADING FOR RETIREMENT

Alexander, who told Reuters he plans to retire in the first half of 2014, has presided over one of the busiest times in the NSA's 61-year history, from tracking the cellphone calls that helped capture Osama bin Laden to drawing national attention to cybersecurity. He played a key role in shaping a series of recent cyber policy orders from the Obama administration.

More controversial has been the NSA's construction of a $2 billion data center in Utah, which has fanned concerns about the agency's expansive eavesdropping capabilities.

NSA whistleblower William Binney, a former senior crypto-mathematician, last year accused the agency of building the Utah facility to collect data on virtually every American, including private emails, cellphone calls and Google searches.

Alexander told the Reuters Cybersecurity Summit that such claims about the Utah project are completely false. He rattled off a long list of agencies that oversee the NSA's work, including the Justice Department, White House and Congress. "Either all of them are complicit in us doing this or the allegations are absolute baloney. It's the latter," he said.

According to Alexander, the NSA has its hands full keeping tabs on potential terrorists, and does not have the bandwidth to read the 420 billion emails generated by Americans each day - even though some foreign governments were trying to do that.

"The great irony is we're the only ones not spying on the American people," he quipped.

Alexander has tried to make the NSA appear more transparent, crisscrossing the country to talk about cyber issues. He likes to pepper his speeches with jokes, once blaming his late arrival at a Washington event on a distributed denial of service hacking attack on city street lights.

A gadget lover, Alexander is known to roll up his sleeves to become versant with the latest security technologies. On one flight, he and his aide-de-camp learned "BackTrack," a Linux-based product that helps people test their network security. Aides say the general often scores over 1 million points on the "Bejeweled Blitz" online puzzle game.

Alexander's biggest strength is his ability to reach out to a wide range of audiences, said Shawn Henry, former FBI executive assistant director. He cites a speech Alexander gave at the Defcon hackers conference last year, an appearance that would have been unheard of a few years ago.

"Here's a guy who is seen as a symbol of oppressive government ... and he stands up in front of a thousand people, many of whom probably have hacked networks over the years," said Henry, recalling that Alexander had ditched his decorated uniform for jeans and a black T-shirt. "He is just trying to connect, talking about coordination, collaboration."

DUAL HATS

Alexander has asked the Pentagon to give Cyber Command the same elevated status as other major military commands, but it is not yet clear if that request will be granted.

Ira Winkler, president of the Information Systems Security Association, said Alexander's leadership of both NSA and Cyber Command is an advantage but also a complication.

"He's stuck in a bad position. He basically has to defend U.S. cyberspace which requires securing commercial websites and infrastructure, but no one wants him to have access to those networks, since he's also in charge of NSA," Winkler said.

Alexander said he feels strongly that whoever succeeds him should continue to wear the two hats, but not everyone agrees.

"How much can you consolidate before it gets so huge that one person can't manage it," said Harry Raduege, a retired Air Force general and former director of the Defense Information Systems Agency, which oversees military IT systems. "It's an awful lot for somebody at the top of those organizations to deal with."

Still, Raduege, now with Deloitte, said he expects the Pentagon to elevate Cyber Command to a full unified command before the general's retirement next year.

"There's no one in a better position to know the depth, magnitude and broad-based nature of today's increasing and evolving cyber threats," said Raduege. "When Keith Alexander talks about cyber attacks, we should all listen."

(Additional reporting by Joe Menn in San Francisco, and Warren Strobel and Peter Apps in Washington; Editing by Tiffany Wu and Tim Dobbyn)
https://www.nytimes.com/reuters/2013...alexander.html





Cyber Threats Pose 'Stealthy, Insidious' Danger: Defense Chief
David Alexander

Defense Secretary Chuck Hagel said on Friday that cyber threats posed a "quiet, stealthy, insidious" danger to the United States and other nations, and called for "rules of the road" to guide behavior and avoid conflict on global computer networks.

Hagel said he would address cyber security in his speech on Saturday to the Shangri-La Security Dialogue in Singapore and the issue was likely to come up in a brief meeting with Chinese delegates on the margins of the conference.

"Cyber threats are real, they're terribly dangerous," Hagel told reporters on his plane en route to the gathering. "They're probably as insidious and real a threat (as there is) to the United States, as well as China, by the way, and every nation."

Cyber conflict could lead to "quiet, stealthy, insidious, dangerous outcomes," from taking down power grids to destroying financial systems or neutralizing defense networks, Hagel said.

"That's not a unique threat to the United States, (it affects) everybody, so we've got to find ways here ... working with the Chinese, working with everybody, (to develop) rules of the road, some international understandings, some responsibility that governments have to take," he said.

Hagel's remarks came two days after news reports said the Defense Science Board - a committee of civilian experts who advise the Defense Department - had concluded that Chinese hackers have gained access to the designs of more than two dozen major U.S. weapons systems in recent years. The Pentagon downplayed the report as outdated and overstated.

But the Defense Department underscored its concern about Chinese hacking in a separate report to Congress earlier this month, accusing Beijing of using cyber espionage to modernize its military.

The report said the U.S. government had been the target of hacking that appeared to be "attributable directly to the Chinese government and military."

Asked about Hagel's comments, Chinese Foreign Ministry spokesman Hong Lei said China wanted to exchange views with U.S. officials on "relevant issues" on the sidelines of the Singapore meeting.

"We believe that on this issue both sides should sit down and carry out an even-tempered discussion," Hong told a daily briefing, referring to cyber security.

"We should make the cyber security issue a highlight of bilateral cooperation and make joint efforts to maintain an open, cooperative, secure and transparent cyberspace," he said.

"THREAT TO ALL"

President Barack Obama has made cyber security a priority of the administration and will discuss his concerns with Chinese President Xi Jinping in a meeting in California next week, White House spokesman Jay Carney said this week.

Hagel told reporters on his plane to Singapore that he had invited Chinese Defense Minister Chang Wanquan to visit the United States and a trip was being organized for August.

Asked whether it was effective to deal with the issue by publicly naming China, Hagel said he thought both public diplomacy and private engagement were necessary. Public statements are necessary to let people know what is going on, he said, but it doesn't solve problems.

"The United States knows ... where many of these incursions come from," Hagel said. "It's pretty hard to prove that they are directed by any specific entity, but we can tell where they come from. And I think we've got to be honest about that."

The problem will ultimately be solved by more private discussions, he added. "But it has to be public as well and we'll deal with this. We must deal with this. This is a very dangerous threat to all of us."

Hagel is due to spend two days at the Shangri-La dialogue, engaging in bilateral and trilateral meetings with his Asian counterparts. He helped gain support for the annual dialogue as a U.S. senator more than a decade ago and was a leader of the first U.S. congressional delegation to the event.

After Singapore, Hagel will travel to a NATO ministerial meeting in Brussels that will hold its first review of cyber defense, a sign the issue is climbing to the top of the alliance's agenda due to concerns its infrastructure and secrets are vulnerable.

NATO Secretary-General Anders Fogh Rasmussen has said NATO systems face "regular" computer attacks. Of particular concern are the systems used to coordinate military actions among the 28 allied nations.

Hagel said cyber security would be a centerpiece of the NATO defense ministers meeting, adding "we all need to find ways, international standards, agreements" to commit to responsible use of cyber and "deal with these real threats."

(Additional reporting by Terril Yue Jones in BEIJING; Editing by Paul Simao and Robert Birsel)
http://www.reuters.com/article/2013/...94U05Y20130531





US Spy Device 'Tested on NZ Public'

GCSB refuses to comment on claims communications were intercepted
David Fisher

A high-tech United States surveillance tool which sweeps up all communications without a warrant was sent to New Zealand for testing on the public, according to an espionage expert.

The tool was called ThinThread and it worked by automatically intercepting phone, email and internet information.

ThinThread was highly valued by those who created it because it could handle massive amounts of intercepted information. It then used snippets of data to automatically build a detailed picture of targets, their contacts and their habits for the spy organisation using it.

Those organisations were likely to include the Government Communications Security Bureau (GCSB) after Washington, DC-based author Tim Shorrock revealed ThinThread was sent to New Zealand for testing in 2000-2001.

Mr Shorrock, who has written on intelligence issues for 35 years, said the revolutionary ThinThread surveillance tool was sent to New Zealand by the US National Security Agency. The GCSB is the US agency's intelligence partner - currently under pressure for potentially illegal wide-spread spying on the public.

The claim ThinThread was sent to New Zealand has brought fresh calls for the bureau to explain what it does.

A spokesman said the bureau was currently reviewing how much it did tell the public - but it would not be making comment on the ThinThread test. He said the intelligence agency "won't confirm or deny" the claim because it was an "operational" matter.

A spokeswoman for Prime Minister John Key also refused to comment saying it was an operational matter.

The claim emerged in an article by Mr Shorrock which ran in a magazine last month and featured whistleblower William Binney - a former high-ranking NSA official who designed ThinThread.

Mr Shorrock said the "ThinThread prototype" was installed at two NSA listening posts in late 2000 and at Fort Meade where the NSA is based.

"In addition, several allied foreign intelligence agencies were given the program to conduct lawful surveillance in their own corners of the world. Those recipients included Canada, Germany, Britain, Australia and New Zealand."

The "lawful" aspect was due to the software's ability to mask the identities of those whose information was being intercepted - a technical work around of the legal barrier which prohibits New Zealand and the US from spying on its own citizens.

Mr Shorrock said ThinThread operated in three phases. It began by intercepting call, email and internet traffic on a network and automatically assessing it for interest. The scale of the traffic was such that it narrowed down targets of interest by focusing on patterns of information rather than the content of the information.

Secondly, ThinThread automatically anonymised the collected data so the identities stayed hidden "until there was sufficient evidence to obtain a warrant".

The magic was in the back end of the system which used the raw data "to create graphs showing relationships and patterns that could tell analysts which targets they should look at and which calls should be listened to" using "metadata" - the same type of "information about information" which featured in about 60 of the 88 potentially illegal spying cases identified in the GCSB review.

The Greens and Labour both said it showed the need for an inquiry into the GCSB - an investigation which both have repeatedly demanded. Greens' co-leader Russel Norman said the Prime Minister and GCSB needed to explain to the public whether it was spied on by ThinThread.

"It reinforces why there is a different set of rules for the GCSB - they are integrated into this global spy network," he said.
http://www.nzherald.co.nz/nz/news/ar...ectid=10886031





Unprecedented E-Mail Privacy Bill Sent to Texas Governor’s Desk

While reform languishes in Congress, Austin moves to protect Texans' inboxes.
Cyrus Farivar

Assuming that Texas Governor Rick Perry does not veto it, the Lone Star State appears set to enact the nation’s strongest e-mail privacy bill. The proposed legislation requires state law enforcement agencies to get a warrant for all e-mails regardless of the age of the e-mail.

On Tuesday, the Texas bill (HB 2268) was sent to Gov. Perry’s desk, and he has until June 16, 2013 to sign it or veto it. If he does neither, it will pass automatically and take effect on September 1, 2013. The bill would give Texans more privacy over their inbox to shield against state-level snooping, but the bill would not protect against federal investigations. The bill passed both houses of the state legislature earlier this year without a single "nay" vote.

This new bill, if signed, will make Texas law more privacy-conscious than the much-maligned (but frustratingly still in effect) 1986-era Electronic Communications Privacy Act (ECPA). With the ECPA, federal law enforcement agencies are only required to get a warrant to access recent e-mails before they are opened by the recipient.

As we've noted many times before, there are no such provisions in federal law once the e-mail has been opened or if it has been sitting in an inbox, unopened, for 180 days. In March 2013, the Department of Justice acknowledged in a Congressional hearing that this distinction no longer makes sense and the DOJ would support revisions to ECPA.

A spokesperson for the governor, Courtney Ford, did not immediately respond to Ars’ request to find out whether Gov. Perry plans on signing the bill. The bill reads in part:

An authorized peace officer may require a provider of an electronic communications service or a provider of a remote computing service to disclose electronic customer data that is in electronic storage by obtaining a warrant under Section 5A.

. . .

[A] district judge may issue a search warrant under this section for electronic customer data held in electronic storage, including the contents of and records and other information related to a wire communication or electronic communication held in electronic storage, by a provider of an electronic communications service or a provider of a remote computing service described by Subsection (h), regardless of whether the customer data is held at a location in this state or at a location in another state. An application made under this subsection must demonstrate probable cause for the issuance of the warrant and must be supported by the oath or affirmation of the authorized peace officer.


Nudging Washington

If the federal ECPA weren’t complicated enough, one United States circuit court of appeals decided that federal authorities do need a warrant before accessing e-mail. The case, known as United States v. Warshak, has created a split as other circuits, including the United States Supreme Court, haven’t yet taken up the issue. (Google has since taken the public stance that it will follow the Warshak standard.)

Previously, Texas state law had language mirroring ECPA’s existing 180-day requirement. Of course, ECPA remains federal law of the land in Texas and in all the other 49 states. But civil libertarians and legal experts hope that this may spur Washington, DC into passing much-needed ECPA reform, which has been languishing for some time now.

“Privacy is a special thing in Texas—it goes to the core values of Texas,” said Chris Soghoian, a senior policy analyst at the American Civil Liberties Union.

“It's always good to see states passing pro-privacy legislation because it sends a signal to Congress. It sends a signal to conservative members who might not yet be on board that this is something being supported in their own states and it helps the courts to see that this is a safe space to venture into. When cities and states start protecting e-mail, then judges may feel like there is a reasonable expectation of privacy.”

Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, agreed.

“It is the first state legislature I'm aware of to change the law this way,” he told Ars. “Other states are currently considering similar legislation, including California—where EFF sponsored SB 467 recently passed the Senate 33-1 and is now being considered in the Assembly.

It's significant as proof that privacy reform is not only needed, but also politically-feasible with broad bipartisan support. And hopefully that will impact federal ECPA reform efforts by getting people on both of sides of the political aisle to work together to make meaningful electronic privacy reform a reality. The more states that pass similar legislation, the more pressure it will put on Congress to keep up with the changing legal landscape.”
http://arstechnica.com/tech-policy/2...overnors-desk/





Dean in E-Mail Searches Steps Down at Harvard
Richard Pérez-Peńa

The undergraduate dean at Harvard will step down this summer, she and the university announced on Tuesday, months after she came under fire for her handling of a search of some junior faculty members’ e-mail accounts.

Evelynn M. Hammonds, the first woman and the first African-American to hold the position of dean of Harvard College, will leave that post on July 1 after five years, but she will remain on the faculty, the university said in a statement posted online. She will lead a new program on race and gender in science and medicine, topics that have been at the core of her scholarly work for decades.

“I was never asked to step down,” Dr. Hammonds said. “I have been in discussions to return to academia and my research for some time.”

Harvard disclosed last summer that well over 100 students were suspected of cheating on a take-home exam, the largest such scandal in memory. As the Administrative Board looked into the cases and the students’ guilt or innocence — dozens of them were forced to take a leave from the college — elements of the investigation, which was supposed to be confidential, were reported by The Harvard Crimson.

In March, it was revealed that university administrators, hunting for the sources of those leaks, had searched through Harvard e-mail accounts of 16 resident deans, who are junior faculty members, live in the student houses and act as student advisers. Most of the resident deans were not told of the searches until months later. Dr. Hammonds and Michael D. Smith, dean of the Faculty of Arts and Sciences, who had approved the search, said that only the messages’ subject lines were examined, not their contents, and that no other e-mail search was conducted.

But a few weeks later, Dr. Hammonds acknowledged that she had ordered another search, without consulting Dr. Smith, that also looked for specific e-mail recipients.

Faculty members described a loss of trust after the searches became public, and The Crimson called on Dr. Hammonds to resign. Harvard’s president, Drew Gilpin Faust, conceded that the university’s e-mail privacy policy was contradictory, and commissioned an outside lawyer to investigate the affair.

Dr. Hammonds said, “The e-mail controversy was difficult, but it was not a motivating factor in my decision to step down as dean.”
https://www.nytimes.com/2013/05/29/e...step-down.html





Holder Faces New Round of Criticism After Leak Inquiries
Charlie Savage and Jonathan Weisman

Attorney General Eric H. Holder Jr., a lightning rod of Republican attacks during President Obama’s first term, is now contending with a new round of criticism over the Justice Department’s campaign against leaks to the news media.

This time it is the news media and even some Democrats who are upset with Mr. Holder, who in recent days has taken steps seemingly aimed at assuaging them. He endorsed the enactment of a “media shield” law and invited leaders of news organizations to meet with him Thursday to discuss tightening rules on warrants and subpoenas for reporters’ records as part of leak investigations.

Even as Mr. Holder has sought to regain his footing, Republicans have resumed their criticism, accusing him of misleading Congress in testimony over whether the Justice Department has considered prosecuting journalists under the Espionage Act for publishing government secrets.

In a letter Wednesday, the House Judiciary Committee chairman, Representative Robert W. Goodlatte of Virginia, and a Republican colleague, Representative Jim Sensenbrenner of Wisconsin, expressed “great concern” about Mr. Holder’s testimony before the committee this month, saying it “appeared to be at odds” with court documents that have come to light involving a warrant for e-mails of James Rosen, a Fox News reporter.

The prospect of a new round of perjury accusations from Congress has underscored that the furor over the leak investigations might pose a new threat to Mr. Holder, who surprised many Democrats by choosing to stay on after Mr. Obama’s re-election. For now, Democrats on the House Judiciary Committee are standing by Mr. Holder, even though the ranking member, Representative John Conyers Jr. of Michigan, pronounced himself “deeply troubled” by some of the investigative tactics used in recent leak cases.

“Certainly, it is fair to ask additional questions about the Rosen investigation, and any role the attorney general may have played in it, but I do not believe it credible to level charges that he may have intentionally misled the committee on this matter before we know the facts of the case in question,” Mr. Conyers said.

In his only recent interview, Mr. Holder told The Daily Beast that the investigations obeyed existing laws and guidelines, but he also said the rules “need to be updated.” He called the furor “an opportunity for the department to consider how we strike the right balance between the interests of law enforcement and freedom of the press.”

The Daily Beast article also paraphrased unnamed aides as saying Mr. Holder was “also beginning to feel a creeping sense of personal remorse.”

Reid Weingarten, a lawyer who has been a friend of Mr. Holder’s for three decades, said Mr. Holder had discussed no such feelings with him. Rather, Mr. Weingarten said, the disclosure to Fox News of the existence of a rare intelligence source in North Korea was “a horrible leak and he was charged with the responsibility to get at it.” That raised what he said Mr. Holder described to him as a trade-off between press freedoms and the need to identify leakers — a problem for which there are no easy answers because it pits “two laudable goals” against each other.

“He’s not immune from the criticism, but I think he sees this First Amendment-security conflict as almost impossibly difficult,” Mr. Weingarten said, adding: “He hasn’t confessed or cried to me, that’s for sure. What I sense in conversations with him is how horribly difficult the dilemma is when you have this situation. It’s important to get it right, and if we didn’t get it right — and that’s a big if — let’s button up the process now.”

Matthew Miller, a friend and former top aide to Mr. Holder, portrayed the attorney general’s proposal to tighten laws and guidelines on when news media records may be obtained as coming out of a realization that one cannot expect law enforcement officials to do anything less than what the rules permit when pursuing a particular case.

Meanwhile, Mr. Holder has invited representatives from several major news organizations to discuss whether and how the Justice Department’s regulations for leak investigations should be modified.

Some news organizations, including The New York Times, declined. “We will not be attending the session at D.O.J.,” said Jill Abramson, its executive editor. “It isn’t appropriate for us to attend an off-the-record meeting with the attorney general. Our Washington bureau is aggressively covering the department’s handling of leak investigations at this time. Evidently, there will be a future session with department officials on the substance of how the law should be applied in leak cases and I am hopeful that our counsel, David McCraw, will be able to participate.”

However, Martin Baron, the executive editor of The Washington Post, said that while he would prefer the meeting be on the record, he would go “in order to represent our interests as journalists and to raise our concerns. I’ll also listen to what the attorney general has to say. I trust that our journalists will report on this as vigorously as they would any other subject.”

A representative of The Associated Press said the executive editor, Kathleen Carroll, would attend only if the session was on the record.

Mr. Holder at first appeared to sidestep the furor over leaks. It began on May 13 with a disclosure by The Associated Press that the Justice Department had obtained calling logs for its reporters’ phone lines in connection with a 2012 leak involving a foiled bomb plot in Yemen.

The subpoena was controversial because the department did not provide any advance notice to The A.P., which would have allowed it to negotiate or challenge it in court.

But Mr. Holder quickly revealed that he had recused himself from overseeing that investigation and so it was his deputy, James M. Cole, who had approved the subpoena.

In testimony on May 15, Mr. Holder also distanced himself from the notion that reporters who write about national security secrets should be indicted under the Espionage Act, saying: “With regard to the potential prosecution of the press for the disclosure of material, that is not something that I’ve ever been involved in, heard of or would think would be a wise policy.”

Since then, however, a 2010 search warrant for e-mails of Mr. Rosen, the Fox News reporter, came to light in connection with a leak investigation into a State Department analyst. An affidavit says there was probable cause to believe Mr. Rosen had violated the Espionage Act. Mr. Holder approved the warrant.

Law enforcement officials said the affidavit included that language to invoke an exception to a law that otherwise bars search warrants for reporters’ work product, and noted that while the analyst accused of leaking, Stephen Kim, was indicted in August 2010, Mr. Rosen was not charged.

On Wednesday, a Justice Department official said that Mr. Holder’s “testimony concerning the potential prosecution of the press was consistent with the underlying facts with respect to the investigation and ultimate prosecution of Mr. Kim.”
https://www.nytimes.com/2013/05/30/u...criticism.html





Secret Court Document Finds Spy Techniques Unconstitutional, Justice Department Fights To Keep It Hidden
Ryan W. Neal

The Justice Department may soon be forced to reveal a classified document that details unconstitutional surveillance of American citizens. The Justice Department has fought to keep the document secret for about a year, but a recent court order demands that they respond to a formal request filed by the Electronic Frontier Foundation by next week, June 7, 2013.

This document was first revealed last July by Sen. Ron Wyden, D-Ore., to call attention to an expansion of the Foreign Intelligence Surveillance Act in 2008 -- which then-Sen. Barack Obama voted for . According to Wyden, the Foreign Intelligence Surveillance Court ruled that the government violated the Fourth Amendment. The FISC mostly operates in secret, so the actual court decision remained classified. Wyden was only able to say the FISC decision existed; he was unable to disclose any details about the actual surveillance techniques that were deemed unconstitutional or how many Americans they affected.

The EFF took legal action to learn more about the FISC decision. An initial victory in a district court established in the public record that the Justice Department does possess an 86-page FISC decision on unconstitutional surveillance methods that was published Oct. 3, 2011. The decision found that some techniques were “unreasonable under the Fourth Amendment,” and that the court concluded that “on at least one occasion,” the Justice Department “circumvented the spirit of the law.”

The EFF’s next goal is to make the actual FISC decision public. The EFF had submitted a Freedom of Information Act request for the document to be declassified, but the Justice Department objected to the FOIA request on the grounds that making the FISC decision public would damage national security. It also argued that it didn’t even have the proper legal authority to release the FISC decision. A district court ruled in favor of the Justice Department and upheld the decision to keep the FISC document a secret.

The EFF decided to take its case directly to the FISC last week, and filed a motion to disclose the court records. On Friday, FISC Judge Reggie B. Walton ordered the Justice Department to submit any argument against the motion no later than 5 p.m. on June 7.

Of course, the Justice Department is likely to return with many of the same arguments as before. The difference, as Slate points out, is that this time the FISC, which has been under fire for its lack of transparency, will be deciding on the arguments. Sen. Dianne Feinstein, D-Calif., is working on a law that requires declassified versions of FISC decisions be made available to the public.

This could be an opportunity for the FISC to show that it is willing to be transparent. After all, it’s a decision it made nearly 20 months ago that was designed to protect the American people from unconstitutional intrusion by their government.

New technologies have made it easier for the Justice Department to spy on Americans, but others have fought back recently. Google has publicly fought against National Security Letters requesting user data, and more recently, a judge rejected and exposed an FBI proposal to use malware to turn a personal computer into a surveillance device.
http://www.ibtimes.com/secret-court-...keep-it-hidden





U.S. Soldier at Center of WikiLeaks Case Set to Go On Trial Monday
Ian Simpson

The American soldier accused of the biggest leak of classified information in U.S. history, which prosecutors say put lives at risk, goes on trial on Monday in a case that raises questions about the limits of secrecy and openness in the Internet era.

Private First Class Bradley Manning, 25, is charged with providing more than 700,000 documents to WikiLeaks, an anti-secrecy website.

He said the move was intended to spark renewed debate on U.S. military action. But the government says the leaks damaged national security and endangered American lives. He faces a possible life sentence if convicted.

The military trial at Fort Meade, Maryland, about 30 miles northeast of Washington, is expected to run until at least late August. Prosecutors have said they expect to call more than 100 witnesses.

Civil liberties groups say the court-martial has been shrouded in secrecy and has had a chilling effect on whistleblowers.

Manning faces 21 counts, including the most serious one of aiding the enemy, as well as prosecution under the Espionage Act of 1917.

"It's probably the most dramatic example of the administration's use of the Espionage Act to prosecute leaks of information to the media," said Elizabeth Goitein, co-director of the Brennan Center for Justice's Liberty and National Security Program.

"It's quite dramatic, and the government will say that it's proportionate to the crime."

'CLEAR CONSCIENCE'

Manning, an intelligence analyst, was arrested in May 2010 while serving in Iraq. He was charged with downloading intelligence documents, diplomatic cables and combat videos and forwarding them to WikiLeaks, which began releasing the information that year.

Manning testified in February that he had released the files to spark a domestic debate on the military and on foreign policy in general.

"I take full responsibility for my actions," he said at the time. "I felt I accomplished something that would allow me to have a clear conscience."

One of the leaked U.S. military videos showed a 2007 attack by Apache helicopters that killed a dozen people in Baghdad. They included two Reuters news staff, photographer Namir Noor-Eldeen and driver Saeed Chmagh.

The judge in the case, Colonel Denise Lind, said last month she would close parts of the trial to the public to protect classified material. Rather than face a jury, Manning has chosen to have Lind decide his case.

Manning pleaded guilty in court in February to 10 lesser charges that he was the source of the WikiLeaks release. But prosecutors rejected the pleas and are pursuing the original charges.

WikiLeaks founder Julian Assange has taken refuge in the Ecuadorean Embassy in London since June 2012 to avoid extradition to Sweden for alleged sex crimes.

Nathan Fuller, a spokesman for the Bradley Manning Support Network, called the case a harbinger for U.S. media because the trial means posting government documents on the Internet could be construed as aiding the enemy.

"It's already chilled a lot of whistleblowers, a lot of soldiers don't want to talk to the press anymore. A lot of reporters are saying their sources are drying up," he said.

(Reporting by Ian Simpson; Editing by Scott Malone and Xavier Briand)
http://www.reuters.com/article/2013/...95006520130601





Jeremy Hammond Pleads Guilty to Role in Stratfor Hack

In UK hackers received maximum 15 months sentences for LulzSec involvement. Hammond could receive 10 years
Natasha Lennard

On Tuesday hacktivist Jeremy Hammond pleaded guilty to involvement in the infamous LulzSec Stratfor hack. His plea agreement, to one violation under the (dangerously broad) Computer Fraud and Abuse Act, is a non-cooperating plea, which could land the 28-year-old with a 10-year sentence.

As noted here earlier this month, three young hackers in Britain convicted of similar charges relating to the Stratfor hack received sentences that pale in comparison to what Hammond faces and highlight the U.S.’ overreach when it comes to cybercrime prosecutions. The longest sentence handed down in the U.K. cases carried a maximum of 15 months jail time. Meanwhile, as Hammond expressed in a statement Tuesday, he could have faced 30 years in prison were he to have been found guilty at trial. His supporters and legal team are now asking his presiding judge to hand down a sentence far less harsh than the possible 10 years his plea agreement can carry.

Hammond, who has already spent 15 months in federal detention (regularly held in isolation) with little access to his loved ones, explained in his statement why he chose to take the plea. Notably, aside from fearing a 30-year sentence, Hammond is now embracing the chance to explain his involvement in the Stratfor hack and the ethics underpinning his actions:

Today I pleaded guilty to one count of violating the Computer Fraud and Abuse Act. This was a very difficult decision. I hope this statement will explain my reasoning. I believe in the power of the truth. In keeping with that, I do not want to hide what I did or to shy away from my actions. This non-cooperating plea agreement frees me to tell the world what I did and why, without exposing any tactics or information to the government and without jeopardizing the lives and well-being of other activists on and offline.

During the past 15 months I have been relatively quiet about the specifics of my case as I worked with my lawyers to review the discovery and figure out the best legal strategy. There were numerous problems with the government’s case, including the credibility of FBI informant Hector Monsegur. However, because prosecutors stacked the charges with inflated damages figures, I was looking at a sentencing guideline range of over 30 years if I lost at trial. I have wonderful lawyers and an amazing community of people on the outside who support me. None of that changes the fact that I was likely to lose at trial. But, even if I was found not guilty at trial, the government claimed that there were eight other outstanding indictments against me from jurisdictions scattered throughout the country. If I had won this trial I would likely have been shipped across the country to face new but similar charges in a different district. The process might have repeated indefinitely. Ultimately I decided that the most practical route was to accept this plea with a maximum of a ten year sentence and immunity from prosecution in every federal court.

Now that I have pleaded guilty it is a relief to be able to say that I did work with Anonymous to hack Stratfor, among other websites. Those others included military and police equipment suppliers, private intelligence and information security firms, and law enforcement agencies. I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right.

http://www.salon.com/2013/05/28/jere...stratfor_hack/





Anatomy of a Hack: How Crackers Ransack Passwords Like “qeadzcwrsfxv1331”

For Ars, three crackers have at 16,000+ hashed passcodes—with 90 percent success.
Dan Goodin

In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.

Imagine no more. We asked three cracking experts to attack the same list Anderson targeted and recount the results in all their color and technical detail Iron Chef style. The results, to say the least, were eye opening because they show how quickly even long passwords with letters, numbers, and symbols can be discovered.

The list contained 16,449 passwords converted into hashes using the MD5 cryptographic hash function. Security-conscious websites never store passwords in plaintext. Instead, they work only with these so-called one-way hashes, which are incapable of being mathematically converted back into the letters, numbers, and symbols originally chosen by the user. In the event of a security breach that exposes the password data, an attacker still must painstakingly guess the plaintext for each hash—for instance, they must guess that "5f4dcc3b5aa765d61d8327deb882cf99" and "7c6a180b36896a0a8c02787eeafb0e4c" are the MD5 hashes for "password" and "password1" respectively. (For more details on password hashing, see the earlier Ars feature "Why passwords have never been weaker—and crackers have never been stronger.")

While Anderson's 47-percent success rate is impressive, it's miniscule when compared to what real crackers can do, as Anderson himself made clear. To prove the point, we gave them the same list and watched over their shoulders as they tore it to shreds. To put it mildly, they didn't disappoint. Even the least successful cracker of our trio—who used the least amount of hardware, devoted only one hour, used a tiny word list, and conducted an interview throughout the process—was able to decipher 62 percent of the passwords. Our top cracker snagged 90 percent of them.

The Ars password team included a developer of cracking software, a security consultant, and an anonymous cracker. The most thorough of the three cracks was carried out by Jeremi Gosney, a password expert with Stricture Consulting Group. Using a commodity computer with a single AMD Radeon 7970 graphics card, it took him 20 hours to crack 14,734 of the hashes, a 90-percent success rate. Jens Steube, the lead developer behind oclHashcat-plus, achieved impressive results as well. (oclHashcat-plus is the freely available password-cracking software both Anderson and all crackers in this article used.) Steube unscrambled 13,486 hashes (82 percent) in a little more than one hour, using a slightly more powerful machine that contained two AMD Radeon 6990 graphics cards. A third cracker who goes by the moniker radix deciphered 62 percent of the hashes using a computer with a single 7970 card—also in about one hour. And he probably would have cracked more had he not been peppered with questions throughout the exercise.

The list of "plains," as many crackers refer to deciphered hashes, contains the usual list of commonly used passcodes that are found in virtually every breach involving consumer websites. "123456," "1234567," and "password" are there, as is "letmein," "Destiny21," and "pizzapizza." Passwords of this ilk are hopelessly weak. Despite the additional tweaking, "p@$$word," "123456789j," "letmein1!," and "LETMEin3" are equally awful. But sprinkled among the overused and easily cracked passcodes in the leaked list are some that many readers might assume are relatively secure. ":LOL1313le" is in there, as are "Coneyisland9/," "momof3g8kids," "1368555av," "n3xtb1gth1ng," "qeadzcwrsfxv1331," "m27bufford," "J21.redskin," "Garrett1993*," and "Oscar+emmy2."

As big as the word lists that all three crackers in this article wielded—close to 1 billion strong in the case of Gosney and Steube—none of them contained "Coneyisland9/," "momof3g8kids," or the more than 10,000 other plains that were revealed with just a few hours of effort. So how did they do it? The short answer boils down to two variables: the website's unfortunate and irresponsible use of MD5 and the use of non-randomized passwords by the account holders.

Life in the fast lane

"These are terrible passwords," radix, who declined to give his real name, told Ars just a few minutes into run one of his hour-long cracking session. "There's probably not a complexity requirement for them. The hashing alone being MD5 tells me that they really don't care about their passwords too much, so it's probably some pre-generated site."

Like SHA1, SHA3, and most other algorithms, MD5 was designed to convert plaintext into hashes, also known as "message digests," quickly and with a minimal amount of computation. That works in the favor of crackers. Armed with a single graphics processor, they can cycle through more than eight billion password combinations each second when attacking "fast" hashes. By contrast, algorithms specifically designed to protect passwords require significantly more time and computation. For instance, the SHA512crypt function included by default in Mac OS X and most Unix-based operating systems passes text through 5,000 hashing iterations. This hurdle would limit the same one-GPU cracking system to slightly less than 2,000 guesses per second. Examples of other similarly "slow" hashing algorithms include bcrypt, scrypt, and PBKDF2.

The other variable was the account holders' decision to use memorable words. The characteristics that made "momof3g8kids" and "Oscar+emmy2" easy to remember are precisely the things that allowed them to be cracked. Their basic components—"mom," "kids," "oscar," "emmy," and numbers—are a core part of even basic password-cracking lists. The increasing power of hardware and specialized software makes it trivial for crackers to combine these ingredients in literally billions of slightly different permutations. Unless the user takes great care, passwords that are easy to remember are sitting ducks in the hands of crackers.

What's more, like the other two crackers profiled in this article, radix didn't know where the password list was taken from, eliminating one of the key techniques crackers use when deciphering leaked hashes. "If I knew the site, I would go there and find out what the requirements are," he said. The information would have allowed radix to craft custom rule sets targeted at the specific hashes he was trying to crack.

Anatomy of a crack

The longer answer to how these relatively stronger passwords were revealed requires comparing and contrasting the approaches of the three crackers. Because their equipment and the amount of time they devoted to the exercise differed, readers shouldn't assume one cracker's technique was superior to those of the others. That said, all three cracks resembled video games where each successive level is considerably harder than the last. The first stage of each attack typically cracked in excess of 50 percent of the hashes, with each stage that came later cracking smaller and smaller percentages. By the time they got to the latest rounds, they considered themselves lucky to get more than a few hundred plains.

True to that pattern, Gosney's first stage cracked 10,233 hashes, or 62 percent of the leaked list, in just 16 minutes. It started with a brute-force crack for all passwords containing one to six characters, meaning his computer tried every possible combination starting with "a" and ending with "//////." Because guesses have a maximum length of six and are comprised of 95 characters—that's 26 lower-case letters, 26 upper-case letters, 10 digits, and 33 symbols—there are a manageable number of total guesses. This is calculated by adding the sum of 956 + 955 + 954 + 953 + 952 + 95. It took him just two minutes and 32 seconds to complete the round, and it yielded the first 1,316 plains of the exercise.

Beyond a length of six, however, Gosney was highly selective about the types of brute-force attacks he tried. That's because of the exponentially increasing number of guesses each additional character creates. While it took only hours to brute-force all passwords from one to six characters, it would have taken Gosney days, weeks, or even years to brute-force longer passwords. Robert Graham, the CEO of Errata Security who has calculated the requirements, refers to this limitation as the "exponential wall of brute-force cracking."

Recognizing these limits, Gosney next brute-force cracked all passwords of length seven or eight that contained only lower letters. That significantly reduced the time required and still cracked 1,618 hashes. He tried all passwords of length seven or eight that contained only upper letters to reveal another 708 plains. Because their "keyspace" was the sum of 268 + 267, each of these steps was completed in 41 seconds. Next, he brute-forced all passwords made up solely of numbers from one to 12 digits long. It cracked 312 passcodes and took him three minutes and 21 seconds.

It was only then that Gosney turned to his word lists, which he has spent years fine tuning. Augmenting the lists with the "best64" rule set built into Hashcat, he was able to crack 6,228 hashes in just nine minutes and four seconds. To complete stage one, he ran all the plains he had just captured in the previous rounds through a different rule set known as "d3ad0ne" (named after its creator who is a recognized password expert). It took one second to complete and revealed 51 more plains.

"Normally I start by brute-forcing all characters from length one to length six because even on a single GPU, this attack completes nearly instantly with fast hashes," Gosney explained in an e-mail. He continued:

And because I can brute-force this really quickly, I have all of my wordlists filtered to only include words that are at least six chars long. This helps to save disk space and also speeds up wordlist-based attacks. Same thing with digits. I can just brute-force numerical passwords very quickly, so there are no digits in any of my wordlists. Then I go straight to my wordlists + best64.rule since those are the most probable patterns, and larger rule sets take much longer to run. Our goal is to find the most plains in the least amount of time, so we want to find as much low-hanging fruit as possible first.

Cracking the weakest passwords first is especially helpful when hashes contain cryptographic salt. Originally devised to thwart rainbow tables and other types of precomputed techniques, salting appends random characters to each password before it is hashed. Besides defeating rainbow tables, salting slows down brute-force and dictionary attacks because hashes must be cracked one at a time rather than all of them at once.

But the thing about salting is this: it slows down cracking only by a multiple of the number of unique salts in a given list. That means the benefit of salting diminishes with each cracked hash. By cracking the weakest passwords as quickly as possible first (an optimization offered by Hashcat) crackers can greatly diminish the minimal amount of protection salting might provide against cracking. Of course, none of this applies in this exercise since the leaked MD5 wasn't salted.

With 10,233 hashes cracked in stage one, it was time for stage two, which consisted of a series of hybrid attacks. True to the video game analogy mentioned earlier, this second stage of attacks took considerably longer than the first one and recovered considerably fewer plains—to be exact, five hours and 12 minutes produced 2,702 passwords.

As the name implies, a hybrid attack marries a dictionary attack with a brute-force attack, a combination that greatly expands the reach of a well-honed word list while keeping the keyspace to a manageable length. The first round of this stage appended all possible two-characters strings containing digits or symbols to the end of each word in his dictionary. It recovered 585 plains and took 11 minutes and 25 seconds to run. Round two appended all possible three-character strings containing digits or symbols. It cracked 527 hashes and required 58 minutes to complete. The third round, which appended all four-digit number strings, took 25 minutes and recovered 435 plains. Round four appended all possible strings containing three lower-case letters and digits and acquired 451 more passwords.

As fruitful as these attacks were, Gosney said they were handicapped by his use of a single graphics card for this exercise.

"For example, you'll notice that when I was doing hybrid attacks, I appended 2-3 digits/special but then only did digits with length 4," he explained. "This is because doing digits/special for length 4 would have taken a really long time with just one GPU, so I skipped it. Same with when I started appending lower alpha/digits, I only did length 3 because length 4 would have taken too long with just one GPU."

No doubt, Gosney could have attacked much larger keyspaces had he used the monster 25-GPU cluster he unveiled in December. Because the graphics cards in the five-server system scale almost linearly, it's able to harness almost all of their combined power. As a result, it can achieve 350 billion guesses per second when cracking password hashes generated by Microsoft's NTLM algorithm. And it could generate similar results when going up against MD5 and other fast hash functions.

The remaining hybrid attacks in stage two continued in the same vein. By the time it was completed, he had cracked a total of 12,935 hashes, or 78.6 percent of the list, and had spent a total of just 5 hours and 28 minutes doing it.

One of the things Gosney and other crackers have found is that passwords for a particular site are remarkably similar, despite being generated by users who have never met each other. After cracking such a large percentage of hashes from this unknown site, the next step was to analyze the plains and mimic the patterns when attempting to guess the remaining passwords. The result is a series of statistically generated brute-force attacks based on a mathematical system known as Markov chains. Hashcat makes it simple to implement this method. By looking at the list of passwords that already have been cracked, it performs probabilistically ordered, per-position brute-force attacks. Gosney thinks of it as an "intelligent brute-force" that uses statistics to drastically limit the keyspace.

Where a classic brute-force tries "aaa," "aab," "aac," and so on, a Markov attack makes highly educated guesses. It analyzes plains to determine where certain types of characters are likely to appear in a password. A Markov attack with a length of seven and a threshold of 65 tries all possible seven-character passwords with the 65 most likely characters for each position. It drops the keyspace of a classic brute-force from 957 to 657, a benefit that saves an attacker about four hours. And since passwords show surprising uniformity when it comes to the types of characters used in each position—in general, capital letters come at the beginning, lower-case letters come in the middle, and symbols and numbers come at the end—Markov attacks are able crack almost as many passwords as a straight brute-force.

"This is where your attack plan deviates from the standard and becomes unique, because now you're doing site-specific attacks," Gosney said. "From there, if you start hitting upon any interesting patterns, you just start chasing those patterns down the rabbit hole. Once you've fully exploited one pattern you move on to the next."

In all, it took Gosney 14 hours and 59 minutes to complete this third stage, which besides Markov attacks included several other custom wordlists combined with rules. Providing further evidence of the law of diminishing returns that dictates password cracking, it yielded 1,699 more passwords. It's interesting to note that the increasing difficulty is experienced even within this last step itself. It took about three hours to cover the first 962 plains in this stage and 12 hours to get the remaining 737.

The other two password experts who cracked this list used many of the same techniques and methods, although not in the same sequence and with vastly different tools. The only wordlist used by radix, for example, came directly from the 2009 breach of online games service RockYou. Because the SQL-injection hack exposed more than 14 million unique passwords in plaintext, the list represents the largest corpus of real-world passwords ever to be made public. radix has a much bigger custom-compiled dictionary, but like a magician who doesn't want to reveal the secret behind a trick, he kept it under wraps during this exercise.

Killing hashes

Like Nate Anderson's foray into password cracking, radix was able to crack 4,900 of the passwords, nearly 30 percent of the haul, solely by using the RockYou list. He then took the same list, cut the last four characters off each of the words, and appended every possible four-digit number to the end. Hashcat told him it would take two hours to complete, which was longer than he wanted to spend. Even after terminating the run two after 20 minutes, he had cracked 2,136 more passcodes. radix then tried brute-forcing all numbers, starting with a single digit, then two digits, then three digits, and so on (259 additional plains recovered).

He seemed to choose techniques for his additional runs almost at random. But in reality, it was a combination of experience, intuition, and possibly a little luck.

"It's all about analysis, gut feelings, and maybe a little magic," he said. "Identify a pattern, run a mask, put recovered passes in a new dict, run again with rules, identify a new pattern, etc. If you know the source of the hashes, you scrape the company website to make a list of words that pertain to that specific field of business and then manipulate it until you are happy with your results."

He then ran the 7,295 plains he recovered so far through PACK, short for the Password Analysis and Cracking Toolkit (developed by password expert Peter Kacherginsky), and noticed some distinct patterns. A third of them contained eight characters, 19 percent contained nine characters, and 16 percent contained six characters. PACK also reported that 69 percent of the plains were "stringdigit" meaning a string of letters or symbols that ended with numbers. He also noticed that 62 percent of the recovered passwords were classified as "loweralphanum," meaning they consisted solely of lower-case letters and numbers.

This information gave him fodder for his next series of attacks. In run 4, he ran a mask attack. This is similar to the hybrid attack mentioned earlier, and it brings much of the benefit of a brute-force attack while drastically reducing the time it takes to run it. The first one tried all possible combinations of lower-case letters and numbers, from one to six characters long (341 more plains recovered). The next step would have been to try all combinations of lower-case letters and numbers with a length of eight. But that would have required more time than radix was willing to spend. He then considered trying all passwords with a length of eight that contained only lower-case letters. Because the attack excludes upper case letters, the search space was manageable, 268 instead of 528. With radix's machine, that was the difference between spending one hour and six hours respectively. The lower threshold was still more time than he wanted to spend, so he skipped that step too.

So radix then shifted his strategy and used some of the rule sets built into Hashcat. One of them allows Hashcat to try a random combination of 5,120 rules, which can be anything from swapping each "e" with a "3," pulling the first character off each word, or adding a digit between each character. In just 38 seconds the technique recovered 1,940 more passwords.

"That's the thrill of it," he said. "It's kind of like hunting, but you're not killing animals. You're killing hashes. It's like the ultimate hide and seek." Then acknowledging the dark side of password cracking, he added: "If you're on the slightly less moral side of it, it has huge implications."

Steube also cracked the list of leaked hashes with aplomb. While the total number of words in his custom dictionaries is much larger, he prefers to work with a "dict" of just 111 million words and pull out the additional ammunition only when a specific job calls for it. The words are ordered from most to least commonly used. That way, a particular run will crack the majority of the hashes early on and then slowly taper off. "I wanted it to behave like that so I can stop when things get slower," he explained.

Early in the process, Steube couldn't help remarking when he noticed one of the plains he had recovered was "momof3g8kids."

"This was some logic that the user had," Steube observed. "But we didn't know about the logic. By doing hybrid attacks, I'm getting new ideas about how people build new [password] patterns. This is why I'm always watching outputs."

The specific type of hybrid attack that cracked that password is known as a combinator attack. It combines each word in a dictionary with every other word in the dictionary. Because these attacks are capable of generating a huge number of guesses—the square of the number of words in the dict—crackers often work with smaller word lists or simply terminate a run in progress once things start slowing down. Other times, they combine words from one big dictionary with words from a smaller one. Steube was able to crack "momof3g8kids" because he had "momof3g" in his 111 million dict and "8kids" in a smaller dict.

"The combinator attack got it! It's cool," he said. Then referring to the oft-cited xkcd comic, he added: "This is an answer to the batteryhorsestaple thing."
Photograph by imgs.xkcd.com

What was remarkable about all three cracking sessions were the types of plains that got revealed. They included passcodes such as "k1araj0hns0n," "Sh1a-labe0uf," "Apr!l221973," "Qbesancon321," "DG091101%," "@Yourmom69," "ilovetofunot," "windermere2313," "tmdmmj17," and "BandGeek2014." Also included in the list: "all of the lights" (yes, spaces are allowed on many sites), "i hate hackers," "allineedislove," "ilovemySister31," "iloveyousomuch," "Philippians4:13," "Philippians4:6-7," and "qeadzcwrsfxv1331." "gonefishing1125" was another password Steube saw appear on his computer screen. Seconds after it was cracked, he noted, "You won't ever find it using brute force."

The ease these three crackers had converting hashes into their underlying plaintext contrasts sharply with the assurances many websites issue when their password databases are breached. Last month, when daily coupons site LivingSocial disclosed a hack that exposed names, addresses, and password hashes for 50 million users, company executives downplayed the risk.

"Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one," CEO Tim O'Shaughnessy told customers.

In fact, there's almost nothing preventing crackers from deciphering the hashes. LivingSocial used the SHA1 algorithm, which as mentioned earlier is woefully inadequate for password hashing. He also mentioned that the hashes had been "salted," meaning a unique set of bits had been added to each users' plaintext password before it was hashed. It turns out that this measure did little to mitigate the potential threat. That's because salt is largely a protection against rainbow tables and other types of precomputed attacks, which almost no one ever uses in real-world cracks. The file sizes involved in rainbow attacks are so unwieldy that they fell out of vogue once GPU-based cracking became viable. (LivingSocial later said it's in the process of transitioning to the much more secure bcrypt function.)

Officials with Reputation.com, a service that helps people and companies manage negative search results, borrowed liberally from the same script when disclosing their own password breach a few days later. "Although it was highly unlikely that these passwords could ever be decrypted, we immediately changed the password of every user to prevent any possible unauthorized account access," a company e-mail told customers.

Both companies should have said that, with the hashes exposed, users should presume their passwords are already known to the attackers. After all, cracks against consumer websites typically recover 60 percent to 90 percent of passcodes. Company officials also should have warned customers who used the same password on other sites to change them immediately.

To be fair, since both sites salted their hashes, the cracking process would have taken longer to complete against large numbers of hashes. But salting does nothing to slow down the cracking of a single hash and does little to slow down attacks on small numbers of hashes. This means that certain targeted individuals who used the hacked sites—for example, bank executives, celebrities, or other people of particular interest to the attackers—weren't protected at all by salting.

The prowess of these three crackers also underscores the need for end users to come up with better password hygiene. Many Fortune 500 companies tightly control the types of passwords employees are allowed to use to access e-mail and company networks, and they go a long way to dampen crackers' success.

"On the corporate side, its so different," radix said. "When I'm doing a password audit for a firm to make sure password policies are properly enforced, it's madness. You could go three days finding absolutely nothing."

Websites could go a long way to protect their customers if they enforced similar policies. In the coming days, Ars will publish a detailed primer on passwords managers. It will show how to use them to generate long, random passcodes that are unique to each site. Because these types of passwords can only be cracked by brute force, they are the hardest to recover. In the meantime, readers should take pains to make sure their passwords are a minimum of 11 characters, contain upper- and lower-case letters, numbers, and letters, and aren't part of a pattern.

The ease these crackers had in recovering as many as 90 percent of the hashes they targeted from a real-world breach also exposes the inability many services experience when trying to measure the relative strength or weakness of various passwords. A recently launched site from chipmaker Intel asks users "How strong is your password?," and it estimated it would take six years to crack the passcode "BandGeek2014". That estimate is laughable given that it was one of the first ones to fall at the hands of all three real-world crackers.

As Ars explained recently, the problem with password strength meters found on many websites is they use the total number of combinations required in a brute-force crack to gauge a password's strength. What the meters fail to account for is that the patterns people employ to make their passwords memorable frequently lead to passcodes that are highly susceptible to much more efficient types of attacks.

"You can see here that we have cracked 82 percent [of the passwords] in one hour," Steube said. "That means we have 13,000 humans who did not choose a good password." When academics and some websites gauge susceptibility to cracking, "they always assume the best possible passwords, when it's exactly the opposite. They choose the worst."
http://arstechnica.com/security/2013...our-passwords/





The Banality of ‘Don’t Be Evil’
Julian Assange

“THE New Digital Age” is a startlingly clear and provocative blueprint for technocratic imperialism, from two of its leading witch doctors, Eric Schmidt and Jared Cohen, who construct a new idiom for United States global power in the 21st century. This idiom reflects the ever closer union between the State Department and Silicon Valley, as personified by Mr. Schmidt, the executive chairman of Google, and Mr. Cohen, a former adviser to Condoleezza Rice and Hillary Clinton who is now director of Google Ideas.

The authors met in occupied Baghdad in 2009, when the book was conceived. Strolling among the ruins, the two became excited that consumer technology was transforming a society flattened by United States military occupation. They decided the tech industry could be a powerful agent of American foreign policy.

The book proselytizes the role of technology in reshaping the world’s people and nations into likenesses of the world’s dominant superpower, whether they want to be reshaped or not. The prose is terse, the argument confident and the wisdom — banal. But this isn’t a book designed to be read. It is a major declaration designed to foster alliances.

“The New Digital Age” is, beyond anything else, an attempt by Google to position itself as America’s geopolitical visionary — the one company that can answer the question “Where should America go?” It is not surprising that a respectable cast of the world’s most famous warmongers has been trotted out to give its stamp of approval to this enticement to Western soft power. The acknowledgments give pride of place to Henry Kissinger, who along with Tony Blair and the former C.I.A. director Michael Hayden provided advance praise for the book.

In the book the authors happily take up the white geek’s burden. A liberal sprinkling of convenient, hypothetical dark-skinned worthies appear: Congolese fisherwomen, graphic designers in Botswana, anticorruption activists in San Salvador and illiterate Masai cattle herders in the Serengeti are all obediently summoned to demonstrate the progressive properties of Google phones jacked into the informational supply chain of the Western empire.

The authors offer an expertly banalized version of tomorrow’s world: the gadgetry of decades hence is predicted to be much like what we have right now — only cooler. “Progress” is driven by the inexorable spread of American consumer technology over the surface of the earth. Already, every day, another million or so Google-run mobile devices are activated. Google will interpose itself, and hence the United States government, between the communications of every human being not in China (naughty China). Commodities just become more marvelous; young, urban professionals sleep, work and shop with greater ease and comfort; democracy is insidiously subverted by technologies of surveillance, and control is enthusiastically rebranded as “participation”; and our present world order of systematized domination, intimidation and oppression continues, unmentioned, unafflicted or only faintly perturbed.

The authors are sour about the Egyptian triumph of 2011. They dismiss the Egyptian youth witheringly, claiming that “the mix of activism and arrogance in young people is universal.” Digitally inspired mobs mean revolutions will be “easier to start” but “harder to finish.” Because of the absence of strong leaders, the result, or so Mr. Kissinger tells the authors, will be coalition governments that descend into autocracies. They say there will be “no more springs” (but China is on the ropes).

The authors fantasize about the future of “well resourced” revolutionary groups. A new “crop of consultants” will “use data to build and fine-tune a political figure.”

“His” speeches (the future isn’t all that different) and writing will be fed “through complex feature-extraction and trend-analysis software suites” while “mapping his brain function,” and other “sophisticated diagnostics” will be used to “assess the weak parts of his political repertoire.”

The book mirrors State Department institutional taboos and obsessions. It avoids meaningful criticism of Israel and Saudi Arabia. It pretends, quite extraordinarily, that the Latin American sovereignty movement, which has liberated so many from United States-backed plutocracies and dictatorships over the last 30 years, never happened. Referring instead to the region’s “aging leaders,” the book can’t see Latin America for Cuba. And, of course, the book frets theatrically over Washington’s favorite boogeymen: North Korea and Iran.

Google, which started out as an expression of independent Californian graduate student culture — a decent, humane and playful culture — has, as it encountered the big, bad world, thrown its lot in with traditional Washington power elements, from the State Department to the National Security Agency.

Despite accounting for an infinitesimal fraction of violent deaths globally, terrorism is a favorite brand in United States policy circles. This is a fetish that must also be catered to, and so “The Future of Terrorism” gets a whole chapter. The future of terrorism, we learn, is cyberterrorism. A session of indulgent scaremongering follows, including a breathless disaster-movie scenario, wherein cyberterrorists take control of American air-traffic control systems and send planes crashing into buildings, shutting down power grids and launching nuclear weapons. The authors then tar activists who engage in digital sit-ins with the same brush.

I have a very different perspective. The advance of information technology epitomized by Google heralds the death of privacy for most people and shifts the world toward authoritarianism. This is the principal thesis in my book, “Cypherpunks.” But while Mr. Schmidt and Mr. Cohen tell us that the death of privacy will aid governments in “repressive autocracies” in “targeting their citizens,” they also say governments in “open” democracies will see it as “a gift” enabling them to “better respond to citizen and customer concerns.” In reality, the erosion of individual privacy in the West and the attendant centralization of power make abuses inevitable, moving the “good” societies closer to the “bad” ones.

The section on “repressive autocracies” describes, disapprovingly, various repressive surveillance measures: legislation to insert back doors into software to enable spying on citizens, monitoring of social networks and the collection of intelligence on entire populations. All of these are already in widespread use in the United States. In fact, some of those measures — like the push to require every social-network profile to be linked to a real name — were spearheaded by Google itself.

THE writing is on the wall, but the authors cannot see it. They borrow from William Dobson the idea that the media, in an autocracy, “allows for an opposition press as long as regime opponents understand where the unspoken limits are.” But these trends are beginning to emerge in the United States. No one doubts the chilling effects of the investigations into The Associated Press and Fox’s James Rosen. But there has been little analysis of Google’s role in complying with the Rosen subpoena. I have personal experience of these trends.

The Department of Justice admitted in March that it was in its third year of a continuing criminal investigation of WikiLeaks. Court testimony states that its targets include “the founders, owners, or managers of WikiLeaks.” One alleged source, Bradley Manning, faces a 12-week trial beginning tomorrow, with 24 prosecution witnesses expected to testify in secret.

This book is a balefully seminal work in which neither author has the language to see, much less to express, the titanic centralizing evil they are constructing. “What Lockheed Martin was to the 20th century,” they tell us, “technology and cybersecurity companies will be to the 21st.” Without even understanding how, they have updated and seamlessly implemented George Orwell’s prophecy. If you want a vision of the future, imagine Washington-backed Google Glasses strapped onto vacant human faces — forever. Zealots of the cult of consumer technology will find little to inspire them here, not that they ever seem to need it. But this is essential reading for anyone caught up in the struggle for the future, in view of one simple imperative: Know your enemy.
https://www.nytimes.com/2013/06/02/o...t-be-evil.html





Google Blimps Will Carry Wireless Signal Across Africa
Duncan Geere

Search giant Google is intending to build huge wireless networks across Africa and Asia, using high-altitude balloons and blimps.

The company is intending to finance, build and help operate networks from sub-Saharan Africa to Southeast Asia, with the aim of connecting around a billion people to the web.

To help enable the campaign, Google has been putting together an ecosystem of low-cost smartphones running Android on low-power microprocessors. Rather than traditional infrastructure, Google's signal will be carried by high-altitude platforms - balloons and blimps - that can transmit to areas of hundreds of square kilometres.

Google has also considered using satellites to achieve the same goal. "There's not going to be one technology that will be the silver bullet," an unnamed source told the Wall St Journal. A Google spokesperson declined to comment.

Meanwhile, back on the ground, Google lobbyists are targeting regulators across developing countries to allow them to use airwaves currently reserved for television broadcasts - which operate at lower frequencies and can therefore penetrate buildings and travel longer distances than current WiFi technology.

Small-scale trials are underway in Cape Town, South Africa, where a base station is broadcasting signals to wireless access boxes in high schools over several kilometres. Software detects which areas of the spectrum aren't being used for TV broadcast and can be used for the network at any given time.

In a blog post, the company said the technology was "well-suited to provide low cost connectivity to rural communities with poor telecommunications infrastructure, and for expanding coverage of wireless broadband in densely populated urban areas".
http://www.wired.co.uk/news/archive/.../google-blimps





Google Exec Sees Google Fiber As a 'Moneymaker'

Google Fiber head Milo Medin says the company is not just conducting an expensive research project in Kansas City and other places getting the technology. He expects the gigabit fiber networks to make money.
Marguerite Reardon

Google is in it to win it when it comes to building fiber broadband networks. Despite speculation to the contrary, Google sees its Google Fiber broadband business as a moneymaker, and not just an overpriced test network.

And it's very likely that the company will continue expanding the service into other cities willing to partner to keep costs down.

Speaking at the Fiber-to-the-Home Council meeting here late Wednesday, Milo Medin, vice president of access services for Google, told an audience of city planners, engineers, and city mayors that Google is not just building a testbed for new Google services in Kansas City with its Google Fiber project, but an actual business that the company hopes will one day be profitable.

"We expect to make money from Google Fiber," he said. "This is a great business to be in."

Since it announced its plan to build a gigabit-speed fiber broadband network in 2010, there's been a lot of speculation about why Google is getting into this capital intensive business. The network in Kansas City, which delivers 1Gbps in downloads and uploads to users and also comes with a bundled TV service that operates entirely over Google's fiber network, was first seen as an experimental network the Internet giant was building to test new services and advertising models.

Others have wondered if Google's network was just a way to push existing cable and telephone companies to offer higher speed Internet services themselves. And of course, the perception was that the deep-pocketed tech giant could afford to throw money away on such a project and simply write it off as research and development.

Medin admitted that when the idea of Google Fiber project was first conceived, even Google didn't see it as a viable business. He said the idea came when Google was talking to the Federal Communications Commission about the National Broadband Plan, which was presented to Congress in 2010. A team inside Google had decided to recommend to the FCC that a "gigabit bill" be introduced in Congress that would include suggestions for ways to build and fund new and faster broadband networks.

"But then someone on the management team said, 'If we really think this is important, why whine to the government, when we can do it ourselves,'" he said.

And this how the Google Fiber project was born. The plan was to let cities know that Google wanted to build a 1-gigabit-per-second broadband network and then look for cities interested in partnering on building the network.

"We thought a handful of cities would say they were interested," Medin said. "Then we saw that 1,100 communities replied. No one at the time thought there was a real business here. But that changed when we saw the interest."

Google had no intention of building another me-too broadband network. In fulfilling the promise of the National Broadband Plan, the company also wanted to push the envelope in terms of speed and affordability. This is why Google is building a network that offers service that can be as much as 100 times faster than what is typically available from traditional cable and telephone company broadband providers at a much lower cost.

Google offers only two tiers of service for its residential broadband service: a 1Gbps service for $70 a month and a 5Mbps service that is free with a $300 fiber installation fee that can be paid for over two years. While the 1Gbps service is slightly higher than the $40 to $50 most consumers pay each month for broadband, it's still a better value.

Those other services priced at that amount generally only offer 5Mbps to 10Mbps of download speeds and even slower upload connections. Providers that are offering 100Mbps of broadband service are charging $300 or $400 a month. At $70 for 1Gbps, Google Fiber is simply a better value. It offers 10 times the capacity for less than a third or a quarter of the cost. Even providers that can offer 1Gbps of service are charging over $1,000 a month for that service.

While it's true that most residential users don't need an entire 1Gbps of service today, Medin said they will in the future.

"We're trying to build a business for the next 10 years, not the last 10 years," he said. "I remember a time when people thought that they'd never use 5Mbps of service. Now you do that streaming a couple of movies."

How can Google make Google Fiber profitable?
But the big question remains: How will Google be able to sell this faster service at lower prices and still make money?

Google hasn't disclosed any financial details about its deployment in Kansas City. Medin admits that money the company spends on Google Fiber today is immaterial compared to Google's overall financials.

But Medin did offer some insight into how Google will eventually be able to make money from this deployment and other fiber cities in the future. The key, he said, is keeping costs of deploying the network as low as possible. Contrary to what other infrastructure providers have done in the past, Medin said that Google has not asked for any funds from the government to subsidize the cost of its network nor has it sought out attractive tax breaks.

Instead, the company has partnered with cities to make the process of building such a network less expensive and less time consuming.

"Asking for tax breaks would be too easy," he said. "So we are asking cities to do something much harder."

Specifically, Google asked the city of Kansas City to dedicate construction inspectors to the Google Fiber project so that the inspections the city requires on a regular basis could be done quickly, which saves Google time and money during the construction phase. It also asked to co-locate the fiber with any city owned conduit, so that it didn't have to tear up streets unnecessarily. And the company worked with utilities to make sure that new poles that go up offer space for new fiber connections to be strung.

"A city committed to being gigabit-friendly can make a difference," he said. "All of this can add up to real savings."

Another major change Google made in its deployment plan compared to what other broadband providers have done in the past is that it is only building to communities or "fiberhoods" where there is strong demand for the service. Instead of building the network everywhere and then marketing to customers and signing them up one by one, Google requires that each community meet a certain threshold of interest before it builds in that neighborhood. And when it does lay fiber in a certain "fiberhood," it does it in waves. If a resident doesn't sign up during the "rally" period, then he will have to wait for subsequent rallies if he decides he wants Fiber at a later time.

"Instead of deciding where to build the fiber and marketing to customers one by one, we let consumers tell us where we should deploy," Medin explained.

He went onto explain how installing fiber to customers in one wave can be very efficient, since installers can be redirected more easily, again saving time and money. What's more, customers don't have to wait around all day for installations, which improves customer relations.

"We can say we'll be there at 10:30 a.m. And we can do it," he said. "Users really like this."

But he warned that once Google completes one wave of installation in a particular fiberhood, it's done. And the company starts again in another fiberhood. The downside, of course, is that customers who don't sign up right away may lose out on the chance to get the service.

"If you miss out on that installation, we may not get back to you for a long time," he said.

In less populated and wealthier areas of Kansas City, Google set a threshold of 25 percent of residents signing up for service. In more dense areas, where it is cheaper to lay fiber, the threshold was at 5 percent. And in places where the cost of deploying fiber is somewhere in the middle, Google set a threshold of 10 percent of residents.

Google also established anchor tenants for its network in an effort to motivate communities to sign up for the service. It offered to connect schools, libraries, community centers, and hospitals for free to the service, but it required the surrounding community to still hit its established threshold of interest. This prompted a lot of community involvement from school PTAs and other community organizers, who were all interested in getting fiber to these public buildings. And these groups helped rally support from the rest of the community to sign up for service.

Google saw great success with this strategy, and out of the 202 communities the company had identified as possible "fiberhoods," it signed up 180 of them for the service.

TV is a key component
Building the network has not been without its challenges, Medin said. The biggest headache for Google thus far in deploying Google Fiber has been offering its TV service. While Google decided not to offer telephone service as part of a triple play because it was too costly and added little value to the package, Medin said a TV service was a must in attracting residential customers. But offering this service has also created the most challenges for the company and has also cost it the most money.

"TV was a stumbling block for us," he said. "But you simply can't sell a residential broadband service without a competitive TV product."

The problem that Google faced was that the company couldn't simply resell someone else's TV service, because, as Medin put it, "the other TV services available were pretty horrible."

Instead, Google had to build its own system for delivering TV over its IP fiber network. This meant building its own national video head-end and encoding the video itself. It also had to build all of the in-home set-top boxes and other hardware to offer service, including a router/set-top box and a 2 Terabyte storage device/digital video recorder that allows up to eight different shows to be recorded at once.

Google also had to get all the programming agreements that other traditional TV services offered. This required a lot of legal resources and involved a long, complicated process, he said. But the company managed to get through all this and now offers a service that includes all the "regular" TV channels that customers come to expect from a TV service. And it also offers Netflix and YouTube as built-in over-the-top TV options.

"Looking back this was an insane decision to build a new network and TV platform at the same time," he said. "But Google is known for doing insane things. And now we have a pretty good version of our 1.0 product. We will be adding new capabilities and features soon."

Another revolutionary thing that Google has done with respect to TV is that it has worked with Netflix, one of the most widely used over-the-top video streaming service providers, to connect to its regional CDN or content distribution network. This means that Google TV viewers who are streaming movies and TV shows from Netflix get that content from Netflix's local servers that may only be a few milliseconds away from their own homes rather than traversing a national network to access the content.

As a result, Google Fiber TV customers are able to watch Netflix videos in "Super HD." And indeed the quality of the streaming picture appears to be a much higher quality than what is available even in HD from other TV providers. I checked out the TV service at the Google Fiber space, where the company shows off the service to the public. And there is a noticeable difference in the quality of the video.

Google Fiber expansion
Google has been so pleased with the Kansas City deployment that it's looking to expand. Earlier this year, Google said it would soon offer its service in metro areas in Missouri and Kansas outside of Kansas City. And the company has also announced two more Google Fiber cities. It's building a network in Austin, Texas, and it has taken over the fiber network in Provo, Utah.

Medin didn't specifically name additional cities for Google Fiber, but he hinted that Google may look for other communities to expand its service. Still, he warned the only way Google would consider a particular city for deployment is if the conditions are right.

"In general we go where it's easy to build," he said. "If you make it hard for me to build and other places are easy, I will go elsewhere."

In response to a question from an audience member about why Google has not built a network in its home state of California, Medin was blunt. He said that Google would love to bring fiber and 1Gbps broadband speeds to its employees and other Californians. But he said that in general California has many challenges that would make it too costly to build a fiber network there.

He said he hopes that over time, the rules will change and California will become a more hospitable place for fiber networks.

"I have to tell you that it's really easy to build a network in Kansas City," he said, "It's easy in Missouri; it's easy in Kansas, and it's easy in Texas. Actions have consequences. I would love to find a way to make it work in California."
http://news.cnet.com/8301-1023_3-575...-a-moneymaker/





Google Fiber Could Turn Cable, Phone Giants Into Boiled Frogs, Analyst Says
Benjamin Pimentel

Google’s ambitious push to build superfast networks in specific cities, may seem like just another wild idea to come out of the Silicon Valley giant.

But Google Fiber, as the initiative is called, may just turn out to be a smart long-term business idea, one that poses a serious threat to traditional telephone and cable companies, a Bernstein analyst said Tuesday. In fact, analyst Carlos Kirjner argues, “Our analysis suggests that long-term investors in cable and telephone companies should at least seriously consider the possibility of ‘the frog slowly being boiled,’” he wrote.

“We think the impact of Google Fiber on incumbent cable and phone companies will be limited in the near-to-medium term, in large part because it takes time to deploy networks,” Kirjner wrote. “Despite this limited short term impact, Google plays a very long game.”

Comcast CMCSA , AT&T T and TimeWarner TWC rank among the nation’s largest broadband service providers.

Google is rolling out Fiber in three cities: Kansas City, Austin and Provo, Utah. Setting up an alternative network is such an enormous task that Google’s motivation has not always been clear to most analysts.

But Kirjner said the Google Fiber shows promise based on the project’s progress in Kansas.

“We think Google Fiber today has an attractive risk-return profile, with very limited downside and potential for material economic upside. Given this attractive risk return profile, we believe Google investors should see Google Fiber as a net positive, even if we see a moderate acceleration of the pace at which Google adds new markets.”

Kirjner stresses that Google Fiber poses “limited” short-term threat to the established phone and cable companies. But the long-term risks are clear, he argued.

Another analyst, Rob Enderle of the Enderle Group, echoed the same view when Google unveiled its plan to expand Fiber to Austin.

“This could mean the beginning of the end for traditional telephone and cable companies and the beginning of Google becoming more powerful than old RCA and old AT&T combined,” he told MarketWatch.
http://blogs.marketwatch.com/thetell...-analyst-says/





Noise-Canceling Tech Could Lead to Internet Connections 400 Times Faster Than Google Fiber
Tom Cheredar

The basic mechanism behind noise-canceling headphones could boost both the speed and reliability of Internet connections, according to researchers that published findings via Nature Photonics.

Noise-canceling headphones use a microphone to pick up any outside noises within range of your ears. It then sends an inverse set of sounds picked up by the background noise to cancel it out. Researchers think they can essentially do the same thing with fiber optic cable Internet, which uses light waves to transmit data. However, this requires a lot of power to make the process fast, and this results in lots of “noise” that would otherwise slow down Internet speeds and reliability.

Researchers noted that sending twin light beams down a fiber optic cable along with the original transmission of data could basically eliminate that noise, as the light beams would pick up the noise and cancel it out. BBC News notes that the research team led by Xiang Liu of Bell Laboratories used this technique, called phase conjugation, to send a signal of 400 gigabits per second through 12,800 km of fiber optic cable. For perspective, Google Fiber offers its subscribers 1 gigabit per second, and the length Liu’s team sent that signal is longer than the transoceanic fiber links.

“At the receiver, if you superimpose the two waves, then all the distortions will magically cancel each other out, so you obtain the original signal back,” Liu told the BBC. “This concept, looking back, is quite easy to understand, but surprisingly, nobody did this before.”
http://venturebeat.com/2013/05/27/no...-google-fiber/





Stop the Baseless Panicking Over U.S. E-Waste
Adam Minter

Every year, Americans toss out as much as 4.5 million tons of old mobile phones, laptops, televisions, Xboxes and other electronic gadgets.

Some is recycled; some is repaired and refurbished for reuse; and some is thrown into landfills or incinerators. Almost none of it, however, is “dumped” overseas.

That, at least, is the conclusion of the first comprehensive survey of what happens to U.S. e-waste after it is dropped into a recycling bin. Published in February, the study by the U.S. International Trade Commission surveyed 5,200 businesses involved in the e-waste industry (companies that received the survey were required by law to complete it, and to do so accurately), and found that almost 83 percent of what was put into American recycling bins in 2011 was repaired, dismantled or recycled domestically.

According to the same survey, only 0.13 percent of the 4.4 million tons of e-waste that Americans generated in 2011 was sent overseas for “final disposal” -- a term that explicitly excludes recycling and reuse -- with an additional 3 percent sent abroad for “unknown” purposes.

Reality is a far cry from the long-standing claim, first made by the Basel Action Network, a Seattle-based nongovernmental organization in 2002, that as much as 80 percent of U.S. e-waste is exported to the developing world. Amazingly, even with the wide currency the claim has enjoyed over the years among environmental organizations and the media, it was never based on a systematic study.

Misguided Efforts

This misunderstanding has led to several efforts at erecting partial export bans on U.S. electronics to developing countries, which -- other studies demonstrate -- import them as cheap and sustainable alternatives to new equipment. As a result, perfectly usable electronics are diverted into a recycling stream, where they are turned into raw materials, rather than into markets where they can be reused for years.

There are no statistics on how many used gadgets were exported from the U.S. to the developing world in 2002. Nor, for that matter, can anyone say for sure what happened to those gadgets. No doubt, many were broken down in developing-world facilities, where low-technology and often-hazardous methods of recycling and disposal were employed (such as the use of acids to strip copper and other metals from circuit boards in open, unprotected environments).

Anecdotally, I have been told by recyclers in southern China that cheap, secondhand electronics exported from the U.S. and, to a lesser extent, the European Union were used by Chinese computer labs, offices and dormitories in the 1990s through the mid-2000s, when new gadgetry simply wasn’t affordable. (There has been no comprehensive survey to verify these claims, however.)

It was a good deal for the U.S., too: In the 1990s and early 2000s, America didn’t really have an electronics-recycling sector, and those machines would have been put in a landfill if China hadn’t wanted them. Nonetheless, as China developed, and incomes rose, demand for those used machines dropped off.

The good news is that a similar cycle is occurring in Africa, where used electronics from the EU and the U.S. have become a critical means of bridging the global digital gap. Unlike Chinese imports in the 1990s and early 2000s, the African imports are being surveyed and quantified.

For example, a 2011 study by the United Nations Environment Program determined that only 9 percent of the used electronics imported by Nigeria -- a country that is regularly depicted as a dumping ground for foreign e-waste -- didn’t work or were unrepairable, and thus bound for a recycler or a dump. The other 91 percent were reusable and bound for consumers who couldn’t afford new products.

Nigerian Experience

That certainly doesn’t excuse the hazardous means that some Nigerians use to recycle old electronics (and, increasingly, those old electronics are thrown away by middle-class Nigerians, rather than being imported from abroad). Yet it also doesn’t suggest that the U.S., Europe or even China (a growing source of e-waste) are to blame, either.

So what happens to the 14 percent of U.S. e-waste that isn’t processed domestically, sent for “final disposal” in other countries, or isn’t otherwise unknown? According to the trade commission report, most is exported as recycled commodities to be reused by manufacturers in new products; as reusable gadgets; and even as warrantied products for repair.

Less than half of those exports, by weight, go to developing countries; the majority is shipped to member countries of the Organization for Economic Co-operation and Development, such as Japan and Belgium, where the recyclable material is handled better in factories than it can be in America.

The U.S. shipped almost three times as much e-waste to Belgium in 2011 as it did to sub-Saharan Africa, according to the trade commission.

Why? Belgium has one of the world’s best (and cleanest) factories for the extraction of precious metals from circuit boards and other complicated devices. It is thus capable of paying far more for them than a recycler in Nigeria with little more than some jars of acid capable of refining gold, though not platinum and other precious metals.

The biggest story embedded in the trade commission’s story isn’t that U.S. e-waste exports are greener than ever. Rather it is that the domestic electronics-recycling industry has grown into a large, mature business that views export as a second choice, not the first one.

The industry generated sales of $20.6 billion in 2011, compared with less than $1 billion in 2002, according to figures from the trade commission as well as the Institute of Scrap Recycling Industries, an industry association.

Recycling Jobs

E-Stewards, a strict, U.S.-based electronics recycling certification standard that bans most exports, has grown from having zero member facilities certified in 2010 to 102 in 2013, including several belonging to Waste Management, North America’s largest recycling company. Most of what these companies -- certified or not -- produce are commodity-grade raw materials, such as metals and plastics, usable for new products in the U.S. and abroad.

More revealing, yet, is the employment picture: The institute estimates full-time jobs in the U.S. electronics-recycling industry grew to more than 45,000 in 2011 from 6,000 in 2002. Some of those employees, no doubt, are involved in packing used electronics for shipment around the world, including to places where unsafe, environmentally damaging means of disposal are still used.

Thanks to the International Trade Commission findings and other, smaller-scale studies, we now know that most secondhand electronics are reused and recycled in the U.S. The toxic tide that frightened Americans into stashing their old computers in closets turns out to be nothing more threatening than a trickle.

(Adam Minter is the Shanghai correspondent for the World View blog at Bloomberg and author of the forthcoming “Junkyard Planet.” The opinions expressed are his own.)
http://www.bloomberg.com/news/2013-0...s-e-waste.html





'Fast' Races Past 'Hangover' at Weekend Box Office
Derrik J. Lang

It's a blowout at the box office.

"Fast & Furious 6" is revving past "The Hangover Part III" in the No. 1 position at the Memorial Day weekend box office.

Universal Pictures' sixth installment of its muscle car franchise featuring Vin Diesel and Paul Walker debuted with $98.5 million domestically from Friday to Sunday, according to studio estimates Sunday.

Meanwhile, the final edition of the raunchy Warner Bros. comedy trilogy starring Zach Galifianakis, Bradley Cooper and Ed Helms opened with $42.1 million in the No. 2 spot.

Universal estimates that by the end of the four-day holiday weekend Monday, "Fast & Furious 6" will have pulled in $122.2 million domestically and $275.5 million worldwide. That would give it the second-biggest opening of the year behind "Iron Man 3."

Paramount Pictures' sci-fi sequel "Star Trek: Into Darkness" earned $38 million at No. 3 in its second weekend at the box office, while the Fox animated film "Epic" opened at No. 4 with $34.2 million.

Overall domestic receipts for the four-day Memorial Day weekend are expected to come in ahead of 2011's record-breaking $276 million.

Paul Dergarabedian, an analyst for box-office tracker Hollywood.com, estimated that four-day revenues this time will total $323 million, about 15 percent above Memorial Day weekend in 2011, when "The Hangover Part II" delivered a $103.4 million debut.
http://www.newstimes.com/news/articl...ce-4549789.php





Sweden 'Must Raise its Net Freedom Profile'
David Landes

While promoting internet freedom is a policy priority for Swedish Foreign Minister Carl Bildt, Sweden's efforts remain largely unknown, according a new report that concludes Sweden needs to do more to raise its global profile as a leader on the issue.

Last week, Bildt and his colleagues at Sweden's Ministry of Foreign Affairs welcomed hundreds of delegates to the Stockholm Internet Forum to discuss what Sweden considers one of the "great global issues of the future".

"Our aim is clear: to create an international, inclusive platform for constructive discussions on the importance of internet freedom for development," Bildt told conference attendees in Stockholm last week.

"We will work to connect the unconnected to an open, secure internet that drives innovation and growth, and that contributes to better democracy and the enjoyment of free speech."

But while Bildt's message was clear to everyone in the audience in Stockholm, a report released on Wednesday suggested that Sweden has so far failed to adequately explain its commitment to internet freedom to a wider audience.

"Sweden does a lot right already, but we are too unknown. We're a small player. So we need to work with others to raise our profile," United Minds analyst Paul Alacron, one of the authors of the report, told The Local.

The report, Freedom and Development on the Internet, was published by the Swedish Institute, together with the United Minds opinion research firm, and is designed to give a qualitative view of internet freedom in six countries, as well as insights into Sweden's perceived importance for the issue.

In-depth interviews with 18 internet experts and activists in Russia, Pakistan, India, China, the United States, and Egypt revealed that there is a demand for Sweden's expertise on internet freedom, but that awareness of what Sweden has to offer is limited.

"If you ask a regular Chinese, most would probably think that the United States is the best role model [for internet freedom]. Most Chinese don't know anything about Sweden," one Chinese blogger is quoted as saying in the report.

Meanwhile, Pranesh Prakash from the Centre for Internet and Society in India, said Sweden could better leverage its strong reputation to help promote internet freedom.

"If the Americans push an issue, many go against it simply because they're behind it. If Sweden takes up the same proposal, the chances are greater that the debate will be about the proposal itself," he said in the report.

According to report co-author Javeria Rizvi Kabani of the Swedish Institute, Sweden has kept a low profile in part due to safety considerations for activists who have participated in exchange programmes organized by the Swedish Institute.

"The safety of those in the of human rights defenders and net activist networks we've created over the last few years and who have visited Sweden always comes first. So we've focused on that rather than Sweden's profile on these issues," she told The Local.

The low-profile approach is nothing new for Sweden, she added.

"We have been very strong in recent years in foreign aid and supporting the process of democratization around the world, but unlike other countries, we haven't put 'brand Sweden' next to that work," Rizvi Kabani explained.

While Sweden is generally recognized as a country that promotes transparency and the freedom of information, the report revealed that the ongoing case involving Sweden's attempts to extradite WikiLeaks founder Julian Assange has dented some people's belief that Sweden is committed to internet freedom.

"The trial of Julian Assange makes Sweden's relationship with the issue of internet freedom complicated," Egyptian journalist Nasry Esmat said in the report.

"I'm aware that the accusations against Assange pertain to something completely different, but that makes Sweden appear like a country that doesn't support WikiLeaks."

The report also pointed to a "troublesome development" in some countries whereby regimes are trying to exert more control over the internet and the spread of information.

According to Alacron, such developments, while concerning, are simply one more argument for why Sweden needs to raise its profile as a staunch supporter of internet freedom.

"Sweden has an important role to play. That's very clear," he said.

"Knowledge and understanding about Sweden may be rather low, but at the same time there are high expectations for what Sweden can do. The conditions are ripe, therefore, for Sweden to play an even more important role in these issues."
http://www.thelocal.se/48220/20130530/





Search Engines Urged to Block More Online Porn Sites
BBC

Search engines such as Google should do more to restrict access to online pornography, a government adviser on child internet safety has said.

John Carr says internet companies should block links which paedophiles use to find pictures of abuse.

It comes after a court heard April Jones's murderer Mark Bridger searched for child abuse and rape images.

Campaigners backed the call as Google said it has a "zero tolerance" policy to child sexual abuse content.

Mr Carr, a member of the government's Council on Child Internet Safety, said Google and other search engines should reset their default search setting to the safest option - blocking access to legal as well as illegal sexual images.

Those wanting to reach such material would have to register to search for other content, which would deter many from doing so, he argued.

Mr Carr told BBC Radio 4's Today programme internet search engines did prevent access to web addresses that contain child abuse images.

But he said one of the "key routes" paedophiles used to find content was through adverts containing "code words" that are placed on legal hardcore pornography sites.

He said: "Google's moral leadership is essential here. They are the biggest player in this space in the world. If they did it, I think others would have to follow."

Vile trade

Mr Carr said there was "no question" that some men who look at child sex abuse images go on to carry out abuse.

Earlier, speaking to BBC Radio 5 live he said: "There is enough evidence to suggest that if we can put more barriers towards guys getting to child abuse images, fewer of them will do it and more children will be safe."

He said between 15 and 50 per cent of men who previously had no involvement with child abuse images would go on to physically harm children once they accessed them.

It has been suggested that some internet companies are reluctant to change their search settings as it would drive users to sites unwilling to change their policy and put them at a competitive disadvantage.

Children's charity the NSPCC said April's killing highlighted the increasing evidence of a link between disturbing and violent images of children online and serious sexual assaults.

"April's death will hopefully lead to effective measures to stamp out this vile trade," acting chief executive Philip Hoyes said.

'Personal' involvement

Google's director of communications and public affairs, Scott Rubin, says the company has a zero-tolerance policy on child sexual abuse content and is already working with the Internet Watch Foundation to get rid of child sex abuse sites.

He said: "I have a little girl. For us at Google, there are many of us who are parents.

"This is personal, so we fight incredibly hard to support organisations like the IWF here in the UK, the National Centre for Missing and Exploited Children in the US, who provide us regularly with addresses of websites that contain this illegal material, and we immediately take them off our site.

"When we learn of it through our users, for example, we report it to the appropriate legal authorities and we do everything we can to respond as quickly as possible.

"I know that others in our industry do the same thing and it concerns me when I hear people claiming that we're not doing anything, because it gives parents and others the impression that companies like Google don't care - and the opposite is true. We care deeply about this."

Paedophile Bridger was found guilty at Mold Crown Court on Thursday of abducting and murdering five-year-old April in Powys last October.

Investment call

During his trial, the jury was told that police had found a library of pornography on his laptop which included violent images of children.

BBC political correspondent Chris Mason said Bridger's conviction had renewed the debate about what could be done to limit access to such material online.

Commons Home Affairs Select Committee chairman Keith Vaz told the Times newspaper that the case had shown "we need to act to remove such content from the internet".

He called for a code of conduct to ensure internet service providers "remove material which breaches acceptable behaviour standards".

A former head of the Child Exploitation and Online Protection Centre (Ceop) called for more investment in identifying potential abusers.

"We need to invest in the work that's done to identify and locate these offenders earlier, and to interdict their behaviour before they step into the real world and harm a child," Jim Gamble said.

Life sentence

Bridger, 47, of Ceinws, Powys, claimed he had accidentally run April over and could not recall where he had put her body.

But a jury unanimously convicted him in a case lasting four-and-a-half weeks.

The judge branded him a "pathological liar" and "a paedophile".

April went missing on 1 October 2012 near her home in Machynlleth, sparking the biggest search in UK police history. Her remains have never been found.

Bridger was given a whole-life tariff prison sentence, meaning he must spend the rest of his life behind bars.
http://www.bbc.co.uk/news/uk-22726004





Meet the 28-Year-Old CEO of Bang With Friends
Nitasha Tiku

The last time I met up with “C”, the CEO of Bang with Friends, it was for a boozy night of bar-hopping that ended up on a Brooklyn rooftop. He refused to tell me his last name. That changed last week when the Webutante Ball inadvertently outed Colin Hodge and his cofounder Omri Mor by listing their names in the ballot for “king” of the ball.

The founders intended to reveal their identities on a high-profile nighttime talk show that had expressed some interest, but sometimes Internet Week has other plans for you.

Hodge, a 28-year-old who majored in computer science at Cornell, is hardly the Tucker Max misogynist you might have expected to invent something like this. Rather, he comes across more like a friendly, sex positive brogrammer in search of a viral loop.

As the name suggests, Bang with Friends brings the startup world’s obsession with “frictionless” service to the world of casual sex. The app serves up images of your Facebook friends and lets users click a button below each profile pic to indicate whether you would like to bone. Using the revolutionary new “double blind” formula (also employed by the dating app Tinder), users are only notified if the same friend also selected you as a potential indoor sports partner.

According to Hodge, the service has more than 1 million users who log in about 70,000 times a day. He said that it racked up more than 19 million “down to bang” clicks since January—19 per user on average—and more than 200,000 “couples.”

Hodge had been working on another dating site called HeardAboutYou (tagline: “IT'S LIKE LINKEDIN...FOR LOVIN”), when they got the idea for Bang with Friends. Mor was working on Ziibra, a startup that helps people rake in recurring revenue by selling subscription packages to top customers. The pair, along with a third cofounder—who is still anonymous because he's in college and his parents don’t know—met at an incubator in San Mateo called Boost. (The program is run by the same venture capital firm behind the Boost Bitcoin Fund because this is our world now).

HeardAboutYou and its competitors had “a very sugarcoated approach,” to people’s motivations for online dating, Hodge told Valleywag. “You still had to deal with a lot of bullshit and false intentions.”

In the year and a half he spent in the industry, said Hodge, women complained in customer interviews that there was no place they could find short-term sex partners “without looking like a total, you know, tramp.” Craigslist or Adult FriendFinder seemed too extreme—and if they checked the “casual sex” box on sites like OkCupid, they were immediately overwhelmed with messages. On the flip side, dating site regulars said they would meet people who claimed to be “looking for a relationship” only because they were worried about being filtered out otherwise.

“After a few drinks [at Boost], the whole conversation turned to let’s just simplify this,” he said. “We decided, hey everybody has at least one friend that they’ve had an eye on.” Thus they narrowed the pool of potential mates to just Facebook friends. “From there we came up with the racy logo and decided to just go full speed ahead with making it as funny and as objectionable as possible.”

Objectionable? “Well let me change that word,” Hodge said, backtracking, “as funny and straightforward as possible.”

Meet the 28-Year-Old CEO of Bang With Friends

In a way, he’s right. At some point almost everyone has wanted to sleep with someone in their friend circle. I believe it’s the plot of a romcom or twenty. But if you haven't mustered the courage to ask, are you really going to outsource that secret desire to a startup? Besides, it’s not so much doing the deed, as the aftershocks to one’s relationship that can hold people back.

The numbers, however, convinced them they were onto something. “For us, it stopped being a joke site in the first day we launched and saw the huge pick up,” he said. “I could tell immediately compared to my other dating startup. People just grokked to the idea so much faster. There was no explanation really necessary, and that’s a key point to making something viral. They’re not making this huge commitment or having to create these long profiles.”

As of this past month, Bang with Friends has the most users in Brazil, followed by the U.S. in second and Germany in close third. College campuses are also seeing a lot of natural growth, despite the presumption that the dorm room petri dish of alcohol and lack of parental supervision would render the app unnecessary. Veteran ad exec Cindy Gallop, founder of MakeLoveNotPorn, previously told me Oxford University students raved about it.

The reception in the tech world hasn’t been as glowing.

Hodge says he has a good relationship with Facebook, which desperately needs its user base of 18-to-25-year-olds, especially “now that you’re hearing a decent amount of stories of people signing off.” But Apple banned Bang With Friends from the App Store after a week, citing guideline 16.1, which rejects “excessively objectionable or crude content.”

Apple allows other hookup apps like Grindr; the only photos Bang With Friends shows are Facebook profile pictures. “Go figure,” said Hodge, who emphasized that he’s confident he can get it back in the App Store.

Then there was the glitch, unearthed by the Daily Dot, which showed which Facebook users had registered for Bang With Friends, depending on their privacy settings. But Hodge insisted it didn’t affect sign-ups. “I think as much as a lot of the press sensationalized the headlines, Gawker included, the truth is that the vast majority of people are just not showing up on the searches,” he said, pointing out that “the most important anonymous factor” (whom you want to bang) stayed anonymous.

Pitching venture capitalists on the idea has also been tricky.

“We really see it as the future of how our generation can meet other people. But yeah, a lot of them are just hesitant to touch sex,” he said. “The tech industry in general, has this kind of code that let’s take the easy path, let’s take something that won’t bring a lot of controversy. We personally don’t agree with that.” The standard line seems to be, “Hey, I’m supporting you from the sidelines,” he said, with the caveat that the pitch won’t get past certain partners in a firm.

Meanwhile, the cofounders are plugging away improving the service. I can’t check out the current version of the iPhone app, for obvious reasons. But log into the web-based version and you’ll see an infinite scroll of all your Facebook friends, sortable by gender. The first few times I tried it, some notable VCs (ehem) and happily married individuals appeared on screen.

“We don’t want to just show you actual users because that would out everyone who is actually using it,” Hodge explained. But Bang With Friends intends to get better at displaying people who might be of interest, including incorporating its “Bangability” quotient, which factors in the number of times people have elected to “bang” someone, as well as the number of Facebook friends they have and how many of their friends use the service.

The way things are going, maybe someday you’ll be able to get better credit just for being fuckable!

As for how being the CEO of Bang With Friends affects his own bangability, Hodge said he’s “definitely had mixed reactions from women. Most of them can’t get over it. The whole night they’ll be like, ‘I can’t believe a Bang with friends founder blah blah blah.’ It definitely doesn’t help my game, so to speak. It’s only hurt it a few times, I guess, so it’s kind of a mixed bag.”

If you’re in New York City and want to blah blah blah Hodge yourself, he’ll be at at the party Bang With Friends is hosting tomorrow night at the Pink Elephant.
http://valleywag.gawker.com/meet-the...ends-509602077
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

May25th, May18th, May 11th, May 4th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 03:04 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)